[Guide]How to make a Multiclient

[TheBoyWhoLost]

Quote:

News/Updates.

Update 1 August 2011
Ok after giving it a try to work on multiclients again i got bored way to quick. I' decided not to continue.

Had a great time though and i wanna thank everyone for suporting me to gather the energy and will power to give it at least 1 more try. Atm i'm just to busy and more excited about other stuff such as my own proxy.

Best regards,

TheBoyWhoLost

-------------------------------------------------------------------------------------------------------------------------------


READ THIS BEFORE WE START

Quote:

Please respect the work and time i spend to keep this guide up to date. I did not make this alone i got alot of help and will give these people credits. This is not a copy of the gudie from epvp (OllyDBG & CO), that one became old. Thats the same reason i decided to make my own guide.

If there is anything you would would like me to add in the guide or wich i just forgot to mention. Post it in here and/or PM me. I will try my best helping others making theire clients. And answer al lyour questions.


Credits: Warlax, Mido2008, DD4Ever, juantamad, JohnJohn, Dethbecomethii, Smooth143, sadstar

To start we need this program:

Quote:

Note [1]: Make a back-up in the original conquer file of the conquer.exe and call it something like conquer2. Then you can go and edit the original conquer file without getting in troubles (Always back-up).
Note [2]: Open the conquer.exe (or what name you gave it) with OllyDBG from the original co file (wich most often is C:\Program File\Conquer 2.0).

Features
- Standard Multi Client
- Removing the background click checks
- Removing the "Please login later" message
- Enable PM commands
- Wall Jump
- Wall Jump with Steed mounted
- Remove Website Pop-up
- Remove the flashing taskbar icon
- Removing AFK effects
- Removing ChatTips
- Unlocking FPS
- Distance Jump/Long Jump
- Faster FatalStrike
- Revive While Moving
- Revive when countdown is at 5 seconds left (or later)

Standard Multiclient
- Open conquer.exe in OllyDBG
- Right click in the main frame (the CPU frame)
- Search for -->> All intermodular calls (a small screen will pop up)
- Typ in "openmutex"
- You will find

Code:

kernel32.OpenMutexA

- Double click it
- You will be forwarded in the CPU screen to this line

Code:

00549816  |. FF15 A8D17200  |CALL DWORD PTR DS:[<&KERNEL32.OpenMutex>; \[COLOR="Red"]OpenMutexA[/COLOR]

- Two lines under it you will find this line

Code:

0054981E  |. 74 0B          |JE SHORT Conquer.00564A05

- Double click "JE SHORT Conquer.00564A05" ( small screen will pop up)
- Edit JE SHORT Conquer.00564A05 into JMP SHORT Conquer.00564A05
- Right click
- Click Copy to executable
- Click All Modifications
- Copy All
- Click the X and Save it


Removing the background click checks
- Open conquer.exe in OllyDBG
- Right click in the main frame (the CPU frame)
- Search for -->> Sequence of commands
Typ in

Code:

PUSH 2
MOV DWORD PTR SS:[EBP-48],83
MOV DWORD PTR SS:[EBP-44],85

- Scroll 11 lines up you will find this line

Code:

005B2976  /$ B8 EE1C7100    MOV EAX,Conquer.00711CEE

- Double click "MOV EAX,Conquer.00711CEE"
- Change MOV EAX,Conquer.00711CEE into Retn 4
- Right click
- Click Copy to executable
- Click All Modifications
- Copy All
- Click the X and Save it


Removing the "Please login later" message
- Open conquer.exe in OllyDBG
- Press Ctrl+F
Typ in

Code:

CMP EAX,2710

- Press Ctrl+L 1 time
- Scroll three lines up you will find this line

Code:

004773CF  |. 76 21          JBE SHORT Conquer.004773F2
004773D1  |. FFD6           CALL ESI                                 ; [[COLOR="red"]GetTickCount[/COLOR]

- Double click "JBE SHORT Conquer.004773F2"
- Change JBE SHORT Conquer.004773F2 into JMP SHORT Conquer.004773F2
- Right click
- Click Copy to executable
- Click All Modifications
- Copy All
- Click the X and Save it


Enable PM commands
- Open conquer.exe in OllyDBG
- Search for -->> All referenced text strings
- Right click in the pop up screen and click "Search for text"
Typ in

Code:

PM

- Press Ctrl+L 13 times (Untill you find)

Code:

ASCII "[PM]"

- Double click it
- You get forwarded in the CPU screen to this line

Code:

005AAE3A  |. BF 04917E00    MOV EDI,Conquer.007E9104                 ;  ASCII "[PM]"

- Scroll one line up you will find this line

Code:

005AAE38  |. 74 17          JE SHORT Conquer.005AAE51

- Double click "JE SHORT Conquer.005AAE51"
- Change JE SHORT Conquer.005AAE51 into JMP SHORT Conquer.005AAE51
- Right click
- Click Copy to executable
- Click All Modifications
- Copy All
- Click the X and Save it


