Quote:
News/Updates.
Update 1 August 2011
Ok after giving it a try to work on multiclients again i got bored way to quick. I' decided not to continue.
Had a great time though and i wanna thank everyone for suporting me to gather the energy and will power to give it at least 1 more try. Atm i'm just to busy and more excited about other stuff such as my own proxy.
Best regards,
TheBoyWhoLost
|
-------------------------------------------------------------------------------------------------------------------------------
READ THIS BEFORE WE START
Quote:
Please respect the work and time i spend to keep this guide up to date. I did not make this alone i got alot of help and will give these people credits. This is not a copy of the gudie from epvp (OllyDBG & CO), that one became old. Thats the same reason i decided to make my own guide.
If there is anything you would would like me to add in the guide or wich i just forgot to mention. Post it in here and/or PM me. I will try my best helping others making theire clients. And answer al lyour questions.
Credits: Warlax, Mido2008, DD4Ever, juantamad, JohnJohn, Dethbecomethii, Smooth143, sadstar
|
To start we need this program: 
Quote:
Note [1]: Make a back-up in the original conquer file of the conquer.exe and call it something like conquer2. Then you can go and edit the original conquer file without getting in troubles (Always back-up).
Note [2]: Open the conquer.exe (or what name you gave it) with OllyDBG from the original co file (wich most often is C:\Program File\Conquer 2.0).
|
Features
- Standard Multi Client
- Removing the background click checks
- Removing the "Please login later" message
- Enable PM commands
- Wall Jump
- Wall Jump with Steed mounted
- Remove Website Pop-up
- Remove the flashing taskbar icon
- Removing AFK effects
- Removing ChatTips
- Unlocking FPS
- Distance Jump/Long Jump
- Faster FatalStrike
- Revive While Moving
- Revive when countdown is at 5 seconds left (or later)
Standard Multiclient
- Open conquer.exe in OllyDBG
- Right click in the main frame (the CPU frame)
- Search for -->> All intermodular calls (a small screen will pop up)
- Typ in "openmutex"
- You will find
Code:
kernel32.OpenMutexA
- Double click it
- You will be forwarded in the CPU screen to this line
Code:
00549816 |. FF15 A8D17200 |CALL DWORD PTR DS:[<&KERNEL32.OpenMutex>; \[COLOR="Red"]OpenMutexA[/COLOR]
- Two lines under it you will find this line
Code:
0054981E |. 74 0B |JE SHORT Conquer.00564A05
- Double click "JE SHORT Conquer.00564A05" ( small screen will pop up)
- Edit
JE SHORT Conquer.00564A05 into
JMP SHORT Conquer.00564A05
- Right click
- Click Copy to executable
- Click All Modifications
- Copy All
- Click the X and Save it
Removing the background click checks
- Open conquer.exe in OllyDBG
- Right click in the main frame (the CPU frame)
- Search for -->> Sequence of commands
Typ in
Code:
PUSH 2
MOV DWORD PTR SS:[EBP-48],83
MOV DWORD PTR SS:[EBP-44],85
- Scroll 11 lines up you will find this line
Code:
005B2976 /$ B8 EE1C7100 MOV EAX,Conquer.00711CEE
- Double click "MOV EAX,Conquer.00711CEE"
- Change
MOV EAX,Conquer.00711CEE into
Retn 4
- Right click
- Click Copy to executable
- Click All Modifications
- Copy All
- Click the X and Save it
Removing the "Please login later" message
- Open conquer.exe in OllyDBG
- Press Ctrl+F
Typ in
- Press Ctrl+L 1 time
