|
You last visited: Today at 21:58
Advertisement
Disconnect... How to??
Discussion on Disconnect... How to?? within the CO2 Programming forum part of the Conquer Online 2 category.
10/23/2008, 08:06
|
#1
|
elite*gold: 0 
Join Date: Feb 2006
Posts: 209
Received Thanks: 455
|
Disconnect... How to??
What does COTOBO and all other programs do when they disconnect the client... Do they write to a memory something or do they just block Conquer.exe access to internet. If it's memory based does anyone know what I need to write to which adress etc? Ty in advance.
|
|
|
|
10/23/2008, 08:58
|
#2
|
elite*gold: 0
Join Date: Jun 2006
Posts: 965
Received Thanks: 576
|
They most likely create a remote thread with the function to disconnect.
|
|
|
|
|
10/23/2008, 09:54
|
#3
|
elite*gold: 0
Join Date: Feb 2006
Posts: 550
Received Thanks: 82
|
Quote:
Originally Posted by high6
They most likely create a remote thread with the function to disconnect.
|
Then hes asking how do you create the function.
You can Disconnect by sending fake/bullshit packets. Conquer will kick you for that.
|
|
|
|
|
10/23/2008, 10:16
|
#4
|
elite*gold: 0
Join Date: Jan 2007
Posts: 177
Received Thanks: 57
|
Quote:
Originally Posted by ChingChong23
Then hes asking how do you create the function.
You can Disconnect by sending fake/bullshit packets. Conquer will kick you for that.
|
or you could log the /dc packet from the pm commands and send that...
|
|
|
|
|
10/23/2008, 11:28
|
#5
|
elite*gold: 0
Join Date: Feb 2006
Posts: 550
Received Thanks: 82
|
Quote:
Originally Posted by DarkMessiah
or you could log the /dc packet from the pm commands and send that...
|
and to send the correct packet youd need to decrypt them first which this threadstarter won't be able to do, if he didnt understand how you could dc your self.
|
|
|
|
|
10/23/2008, 15:17
|
#6
|
elite*gold: 20
Join Date: Aug 2005
Posts: 1,734
Received Thanks: 1,001
|
Correct command is /break and it doesn't use packets, what it does (as far as I know) is that it 'selects' the socket that is connected to server and then just closes it. (That's why you can /break on private servers too even tho there are no packets related to it.)
|
|
|
|
|
10/23/2008, 16:13
|
#7
|
elite*gold: 0
Join Date: Jun 2006
Posts: 965
Received Thanks: 576
|
Quote:
Originally Posted by DarkMessiah
or you could log the /dc packet from the pm commands and send that...
|
Or if you don't want to make a proxy. You can create a remote thread pointed at that function.
|
|
|
|
|
10/24/2008, 08:21
|
#8
|
elite*gold: 0
Join Date: Feb 2006
Posts: 209
Received Thanks: 455
|
Thanks for all replies!
Although I have absolutely no idea how to send packets etc... Isn't there anything I can do with the memory etc?
Or perhaps someone know how to send the packet I need in autoit?
|
|
|
|
|
10/24/2008, 16:38
|
#9
|
elite*gold: 20
Join Date: Aug 2005
Posts: 1,734
Received Thanks: 1,001
|
Did you actually read my post? I already explained that it doesn't use packets. So the way how you would do is memory based.
|
|
|
|
|
10/24/2008, 16:56
|
#10
|
elite*gold: 0
Join Date: Feb 2006
Posts: 209
Received Thanks: 455
|
Quote:
Originally Posted by tanelipe
Did you actually read my post? I already explained that it doesn't use packets. So the way how you would do is memory based.
|
I'm sorry mr. pms. but how do I find that memory adress or that socket?
|
|
|
|
|
10/24/2008, 19:45
|
#11
|
elite*gold: 0
Join Date: Aug 2007
Posts: 295
Received Thanks: 89
|
Quote:
Originally Posted by Azothoras
I'm sorry mr. pms. but how do I find that memory adress or that socket?
|
OllyDBG > conquer.exe > right click > search for > all referenced text strings > Ctrl+f > "/break"
Gives you the address of the function you would need to call.
|
|
|
|
|
10/24/2008, 20:01
|
#12
|
elite*gold: 20
Join Date: Aug 2005
Posts: 1,734
Received Thanks: 1,001
|
Look how the '/break' command does it, this is part of the command parsing.
