|
You last visited: Today at 01:53
Advertisement
Conquer Loader [5102+]
Discussion on Conquer Loader [5102+] within the CO2 Exploits, Hacks & Tools forum part of the Conquer Online 2 category.
02/27/2009, 14:10
|
#16
|
elite*gold: 0 
Join Date: Feb 2009
Posts: 30
Received Thanks: 16
|
It doesn't alter the login in any ways. Are you sure you weren't using CIDProxy before and now you have the decrypted server.dat file with local ips set?
|
|
|
|
02/27/2009, 14:45
|
#17
|
elite*gold: 0
Join Date: Mar 2006
Posts: 90
Received Thanks: 21
|
patch 5105 released 
|
|
|
|
|
02/27/2009, 14:53
|
#18
|
elite*gold: 0
Join Date: Feb 2009
Posts: 30
Received Thanks: 16
|
*** damm it, how are they patching so fast now. lol
EDIT* Should be working now, tell me if it doesn't work.
EDIT** Added another function to this program, now you can just type /unequip to unequip your stuffs.
|
|
|
|
|
02/27/2009, 18:27
|
#19
|
elite*gold: 0
Join Date: Jul 2008
Posts: 84
Received Thanks: 46
|
It works, Thanks 
|
|
|
|
|
02/27/2009, 19:23
|
#20
|
elite*gold: 0
Join Date: Mar 2006
Posts: 385
Received Thanks: 41
|
5105 is released now so try it guys if it still works... if not we can update it for ya fellas
|
|
|
|
|
02/27/2009, 21:04
|
#21
|
elite*gold: 0
Join Date: Nov 2006
Posts: 105
Received Thanks: 137
|
Hello there! If you can PM me the code or send it at 
|
|
|
|
|
02/27/2009, 23:06
|
#22
|
elite*gold: 0
Join Date: Sep 2008
Posts: 490
Received Thanks: 595
|
Hmmm this kinda looks like my MASM loader with the unequip feature and all
anyway good job 
since it looks very much like my unequip feature id like to see source
I mean not that making a couple calls is hard i just wonder if ur hooking to the unequip feature, or using writeprocessmemory to create a codecave and make a couple calls to unequip the items.
|
|
|
|
|
02/28/2009, 00:13
|
#23
|
elite*gold: 0
Join Date: Feb 2009
Posts: 30
Received Thanks: 16
|
Well for the unequip I just replaced the existing command "srcshot" or whatever it was with "unequip"
Code:
#include "stdafx.h"
#include <windows.h>
#include <iostream>
#pragma comment(lib, "User32.lib")
using namespace std;
void FillWithNops(HANDLE hwnd, UINT baseaddrs, int count);
int main(int argc, char* args) {
STARTUPINFO* sInfo = new STARTUPINFO();
PROCESS_INFORMATION* pInfo = new PROCESS_INFORMATION();
HMODULE hInstance = GetModuleHandle(NULL);
if(CreateProcess(L"Conquer.exe", NULL, NULL, NULL, FALSE, NORMAL_PRIORITY_CLASS, NULL, NULL, sInfo, pInfo) == 0) {
MessageBoxA(NULL, "Conquer.exe was not found, are you sure loader is in right folder?", "[Conquer Loader]", 0);
return 0;
}
WaitForInputIdle(pInfo->hProcess, 0);
//
BYTE DirectRun[] = { 0xEB, 0x41 };
WriteProcessMemory(pInfo->hProcess, (LPVOID)0x00482B80, &DirectRun, sizeof(DirectRun), NULL);
BYTE DisableScanner[] =
{
0x90, 0x90, 0x90, 0x90, 0x90,
0x90, 0x90, 0x90, 0x90, 0x90,
