Dynamic FPS Unlocker. [Code]

02/29/2012 00:24 _DreadNought_#1
Okay so,

Is your private server missing a FPS Unlocker?

Well look no further! If you don't know how to use the code, you dont need it.

The address's you see are the sleep address's inside the conquer.exe, use olydbg to get them for a different patch.

Cant remember what patch the current address's are for, 5180 I think and this worked perfectly afaik(Coded this about a year ago)

You can create a form, add 3 buttons, add this code, each of the buttons selects a different fps and yeah, change fps everytime on loadup for a different users preferance.

This does not edit the compiled exe in any way, Only its memory which is reset upon restart of the executable.

Revised:
Quote:
Originally Posted by _DreadNought_ View Post
Revised class:
Code:
using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
using System.Threading;
using System.Windows.Forms;

//FPSUnlocker.Conquer.Start(name, blacknull);

namespace FPSUnlocker
{
    /// <summary>
    ///  This class has the ability to start Conquer Online with the specified Arguments such as "blacknull" while unlocking the FPS.
    /// </summary>
    public class Conquer
    {
        #region DLL Stuffz
        [DllImport("kernel32.dll")]
        static extern int ResumeThread(IntPtr hThread);

        [DllImport("kernel32.dll")]
        static extern int SuspendThread(IntPtr hThread);

        [DllImport("kernel32.dll")]
        static extern IntPtr OpenThread(ThreadAccess dwDesiredAccess,
            bool bInheritHandle,
            uint dwThreadId
        );

        [DllImport("kernel32.dll", SetLastError = true)]
        public static extern bool WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, byte[] lpBuffer, uint nSize, IntPtr lpNumberOfBytesWritten);

        [DllImport("Kernel32.dll")]
        public static extern IntPtr OpenProcess(UInt32 dwDesiredAccess, Int32 bInheritHandle, Int32 dwProcessId);

        [Flags]
        public enum ThreadAccess
        {
            TERMINATE = (0x0001),
            SUSPEND_RESUME = (0x0002),
            GET_CONTEXT = (0x0008),
            SET_CONTEXT = (0x0010),
            SET_INFORMATION = (0x0020),
            QUERY_INFORMATION = (0x0040),
            SET_THREAD_TOKEN = (0x0080),
            IMPERSONATE = (0x0100),
            DIRECT_IMPERSONATION = (0x0200)
        }
        #endregion

        Process _conquerProcess;
        readonly string _arguments;
        readonly string _name;
        private IntPtr _hProcess;

        /// <summary>
        /// Class initalizer, This must be used to allow for Dynamic use.
        /// </summary>
        /// <param name="name">Must not contain characters such as " * / \ ? " commonly set to "Conquer.exe"</param>
        /// <param name="arguments">Arguments you want to start the Conquer process with commonly set to "blacknull"</param>
        public Conquer(string name, string arguments)
        {
            _name = name;
            _arguments = arguments;
        }

        public Exception Start(IntPtr addr1, IntPtr addr2)
        {
            try
            {
                _conquerProcess = new Process
                                      {
                                          StartInfo =
                                              {
                                                  Arguments = _arguments,
                                                  FileName = _name,
                                                  WorkingDirectory = Environment.CurrentDirectory
                                              }
                                      };
                _conquerProcess.Start();
                _conquerProcess.WaitForInputIdle();
                Thread.Sleep(2000);//Just testing, Can be removed without harm, I think.
                FreezeThreads();
                var form = new FPSUnlocker();
                if (form.ShowDialog() == DialogResult.Yes)
                {
                    //Write our shit.
                    if (Openprocess())
                    {
                        var a1 = addr1;//0x005B14CE
                        var a2 = addr2;//0x005B14D7
                        var bytesWritten = IntPtr.Zero;
                        var buf = new byte[] { 0x07 };
                        var buf2 = new byte[] { 0x07 };
                        WriteProcessMemory(_hProcess, a1, buf, (uint)buf.Length, bytesWritten);
                        WriteProcessMemory(_hProcess, a2, buf2, (uint)buf2.Length, bytesWritten);
                        UnfreezeThreads();
                        Application.Exit();
                    }
                }
                UnfreezeThreads();
            }
            catch (Exception e)
            {
                if (!_conquerProcess.HasExited)
                    _conquerProcess.Kill();
                return e;
            }
            return null;
        }