Code:
004AE3E8 |> \8D85 D4FEFFFF LEA EAX,[EBP-12C]
004AE3EE |. 68 C4E35600 PUSH OFFSET Conquer.0056E3C4 ; ASCII "break"
004AE3F3 |. 50 PUSH EAX
004AE3F4 |. FFD7 CALL EDI
004AE3F6 |. 59 POP ECX
004AE3F7 |. 85C0 TEST EAX,EAX
004AE3F9 |. 59 POP ECX
004AE3FA |. 75 0F JNE SHORT 004AE40B
004AE3FC |. B9 F0FB5700 MOV ECX,OFFSET Conquer.0057FBF0
004AE401 |. E8 8E3F0100 CALL 004C2394 ; [Conquer.004C2394
The last two lines are what you should be intrested in, since they 'handle' the dcing. Find a way to replicate/or execute that function and you have your disconnect tool.
|
|
|
|
|
10/24/2008, 23:51
|
#13
|
elite*gold: 0
Join Date: Jun 2006
Posts: 965
Received Thanks: 576
|
Here is an exampe in C#.
Code:
using System;
using System.Collections.Generic;
using System.Text;
using System.Runtime.InteropServices;
using System.Diagnostics;
namespace ExampleCreateRemoteThread
{
class Program
{
[DllImport("kernel32.dll")]
private static extern int CreateRemoteThread(int hProcess, int lpThreadAttributes, int dwStackSize, int lpStartAddress, int lpParameter, int dwCreationFlags, int lpThreadId);
[DllImport("kernel32.dll")]
private static extern int OpenProcess(int dwDesiredAccess, int bInheritHandle, int dwProcessId);
[DllImport("kernel32.dll")]
private static extern int CloseHandle(int hObject);
[DllImport("kernel32.dll")]
private static extern int ReadProcessMemory(int hProcess, int lpBaseAddress, byte[] lpBuffer, int nSize, int lpNumberOfBytesWritten);
[DllImport("kernel32.dll")]
private static extern int WriteProcessMemory(int hProcess, int lpBaseAddress, byte[] lpBuffer, int nSize, int lpNumberOfBytesWritten);
const int PROCESS_ALL_ACCESS = 0x1F0FFF;
const int CodeCave = 0x00530FF0;
/// <summary>
/// MOV ECX,57FBF0
/// </summary>
static byte[] Instruction1 = { 0xB9,0xF0,0xFB,0x57,0x00};
const int BreakCall = 0x004C2394;
#region ReadX
static int ReadInt(int handle, int addr)
{
byte[] buf = new byte[4];
ReadProcessMemory(handle, addr, buf, 4, 0);
return BitConverter.ToInt32(buf, 0);
}
static int ReadShort(int handle, int addr)
{
byte[] buf = new byte[2];
ReadProcessMemory(handle, addr, buf, 2, 0);
return BitConverter.ToInt16(buf, 0);
}
static byte ReadByte(int handle, int addr)
{
byte[] buf = new byte[1];
ReadProcessMemory(handle, addr, buf, 1, 0);
return buf[0];
}
static byte[] ReadBytes(int handle, int addr, int size)
{
byte[] buf = new byte[size];
ReadProcessMemory(handle, addr, buf, size, 0);
return buf;
}
#endregion
#region WriteX
static void WriteInt(int handle, int addr,int val)
{
WriteProcessMemory(handle, addr, BitConverter.GetBytes(val), 4, 0);
}
static void WriteShort(int handle, int addr, short val)
{
WriteProcessMemory(handle, addr, BitConverter.GetBytes(val), 2, 0);
}
static void WriteByte(int handle, int addr, byte val)
{
WriteProcessMemory(handle, addr, BitConverter.GetBytes(val), 1, 0);
}
static void WriteBytes(int handle, int addr, byte[] b)
{
WriteProcessMemory(handle, addr, b, b.Length, 0);
}
static void WriteCall(int handle, int addr, int call)
{
WriteByte(handle, addr, 0xE8);
WriteInt(handle, addr+1, call - addr - 5);
}
#endregion
static void Break(Process p)
{
Break(p.Id);
}
static void Break(int id)
{
int h = OpenProcess(PROCESS_ALL_ACCESS, 0, id); //OpenProcess
if (h == 0)
throw new Exception("Could not open process");
if (ReadByte(h, CodeCave) == 0) //If code is not there, write it.