0x90, 0x90, 0x90, 0x90, 0x90,
0x90, 0x90
};
//
WriteProcessMemory(pInfo->hProcess, (LPVOID)0x00482AE5, &DisableScanner, sizeof(DisableScanner), NULL);
//
BYTE DisablePopup[] = { 0x90, 0x90, 0x90, 0x90, 0x90, 0x90 };
WriteProcessMemory(pInfo->hProcess, (LPVOID)0x00495C4F, &DisablePopup, sizeof(DisablePopup), NULL);
WriteProcessMemory(pInfo->hProcess, (LPVOID)0x00495701, &DisablePopup, sizeof(DisablePopup), NULL);
//
BYTE HighJump[] = { 0xEB, 0x1E };
WriteProcessMemory(pInfo->hProcess, (LPVOID)0x004C63FD, &HighJump, sizeof(HighJump), NULL);
//
BYTE Multiclient[] = { 0x6A, 0x7F };
WriteProcessMemory(pInfo->hProcess, (LPVOID)0x00484927, &Multiclient, sizeof(Multiclient), NULL);
//
BYTE EnableCommands[] = { 0xEB, 0x17 };
WriteProcessMemory(pInfo->hProcess, (LPVOID)0x004C66FF, &EnableCommands, sizeof(EnableCommands), NULL);
#pragma region /unequip
BYTE DisableChecks[] = { 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90 };
WriteProcessMemory(pInfo->hProcess, (LPVOID)0x0045A323, &DisableChecks, sizeof(DisableChecks), NULL);
WriteProcessMemory(pInfo->hProcess, (LPVOID)0x0045A34B, &DisableChecks, sizeof(DisableChecks), NULL);
WriteProcessMemory(pInfo->hProcess, (LPVOID)0x0045A373, &DisableChecks, sizeof(DisableChecks), NULL);
WriteProcessMemory(pInfo->hProcess, (LPVOID)0x0045A39B, &DisableChecks, sizeof(DisableChecks), NULL);
WriteProcessMemory(pInfo->hProcess, (LPVOID)0x0045A3C3, &DisableChecks, sizeof(DisableChecks), NULL);
WriteProcessMemory(pInfo->hProcess, (LPVOID)0x0045A3EB, &DisableChecks, sizeof(DisableChecks), NULL);
WriteProcessMemory(pInfo->hProcess, (LPVOID)0x0045A413, &DisableChecks, sizeof(DisableChecks), NULL);
WriteProcessMemory(pInfo->hProcess, (LPVOID)0x0045A43B, &DisableChecks, sizeof(DisableChecks), NULL);
BYTE Command[] = { 0x75, 0x6E, 0x65, 0x71, 0x75, 0x69, 0x70 };
WriteProcessMemory(pInfo->hProcess, (LPVOID)0x005CB424, &Command, sizeof(Command), NULL);
BYTE DisableLeftHand[] = { 0xEB, 0x1B };
WriteProcessMemory(pInfo->hProcess, (LPVOID)0x004D43EF, &DisableLeftHand, sizeof(DisableLeftHand), NULL);
BYTE CALLS[] =
{
0xE8, 0xA8, 0x3B, 0xF9, 0xFF,
0xE8, 0xCB, 0x3B, 0xF9, 0xFF,
0xE8, 0xEE, 0x3B, 0xF9, 0xFF,
0xE8, 0x11, 0x3C, 0xF9, 0xFF,
0xE8, 0x34, 0x3C, 0xF9, 0xFF,
0xE8, 0x57, 0x3C, 0xF9, 0xFF,
0xE8, 0x7A, 0x3C, 0xF9, 0xFF,
0xE8, 0x9D, 0x3C, 0xF9, 0xFF,
};
WriteProcessMemory(pInfo->hProcess, (LPVOID)0x004C6774, &CALLS, sizeof(CALLS), NULL);
FillWithNops(pInfo->hProcess, 0x004C679C, 52);
#pragma endregion
return EXIT_SUCCESS;
}
void FillWithNops(HANDLE hwnd, UINT baseaddr, int count) {
BYTE NOP = 0x90;
for(int i = 0; i < count; i++) {
WriteProcessMemory(hwnd, (LPVOID)(baseaddr + i), &NOP, 1, NULL);
}
}
You have to nop those checks inside each unequip function ,_, (one function per item, stupid TQ could have just taken the slot id as param, lol) I suppose it checks whether it was a custom call or actually a game call.
