Conquer Loader [5102+]

μZane · 02/27/2009, 14:10

It doesn't alter the login in any ways. Are you sure you weren't using CIDProxy before and now you have the decrypted server.dat file with local ips set?

girlhush · 02/27/2009, 14:45

patch 5105 released

μZane · 02/27/2009, 14:53

*** damm it, how are they patching so fast now. lol

EDIT* Should be working now, tell me if it doesn't work.
EDIT** Added another function to this program, now you can just type /unequip to unequip your stuffs.

Galactic · 02/27/2009, 18:27

It works, Thanks

orignaobet · 02/27/2009, 19:23

5105 is released now so try it guys if it still works... if not we can update it for ya fellas

~~Alexisppp12345~~ · 02/27/2009, 21:04

Hello there! If you can PM me the code or send it at

_fobos_ · 02/27/2009, 23:06

Hmmm this kinda looks like my MASM loader with the unequip feature and all

anyway good job

since it looks very much like my unequip feature id like to see source

I mean not that making a couple calls is hard i just wonder if ur hooking to the unequip feature, or using writeprocessmemory to create a codecave and make a couple calls to unequip the items.

μZane · 02/28/2009, 00:13

Well for the unequip I just replaced the existing command "srcshot" or whatever it was with "unequip"

Code:

#include "stdafx.h"
#include <windows.h>
#include <iostream>

#pragma comment(lib, "User32.lib")


using namespace std;

void FillWithNops(HANDLE hwnd, UINT baseaddrs, int count);

int main(int argc, char* args) {
	
	STARTUPINFO* sInfo = new STARTUPINFO();
	PROCESS_INFORMATION* pInfo = new PROCESS_INFORMATION();

	HMODULE hInstance = GetModuleHandle(NULL);
	if(CreateProcess(L"Conquer.exe", NULL, NULL, NULL, FALSE, NORMAL_PRIORITY_CLASS, NULL, NULL, sInfo, pInfo) == 0) {
		MessageBoxA(NULL, "Conquer.exe was not found, are you sure loader is in right folder?", "[Conquer Loader]", 0);
		return 0;
	}
	WaitForInputIdle(pInfo->hProcess, 0);

	//
	BYTE DirectRun[] = { 0xEB, 0x41 };
	WriteProcessMemory(pInfo->hProcess, (LPVOID)0x00482B80, &DirectRun, sizeof(DirectRun), NULL); 

	BYTE DisableScanner[] = 
	{ 
		0x90, 0x90, 0x90, 0x90, 0x90,
		0x90, 0x90, 0x90, 0x90, 0x90,
		0x90, 0x90, 0x90, 0x90, 0x90,
		0x90, 0x90
	};

	//
	WriteProcessMemory(pInfo->hProcess, (LPVOID)0x00482AE5, &DisableScanner, sizeof(DisableScanner), NULL);
    //
	BYTE DisablePopup[] = { 0x90, 0x90, 0x90, 0x90, 0x90, 0x90 };
	WriteProcessMemory(pInfo->hProcess, (LPVOID)0x00495C4F, &DisablePopup, sizeof(DisablePopup), NULL);
	WriteProcessMemory(pInfo->hProcess, (LPVOID)0x00495701, &DisablePopup, sizeof(DisablePopup), NULL);

	//
	BYTE HighJump[] = { 0xEB, 0x1E };
	WriteProcessMemory(pInfo->hProcess, (LPVOID)0x004C63FD, &HighJump, sizeof(HighJump), NULL);

	//
	BYTE Multiclient[] = { 0x6A, 0x7F };
	WriteProcessMemory(pInfo->hProcess, (LPVOID)0x00484927, &Multiclient, sizeof(Multiclient), NULL);

	//
	BYTE EnableCommands[] = { 0xEB, 0x17 };
	WriteProcessMemory(pInfo->hProcess, (LPVOID)0x004C66FF, &EnableCommands, sizeof(EnableCommands), NULL);

	#pragma region /unequip

	BYTE DisableChecks[] = { 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90 };
	WriteProcessMemory(pInfo->hProcess, (LPVOID)0x0045A323, &DisableChecks, sizeof(DisableChecks), NULL);
	WriteProcessMemory(pInfo->hProcess, (LPVOID)0x0045A34B, &DisableChecks, sizeof(DisableChecks), NULL);
	WriteProcessMemory(pInfo->hProcess, (LPVOID)0x0045A373, &DisableChecks, sizeof(DisableChecks), NULL);
	WriteProcessMemory(pInfo->hProcess, (LPVOID)0x0045A39B, &DisableChecks, sizeof(DisableChecks), NULL);
	WriteProcessMemory(pInfo->hProcess, (LPVOID)0x0045A3C3, &DisableChecks, sizeof(DisableChecks), NULL);
	WriteProcessMemory(pInfo->hProcess, (LPVOID)0x0045A3EB, &DisableChecks, sizeof(DisableChecks), NULL);
	WriteProcessMemory(pInfo->hProcess, (LPVOID)0x0045A413, &DisableChecks, sizeof(DisableChecks), NULL);
	WriteProcessMemory(pInfo->hProcess, (LPVOID)0x0045A43B, &DisableChecks, sizeof(DisableChecks), NULL);

