OllyDBG & CO

killermanx0 · 11/05/2009, 22:18

as far as i know the way too make a multiclient is changed. all the features are working except:

Multiclient ( being able too open 3 or more clients)
Walljump

i hope someone posts the new ways too make a mc+walljump soon.
i dont really bother too find it myself ^^ too busy with creating a personal hack.

ogieboy042 · 11/06/2009, 01:59

Quote:

Originally Posted by killermanx0

as far as i know the way too make a multiclient is changed. all the features are working except:

Multiclient ( being able too open 3 or more clients)
Walljump

i hope someone posts the new ways too make a mc+walljump soon.
i dont really bother too find it myself ^^ too busy with creating a personal hack.

could you update your multi client

hecavante · 11/06/2009, 05:38

i update mine

no wall jump tho ....

mrringo · 11/07/2009, 04:54

Quote:

Originally Posted by hecavante

i update mine
no wall jump tho ....

please explain to me how you did it. I am very interested in learning. If asked of me once taught I will keep it updated the hour of the new patch. Otherwise I will not take away from the threads that are still updated.

~~IAmHawtness~~ · 11/08/2009, 01:41

Removing the "Away temporarily" status (both client and server-sided)

This is how the function that checks if you're "afk" inside CO looks (patch 5180):

Code:

0054F91F  /$ 56             PUSH ESI
0054F920  |. 8BF1           MOV ESI,ECX
0054F922  |. 80BE 180C0000 >CMP BYTE PTR DS:[ESI+C18],0
0054F929  |. 8D86 180C0000  LEA EAX,DWORD PTR DS:[ESI+C18]
0054F92F  |. 75 0E          JNZ SHORT Conquer.0054F93F
0054F931  |. C600 01        MOV BYTE PTR DS:[EAX],1
0054F934  |. E8 65620A00    CALL <JMP.&WINMM.timeGetTime>
0054F939  |. 8986 1C0C0000  MOV DWORD PTR DS:[ESI+C1C],EAX
0054F93F  |> B9 A8CB7100    MOV ECX,Conquer.0071CBA8
0054F944  |. E8 4B450200    CALL Conquer.00573E94
0054F949  |. 3D 0F040000    CMP EAX,40F
0054F94E  |. 74 24          JE SHORT Conquer.0054F974
0054F950  |. 8BCE           MOV ECX,ESI
0054F952  |. E8 45490000    CALL Conquer.0055429C
0054F957  |. 84C0           TEST AL,AL
0054F959  |. 75 19          JNZ SHORT Conquer.0054F974
0054F95B  |. E8 87480000    CALL Conquer.005541E7
0054F960  |. 83B8 442F0000 >CMP DWORD PTR DS:[EAX+2F44],0
0054F967  |. 75 0B          JNZ SHORT Conquer.0054F974
0054F969  |. 8BCE           MOV ECX,ESI
0054F96B  |. E8 59660000    CALL Conquer.00555FC9
0054F970  |. 84C0           TEST AL,AL
0054F972  |. 74 07          JE SHORT Conquer.0054F97B
0054F974  |> 8BCE           MOV ECX,ESI
0054F976  |. E8 C4000000    CALL Conquer.0054FA3F
0054F97B  |> 8BCE           MOV ECX,ESI
0054F97D  |. E8 A6770700    CALL Conquer.005C7128
0054F982  |. 84C0           TEST AL,AL
0054F984  |. 75 36          JNZ SHORT Conquer.0054F9BC
[U][B][I]0054F986  |. E8 13620A00    CALL <JMP.&WINMM.timeGetTime>
0054F98B  |. 2B86 1C0C0000  SUB EAX,DWORD PTR DS:[ESI+C1C]
0054F991  |. 3B05 68E47100  CMP EAX,DWORD PTR DS:[71E468]
0054F997  |. 72 23          JB SHORT Conquer.0054F9BC[/I][/B][/U]
0054F999  |. 6A 01          PUSH 1
0054F99B  |. 8BCE           MOV ECX,ESI
0054F99D  |. E8 F4010100    CALL Conquer.0055FB96
0054F9A2  |. 6A 01          PUSH 1
0054F9A4  |. 8BCE           MOV ECX,ESI
0054F9A6  |. E8 22000000    CALL Conquer.0054F9CD
0054F9AB  |. 8BCE           MOV ECX,ESI
0054F9AD  |. E8 17660000    CALL Conquer.00555FC9
0054F9B2  |. 50             PUSH EAX                                 ; /Arg2
0054F9B3  |. 6A 01          PUSH 1                                   ; |Arg1 = 00000001
0054F9B5  |. 8BCE           MOV ECX,ESI                              ; |
0054F9B7  |. E8 72BA0100    CALL Conquer.0056B42E                    ; \Conquer.0056B42E
0054F9BC  |> 5E             POP ESI
0054F9BD  \. C3             RETN