Anyways there's the code for it xD
|
|
|
|
|
03/01/2009, 03:42
|
#24
|
elite*gold: 0
Join Date: Dec 2007
Posts: 113
Received Thanks: 28
|
Good **** mr Uzane +K
|
|
|
|
|
03/01/2009, 08:42
|
#25
|
elite*gold: 0
Join Date: Oct 2005
Posts: 73
Received Thanks: 6
|
thank you μZane
+1
|
|
|
|
|
03/01/2009, 08:56
|
#26
|
elite*gold: 0
Join Date: Sep 2008
Posts: 2
Received Thanks: 0
|
Wtf...FailedTo start
|
|
|
|
|
03/01/2009, 16:18
|
#27
|
elite*gold: 0
Join Date: Sep 2008
Posts: 490
Received Thanks: 595
|
Quote:
Originally Posted by μZane
Well for the unequip I just replaced the existing command "srcshot" or whatever it was with "unequip"
Code:
#include "stdafx.h"
#include <windows.h>
#include <iostream>
#pragma comment(lib, "User32.lib")
using namespace std;
void FillWithNops(HANDLE hwnd, UINT baseaddrs, int count);
int main(int argc, char* args) {
STARTUPINFO* sInfo = new STARTUPINFO();
PROCESS_INFORMATION* pInfo = new PROCESS_INFORMATION();
HMODULE hInstance = GetModuleHandle(NULL);
if(CreateProcess(L"Conquer.exe", NULL, NULL, NULL, FALSE, NORMAL_PRIORITY_CLASS, NULL, NULL, sInfo, pInfo) == 0) {
MessageBoxA(NULL, "Conquer.exe was not found, are you sure loader is in right folder?", "[Conquer Loader]", 0);
return 0;
}
WaitForInputIdle(pInfo->hProcess, 0);
//
BYTE DirectRun[] = { 0xEB, 0x41 };
WriteProcessMemory(pInfo->hProcess, (LPVOID)0x00482B80, &DirectRun, sizeof(DirectRun), NULL);
BYTE DisableScanner[] =
{
0x90, 0x90, 0x90, 0x90, 0x90,
0x90, 0x90, 0x90, 0x90, 0x90,
0x90, 0x90, 0x90, 0x90, 0x90,
0x90, 0x90
};
//
WriteProcessMemory(pInfo->hProcess, (LPVOID)0x00482AE5, &DisableScanner, sizeof(DisableScanner), NULL);
//
BYTE DisablePopup[] = { 0x90, 0x90, 0x90, 0x90, 0x90, 0x90 };
WriteProcessMemory(pInfo->hProcess, (LPVOID)0x00495C4F, &DisablePopup, sizeof(DisablePopup), NULL);
WriteProcessMemory(pInfo->hProcess, (LPVOID)0x00495701, &DisablePopup, sizeof(DisablePopup), NULL);
//
BYTE HighJump[] = { 0xEB, 0x1E };
WriteProcessMemory(pInfo->hProcess, (LPVOID)0x004C63FD, &HighJump, sizeof(HighJump), NULL);
//
BYTE Multiclient[] = { 0x6A, 0x7F };
WriteProcessMemory(pInfo->hProcess, (LPVOID)0x00484927, &Multiclient, sizeof(Multiclient), NULL);
//
BYTE EnableCommands[] = { 0xEB, 0x17 };
WriteProcessMemory(pInfo->hProcess, (LPVOID)0x004C66FF, &EnableCommands, sizeof(EnableCommands), NULL);
#pragma region /unequip
BYTE DisableChecks[] = { 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90 };
WriteProcessMemory(pInfo->hProcess, (LPVOID)0x0045A323, &DisableChecks, sizeof(DisableChecks), NULL);
WriteProcessMemory(pInfo->hProcess, (LPVOID)0x0045A34B, &DisableChecks, sizeof(DisableChecks), NULL);
WriteProcessMemory(pInfo->hProcess, (LPVOID)0x0045A373, &DisableChecks, sizeof(DisableChecks), NULL);
WriteProcessMemory(pInfo->hProcess, (LPVOID)0x0045A39B, &DisableChecks, sizeof(DisableChecks), NULL);
WriteProcessMemory(pInfo->hProcess, (LPVOID)0x0045A3C3, &DisableChecks, sizeof(DisableChecks), NULL);
WriteProcessMemory(pInfo->hProcess, (LPVOID)0x0045A3EB, &DisableChecks, sizeof(DisableChecks), NULL);
WriteProcessMemory(pInfo->hProcess, (LPVOID)0x0045A413, &DisableChecks, sizeof(DisableChecks), NULL);
WriteProcessMemory(pInfo->hProcess, (LPVOID)0x0045A43B, &DisableChecks, sizeof(DisableChecks), NULL);
BYTE Command[] = { 0x75, 0x6E, 0x65, 0x71, 0x75, 0x69, 0x70 };
WriteProcessMemory(pInfo->hProcess, (LPVOID)0x005CB424, &Command, sizeof(Command), NULL);
BYTE DisableLeftHand[] = { 0xEB, 0x1B };
WriteProcessMemory(pInfo->hProcess, (LPVOID)0x004D43EF, &DisableLeftHand, sizeof(DisableLeftHand), NULL);
BYTE CALLS[] =
{
0xE8, 0xA8, 0x3B, 0xF9, 0xFF,
0xE8, 0xCB, 0x3B, 0xF9, 0xFF,
0xE8, 0xEE, 0x3B, 0xF9, 0xFF,
0xE8, 0x11, 0x3C, 0xF9, 0xFF,
0xE8, 0x34, 0x3C, 0xF9, 0xFF,
0xE8, 0x57, 0x3C, 0xF9, 0xFF,
0xE8, 0x7A, 0x3C, 0xF9, 0xFF,
0xE8, 0x9D, 0x3C, 0xF9, 0xFF,
};
WriteProcessMemory(pInfo->hProcess, (LPVOID)0x004C6774, &CALLS, sizeof(CALLS), NULL);
FillWithNops(pInfo->hProcess, 0x004C679C, 52);
#pragma endregion
return EXIT_SUCCESS;
}
void FillWithNops(HANDLE hwnd, UINT baseaddr, int count) {
BYTE NOP = 0x90;
for(int i = 0; i < count; i++) {
WriteProcessMemory(hwnd, (LPVOID)(baseaddr + i), &NOP, 1, NULL);
}
}
You have to nop those checks inside each unequip function ,_, (one function per item, stupid TQ could have just taken the slot id as param, lol) I suppose it checks whether it was a custom call or actually a game call.