        private void FreezeThreads()
        {
            foreach (ProcessThread pT in _conquerProcess.Threads)
            {
                var ptrOpenThread = OpenThread(ThreadAccess.SUSPEND_RESUME, false, (uint)pT.Id);
                SuspendThread(ptrOpenThread);
            }
        }
        private void UnfreezeThreads()
        {
            foreach (ProcessThread pT in _conquerProcess.Threads)
            {
                var ptrOpenThread = OpenThread(ThreadAccess.SUSPEND_RESUME, false, (uint)pT.Id);
                ResumeThread(ptrOpenThread);
            }
        }
        private bool Openprocess()
        {
            _hProcess = OpenProcess(0x1F0FFF, 1, _conquerProcess.Id);
            if (_hProcess == IntPtr.Zero)
            {
                MessageBox.Show("OpenProcess(0x1F0FFF, 1, ID) failed with following error: " + Marshal.GetLastWin32Error());
                return false;
            }
            return true;
        }
    }
}
Note: the addresses in there wont work for any conquer.exe you have to get them yourself.
Old code:
02/29/2012 14:32 -Sensei-#2
Good work.
02/29/2012 14:38 I don't have a username#3
Good job, tho the problem comes to most people uses nullables loader, so this won't work ^^.

But well making a bypass around the process start is not that hard.

Addresses for 5517+:
0x5AB53E
0x5AB547
02/29/2012 14:46 Korvacs#4
Quote:
Originally Posted by _DreadNought_ View Post
29 views, one thanks, not one comment? o rly?
My WDF extracter thread has 1176 downloads, 7975 views, 49 thanks, 53 replies, so really how bad is your thread doing compared lol.... Thats just the nature of epvpers.
02/29/2012 15:38 JobvdH#5
This is a great thread! I'm going to use this.
Thanks for sharing!
02/29/2012 15:57 Captivate#6
Came a few weeks late for me, thanks anyway!
02/29/2012 19:43 _DreadNought_#7
Quote:
Originally Posted by Korvacs View Post
My WDF extracter thread has 1176 downloads, 7975 views, 49 thanks, 53 replies, so really how bad is your thread doing compared lol.... Thats just the nature of epvpers.
Yeah I kinda figured that out, but yeah.

This works great when you show the form when the process is at its Idle state.(Where its the small square loading school come up) Just freeze it, Show the form, and unfreeze it after your finished.

NOTE: The values 0x09 for 40fps etc ARE NOT ACCURATE.

Would be nice if someone left some feedback on the code and if it worked for them.

#edit
Oh lol nvm, I left that in the code.
11/19/2012 21:14 _DreadNought_#8
Revised class:
Code:
using System;
using System.Diagnostics;
using System.Runtime.InteropServices;
using System.Threading;
using System.Windows.Forms;

//FPSUnlocker.Conquer.Start(name, blacknull);

namespace FPSUnlocker
{
    /// <summary>
    ///  This class has the ability to start Conquer Online with the specified Arguments such as "blacknull" while unlocking the FPS.
    /// </summary>
    public class Conquer
    {
        #region DLL Stuffz
        [DllImport("kernel32.dll")]
        static extern int ResumeThread(IntPtr hThread);

        [DllImport("kernel32.dll")]
        static extern int SuspendThread(IntPtr hThread);

        [DllImport("kernel32.dll")]
        static extern IntPtr OpenThread(ThreadAccess dwDesiredAccess,
            bool bInheritHandle,
            uint dwThreadId
        );

        [DllImport("kernel32.dll", SetLastError = true)]
        public static extern bool WriteProcessMemory(IntPtr hProcess, IntPtr lpBaseAddress, byte[] lpBuffer, uint nSize, IntPtr lpNumberOfBytesWritten);

        [DllImport("Kernel32.dll")]
        public static extern IntPtr OpenProcess(UInt32 dwDesiredAccess, Int32 bInheritHandle, Int32 dwProcessId);