- Scroll three lines up you will find this line
Code:
004773CF |. 76 21 JBE SHORT Conquer.004773F2
004773D1 |. FFD6 CALL ESI ; [[COLOR="red"]GetTickCount[/COLOR]
- Double click "JBE SHORT Conquer.004773F2"
- Change
JBE SHORT Conquer.004773F2 into
JMP SHORT Conquer.004773F2
- Right click
- Click Copy to executable
- Click All Modifications
- Copy All
- Click the X and Save it
Enable PM commands
- Open conquer.exe in OllyDBG
- Search for -->> All referenced text strings
- Right click in the pop up screen and click "Search for text"
Typ in
- Press Ctrl+L 13 times (Untill you find)
- Double click it
- You get forwarded in the CPU screen to this line
Code:
005AAE3A |. BF 04917E00 MOV EDI,Conquer.007E9104 ; ASCII "[PM]"
- Scroll one line up you will find this line
Code:
005AAE38 |. 74 17 JE SHORT Conquer.005AAE51
- Double click "JE SHORT Conquer.005AAE51"
- Change
JE SHORT Conquer.005AAE51 into
JMP SHORT Conquer.005AAE51
- Right click
- Click Copy to executable
- Click All Modifications
- Copy All
- Click the X and Save it
Wall Jump
- Open conquer.exe in OllyDBG
- Search for -->> Sequence of commands
- Typ in
Code:
POP EDI
MOV EAX,ESI
POP EBX
- Scroll 6 lines up
- You will find
Code:
005AEDBB .^7F CD JG SHORT Conquer.005AED8A
- Double click it
- Change
JG SHORT Conquer.005AED8A into
nop
- Right click
- Click Copy to executable
- Click All Modifications
- Copy All
- Click the X and Save it
Wall Jump with Steed mounted
Code:
[B]NOTE:[/B] This is only available when you got wall jump activated in your client.
- Open conquer.exe in OllyDBG
- Search for -->> All referenced text strings
- Right click -->> Search for text
- Typ in
- You will find
Code:
ASCII "MOUNT_JUMP_HEIGHT_LIMIT"
- Double click it
- Scroll 2 lines up
- You will find
Code:
005AA947 . 7E 28 JLE SHORT Conquer.005AA971
- Double click it
- Change
JLE SHORT Conquer.005AA971 into
JMP SHORT Conquer.005AA971
- Right click
- Click Copy to executable
- Click All Modifications
- Copy All
- Click the X and Save it
Remove Website Pop-up
- Open conquer.exe in OllyDBG
- Search for -->> All referenced text strings
- Right click -->> Search for text
- Typ in
Code:
http://co.91.com/signout
- Press Ctrl+L 1 time
- You will find
Code:
ASCII "http://co.91.com/signout"
- Double click it
- You will see these lines at the top
Code:
0055B978 . 68 D05D7E00 PUSH Conquer.007E5DD0 ; ASCII "http://co.91.com/signout/"
0055B97D . 50 PUSH EAX
0055B97E > FF73 20 PUSH DWORD PTR DS:[EBX+20] ; |hWnd
0055B981 . FF15 50D87200 CALL DWORD PTR DS:[<&SHELL32.ShellExecut>; \[COLOR="red"]ShellExecuteA[/COLOR]
- Double click
Code:
PUSH DWORD PTR DS:[EBX+20]
- Change
PUSH DWORD PTR DS:[EBX+20] into
nop
- Double click
Code:
CALL DWORD PTR DS:[<&SHELL32.ShellExecut>
- Change
CALL DWORD PTR DS:[<&SHELL32.ShellExecut> into
nop
- Right click
- Click Copy to executable
- Click All Modifications
- Copy All
- Click the X and Save it
Remove the flashing taskbar icon
- Open conquer.exe in OllyDBG
- Right click
- Analysis -->> Remove analysis from module
- Search for -->> All intermodular calls
- Typ in
- You will find
Code:
Destination=USER32.FlashWindow
- Double click it
- You will be forwarded to
Code:
004011CB FF15 2CD97200 CALL DWORD PTR DS:[<&USER32.FlashWindow>>; USER32.FlashWindow
- Scroll 3 lines up
- You will see
Code:
004011C4 75 39 JNZ SHORT Conquer.004011FF
- Double click
Code:
JNZ SHORT Conquer.004011FF
- Change
JNZ SHORT Conquer.004011FF into
JMP Conquer.004011FF
- Right click
- Click Copy to executable
- Click All Modifications
- Copy All
- Click the X and Save it
Removing AFK effects
- Open conquer.exe in OllyDBG
- Search for -->> All referenced text strings
- Right click -->> Search for text
- Typ in
- You will find
Code:
ASCII "STR_TEMP_LEAVE_AUTO_REPLY_PRIVATE_TALK"
- Double click it
- Scroll down a bit (Look at the right of the CPU screen and look for the code in the next step)
- Easy to find this while scrolling
Code:
; /Arg2
; |Arg1 = 00000001
; \[COLOR="red"]Conquer.005C8E53[/COLOR]
-Now to make it more clear this is the part of code we are looking at
Code:
005AE864 |. 72 23 JB SHORT Conquer.005AE889
005AE866 |. 6A 01 PUSH 1
005AE868 |. 8BCE MOV ECX,ESI
005AE86A |. E8 4C04F6FF CALL Conquer.0050ECBB
005AE86F |. 6A 01 PUSH 1
005AE871 |. 8BCE MOV ECX,ESI
005AE873 |. E8 22000000 CALL Conquer.005AE89A
005AE878 |. 8BCE MOV ECX,ESI
005AE87A |. E8 F5670000 CALL Conquer.005B5074
005AE87F |. 50 PUSH EAX ; /Arg2
005AE880 |. 6A 01 PUSH 1 ; |Arg1 = 00000001
005AE882 |. 8BCE MOV ECX,ESI ; |
005AE884 |. E8 CAA50100 CALL Conquer.005C8E53 ; \[COLOR="red"]Conquer.005C8E53[/COLOR]
005AE889 |> 5E POP ESI
005AE88A \. C3 RETN
- Change
JB SHORT Conquer.005AE889 into
JMP SHORT Conquer.005AE889
- Right click
- Click Copy to executable
- Click All Modifications
- Copy All
- Click the X and Save it
Removing ChatTips
- Open conquer.exe in OllyDBG
- Search for -->> All referenced text strings
- Right click -->> Search for text
- Typ in
- You will find
Code:
ASCII "ini/ChatTips.ini"
- Double click it
- You will see this at the top of the CPU screen now
Code:
00669AC8 |. BE 60C47400 MOV ESI,Conquer.0074C460 ; ASCII "ini/ChatTips.ini"
00669ACD |. 68 8C2F7E00 PUSH Conquer.007E2F8C ; /mode = "r"
00669AD2 |. 56 PUSH ESI ; |path => "ini/ChatTips.ini"
00669AD3 |. FF15 68D67200 CALL DWORD PTR DS:[<&MSVCRT.fopen>] ; \[COLOR="Red"]fopen[/COLOR]
- Change
PUSH Conquer.007E2F8C into
nop
- Change
PUSH ESI into
nop
- Change
CALL DWORD PTR DS:[<&MSVCRT.fopen>] into
nop
- Right click
- Click Copy to executable
- Click All Modifications
- Copy All
- Click the X and Save it
Unlocking FPS
- Open conquer.exe in OllyDBG
- Search for -->> All intermodular calls
- Typ in
(This pop up doesn't look like a search engine but just type it in and you'll see)
- You will find:
- Now you just press enter or double click the selected line
- You will be forwaded in the CPU screen to
Code:
005ACE3 . FF15 F0D17200 CALL DWORD PTR DS:[<&KERNEL32.Sleep>] ; \[COLOR="Red"]Sleep[/COLOR][/COLOR]
- Scroll 6 lines up so you will see this
Code:
0053ACD6 . 8D51 19 LEA EDX,DWORD PTR DS:[ECX+19]
0053ACD9 . 3BC2 CMP EAX,EDX
0053ACDB . 73 0E JNB SHORT Conquer.0053ACEB
0053ACDD . 2BC8 SUB ECX,EAX
0053ACDF . 83C1 19 ADD ECX,19
0053ACE2 . 51 PUSH ECX ; /Timeout
0053ACE3 . FF15 F0D17200 CALL DWORD PTR DS:[<&KERNEL32.Sleep>] ; \[COLOR="Red"]Sleep[/COLOR][/COLOR]
- Change
LEA EDX,DWORD PTR DS:[ECX+19 into
LEA EDX,DWORD PTR DS:[ECX+10]
- Change
ADD ECX,19 into
ADD ECX,10
- Right click
- Click Copy to executable
- Click All Modifications
- Copy All
- Click the X and Save it
Quote:
NOTE: The "change 19 into 10" is just an example. You might need to set it at 14 or at 8 or anything else. Depends on your computer. Mine is set at 10 and hits 60 FPS wich if fine.
