I've been seeing lots of multiclients and popupless clients floating around that are improperly hacked so I though I'd give some tips.
Tips are in the format of Task(Difficulty)
Bypassing Autopatch(Beginner)
Simply change the path in your shortcut to conquer.exe blacknull
The blacknull command line parameter causes conquer to run just like autopatch would run it.
Removing Popups(Advanced)
Dissassemble the program, find where it loads the popup on exit and bypass that section of assembly with jmps.
Attention: There are 2 areas of identical code that need to be modified. One is for exiting while logged into the game and the other is for exiting while at the login screen. I'm a bit to lazy to give the exact addresses of where these are found, but they weren't that hard.
Multi-Client(Beginner)
Just open conquer.exe hex editor and change the number at address 6A2D3.
This number is originally hex 02. Whatever you replace it with is how many clients you will be able to open(if there were no limits to cpu resources that is).
Warning: This is a signed byte so don't go above 7F as anything above that would be a negative number and would result in no clients being able to open.
Removing Parentheses After Item Names(Beginner)
Open conquer.exe in a hex editor and replace hex 20 at address 15CC26 with hex 00.
Remember, improperly modifying an executable file can have unexpected results. If the program calls a function, it pushes it's parameters onto the stack first. So if you remove the function call, you should also remove/bypass all of the push calls that supply that function with parameters.
If anyone has specific questions just ask and if I have time I'll try to answer.
I've attached a conquer.exe with all above mentioned hacks(except the autopatch bypassed as that is so simple to do via the shortcut that I didn't want to waste my time with it).
You just taught the Basics of Hacking to noobs, I didnt even know about hacking until i saw this post, Thanks to you im starting to respect Hackers for the time and effort they put into hacking (Like you put up a effort ya Lazy Git Lol) and its about time someone said something about Noobs posting Non-Working Hacks.
nice guide, but i always make my multiclients by opening conquer.exe with a hex editor, search for Text-String English and replace it for Chinese (doesnt matter wich word, as long as its same length)
Well, if you search epvp, you can find all the info Theorn has mentioned in his post, and more. Take your time to search what you want. When i forget the keywords, i'll just spend 5min browsing every page for the answers i want, if not spam a thread in the discussion section, lol.
I think..
Removing pop up and enabling multi falls into the same category; done using similar methods, so it's more of a beginer thing to do.
Making an itemtype and speedhacks (not by hand, but by programming) are mediocre levels.
Multi hacks are in advanced level.
Proxies, packets, .dat de/encryption are on a professional level.
Well, if you search epvp, you can find all the info Theorn has mentioned in his post, and more. Take your time to search what you want. When i forget the keywords, i'll just spend 5min browsing every page for the answers i want, if not spam a thread in the discussion section, lol.
I think..
Removing pop up and enabling multi falls into the same category; done using similar methods, so it's more of a beginer thing to do.
Making an itemtype and speedhacks (not by hand, but by programming) are mediocre levels.
Multi hacks are in advanced level.
Proxies, packets, .dat de/encryption are on a professional level.
If they are "mediocre level" then you should make some and contribute to the community
If they are "mediocre level" then you should make some and contribute to the community
Actually i did make a program(exe) that directly patch itemtype.dat. I even released the program and source codes, and posted them on egy-co. To be honest, I am less than mediocre level, and i am still learning process hooking. Once i am done process hooking, i'll be able to make my own multi-hacks.
I frequent epvp not to download, but to learn from the respectful programmers here; for all those people that i have acquired knowledge from, got a thanks from me.
Removing pop up and enabling multi falls into the same category; done using similar methods, so it's more of a beginer thing to do.
Well if you want to remove the popup properly it's not quite as easy.
Most of the ones I've seen just had the web address changed to something else in the exe. What I did though is traced the assembly back to the actual function call that opens the browserand deleted that and all of it's parameters. If you don't do that, the function still gets called and may try to run something, not that it would always succeed, I'd just rather the function not be called at all.
Anyway, my point in making this thread is for people to learn from. I'm not saying no one has ever done what I did before. I just see so many people who like to try their hand at client modification themselves and I want them to know that the most common way isn't always the best or correct way and could lead to unexpected behavior.
On a side note, IDA Pro is a very good disassembler. I'd recommend it for anyone who wants to learn how to trace assembly code back and modify it correctly.
