OllyDBG & CO

Smooth143 · 02/04/2010, 14:04

Quote:

smooth, im a complete noob at olly, can u tell me step by step how to remove please login later, cant seem to find how to JMP the code...

we'll see.

nesma_jolyet · 02/04/2010, 17:00

Quote:

Originally Posted by Smooth143

we'll see.

Can You Explain how to remove PopUp i cant't undersand you i still Olly nop

killermanx0 · 02/04/2010, 19:18

i'll post the recent up to date changes here. the ones that i just remember very well.

with special thanks to Thrash and smooth for the recent changes

Walkthrough:

Start Olly dbg and open the "conquer.exe" from your conquer 2.0 folder.
__________________________________________________ ____________________________________
1) Multiclient

1, Rightclick and choose "search for" - "all intermodular calls"
2, Type OpenMutexA and doubleclick the highlighted line.
3, Change the first JE you see to JMP.

Code:

0051FD77  |. FF15 6C316A00  |CALL DWORD PTR DS:[<&KERNEL32.OpenMutex>; \OpenMutexA
0051FD7D  |. 3BC3           |CMP EAX,EBX
0051FD7F     74 0B          JE SHORT Conquer.0051FD8C
0051FD81  |. 50             |PUSH EAX                                ; /hObject
0051FD82  |. FF15 DC306A00  |CALL DWORD PTR DS:[<&KERNEL32.CloseHand>; \CloseHandle

__________________________________________________ ____________________________________
2) No anti trojan scanner

1, Rightclick and choose "search for" - "all referenced text strings"
2, Rightclick and choose "search for text"
3, Type "ZFTqat" and have both the lil boxes enabled and then click ok
4, Double click the highlighted line.
5, scroll a bit down till you see "ShellExecuteA"
6, highlight the ShellExecuteA to the IsShown5 and Nop them.

Code:

004F7B1B     6A 05          PUSH 5                                   ; /IsShown = 5
004F7B1D     6A 00          PUSH 0                                   ; |DefDir = NULL
004F7B1F     6A 00          PUSH 0                                   ; |Parameters = NULL
004F7B21     8D85 E0FBFFFF  LEA EAX,DWORD PTR SS:[EBP-420]           ; |
004F7B27     50             PUSH EAX                                 ; |FileName
004F7B28     68 A81A7300    PUSH Conquer.00731AA8                    ; |Operation = "open"
004F7B2D     6A 00          PUSH 0                                   ; |hWnd = NULL
004F7B2F     FF15 08386A00  CALL DWORD PTR DS:[<&SHELL32.ShellExecut>; \ShellExecuteA

__________________________________________________ ____________________________________
3) Remove Signout Pop-up

1, Rightclick and choose "search for" - "all referenced text strings"
2, Rightclick and choose "search for text"
3, Type "co.91.com"and click ok.
4, double click the highlighted line.
5, select the ShellExecuteA and Nop it.
6, Rightclick and choose "search for" - "all referenced text strings"
7, Rightclick and choose "search next"
8, double click the highlighted line.
9, select the ShellExecuteA and Nop it.

(1)

Code:

00520284   > 68 486F7300    PUSH Conquer.00736F48                    ;  ASCII "http://co.91.com/signout/"
005203E1     FF15 08386A00  CALL DWORD PTR DS:[<&SHELL32.ShellExecut>; \ShellExecuteA

(2)

Code:

00520284   > 68 486F7300    PUSH Conquer.00736F48                    ;  ASCII "http://co.91.com/signout/"
005203E1     FF15 08386A00  CALL DWORD PTR DS:[<&SHELL32.ShellExecut>; \ShellExecuteA

__________________________________________________ ____________________________________
4) Enable PM commands

1, Rightclick and choose "search for" - "all referenced text strings"
2, Rightclick and choose "search for text"
3, Type "[PM]" and click ok.
4, double click the highlighted line.
5, select the MOV CL, Byte PTR DS: [EAX] till JNZ Short and Nop them.

