Hey,
After I found many beginners ask about client modifications, and as a beginner it was a bit hard to understand the old threads with old codes that many of them are little changed, I said it would be good if I put some modifications which is updated and easy to do. So
this topic is for beginners.
- I would say that I`m not a programmer and 75% credits goes to those of ollydbg&co thread and 10% to other posts, I just collected, updated & added the most needed modifications to be easier to be found hoping to be useful for beginners.
- Don`t consider addresses, they mostly will be changed with new patches, so concentrate on codes.
- If you found it useful, don`t forget to press thanks xD
-So lets start: The program used is ollydbg 1.10

, Run as admin... Then drag conquer.exe to ollydbg or click on file then open and choose the conquer.exe you wanna modify . Please make sure it is written CPU-main thread, module conquer.
If not, then right click on the CPU window >> view >> Module 'GameData' >> right click again >> view >> Module 'Conquer'
-Note: Use conquer.exe that lies inside the full conquer online 2.0 folder, many dll files are needed for the debugging process.
1- Fps unlocking:-
in ollydbg
Serach for >> all intermodular calls >> type Sleep and double click on it >> you will find
Code:
0061346E /$ E8 F9010500 CALL <JMP.&WINMM.timeGetTime>
00613473 |. 8B0D D4C7A400 MOV ECX,DWORD PTR DS:[A4C7D4]
00613479 8D51 19 LEA EDX,DWORD PTR DS:[ECX+19]
0061347C |. 3BC2 CMP EAX,EDX
0061347E |. 73 0E JNB SHORT Conquer.0061348E
00613480 |. 2BC8 SUB ECX,EAX
00613482 83C1 19 ADD ECX,19
00613485 |. 51 PUSH ECX ; /Timeout
00613486 |. FF15 A4619000 CALL DWORD PTR DS:[<&KERNEL32.Sleep>] ; \Sleep
0061348C |. EB 1A JMP SHORT Conquer.006134A8
0061348E |> 8B0D 04C7A400 MOV ECX,DWORD PTR DS:[A4C704]
Change JNB to JMP
2-Far Jump:-
Ctrl+f >> type PUSH 186c0 >> click Find
at the 9th line above you will find something like CMP EAX,10 .
Select 18 line starting with CMP EAX,10 and ending with JMP Conquer... then
right click >> Binary.. >> Fill with NOP`s.
Code:
0069EAF1 |. 83F8 10 CMP EAX,10
0069EAF4 |. 7E 34 JLE SHORT Conquer.0069EB2A
0069EAF6 |. FF15 A8609000 CALL DWORD PTR DS:[<&GraphicData.GameDat>; GraphicD.GameDataSetQuery
0069EAFC |. 8BF0 MOV ESI,EAX
0069EAFE |. E8 A4D1D6FF CALL Conquer.0040BCA7
0069EB03 |. 57 PUSH EDI
0069EB04 |. 57 PUSH EDI
0069EB05 |. 68 0000FFFF PUSH FFFF0000
0069EB0A |. 68 D5070000 PUSH 7D5
0069EB0F |. 68 C0860100 PUSH 186C0
0069EB14 |> 8BD8 MOV EBX,EAX
0069EB16 |. 8B06 MOV EAX,DWORD PTR DS:[ESI]
0069EB18 |. 8BCE MOV ECX,ESI
0069EB1A |. FF50 3C CALL DWORD PTR DS:[EAX+3C]
0069EB1D |. 50 PUSH EAX
0069EB1E |. 8BCB MOV ECX,EBX
0069EB20 |. E8 0130F8FF CALL Conquer.00621B26
0069EB25 |. E9 C0010000 JMP Conquer.0069ECEA
Note: Use wall jump with far jump not to get client crash whenever you press on high point as walls.