On another side note, It can be useful to learn C++ or a similar language. I learned about blacknull by making a program that just repeats whatever parameters it was run with. I called it conquer.exe and stuck it in my conquer folder and when I ran play.exe, it ran my fake conquer.exe and my fake conquer.exe displayed blacknull, so i new to run the real conquer.exe with blacknull to bypass the autopatch.
You just taught the Basics of Hacking to noobs, I didnt even know about hacking until i saw this post, Thanks to you im starting to respect Hackers for the time and effort they put into hacking (Like you put up a effort ya Lazy Git Lol) and its about time someone said something about Noobs posting Non-Working Hacks.
Haha, well its not as easy as he puts it, just because you read it, doesent mean your pro now. A lot of work goes into it trying to find addresses and such (especially debugging). Before you even try to attempt any of these things i suggest you learn the basics of how programs work / are coded, and then go onto the hacking.
Haha, well its not as easy as he puts it, just because you read it, doesent mean your pro now. A lot of work goes into it trying to find addresses and such (especially debugging). Before you even try to attempt any of these things i suggest you learn the basics of how programs work / are coded, and then go onto the hacking.
You're right, learning the basics of programming are important. I didn't even mention that part of it. I might add that learning the basics of assembly can be enormously valuable when digging through thousands of lines of disassembled code. Like how offsets work, direct addressing, what the different commands do like push, pop, mov, etc. The jump commands jmp, jle, jge, etc. are especially important to understand when tracing the path some code could take.
So anyone interested should google x86 assembly tutorials, c++ tutorials, java, vb and any other languages that might be useful. Maybe even download a few tools and learn how to use them. What I tend to use the most are TSearch, XVI32, Olly Debug, and IDA Pro, and Visual Studio 6/.Net though there are many other great tools out there.
I haven't been on the conquer hacking scene for a while, but after finals are over I should have some more time.
Well if you want to remove the popup properly it's not quite as easy.
Most of the ones I've seen just had the web address changed to something else in the exe. What I did though is traced the assembly back to the actual function call that opens the browserand deleted that and all of it's parameters. If you don't do that, the function still gets called and may try to run something, not that it would always succeed, I'd just rather the function not be called at all.
Anyway, my point in making this thread is for people to learn from. I'm not saying no one has ever done what I did before. I just see so many people who like to try their hand at client modification themselves and I want them to know that the most common way isn't always the best or correct way and could lead to unexpected behavior.
On a side note, IDA Pro is a very good disassembler. I'd recommend it for anyone who wants to learn how to trace assembly code back and modify it correctly.
On another side note, It can be useful to learn C++ or a similar language. I learned about blacknull by making a program that just repeats whatever parameters it was run with. I called it conquer.exe and stuck it in my conquer folder and when I ran play.exe, it ran my fake conquer.exe and my fake conquer.exe displayed blacknull, so i new to run the real conquer.exe with blacknull to bypass the autopatch.
#about by-passing pop-up
I am just wondering if a programming term(keyword) would have voided the function.
Eg: this is what i did. I tried to replace the internet address with NULL.. .. ..
If you have time, please explain a bit if programming reserved words like void/NULL will have an effect on this. I am thinking that even if a function is called and the parameter is null, there shouldn't be much effect to it.
#about by-passing pop-up
I am just wondering if a programming term(keyword) would have voided the function.
Eg: this is what i did. I tried to replace the internet address with NULL.. .. ..
If you have time, please explain a bit if programming reserved words like void/NULL will have an effect on this. I am thinking that even if a function is called and the parameter is null, there shouldn't be much effect to it.
Well NULL is just another word for the value zero in programming languages and is different than the text string "NULL", which is 4 characters. So I'd think replacing the address with "NULL" would just be passing the text string "NULL" into the system call instead of the web address. Assembly won't know that the text string "NULL" is supposed to be a zero. I just know that the way I did it, there is no way at all of it opening anything at all when it closes because it won't even try.
Anyway, I've just done a few experiemnts.
If you replace it with the value 0, then it opens the conquer directory, if you replace it with cmd.exe, it will open a command prompt. If you replace it with the word "pizza", "null", or anything else that is not in any of you system paths, then it will open nothing, but the system call is still done, it just doesn't find the string anywhere in the system path.
It works just like the function system() in C++, actually it IS the same function.
Well NULL is just another word for the value zero in programming languages and is different than the text string "NULL", which is 4 characters. So I'd think replacing the address with "NULL" would just be passing the text string "NULL" into the system call instead of the web address. Assembly won't know that the text string "NULL" is supposed to be a zero. I just know that the way I did it, there is no way at all of it opening anything at all when it closes because it won't even try.