Code:

005606BE     8A08           /MOV CL,BYTE PTR DS:[EAX]
005606C0     3A0C07         |CMP CL,BYTE PTR DS:[EDI+EAX]
005606C3     0F85 A3090000  |JNZ Conquer.0056106C
005606C9     40             |INC EAX
005606CA     3BC6           |CMP EAX,ESI
005606CC    ^75 F0          \JNZ SHORT Conquer.005606BE

__________________________________________________ ____________________________________
5) Disable ChatTips

1, Rightclick and choose "search for" - "all referenced text strings"
2, Rightclick and choose "search for text"
3, Type "ChatTips" and press ok.
4, double click the highlighted line.
5, select the "r" till fopen and Nop them.

Code:

005FEE4C  |. BE 0CED6B00    MOV ESI,Conquer.006BED0C                 ;  ASCII "ini/ChatTips.ini"
005FEE51     68 145B7300    PUSH Conquer.00735B14                    ; /mode = "r"
005FEE56     56             PUSH ESI                                 ; |path => "ini/ChatTips.ini"
005FEE57     FF15 04366A00  CALL DWORD PTR DS:[<&MSVCRT.fopen>]      ; \fopen

__________________________________________________ ____________________________________
6) Remove the flashing taskbar.

1, Rightclick and choose "search for" - "all intermodular calls"
2, Type GetActiveWindow and click "Destination".
3, Try out the 3 GetActiveWindows till you see something that looks like the following:

Code:

0052F37E   > FF15 0C096E00  CALL DWORD PTR DS:[<&USER32.GetActiveWin>; [GetActiveWindow; Case 51C of switch 0052EB95
0052F384   . 50             PUSH EAX
0052F385   . E8 18141200    CALL <JMP.&MFC42.#2864>
0052F38A   . 85C0           TEST EAX,EAX
0052F38C     0F85 8D540000  JNZ Conquer.0053481F
0052F392     8B             DB 8B
0052F393     0D             DB 0D
0052F394     5CF57900       DD Conquer.0079F55C
0052F398     E8             DB E8
0052F399     6D             DB 6D                                    ;  CHAR 'm'
0052F39A     1E             DB 1E
0052F39B     ED             DB ED
0052F39C     FF             DB FF

4, JMP the JNZ.
__________________________________________________ ____________________________________
7) Remove "please log in later" message

1, Rightclick and choose "search for" - "all intermodular calls"
2, Type GetThickCount and Click destination.
3, double click the GetThickCount with Call ESI before it.
3, JMP the JBE above the highlighted line.

Code:

004642CD     76 21          JBE SHORT Conquer.004642F0
004642CF  |. FFD6           CALL ESI                                 ; [GetTickCount

__________________________________________________ ____________________________________
8) Removing AFK effects.

1, Rightclick and choose "search for" - "all referenced text strings"
2, Rightclick and choose "search for text"
3, Type AUTO_REPLY and press ok.
4, doubleclick the highlighted line.
5, scroll a bit down change the first JB you see to JMP.

Code:

0056391E  |. E8 52360B00    CALL <JMP.&WINMM.timeGetTime>
00563923  |. 2B86 640C0000  SUB EAX,DWORD PTR DS:[ESI+C64]
00563929  |. 3B05 40DE7400  CMP EAX,DWORD PTR DS:[74DE40]
0056392F     72 23          JB SHORT Conquer.00563954
00563931  |. 6A 01          PUSH 1
00563933  |. 8BCE           MOV ECX,ESI
00563935  |. E8 75030100    CALL Conquer.00573CAF
0056393A  |. 6A 01          PUSH 1
0056393C  |. 8BCE           MOV ECX,ESI
0056393E  |. E8 22000000    CALL Conquer.00563965
00563943  |. 8BCE           MOV ECX,ESI
00563945  |. E8 5B650000    CALL Conquer.00569EA5
0056394A  |. 50             PUSH EAX                                 ; /Arg2
0056394B  |. 6A 01          PUSH 1                                   ; |Arg1 = 00000001
0056394D  |. 8BCE           MOV ECX,ESI                              ; |
0056394F  |. E8 96BE0100    CALL Conquer.0057F7EA                    ; \Conquer.0057F7EA

__________________________________________________ ____________________________________
9) Changing the FPS.

1, Rightclick and choose "search for" - "all intermodular calls"
2, Type sleep and doubleclick the highlighted line.
3, change the following Nr 19's to a lower number:

Code:

004F7F7D   . 8D51 19        LEA EDX,DWORD PTR DS:[ECX+19]
004F7F80   . 3BC2           CMP EAX,EDX
004F7F82   . 73 0E          JNB SHORT Conquer.004F7F92
004F7F84   . 2BC8           SUB ECX,EAX
004F7F86   . 83C1 19        ADD ECX,19

________________________________________________

l3ofr4nz · 02/04/2010, 20:09

hey killermanx0, when i click OpenMutexA i get this

JE SHORT Conquer.00540ACF [JE SHORT 00540ACF].

not same value as urs in the guide, thus, i wasnt able to make a multi

Maffiagang · 02/04/2010, 20:09

Quote:
Originally Posted by killermanx0
i'll post the recent up to date changes here. the ones that i just remember very well.

with special thanks to Thrash and smooth for the recent changes

Walkthrough:

Start Olly dbg and open the "conquer.exe" from your conquer 2.0 folder.
__________________________________________________ ____________________________________
1) Multiclient

1, Rightclick and choose "search for" - "all intermodular calls"
2, Type OpenMutexA and doubleclick the highlighted line.
3, Change the first JE you see to JMP.
Code:
0051FD77  |. FF15 6C316A00  |CALL DWORD PTR DS:[<&KERNEL32.OpenMutex>; \OpenMutexA
0051FD7D  |. 3BC3           |CMP EAX,EBX
0051FD7F     74 0B          JE SHORT Conquer.0051FD8C
0051FD81  |. 50             |PUSH EAX                                ; /hObject
0051FD82  |. FF15 DC306A00  |CALL DWORD PTR DS:[<&KERNEL32.CloseHand>; \CloseHandle
__________________________________________________ ____________________________________
2) No anti trojan scanner

1, Rightclick and choose "search for" - "all referenced text strings"
2, Rightclick and choose "search for text"
3, Type "ZFTqat" and have both the lil boxes enabled and then click ok
4, Double click the highlighted line.
5, scroll a bit down till you see "ShellExecuteA"
6, highlight the ShellExecuteA to the IsShown5 and Nop them.
Code:
004F7B1B     6A 05          PUSH 5                                   ; /IsShown = 5
004F7B1D     6A 00          PUSH 0                                   ; |DefDir = NULL
004F7B1F     6A 00          PUSH 0                                   ; |Parameters = NULL
004F7B21     8D85 E0FBFFFF  LEA EAX,DWORD PTR SS:[EBP-420]           ; |
004F7B27     50             PUSH EAX                                 ; |FileName
004F7B28     68 A81A7300    PUSH Conquer.00731AA8                    ; |Operation = "open"
004F7B2D     6A 00          PUSH 0                                   ; |hWnd = NULL
004F7B2F     FF15 08386A00  CALL DWORD PTR DS:[<&SHELL32.ShellExecut>; \ShellExecuteA
__________________________________________________ ____________________________________
3) Remove Signout Pop-up

1, Rightclick and choose "search for" - "all referenced text strings"
2, Rightclick and choose "search for text"
3, Type "co.91.com"and click ok.
4, double click the highlighted line.
5, select the ShellExecuteA and Nop it.
6, Rightclick and choose "search for" - "all referenced text strings"
7, Rightclick and choose "search next"
8, double click the highlighted line.
9, select the ShellExecuteA and Nop it.

(1)
Code:
00520284   > 68 486F7300    PUSH Conquer.00736F48                    ;  ASCII "http://co.91.com/signout/"
005203E1     FF15 08386A00  CALL DWORD PTR DS:[<&SHELL32.ShellExecut>; \ShellExecuteA
(2)
Code:
00520284   > 68 486F7300    PUSH Conquer.00736F48                    ;  ASCII "http://co.91.com/signout/"
005203E1     FF15 08386A00  CALL DWORD PTR DS:[<&SHELL32.ShellExecut>; \ShellExecuteA
__________________________________________________ ____________________________________
4) Enable PM commands