See the part in bold?
This is where Conquer calls timeGetTime to find out how many milliseconds have passed since your computer started, and then it stores that value in the EAX register.
It then substracts that value with a variable ([ESI+C1C]) that keeps track of when you last moved your mouse around inside the CO window.
After that, the result is compared with a fixed value ([71E468]) which is 180000 milliseconds (3 minutes).

So basically it just checks to see if you've been inactive for more than 3 minutes, and if you have it will send a packet to the server telling it that you're afk.

There's lots of ways to bypass this, but here's a very simple and easy solution.
All you have to do is change this using ollydbg (or whatever you prefer):

Code:

0054F986  |. E8 13620A00    CALL <JMP.&WINMM.timeGetTime>
0054F98B  |. 2B86 1C0C0000  SUB EAX,DWORD PTR DS:[ESI+C1C]
0054F991  |. 3B05 68E47100  CMP EAX,DWORD PTR DS:[71E468]
0054F997  |. 72 23          [SIZE="4"][B]JB SHORT Conquer.0054F9BC[/B][/SIZE]

into this:

Code:

0054F986  |. E8 13620A00    CALL <JMP.&WINMM.timeGetTime>
0054F98B  |. 2B86 1C0C0000  SUB EAX,DWORD PTR DS:[ESI+C1C]
0054F991  |. 3B05 68E47100  CMP EAX,DWORD PTR DS:[71E468]
0054F997  |. 72 23          [SIZE="4"][B]JMP SHORT Conquer.0054F9BC[/B][/SIZE]

The JB instruction jumps to 0054F9BC if your inactivity is less than 3 minutes, so we change this into JMP so it will always jump to 0054F9BC no matter how many minutes you have been inactive, thus disabling the "Away temporarily" status.

Remember to save your changes by right-clicking -> "Copy to executable" -> "All modifications" -> "Copy all" -> right-click -> "Save file"

niko001 · 11/08/2009, 12:55

as do I put zoom with the mouse wheel?

hecavante · 11/09/2009, 05:07

new way to make multi client

Quote:

Originally Posted by reccaster

Oh for gods sake Open/CreateMutexA JE after the CMP to JMP that's all i'll say it's not that hard

credit goes to reccaster

hondaciviceg · 11/09/2009, 11:20

umm a little explanation please how to make 5180 multi?

nesma_jolyet · 11/10/2009, 18:36

why am try to search for "TQ_CONQUER" it say item not found

why i do all what u did and same problem

freakysam · 11/11/2009, 12:42

can someone pm me how to patch the conquer for multi only. I only use for tg and would like to know the newest way. I only want the ability to multi. I tried the patch posted here bu CO sees it somehow and just stops char from levling in tg after short time. I come home and my guys are just standing there......ahhhh

SpawnCO2 · 11/11/2009, 15:41

Thx alot! it works ! you should post ur modified conquer so the other les skilled persons could take it .... its a very nice job!! ... gratz agian

freakysam · 11/12/2009, 02:28

How to run conquer.exe directly. I am learning programing and would like to figure out how to make multi, but i cant get past the first error. any help would be appreciated

nesma_jolyet · 11/12/2009, 16:13

i can't find word to make multi client Lol so how i did all what u do

i wish u replay

Hiyoal · 11/13/2009, 12:30

Quote:

Originally Posted by IAmHawtness

Removing the "Away temporarily" status (both client and server-sided)

If you made this then fair enough, I will tell SmellyCanon to give you credit.
Otherwise if you got it off SmellyCanon could you please give credit.

Hiyoal

nihao4 · 11/13/2009, 12:36

Quote:

Originally Posted by Hiyoal

If you made this then fair enough, I will tell SmellyCanon to give you credit.
Otherwise if you got it off SmellyCanon could you please give credit.

Hiyoal

is it the same person,but with different ids on two different forums?