Anyway, I've just done a few experiemnts.
If you replace it with the value 0, then it opens the conquer directory, if you replace it with cmd.exe, it will open a command prompt. If you replace it with the word "pizza", "null", or anything else that is not in any of you system paths, then it will open nothing, but the system call is still done, it just doesn't find the string anywhere in the system path.
It works just like the function system() in C++, actually it IS the same function.
oh thanks, that helped a bit, though there are still many other things i don't know. I'll try to read up a bit. system() is indeed a convenient function in C++.
Bypassing Autopatch(Beginner)
Simply change the path in your shortcut to conquer.exe blacknull
The blacknull command line parameter causes conquer to run just like autopatch would run it.
Multi-Client(Beginner)
Just open conquer.exe hex editor and change the number at address 6A2D3.
This number is originally hex 02. Whatever you replace it with is how many clients you will be able to open(if there were no limits to cpu resources that is).
Warning: This is a signed byte so don't go above 7F as anything above that would be a negative number and would result in no clients being able to open.
Very useful info, will come in handly later on. However, my question is: how did you come to the 6A2D3 address for the max number of clients, this seems to be a much easier and safe way of making multiclient...but to do for every patch would require knowing what to look for..so thats my question, how did u know what to look for to find '02' as the max clients. This would come in handy for the future. As for teh bypassing autopatch, how would we go about directly patching conquer.exe to avoid the "please run play.exe". That is info I havent been able to find as well. thank you.
Very useful info, will come in handly later on. However, my question is: how did you come to the 6A2D3 address for the max number of clients, this seems to be a much easier and safe way of making multiclient...but to do for every patch would require knowing what to look for..so thats my question, how did u know what to look for to find '02' as the max clients. This would come in handy for the future. As for teh bypassing autopatch, how would we go about directly patching conquer.exe to avoid the "please run play.exe". That is info I havent been able to find as well. thank you.
For the multiclient address, I disassembled it with IDA Pro. postQuitMessage is the call the client makes when it closes, so I searched for that and traced back the code. I eventually found a statement PUSH 2 that was near references to the TQ_Conquer and English texts. I thought that might be it, so I loaded up conquer.exe in my hex editor and replaced the 02 at that address with a 03 and then I was able to open 3 clients but not 4, then I tried a few other values to confirm.
As for the directly patching the conquer.exe to bypass the "please run play.exe", I'd assume it could be done in much the same way as the popup removal, but I haven't tried that yet. I'll post an edit to this message or make a new message once I get a chance to look into it. I have 2 more final exams so I'll be spending my time studying for those instead of poking about abunch of ASM code(Actually one of my finals involves ASM code, but that doesn't count).
Can't scan properly 07/17/2009 - Grand Chase Philippines - 9 Replies Hi, I've tried many engines like ryuengine and zidengine, they are undetected under rev1332 but the problem is, I can't scan for values. They show up eventually but incorrectly. I'm on windows xp.
sv not working properly 08/17/2007 - CO2 Exploits, Hacks & Tools - 4 Replies well since the last patch, when my sv kills a mob and the mob drops lets say a met he chooses the next target to attack then finds met aproaches to get it and then the attack function overrides the met picking and he attacks the mob the met disapearing .... am i the only one with this problem ?
and dont lol at me cuz i got 2 posts i am not jocking :)
Properly Using SV (Or any bot) 02/18/2007 - Conquer Online 2 - 3 Replies With the cost of bot jail set at a DB (20KK plus for most), its not cheap to get busted. I thought maybe it would be useful to post tips here and maybe personal experiences on what will get you sent to jail. Examples are settings and things like that. I'll start with about all I know.
1. Dont use the jump seting. Jumping + Item Drop = Bot Jail
Lets help each other out and see if we can't come up with some good, safe settings to use.
How to properly use a forum. 12/27/2006 - Conquer Online 2 - 12 Replies This is a forum guide on how to use a forum. It will be a short and too the point as can be made. It is not intended to be a place to flame those who are ignorant of forums nor in any way to discourage use of this forum. It is the intent of this guide to help making the forum more productive and efficient. If this guide leaves anything out that would also be helpful to newby's feel free to express it but do it in a constructive manner.
The first thing you should know about a forum is...
Well Done.
and contribute to the community 