1, Rightclick and choose "search for" - "all referenced text strings"
2, Rightclick and choose "search for text"
3, Type "[PM]" and click ok.
4, double click the highlighted line.
5, select the MOV CL, Byte PTR DS: [EAX] till JNZ Short and Nop them.
Code:
005606BE     8A08           /MOV CL,BYTE PTR DS:[EAX]
005606C0     3A0C07         |CMP CL,BYTE PTR DS:[EDI+EAX]
005606C3     0F85 A3090000  |JNZ Conquer.0056106C
005606C9     40             |INC EAX
005606CA     3BC6           |CMP EAX,ESI
005606CC    ^75 F0          \JNZ SHORT Conquer.005606BE
__________________________________________________ ____________________________________
5) Disable ChatTips

1, Rightclick and choose "search for" - "all referenced text strings"
2, Rightclick and choose "search for text"
3, Type "ChatTips" and press ok.
4, double click the highlighted line.
5, select the "r" till fopen and Nop them.
Code:
005FEE4C  |. BE 0CED6B00    MOV ESI,Conquer.006BED0C                 ;  ASCII "ini/ChatTips.ini"
005FEE51     68 145B7300    PUSH Conquer.00735B14                    ; /mode = "r"
005FEE56     56             PUSH ESI                                 ; |path => "ini/ChatTips.ini"
005FEE57     FF15 04366A00  CALL DWORD PTR DS:[<&MSVCRT.fopen>]      ; \fopen
__________________________________________________ ____________________________________
6) Remove the flashing taskbar.

1, Rightclick and choose "search for" - "all intermodular calls"
2, Type GetActiveWindow and click "Destination".
3, Try out the 3 GetActiveWindows till you see something that looks like the following:
Code:
0052F37E   > FF15 0C096E00  CALL DWORD PTR DS:[<&USER32.GetActiveWin>; [GetActiveWindow; Case 51C of switch 0052EB95
0052F384   . 50             PUSH EAX
0052F385   . E8 18141200    CALL <JMP.&MFC42.#2864>
0052F38A   . 85C0           TEST EAX,EAX
0052F38C     0F85 8D540000  JNZ Conquer.0053481F
0052F392     8B             DB 8B
0052F393     0D             DB 0D
0052F394     5CF57900       DD Conquer.0079F55C
0052F398     E8             DB E8
0052F399     6D             DB 6D                                    ;  CHAR 'm'
0052F39A     1E             DB 1E
0052F39B     ED             DB ED
0052F39C     FF             DB FF
4, JMP the JNZ.
__________________________________________________ ____________________________________
7) Remove "please log in later" message

1, Rightclick and choose "search for" - "all intermodular calls"
2, Type GetThickCount and Click destination.
3, double click the GetThickCount with Call ESI before it.
3, JMP the JBE above the highlighted line.
Code:
004642CD     76 21          JBE SHORT Conquer.004642F0
004642CF  |. FFD6           CALL ESI                                 ; [GetTickCount
__________________________________________________ ____________________________________
8) Removing AFK effects.

1, Rightclick and choose "search for" - "all referenced text strings"
2, Rightclick and choose "search for text"
3, Type AUTO_REPLY and press ok.
4, doubleclick the highlighted line.
5, scroll a bit down change the first JB you see to JMP.
Code:
0056391E  |. E8 52360B00    CALL <JMP.&WINMM.timeGetTime>
00563923  |. 2B86 640C0000  SUB EAX,DWORD PTR DS:[ESI+C64]
00563929  |. 3B05 40DE7400  CMP EAX,DWORD PTR DS:[74DE40]
0056392F     72 23          JB SHORT Conquer.00563954
00563931  |. 6A 01          PUSH 1
00563933  |. 8BCE           MOV ECX,ESI
00563935  |. E8 75030100    CALL Conquer.00573CAF
0056393A  |. 6A 01          PUSH 1
0056393C  |. 8BCE           MOV ECX,ESI
0056393E  |. E8 22000000    CALL Conquer.00563965
00563943  |. 8BCE           MOV ECX,ESI
00563945  |. E8 5B650000    CALL Conquer.00569EA5
0056394A  |. 50             PUSH EAX                                 ; /Arg2
0056394B  |. 6A 01          PUSH 1                                   ; |Arg1 = 00000001
0056394D  |. 8BCE           MOV ECX,ESI                              ; |
0056394F  |. E8 96BE0100    CALL Conquer.0057F7EA                    ; \Conquer.0057F7EA
__________________________________________________ ____________________________________
9) Changing the FPS.