Just have to know, the lower you go, the higher the FPS gets. 60/80 fps is more then enough 
|
Distance Jump/Long Jump
- Open conquer.exe in OllyDBG
- Press Ctrl+F
- Typ in
- You will be send to this line in the CPU screen:
Code:
005AA762 . 68 C0860100 PUSH 186C0
- Scroll 13 lines up
- You will see this code part at the top
Code:
005AA729 . 7F 05 JG SHORT Conquer.005AA730
005AA72B . E9 4F050000 JMP Conquer.005AAC7F
005AA730 > C745 D4 100000>MOV DWORD PTR SS:[EBP-2C],10
005AA737 . 837D C8 10 CMP DWORD PTR SS:[EBP-38],10
005AA73B . 7E 4C JLE SHORT Conquer.005AA789
005AA73D . FF15 90D07200 CALL DWORD PTR DS:[<&GraphicData.GameDat>; GraphicD.GameDataSetQuery
005AA743 . 8985 4CFEFFFF MOV DWORD PTR SS:[EBP-1B4],EAX
005AA749 . E8 AA8CE5FF CALL Conquer.004033F8
005AA74E . 8985 7CFEFFFF MOV DWORD PTR SS:[EBP-184],EAX
005AA754 . 6A 00 PUSH 0
005AA756 . 6A 00 PUSH 0
005AA758 . 68 0000FFFF PUSH FFFF0000
005AA75D . 68 D5070000 PUSH 7D5
005AA762 . 68 C0860100 PUSH 186C0
- Change
JG SHORT Conquer.005AA730 into
JMP SHORT Conquer.005AA730
- Change
JLE SHORT Conquer.005AA789 into
JMP SHORT Conquer.005AA789
- Right click
- Click Copy to executable
- Click All Modifications
- Copy All
- Click the X and Save it
Code:
[B]Warning:[/B] By using this you might DC when you try to jump far off screen (by using shiftscreen/zoomhack).
Faster FatalStrike
- Open conquer.exe in OllyDBG
- Search for -->> All referenced text strings
- Right click -->> Search for text
- Typ in
- Press Ctrl+L 2 times
- You will find
- Double click it
- You will see this lines at the top
Code:
0065DAC8 |. BF C0BD7E00 MOV EDI,Conquer.007EBDC0 ; ASCII "KOTeleport"
- Scroll down 16 Lines from that one
- There you will find this line
Code:
0065DAEF |> 8B86 1C020000 MOV EAX,DWORD PTR DS:[ESI+21C] ; Case 0 of switch 0065DA4D
- Double click it
- Change
MOV EAX,DWORD PTR DS:[ESI+21C] into
MOV EAX,0
NOTE: Select in the check box "Fill with NOPs"
- Right click
- Click Copy to executable
- Click All Modifications
- Copy All
- Click the X and Save it
Revive While Moving
- Open conquer.exe in OllyDBG
- Press Ctrl+F
- Typ in
- Scroll 10 lines up
- You will find
Code:
005AF181 |. 74 24 JE SHORT Conquer.005AF1A7
- Change
JE SHORT Conquer.005AF1A7 into
JMP SHORT Conquer.005AF1A7
- Right click
- Click Copy to executable
- Click All Modifications
- Copy All
- Click the X and Save it
Revive when countdown is at 5 seconds left (or later)
- Open conquer.exe in OllyDBG
- Press Ctrl+F
- Typ in
- Scroll 10 lines up
- You will find
Code:
005AF14F . 74 27 JE SHORT Conquer.005AF178
- Change
JE SHORT Conquer.005AF178 into
JMP SHORT Conquer.005AF178
- Right click
- Click Copy to executable
- Click All Modifications
- Copy All
- Click the X and Save it
Quote:
|
Copyright by: TheBoyWhoLost®
|
![[Guide]How to make a Multiclient](https://www.elitepvpers.com/forum/iconimages/co2-programming/guide-how-make-multiclient_ltr.gif){kind=small}