	BYTE Command[] = { 0x75, 0x6E, 0x65, 0x71, 0x75, 0x69, 0x70 };
	WriteProcessMemory(pInfo->hProcess, (LPVOID)0x005CB424, &Command, sizeof(Command), NULL);

	BYTE DisableLeftHand[] = { 0xEB, 0x1B };
	WriteProcessMemory(pInfo->hProcess, (LPVOID)0x004D43EF, &DisableLeftHand, sizeof(DisableLeftHand), NULL);

	BYTE CALLS[] =
	{
		0xE8, 0xA8, 0x3B, 0xF9, 0xFF,
		0xE8, 0xCB, 0x3B, 0xF9, 0xFF,
		0xE8, 0xEE, 0x3B, 0xF9, 0xFF,
		0xE8, 0x11, 0x3C, 0xF9, 0xFF,
		0xE8, 0x34, 0x3C, 0xF9, 0xFF,
		0xE8, 0x57, 0x3C, 0xF9, 0xFF,
		0xE8, 0x7A, 0x3C, 0xF9, 0xFF,
		0xE8, 0x9D, 0x3C, 0xF9, 0xFF,
	};
	WriteProcessMemory(pInfo->hProcess, (LPVOID)0x004C6774, &CALLS, sizeof(CALLS), NULL);
	FillWithNops(pInfo->hProcess, 0x004C679C, 52);

	#pragma endregion
	return EXIT_SUCCESS;
}
void FillWithNops(HANDLE hwnd, UINT baseaddr, int count) {
	BYTE NOP = 0x90;
	for(int i = 0; i < count; i++) {
		WriteProcessMemory(hwnd, (LPVOID)(baseaddr + i), &NOP, 1, NULL);
	}
}

You have to nop those checks inside each unequip function ,_, (one function per item, stupid TQ could have just taken the slot id as param, lol) I suppose it checks whether it was a custom call or actually a game call.

Anyways there's the code for it xD

Migz1134 · 03/01/2009, 03:42

Good **** mr Uzane +K

eldiablo · 03/01/2009, 08:42

thank you μZane

+1

mohamed2085 · 03/01/2009, 08:56

Wtf...FailedTo start

_fobos_ · 03/01/2009, 16:18

Quote:

Originally Posted by μZane

Well for the unequip I just replaced the existing command "srcshot" or whatever it was with "unequip"

Code:

#include "stdafx.h"
#include <windows.h>
#include <iostream>

#pragma comment(lib, "User32.lib")


using namespace std;

void FillWithNops(HANDLE hwnd, UINT baseaddrs, int count);

int main(int argc, char* args) {
	
	STARTUPINFO* sInfo = new STARTUPINFO();
	PROCESS_INFORMATION* pInfo = new PROCESS_INFORMATION();

	HMODULE hInstance = GetModuleHandle(NULL);
	if(CreateProcess(L"Conquer.exe", NULL, NULL, NULL, FALSE, NORMAL_PRIORITY_CLASS, NULL, NULL, sInfo, pInfo) == 0) {
		MessageBoxA(NULL, "Conquer.exe was not found, are you sure loader is in right folder?", "[Conquer Loader]", 0);
		return 0;
	}
	WaitForInputIdle(pInfo->hProcess, 0);

	//
	BYTE DirectRun[] = { 0xEB, 0x41 };
	WriteProcessMemory(pInfo->hProcess, (LPVOID)0x00482B80, &DirectRun, sizeof(DirectRun), NULL); 

	BYTE DisableScanner[] = 
	{ 
		0x90, 0x90, 0x90, 0x90, 0x90,
		0x90, 0x90, 0x90, 0x90, 0x90,
		0x90, 0x90, 0x90, 0x90, 0x90,
		0x90, 0x90
	};

	//
	WriteProcessMemory(pInfo->hProcess, (LPVOID)0x00482AE5, &DisableScanner, sizeof(DisableScanner), NULL);
    //
	BYTE DisablePopup[] = { 0x90, 0x90, 0x90, 0x90, 0x90, 0x90 };
	WriteProcessMemory(pInfo->hProcess, (LPVOID)0x00495C4F, &DisablePopup, sizeof(DisablePopup), NULL);
	WriteProcessMemory(pInfo->hProcess, (LPVOID)0x00495701, &DisablePopup, sizeof(DisablePopup), NULL);

	//
	BYTE HighJump[] = { 0xEB, 0x1E };
	WriteProcessMemory(pInfo->hProcess, (LPVOID)0x004C63FD, &HighJump, sizeof(HighJump), NULL);