1, Rightclick and choose "search for" - "all intermodular calls"
2, Type sleep and doubleclick the highlighted line.
3, change the following Nr 19's to a lower number:
Code:
004F7F7D   . 8D51 19        LEA EDX,DWORD PTR DS:[ECX+19]
004F7F80   . 3BC2           CMP EAX,EDX
004F7F82   . 73 0E          JNB SHORT Conquer.004F7F92
004F7F84   . 2BC8           SUB ECX,EAX
004F7F86   . 83C1 19        ADD ECX,19
________________________________________________

awesome, thank you so much, gonna try it out right away

gvd-klotezooi · 02/04/2010, 23:52

Why you post the remove virus scanner. While it ain't even running anymore. Since 5212 that thing isn't working i thought.

killermanx0 · 02/05/2010, 02:26

Quote:

Originally Posted by gvd-klotezooi

Why you post the remove virus scanner. While it ain't even running anymore. Since 5212 that thing isn't working i thought.

i was just bored and put it in. dont mind it ^^

Quote:

hey killermanx0, when i click OpenMutexA i get this

JE SHORT Conquer.00540ACF [JE SHORT 00540ACF].

not same value as urs in the guide, thus, i wasnt able to make a multi

these value's are from previous patch. dont look at these value's but at what u need to change. they keep changing every patch you know. (every patch that contains a .exe file ^^)

Maffiagang · 02/05/2010, 02:35

Dude your the best, i followed the walkthrough, and it works PERFECT!!!

One thing i would like to know, is how to remove the background clicks and add walljump?

if u know this too, u will make me sooooo happy

!!!!

l3ofr4nz · 02/05/2010, 06:24

Quote:

Originally Posted by killermanx0

i was just bored and put it in. dont mind it ^^

these value's are from previous patch. dont look at these value's but at what u need to change. they keep changing every patch you know. (every patch that contains a .exe file ^^)

i tried, and didnt work. it says "please run play.exe file". i tried using autopatch.exe to run directly,i went tru but no multiclient.

l3ofr4nz · 02/05/2010, 06:42

the error was gone this time,but no multiclient. the step to make multi is new right? applicable to new conquer.exe?

need help badly lol cant proceed to step2, i need to get multi w/ date&time to get working first.

killermanx0 · 02/05/2010, 13:58

Quote:

Originally Posted by Maffiagang

Dude your the best, i followed the walkthrough, and it works PERFECT!!!

One thing i would like to know, is how to remove the background clicks and add walljump?

if u know this too, u will make me sooooo happy !!!!

i dunno about the remove background checks.

but for the walljump look at the post of Trash. i know where to look but cant find any good label for it so u need to find the exact code he shows there. maybe in next patch there will be a easy searcheable label for it.

Smooth143 · 02/05/2010, 14:57

Quote:

add walljump?

i made a wall jump guide its at page 43. post #429.

try the search button sometimes

nesma_jolyet · 02/05/2010, 22:35

Quote:
Originally Posted by killermanx0
i'll post the recent up to date changes here. the ones that i just remember very well.

with special thanks to Thrash and smooth for the recent changes

Walkthrough:

Start Olly dbg and open the "conquer.exe" from your conquer 2.0 folder.
__________________________________________________ ____________________________________
1) Multiclient

1, Rightclick and choose "search for" - "all intermodular calls"
2, Type OpenMutexA and doubleclick the highlighted line.
3, Change the first JE you see to JMP.
Code:
0051FD77  |. FF15 6C316A00  |CALL DWORD PTR DS:[<&KERNEL32.OpenMutex>; \OpenMutexA
0051FD7D  |. 3BC3           |CMP EAX,EBX
0051FD7F     74 0B          JE SHORT Conquer.0051FD8C
0051FD81  |. 50             |PUSH EAX                                ; /hObject
0051FD82  |. FF15 DC306A00  |CALL DWORD PTR DS:[<&KERNEL32.CloseHand>; \CloseHandle
__________________________________________________ ____________________________________
2) No anti trojan scanner