Wall Jump
- Open conquer.exe in OllyDBG
- Search for -->> Sequence of commands
- Typ in

Code:

POP EDI
MOV EAX,ESI
POP EBX

- Scroll 6 lines up
- You will find

Code:

005AEDBB   .^7F CD          JG SHORT Conquer.005AED8A

- Double click it
- Change JG SHORT Conquer.005AED8A into nop
- Right click
- Click Copy to executable
- Click All Modifications
- Copy All
- Click the X and Save it


Wall Jump with Steed mounted

Code:

[B]NOTE:[/B] This is only available when you got wall jump activated in your client.

- Open conquer.exe in OllyDBG
- Search for -->> All referenced text strings
- Right click -->> Search for text
- Typ in

Code:

HEIGHT

- You will find

Code:

ASCII "MOUNT_JUMP_HEIGHT_LIMIT"

- Double click it
- Scroll 2 lines up
- You will find

Code:

005AA947   . 7E 28          JLE SHORT Conquer.005AA971

- Double click it
- Change JLE SHORT Conquer.005AA971 into JMP SHORT Conquer.005AA971
- Right click
- Click Copy to executable
- Click All Modifications
- Copy All
- Click the X and Save it


Remove Website Pop-up
- Open conquer.exe in OllyDBG
- Search for -->> All referenced text strings
- Right click -->> Search for text
- Typ in

Code:

http://co.91.com/signout

- Press Ctrl+L 1 time
- You will find

Code:

ASCII "http://co.91.com/signout"

- Double click it
- You will see these lines at the top

Code:

0055B978   . 68 D05D7E00    PUSH Conquer.007E5DD0                    ;  ASCII "http://co.91.com/signout/"
0055B97D   . 50             PUSH EAX
0055B97E   > FF73 20        PUSH DWORD PTR DS:[EBX+20]               ; |hWnd
0055B981   . FF15 50D87200  CALL DWORD PTR DS:[<&SHELL32.ShellExecut>; \[COLOR="red"]ShellExecuteA[/COLOR]

- Double click

Code:

PUSH DWORD PTR DS:[EBX+20]

- Change PUSH DWORD PTR DS:[EBX+20] into nop
- Double click

Code:

CALL DWORD PTR DS:[<&SHELL32.ShellExecut>

- Change CALL DWORD PTR DS:[<&SHELL32.ShellExecut> into nop
- Right click
- Click Copy to executable
- Click All Modifications
- Copy All
- Click the X and Save it


Remove the flashing taskbar icon
- Open conquer.exe in OllyDBG
- Right click
- Analysis -->> Remove analysis from module
- Search for -->> All intermodular calls
- Typ in

Code:

FlashWindow

- You will find

Code:

 Destination=USER32.FlashWindow

- Double click it
- You will be forwarded to

Code:

004011CB   FF15 2CD97200    CALL DWORD PTR DS:[<&USER32.FlashWindow>>; USER32.FlashWindow

- Scroll 3 lines up
- You will see

Code:

004011C4   75 39            JNZ SHORT Conquer.004011FF

- Double click

Code:

JNZ SHORT Conquer.004011FF

- Change JNZ SHORT Conquer.004011FF into JMP Conquer.004011FF
- Right click
- Click Copy to executable
- Click All Modifications
- Copy All
- Click the X and Save it


Removing AFK effects
- Open conquer.exe in OllyDBG
- Search for -->> All referenced text strings
- Right click -->> Search for text
- Typ in

Code:

AUTO_REPLY

- You will find

Code:

ASCII "STR_TEMP_LEAVE_AUTO_REPLY_PRIVATE_TALK"

- Double click it
- Scroll down a bit (Look at the right of the CPU screen and look for the code in the next step)
- Easy to find this while scrolling

Code:

; /Arg2
; |Arg1 = 00000001

; \[COLOR="red"]Conquer.005C8E53[/COLOR]

-Now to make it more clear this is the part of code we are looking at

Code:

005AE864  |. 72 23          JB SHORT Conquer.005AE889
005AE866  |. 6A 01          PUSH 1
005AE868  |. 8BCE           MOV ECX,ESI
005AE86A  |. E8 4C04F6FF    CALL Conquer.0050ECBB
005AE86F  |. 6A 01          PUSH 1
005AE871  |. 8BCE           MOV ECX,ESI
005AE873  |. E8 22000000    CALL Conquer.005AE89A
005AE878  |. 8BCE           MOV ECX,ESI
005AE87A  |. E8 F5670000    CALL Conquer.005B5074
005AE87F  |. 50             PUSH EAX                                 ; /Arg2
005AE880  |. 6A 01          PUSH 1                                   ; |Arg1 = 00000001
005AE882  |. 8BCE           MOV ECX,ESI                              ; |
005AE884  |. E8 CAA50100    CALL Conquer.005C8E53                    ; \[COLOR="red"]Conquer.005C8E53[/COLOR]
005AE889  |> 5E             POP ESI
005AE88A  \. C3             RETN