	//
	BYTE Multiclient[] = { 0x6A, 0x7F };
	WriteProcessMemory(pInfo->hProcess, (LPVOID)0x00484927, &Multiclient, sizeof(Multiclient), NULL);

	//
	BYTE EnableCommands[] = { 0xEB, 0x17 };
	WriteProcessMemory(pInfo->hProcess, (LPVOID)0x004C66FF, &EnableCommands, sizeof(EnableCommands), NULL);

	#pragma region /unequip

	BYTE DisableChecks[] = { 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90 };
	WriteProcessMemory(pInfo->hProcess, (LPVOID)0x0045A323, &DisableChecks, sizeof(DisableChecks), NULL);
	WriteProcessMemory(pInfo->hProcess, (LPVOID)0x0045A34B, &DisableChecks, sizeof(DisableChecks), NULL);
	WriteProcessMemory(pInfo->hProcess, (LPVOID)0x0045A373, &DisableChecks, sizeof(DisableChecks), NULL);
	WriteProcessMemory(pInfo->hProcess, (LPVOID)0x0045A39B, &DisableChecks, sizeof(DisableChecks), NULL);
	WriteProcessMemory(pInfo->hProcess, (LPVOID)0x0045A3C3, &DisableChecks, sizeof(DisableChecks), NULL);
	WriteProcessMemory(pInfo->hProcess, (LPVOID)0x0045A3EB, &DisableChecks, sizeof(DisableChecks), NULL);
	WriteProcessMemory(pInfo->hProcess, (LPVOID)0x0045A413, &DisableChecks, sizeof(DisableChecks), NULL);
	WriteProcessMemory(pInfo->hProcess, (LPVOID)0x0045A43B, &DisableChecks, sizeof(DisableChecks), NULL);

	BYTE Command[] = { 0x75, 0x6E, 0x65, 0x71, 0x75, 0x69, 0x70 };
	WriteProcessMemory(pInfo->hProcess, (LPVOID)0x005CB424, &Command, sizeof(Command), NULL);

	BYTE DisableLeftHand[] = { 0xEB, 0x1B };
	WriteProcessMemory(pInfo->hProcess, (LPVOID)0x004D43EF, &DisableLeftHand, sizeof(DisableLeftHand), NULL);

	BYTE CALLS[] =
	{
		0xE8, 0xA8, 0x3B, 0xF9, 0xFF,
		0xE8, 0xCB, 0x3B, 0xF9, 0xFF,
		0xE8, 0xEE, 0x3B, 0xF9, 0xFF,
		0xE8, 0x11, 0x3C, 0xF9, 0xFF,
		0xE8, 0x34, 0x3C, 0xF9, 0xFF,
		0xE8, 0x57, 0x3C, 0xF9, 0xFF,
		0xE8, 0x7A, 0x3C, 0xF9, 0xFF,
		0xE8, 0x9D, 0x3C, 0xF9, 0xFF,
	};
	WriteProcessMemory(pInfo->hProcess, (LPVOID)0x004C6774, &CALLS, sizeof(CALLS), NULL);
	FillWithNops(pInfo->hProcess, 0x004C679C, 52);

	#pragma endregion
	return EXIT_SUCCESS;
}
void FillWithNops(HANDLE hwnd, UINT baseaddr, int count) {
	BYTE NOP = 0x90;
	for(int i = 0; i < count; i++) {
		WriteProcessMemory(hwnd, (LPVOID)(baseaddr + i), &NOP, 1, NULL);
	}
}

You have to nop those checks inside each unequip function ,_, (one function per item, stupid TQ could have just taken the slot id as param, lol) I suppose it checks whether it was a custom call or actually a game call.

Anyways there's the code for it xD

Oops forgot to respond, I havnt checked in olly but I bet youre calling the xor.

Also I know u gotto nop the jne's i believe xD
my loader/multi had it on pathfind button to unequip all.
1 of my first versions had it on "/red".
Eitherway wasnt worth updating every time.
BTW, if you really continue this i would declare variables for the addresses on top somewhere so you wont have to look everytime what addresses to update, just cleaner.

Oh and on a side note, get rid of the nops in disabling the anti trojan crap:

Code:

00482AE5             /EB 0F                JMP SHORT Conquer.00482AF6

simple jump patch

same goes for for the popups all those nops can easily be replaced by 1 jump patch

Code:

00495618             /E9 EA000000          JMP Conquer.00495707
00495B66             /E9 EA000000          JMP Conquer.00495C55

kungfufailure · 01/24/2011, 23:37

It says run Play.exe when i try too start it. So i do so and nuthin happens >.>

demodogs · 01/27/2011, 12:44

SAME AS HIM ^^^^^ PLZ HELP

demodogs · 01/27/2011, 12:44

Quote:

Originally Posted by kungfufailure

It says run Play.exe when i try too start it. So i do so and nuthin happens >.>

SAME =.="