1, Rightclick and choose "search for" - "all referenced text strings"
2, Rightclick and choose "search for text"
3, Type "ZFTqat" and have both the lil boxes enabled and then click ok
4, Double click the highlighted line.
5, scroll a bit down till you see "ShellExecuteA"
6, highlight the ShellExecuteA to the IsShown5 and Nop them.
Code:
004F7B1B     6A 05          PUSH 5                                   ; /IsShown = 5
004F7B1D     6A 00          PUSH 0                                   ; |DefDir = NULL
004F7B1F     6A 00          PUSH 0                                   ; |Parameters = NULL
004F7B21     8D85 E0FBFFFF  LEA EAX,DWORD PTR SS:[EBP-420]           ; |
004F7B27     50             PUSH EAX                                 ; |FileName
004F7B28     68 A81A7300    PUSH Conquer.00731AA8                    ; |Operation = "open"
004F7B2D     6A 00          PUSH 0                                   ; |hWnd = NULL
004F7B2F     FF15 08386A00  CALL DWORD PTR DS:[<&SHELL32.ShellExecut>; \ShellExecuteA
__________________________________________________ ____________________________________
3) Remove Signout Pop-up

1, Rightclick and choose "search for" - "all referenced text strings"
2, Rightclick and choose "search for text"
3, Type "co.91.com"and click ok.
4, double click the highlighted line.
5, select the ShellExecuteA and Nop it.
6, Rightclick and choose "search for" - "all referenced text strings"
7, Rightclick and choose "search next"
8, double click the highlighted line.
9, select the ShellExecuteA and Nop it.

(1)
Code:
00520284   > 68 486F7300    PUSH Conquer.00736F48                    ;  ASCII "http://co.91.com/signout/"
005203E1     FF15 08386A00  CALL DWORD PTR DS:[<&SHELL32.ShellExecut>; \ShellExecuteA
(2)
Code:
00520284   > 68 486F7300    PUSH Conquer.00736F48                    ;  ASCII "http://co.91.com/signout/"
005203E1     FF15 08386A00  CALL DWORD PTR DS:[<&SHELL32.ShellExecut>; \ShellExecuteA
__________________________________________________ ____________________________________
4) Enable PM commands

1, Rightclick and choose "search for" - "all referenced text strings"
2, Rightclick and choose "search for text"
3, Type "[PM]" and click ok.
4, double click the highlighted line.
5, select the MOV CL, Byte PTR DS: [EAX] till JNZ Short and Nop them.
Code:
005606BE     8A08           /MOV CL,BYTE PTR DS:[EAX]
005606C0     3A0C07         |CMP CL,BYTE PTR DS:[EDI+EAX]
005606C3     0F85 A3090000  |JNZ Conquer.0056106C
005606C9     40             |INC EAX
005606CA     3BC6           |CMP EAX,ESI
005606CC    ^75 F0          \JNZ SHORT Conquer.005606BE
__________________________________________________ ____________________________________
5) Disable ChatTips

1, Rightclick and choose "search for" - "all referenced text strings"
2, Rightclick and choose "search for text"
3, Type "ChatTips" and press ok.
4, double click the highlighted line.
5, select the "r" till fopen and Nop them.
Code:
005FEE4C  |. BE 0CED6B00    MOV ESI,Conquer.006BED0C                 ;  ASCII "ini/ChatTips.ini"
005FEE51     68 145B7300    PUSH Conquer.00735B14                    ; /mode = "r"
005FEE56     56             PUSH ESI                                 ; |path => "ini/ChatTips.ini"
005FEE57     FF15 04366A00  CALL DWORD PTR DS:[<&MSVCRT.fopen>]      ; \fopen
__________________________________________________ ____________________________________
6) Remove the flashing taskbar.