{
WriteBytes(h, CodeCave, Instruction1); //Mov ecx,0x0057FBF0
WriteCall(h, CodeCave + 5, BreakCall); //Call 0x004C2394
WriteByte(h, CodeCave + 10, 0xC3); //Ret
}
CreateRemoteThread(h, 0, 0, CodeCave, 0, 0, 0); //Call function
CloseHandle(h); //CloseHandle
}
static void Main(string[] args)
{
Process[] procs = Process.GetProcessesByName("conquer");
if (procs.Length > 0)
{
Break(procs[0]);
}
}
}
}
|
|
|
|
|
10/26/2008, 19:38
|
#14
|
elite*gold: 0
Join Date: Apr 2006
Posts: 49
Received Thanks: 12
|
In short, here's how to do it if using C++
Code:
mov ecx, dword ptr ds:[0057FBF0]
call 004C2394
Not a hard peice of code, but implementing code is always the tricky part when it comes to ASM for me.
|
|
|
|
|
10/26/2008, 19:38
|
#15
|
elite*gold: 0
Join Date: Apr 2006
Posts: 49
Received Thanks: 12
|
In short, here's how to do in olly/asm.
Code:
mov ecx, dword ptr ds:[0057FBF0]
call 004C2394
Not a hard peice of code, but implementing code is always the tricky part when it comes to ASM for me.
|
|
|
|
 |
|
Similar Threads
|
[HELP]Disconnect
04/24/2009 - Dekaron Private Server - 1 Replies
hello, whern i try log in, it's say disconnected from the server....how can i fix?
msn: [email protected]
ty :D
|
[MH] Disconnect!
07/13/2008 - Metin2 - 4 Replies
Hi,
wollte nur mal fragen ob es normal ist das man andauernt Disconnected.
Denke es liegt wohl am Client und dessem CRC :x
Oder vllt am Packet spamming.
Hat sonst noch wer dieses prob? sonst muss ich den dingen auf den grund gehen :D
lame!
|
disconnect
07/25/2007 - Cabal Online - 7 Replies
ok well i have managed to stay logged on for longer than 2 hours without disconnect (probably even longer if i wouldnt have started experimenting)
and gameguard beeing deactivated
all i did was, standing somewhere quitely not doing anything at all and recording packets
i experimented with the speedhack changing it from 1 up to 200
it made no difference
(apart from one thing the rate packets were send out has increased // unproportional to the speed hack increase tho)
but i didnt get...
|
SV disconnect
05/15/2007 - Conquer Online 2 - 5 Replies
I read a topic about SV disconnecting at certain times, but I'm not sure if it applies to this situation. I was running SV with two characters, one is a trojan hunting and the other is a tao leveling in winezone. The tao account never shuts off even if she meets another player (but the player wasn't flashing blue), it simply disconnects. On the other hand when my trojan hunter meets another player who is black named or blue, her entire account gets closed and I have to restart conquer and...
|
Disconnect
09/08/2005 - Conquer Online 2 - 14 Replies
For example, when you dc with the jump bug (jumping side to side) you can log in instantly. Anyone wanna figure out what packets the game sends to the server and make a tool so i could dc myself and log back in almost instantly?
|
All times are GMT +1. The time now is 21:59.
|
|