2-wall Jump:-
Not for guild area wall
in olly
ctrl+f PUSH 186B6
should get you something like
Code:
0069EE7A 75 23 JNZ SHORT Conquer.0069EE9F
0069EE7C . FF15 A8609000 CALL DWORD PTR DS:[<&GraphicData.GameDat>; GraphicD.GameDataSetQuery
0069EE82 . 8BF0 MOV ESI,EAX
0069EE84 . E8 ABCDD6FF CALL Conquer.0040BC34
0069EE89 . 57 PUSH EDI
0069EE8A . 57 PUSH EDI
0069EE8B . 68 0000FFFF PUSH FFFF0000
0069EE90 . 68 D5070000 PUSH 7D5
0069EE95 . 68 B6860100 PUSH 186B6
0069EE9A .^E9 4DFFFFFF JMP Conquer.0069EDEC
0069EE9F > E8 2ECED6FF CALL Conquer.0040BCD2
0069EEA4 . 53 PUSH EBX
At this line :
Code:
0069EE7A 75 23 JNZ SHORT Conquer.0069EE9F
change JNZ to JMP and press assemble
4-Enabling PM commands :-
-Search for all referenced text strings >> PM >> Ctrl+L to find next till you find the 1st "[PM]" >> press enter >>
-You will find;
Code:
00686A73 |. 68 B0B49600 PUSH Conquer.0096B4B0 ; ASCII "[GM]"
00686A78 |. 8D7E FC LEA EDI,DWORD PTR DS:[ESI-4]
00686A7B |. 56 PUSH ESI
00686A7C |. 57 PUSH EDI
00686A7D |. E8 8FE5FDFF CALL Conquer.00665011
00686A82 |. 83C4 0C ADD ESP,0C
00686A85 |. 84C0 TEST AL,AL
00686A87 |. 75 17 JNZ SHORT Conquer.00686AA0
00686A89 |. 68 E4CF9600 PUSH Conquer.0096CFE4 ; ASCII "[PM]"
00686A8E |. 56 PUSH ESI
00686A8F |. 57 PUSH EDI
JMP the JNZ SHORT Conquer.00686AA0 that lies directly above the line of ASCII "[PM]"
Read about PM commands in this post
5-Removing flashing taskbar icon:-
-Right click >> Search for >> All intermodular calls
-Type Flash, you will see FlashWindow, press enter, you will find
Code:
0040B471 . EB 39 JMP SHORT Conquer.0040B4AC
0040B473 . 6A 01 PUSH 1 ; /Invert = TRUE
0040B475 . FF76 20 PUSH DWORD PTR DS:[ESI+20] ; |hWnd
0040B478 . FF15 0C689000 CALL DWORD PTR DS:[<&USER32.FlashWindow>>; \FlashWindow
-3 lines above change JNZ to JMP
6-Removing website pop up on exit:-
-Right click >> Search for >> All reference text strings
-right click >> Search for text >> co.99.com >> OK >> press enter
-You will find these code:-
Code:
00619C8E . 68 BC5F9600 PUSH Conquer.00965FBC ; ASCII "http://co.99.com/signout/"
00619C93 . E9 D5050000 JMP Conquer.0061A26D
00619C98 > E8 36A90400 CALL Conquer.006645D3
-on JMP Conquer.0061A26D press enter it will lead you to these codes :-
Code:
0061960B > 53 PUSH EBX ; |Operation
0061960C . FF76 20 PUSH DWORD PTR DS:[ESI+20] ; |hWnd
0061960F . FF15 C0679000 CALL DWORD PTR DS:[<&SHELL32.ShellExecut>; \ShellExecuteA
-Sellect the 3 lines >> right click >> Binary >> Fill with Nops.
-go back to all reference text strings >> Search for the next co.99.com u can use Ctrl+L >> press enter
-it will lead you to similar codes like before :-
Code:
0061A867 . 68 BC5F9600 PUSH Conquer.00965FBC ; ASCII "http://co.99.com/signout/"
0061A86C . E9 D5050000 JMP Conquer.0061AE46
0061A871 > E8 5D9D0400 CALL Conquer.006645D3
-on JMP Conquer... press enter it will lead you to codes similar to that we noped a while ago
-Sellect the 3 lines >> right click >> Binary >> Fill with Nops.just like we did before.
-Remember to Save your work after you end modifying :-
Right click >> copy for excutable >> all modifications >> copy all >> a new window appear on which you should
Right click or try to exit >> Save file >> you are free to save to the game folder or another folder but if saved to
the game folder. a message will appear asking if you wanna
overwrite the old conquer, choose yes.
-Modifications will work if the modified conquer.exe is put into the game folder instead of the original conquer.exe
Now we`ve done