1, Rightclick and choose "search for" - "all intermodular calls"
2, Type GetActiveWindow and click "Destination".
3, Try out the 3 GetActiveWindows till you see something that looks like the following:
Code:
0052F37E   > FF15 0C096E00  CALL DWORD PTR DS:[<&USER32.GetActiveWin>; [GetActiveWindow; Case 51C of switch 0052EB95
0052F384   . 50             PUSH EAX
0052F385   . E8 18141200    CALL <JMP.&MFC42.#2864>
0052F38A   . 85C0           TEST EAX,EAX
0052F38C     0F85 8D540000  JNZ Conquer.0053481F
0052F392     8B             DB 8B
0052F393     0D             DB 0D
0052F394     5CF57900       DD Conquer.0079F55C
0052F398     E8             DB E8
0052F399     6D             DB 6D                                    ;  CHAR 'm'
0052F39A     1E             DB 1E
0052F39B     ED             DB ED
0052F39C     FF             DB FF
4, JMP the JNZ.
__________________________________________________ ____________________________________
7) Remove "please log in later" message

1, Rightclick and choose "search for" - "all intermodular calls"
2, Type GetThickCount and Click destination.
3, double click the GetThickCount with Call ESI before it.
3, JMP the JBE above the highlighted line.
Code:
004642CD     76 21          JBE SHORT Conquer.004642F0
004642CF  |. FFD6           CALL ESI                                 ; [GetTickCount
__________________________________________________ ____________________________________
8) Removing AFK effects.

1, Rightclick and choose "search for" - "all referenced text strings"
2, Rightclick and choose "search for text"
3, Type AUTO_REPLY and press ok.
4, doubleclick the highlighted line.
5, scroll a bit down change the first JB you see to JMP.
Code:
0056391E  |. E8 52360B00    CALL <JMP.&WINMM.timeGetTime>
00563923  |. 2B86 640C0000  SUB EAX,DWORD PTR DS:[ESI+C64]
00563929  |. 3B05 40DE7400  CMP EAX,DWORD PTR DS:[74DE40]
0056392F     72 23          JB SHORT Conquer.00563954
00563931  |. 6A 01          PUSH 1
00563933  |. 8BCE           MOV ECX,ESI
00563935  |. E8 75030100    CALL Conquer.00573CAF
0056393A  |. 6A 01          PUSH 1
0056393C  |. 8BCE           MOV ECX,ESI
0056393E  |. E8 22000000    CALL Conquer.00563965
00563943  |. 8BCE           MOV ECX,ESI
00563945  |. E8 5B650000    CALL Conquer.00569EA5
0056394A  |. 50             PUSH EAX                                 ; /Arg2
0056394B  |. 6A 01          PUSH 1                                   ; |Arg1 = 00000001
0056394D  |. 8BCE           MOV ECX,ESI                              ; |
0056394F  |. E8 96BE0100    CALL Conquer.0057F7EA                    ; \Conquer.0057F7EA
__________________________________________________ ____________________________________
9) Changing the FPS.

1, Rightclick and choose "search for" - "all intermodular calls"
2, Type sleep and doubleclick the highlighted line.
3, change the following Nr 19's to a lower number:
Code:
004F7F7D   . 8D51 19        LEA EDX,DWORD PTR DS:[ECX+19]
004F7F80   . 3BC2           CMP EAX,EDX
004F7F82   . 73 0E          JNB SHORT Conquer.004F7F92
004F7F84   . 2BC8           SUB ECX,EAX
004F7F86   . 83C1 19        ADD ECX,19
________________________________________________

Wow Great bro i was so happy to press Thanks

But i have problem when i try to make Step N 2.3.4.5 i find this ERROR
coz when i "search for" - "all referenced text strings" i couldn't find "ChatTips" or "[PM]" or "co.91.com" or "ZFTqat"

more pics
your guide still Nice one

SaM.ThE.MaN · 02/05/2010, 23:06

when i do this :
1, Rightclick and choose "search for" - "all intermodular calls"
2, Type OpenMutexA and doubleclick the highlighted line.
3, Change the first JE you see to JMP.
when i type intermodular calls where do i type open mutexa?

Warlax · 02/05/2010, 23:58

Quote:

Originally Posted by SaM.ThE.MaN

when i do this :
1, Rightclick and choose "search for" - "all intermodular calls"
2, Type OpenMutexA and doubleclick the highlighted line.
3, Change the first JE you see to JMP.
when i type intermodular calls where do i type open mutexa?

just start typing. i know it doesnt look like a searchable window but believe me it is :P