Client modifications for beginners

WhyNot555 · 09/14/2015, 14:19

Quote:

Originally Posted by gunite69

to those using gm commands. use /scale 180.

talk in whisper. if u press n talk they can hear you,

is there another way to prevent that?

I got the same results. IN pk mode at TC aiming down my clicker on someone i get huge lag. its a delayed lag doesnt happen often.

Secondly. I get lag at poting.... i basically lag when i hold down my pot key (whch is pretty bad haha)

thirdly, i dont notice too much of a difference when trying out that less lag in a fight. still testing and giving it a go So far thank you for the guide! It has been amazing.

EDIT: Anyone else getting fps problems? im using "10" as the number

I`m confused about removal of "please rest for a while" some times the ping stay or even get better some times gets higher so I will remove this part since no fixed result at least for me. About fps, at 10 ur fps should go only about 70-80 I think Idk what u mean by problems, fps problems is just related to ur PC. About PM commands Just use commands in whisper for no target or in team with no team just like you guys did.

Quote:

Originally Posted by shmuel12

i think code is changed cuz i don't found it

No

, there is no changes in the codes, follow the steps and don`t just search for addresses, As I said addresses isn`t constants otherwise I would have given addresses instead of all shit.

Quote:

Originally Posted by gunite69

hmmm trying to do a non dc client.. still possible ?

Code:

[Making Conquer.exe NON-DC]
0. Backup the Conquer.exe
1. Open Conquer in OllyDBG and let it analyze the code.

2. Find a code block that looks like this
Code:

004A6830  |. 8B10                       MOV EDX,DWORD PTR DS:[EAX]
004A6832  |. 6A 00                      PUSH 0
004A6834  |. 6A 00                      PUSH 0
004A6836  |. 68 0000FF00                PUSH 0FF0000
004A683B  |. 68 D5070000                PUSH 7D5
004A6840  |. 68 B7860100                PUSH 186B7
004A6845  |> 8BC8                       MOV ECX,EAX

3. Easiest way to find that is, find command (Ctrl + F) for that PUSH 186B7

4. Couple lines above that there should be codeblock that looks like this
Code:

004A67FD  |. 89BD ECFEFFFF              MOV DWORD PTR SS:[EBP-114],EDI
004A6803  |. 8985 F8FEFFFF              MOV DWORD PTR SS:[EBP-108],EAX
004A6809  |. 899D FCFEFFFF              MOV DWORD PTR SS:[EBP-104],EBX
004A680F  |. E8 30560400                CALL <JMP.&WINMM.timeGetTime>
004A6814  |. 8D8D ECFEFFFF              LEA ECX,DWORD PTR SS:[EBP-114]
004A681A  |. 8985 14FFFFFF              MOV DWORD PTR SS:[EBP-EC],EAX

5. Notice the CALL to winmm jmp.

6. Next what we need to do is make the exe jump to our own code instead of that call.

7. We need to search a place that can have 20 bytes (example from 500000 to 500020)

8. Scroll to almost the bottom of the Conquer.exe module and you should see lines like this (note the addresses)
Code:

00524C54   . 8B4D F0                    MOV ECX,DWORD PTR SS:[EBP-10]
00524C57   . 83C1 08                    ADD ECX,8
00524C5A   .^E9 3B31FBFF                JMP Conquer.004D7D9A
00524C5F   . B8 108C5500                MOV EAX,Conquer.00558C10
00524C64   .^E9 C1B2FCFF                JMP <JMP.&MSVCRT.__CxxFrameHandler>
00524C69     00                         DB 00
00524C6A     0000                       ADD BYTE PTR DS:[EAX],AL
00524C6C     0000                       ADD BYTE PTR DS:[EAX],AL
00524C6E     0000                       ADD BYTE PTR DS:[EAX],AL
00524C70     0000                       ADD BYTE PTR DS:[EAX],AL
00524C72     0000                       ADD BYTE PTR DS:[EAX],AL
00524C74     0000                       ADD BYTE PTR DS:[EAX],AL
00524C76     0000                       ADD BYTE PTR DS:[EAX],AL
00524C78     0000                       ADD BYTE PTR DS:[EAX],AL
00524C7A     0000                       ADD BYTE PTR DS:[EAX],AL
00524C7C     0000                       ADD BYTE PTR DS:[EAX],AL

9. ADD BYTES PTR DS:[EAX],AL might be DB 00 for you guys ignore that.

10. We start writing our own code at 00524C6A

11. Hit Ctrl + E and write these to the HEX part of the window just came. You can't put those 0x's or the ','s
Code:

0x81, 0x05, 0xB0, 0xEF, 0x56, 0x00, 0x6A, 0x04, 
0x00, 0x00, 0xA1, 0xB0, 0xEF, 0x56, 0x00, 0xE9, 
0x96, 0x1B, 0xF8, 0xFF