Anyways there's the code for it xD |
Oops forgot to respond, I havnt checked in olly but I bet youre calling the xor.
Also I know u gotto nop the jne's i believe xD
my loader/multi had it on pathfind button to unequip all.
1 of my first versions had it on "/red".
Eitherway wasnt worth updating every time.
BTW, if you really continue this i would declare variables for the addresses on top somewhere so you wont have to look everytime what addresses to update, just cleaner.
Oh and on a side note, get rid of the nops in disabling the anti trojan crap:
Code:
00482AE5 /EB 0F JMP SHORT Conquer.00482AF6
simple jump patch
same goes for for the popups all those nops can easily be replaced by 1 jump patch
Code:
00495618 /E9 EA000000 JMP Conquer.00495707
00495B66 /E9 EA000000 JMP Conquer.00495C55
|
|
|
|
|
01/24/2011, 23:37
|
#28
|
elite*gold: 0
Join Date: Jul 2010
Posts: 19
Received Thanks: 1
|
It says run Play.exe when i try too start it. So i do so and nuthin happens >.>
|
|
|
|
|
01/27/2011, 12:44
|
#29
|
elite*gold: 0
Join Date: Jul 2008
Posts: 4
Received Thanks: 0
|
SAME AS HIM ^^^^^ PLZ HELP
|
|
|
|
|
01/27/2011, 12:44
|
#30
|
elite*gold: 0
Join Date: Jul 2008
Posts: 4
Received Thanks: 0
|
Quote:
Originally Posted by kungfufailure
It says run Play.exe when i try too start it. So i do so and nuthin happens >.>
|
SAME =.="
|
|
|
|
 |
|
Similar Threads
|
[APPLICATION] Conquer Loader (Pro Edition)
05/20/2010 - CO2 PServer Guides & Releases - 26 Replies
http://i42.tinypic.com/v8izk1.jpg
I released a similar application a few years ago, and I constantly get PM's asking me to reupload it and make it better.
This is far superior that what I released back then, for a start it was in VB6 this latest version is coded in VB.net.
This program resolves IP address from hostname, updates server.dat and executes conquer which means people with dynamic ip address can now host servers without giving players hassle by updating there server.dat every...
|
[GUIDE] fixing your conquer after patch 5102 errors when using CID
02/27/2009 - Conquer Online 2 - 4 Replies
As we all know that after the patch5102 there are so many errors.
CID users in patch5101 experience errors like no server image or error server.dat.
heres a step by step way of fixing the problem without downloading a new client:
1. Go to conquer folder found in your " C:// " drive.
2. Once found try to search for the oldest patch found in your conquer folder.
3 The old patch i have is patch 5010. click it until autopatch comes out.
4 Once conquer image found in your screens try to...
|
[GUIDE] fixing your conquer after patch 5102 errors when using CID
02/26/2009 - CO2 Guides & Templates - 1 Replies
As we all know that after the patch5102 there are so many errors.
CID users in patch5101 experience errors like no server image or error server.dat.
heres a step by step way of fixing the problem without downloading a new client:
1. Go to conquer folder found in your " C:// " drive.
2. Once found try to search for the oldest patch found in your conquer folder.
3 The old patch i have is patch 5010. click it until autopatch comes out.
4 Once conquer image found in your screens try to...
|
Conquer Online 2 Loader
06/02/2007 - CO2 Exploits, Hacks & Tools - 166 Replies
Conquer Online 2 Loader. (version 1.03)
EDIT: This program isnt working anymore. The files are outdated and im not going to update it. For the interested i posted the source code.
Post to source code
I can write a complete story here, but a picture will tell more then 1000 words :). So a screenshot attached.
http://img175.imageshack.us/img175/4789/screensho t7so.th.jpg
|
All times are GMT +1. The time now is 01:55.
|
|
![Conquer Loader [5102+]](https://www.elitepvpers.com/forum/iconimages/co2-exploits-hacks-tools/conquer-loader-5102-a_ltr.gif){kind=small}