        [Flags]
        public enum ThreadAccess
        {
            TERMINATE = (0x0001),
            SUSPEND_RESUME = (0x0002),
            GET_CONTEXT = (0x0008),
            SET_CONTEXT = (0x0010),
            SET_INFORMATION = (0x0020),
            QUERY_INFORMATION = (0x0040),
            SET_THREAD_TOKEN = (0x0080),
            IMPERSONATE = (0x0100),
            DIRECT_IMPERSONATION = (0x0200)
        }
        #endregion

        Process _conquerProcess;
        readonly string _arguments;
        readonly string _name;
        private IntPtr _hProcess;

        /// <summary>
        /// Class initalizer, This must be used to allow for Dynamic use.
        /// </summary>
        /// <param name="name">Must not contain characters such as " * / \ ? " commonly set to "Conquer.exe"</param>
        /// <param name="arguments">Arguments you want to start the Conquer process with commonly set to "blacknull"</param>
        public Conquer(string name, string arguments)
        {
            _name = name;
            _arguments = arguments;
        }

        public Exception Start(IntPtr addr1, IntPtr addr2)
        {
            try
            {
                _conquerProcess = new Process
                                      {
                                          StartInfo =
                                              {
                                                  Arguments = _arguments,
                                                  FileName = _name,
                                                  WorkingDirectory = Environment.CurrentDirectory
                                              }
                                      };
                _conquerProcess.Start();
                _conquerProcess.WaitForInputIdle();
                Thread.Sleep(2000);//Just testing, Can be removed without harm, I think.
                FreezeThreads();
                var form = new FPSUnlocker();
                if (form.ShowDialog() == DialogResult.Yes)
                {
                    //Write our shit.
                    if (Openprocess())
                    {
                        var a1 = addr1;//0x005B14CE
                        var a2 = addr2;//0x005B14D7
                        var bytesWritten = IntPtr.Zero;
                        var buf = new byte[] { 0x07 };
                        var buf2 = new byte[] { 0x07 };
                        WriteProcessMemory(_hProcess, a1, buf, (uint)buf.Length, bytesWritten);
                        WriteProcessMemory(_hProcess, a2, buf2, (uint)buf2.Length, bytesWritten);
                        UnfreezeThreads();
                        Application.Exit();
                    }
                }
                UnfreezeThreads();
            }
            catch (Exception e)
            {
                if (!_conquerProcess.HasExited)
                    _conquerProcess.Kill();
                return e;
            }
            return null;
        }

        private void FreezeThreads()
        {
            foreach (ProcessThread pT in _conquerProcess.Threads)
            {
                var ptrOpenThread = OpenThread(ThreadAccess.SUSPEND_RESUME, false, (uint)pT.Id);
                SuspendThread(ptrOpenThread);
            }
        }
        private void UnfreezeThreads()
        {
            foreach (ProcessThread pT in _conquerProcess.Threads)
            {
                var ptrOpenThread = OpenThread(ThreadAccess.SUSPEND_RESUME, false, (uint)pT.Id);
                ResumeThread(ptrOpenThread);
            }
        }
        private bool Openprocess()
        {
            _hProcess = OpenProcess(0x1F0FFF, 1, _conquerProcess.Id);
            if (_hProcess == IntPtr.Zero)
            {
                MessageBox.Show("OpenProcess(0x1F0FFF, 1, ID) failed with following error: " + Marshal.GetLastWin32Error());
                return false;
            }
            return true;
        }
    }
}
Note: the addresses in there wont work for any conquer.exe you have to get them yourself.
11/22/2012 09:57 Ultimation#9
Quote:
Originally Posted by I don't have a username View Post
Good job, tho the problem comes to most people uses nullables loader, so this won't work ^^.

But well making a bypass around the process start is not that hard.

Addresses for 5517+:
0x5AB53E
0x5AB547
*cough* D3D8.dll
11/22/2012 10:52 I don't have a username#10
Quote:
Originally Posted by Ultimation View Post
*cough* D3D8.dll
lolol :D