12. So just write 81 05 B0 EF and so on..

13. After that the codeblock should look like this
Code:

00524C6A     8105 B0EF5600 6A040000     ADD DWORD PTR DS:[56EFB0],46A
00524C74     A1 B0EF5600                MOV EAX,DWORD PTR DS:[56EFB0]
00524C79    ^E9 961BF8FF                JMP Conquer.004A6814

14. Note that we add the 46A (hex) into a static location, after that we mov it to eax

15. Note the address it jumps to, it should be exactly one line BELOW the call to timeGetTime()

16. It jumps to code that looks like this (Should be familiar from before)
Code:

004A6814  |. 8D8D ECFEFFFF              LEA ECX,DWORD PTR SS:[EBP-114]

17. What we now need to do is, change the CALL thing to jump to our own code that we just wrote. Remember the address?

18. We replace this
Code:

004A680F  |. E8 30560400                CALL <JMP.&WINMM.timeGetTime>

with
Code:

004A680F     E9 56E40700                JMP Conquer.00524C6A

19. Now every time the jump function "trys" to call the old timeGetTime, it jumps to our code that holds the lastjumptime+46A and then moves it to eax at some point it'll add it to the packet (lazy mofos not doing server side check)

Quote:

Originally Posted by IAmHawtness

Only during certain XP and transformation skills (such as Superman, Cyclone, DivineHare, etc.) it is possible to speedhack without disconnecting (using jumps).
It is not possible anymore since the server checks the time between each jump packet you send, and not the timestamp your client sends to the server, like it used to be.

jokerboy123 · 09/14/2015, 17:22

I might ask a little to much but is there a way to make Fps with commands? example : @fps lock and then @fps unlock anything like that? or is that impossible?^^

WhyNot555 · 09/14/2015, 17:47

Quote:

Originally Posted by jokerboy123

I might ask a little to much but is there a way to make Fps with commands? example : @fps lock and then @fps unlock anything like that? or is that impossible?^^

Yes possible but complicated , it is included in Angelius Multihack client.

haythamelbakry · 10/07/2015, 09:43

Can you tell us how to remove "please rest for a while" message?

jokerboy123 · 10/15/2015, 14:09

#EDIT : After wings the edits are removed but you can simple just re-do the edit and it works.

P.S How can we change email on elitepvpers? or can't?

WhyNot555 · 10/17/2015, 17:01

Quote:

Originally Posted by bodaahmed

Magic type editing is not working now !!! u should make me one and i hope u can reply soon tyvm ^^

No magictype editing here. If u mean removal of the target is not in range , then I should say that I don't play CO currently so I don't know if it still working or not. However I think that it still working, but still safe or not? I won't be able to know currently.

bodaahmed · 10/21/2015, 22:56

..

a7la_vip55 · 10/23/2015, 15:20

After wings the edits the command /spdup is not working do u know why ?

WhyNot555 · 10/23/2015, 22:41

Again, I don't play CO currently,sorry I have no time for it nowadays, so I can't help you guys atm maybe later, thanks for understanding.

#Edit: I checked all the modifications mentioned above and they are still working and safe including Removal of The target is not in range.PM commands is working too but /SpdUp command isn`t, it is deleted from the client.

Nare829 · 11/07/2015, 22:51

IS IT possible to get Unlimited stamina because theres alot of ninjas on my server they TFB Chain Nonstop witout sitting down im thinking only way to do it is in Conquer.exe with ollydbg

~~pro4never~~ · 11/08/2015, 03:46

Quote:

Originally Posted by Nare829

IS IT possible to get Unlimited stamina because theres alot of ninjas on my server they TFB Chain Nonstop witout sitting down im thinking only way to do it is in Conquer.exe with ollydbg

false information. not possible.

haythamelbakry · 11/09/2015, 20:07

can we remove jump animation from conquer.exe?

Nare829 · 11/11/2015, 19:39

welll does anyone know how fb any cllose range type skill for an aimbot like coworkers shift and right click aimbot how is this edited?

shmuel12 · 11/11/2015, 23:53

anyone know how i edit jump animation

Spirited · 11/12/2015, 04:37

Quote:

Originally Posted by shmuel12

anyone know how i edit jump animation

^ This has nothing to do with reverse engineering the client using ollydbg (which is what this thread is supposed to be about and what this section is supposed to be about). Stop spamming threads with this irrelevant hack requests (forbidden from all sections, by the way).