- Change JB SHORT Conquer.005AE889 into JMP SHORT Conquer.005AE889
- Right click
- Click Copy to executable
- Click All Modifications
- Copy All
- Click the X and Save it


Removing ChatTips
- Open conquer.exe in OllyDBG
- Search for -->> All referenced text strings
- Right click -->> Search for text
- Typ in

Code:

ChatTips

- You will find

Code:

ASCII "ini/ChatTips.ini"

- Double click it
- You will see this at the top of the CPU screen now

Code:

00669AC8  |. BE 60C47400    MOV ESI,Conquer.0074C460                 ;  ASCII "ini/ChatTips.ini"
00669ACD  |. 68 8C2F7E00    PUSH Conquer.007E2F8C                    ; /mode = "r"
00669AD2  |. 56             PUSH ESI                                 ; |path => "ini/ChatTips.ini"
00669AD3  |. FF15 68D67200  CALL DWORD PTR DS:[<&MSVCRT.fopen>]      ; \[COLOR="Red"]fopen[/COLOR]

- Change PUSH Conquer.007E2F8C into nop
- Change PUSH ESI into nop
- Change CALL DWORD PTR DS:[<&MSVCRT.fopen>] into nop
- Right click
- Click Copy to executable
- Click All Modifications
- Copy All
- Click the X and Save it


Unlocking FPS
- Open conquer.exe in OllyDBG
- Search for -->> All intermodular calls
- Typ in

Code:

SLEEP

(This pop up doesn't look like a search engine but just type it in and you'll see)
- You will find:

Code:

kernel32.Sleep

- Now you just press enter or double click the selected line
- You will be forwaded in the CPU screen to

Code:

005ACE3   . FF15 F0D17200  CALL DWORD PTR DS:[<&KERNEL32.Sleep>]    ; \[COLOR="Red"]Sleep[/COLOR][/COLOR]

- Scroll 6 lines up so you will see this

Code:

0053ACD6   . 8D51 19        LEA EDX,DWORD PTR DS:[ECX+19]
0053ACD9   . 3BC2           CMP EAX,EDX
0053ACDB  . 73 0E          JNB SHORT Conquer.0053ACEB
0053ACDD   . 2BC8           SUB ECX,EAX
0053ACDF   . 83C1 19        ADD ECX,19
0053ACE2   . 51             PUSH ECX                                 ; /Timeout
0053ACE3   . FF15 F0D17200  CALL DWORD PTR DS:[<&KERNEL32.Sleep>]    ; \[COLOR="Red"]Sleep[/COLOR][/COLOR]

- ChangeLEA EDX,DWORD PTR DS:[ECX+19 into LEA EDX,DWORD PTR DS:[ECX+10]
- Change ADD ECX,19 into ADD ECX,10
- Right click
- Click Copy to executable
- Click All Modifications
- Copy All
- Click the X and Save it

Quote:

NOTE: The "change 19 into 10" is just an example. You might need to set it at 14 or at 8 or anything else. Depends on your computer. Mine is set at 10 and hits 60 FPS wich if fine.
Just have to know, the lower you go, the higher the FPS gets. 60/80 fps is more then enough

Distance Jump/Long Jump
- Open conquer.exe in OllyDBG
- Press Ctrl+F
- Typ in

Code:

PUSH 186C0

- You will be send to this line in the CPU screen:

Code:

005AA762   . 68 C0860100    PUSH 186C0

- Scroll 13 lines up
- You will see this code part at the top

Code:

005AA729   . 7F 05          JG SHORT Conquer.005AA730
005AA72B   . E9 4F050000    JMP Conquer.005AAC7F
005AA730   > C745 D4 100000>MOV DWORD PTR SS:[EBP-2C],10
005AA737   . 837D C8 10     CMP DWORD PTR SS:[EBP-38],10
005AA73B   . 7E 4C          JLE SHORT Conquer.005AA789
005AA73D   . FF15 90D07200  CALL DWORD PTR DS:[<&GraphicData.GameDat>;  GraphicD.GameDataSetQuery
005AA743   . 8985 4CFEFFFF  MOV DWORD PTR SS:[EBP-1B4],EAX
005AA749   . E8 AA8CE5FF    CALL Conquer.004033F8
005AA74E   . 8985 7CFEFFFF  MOV DWORD PTR SS:[EBP-184],EAX
005AA754   . 6A 00          PUSH 0
005AA756   . 6A 00          PUSH 0
005AA758   . 68 0000FFFF    PUSH FFFF0000
005AA75D   . 68 D5070000    PUSH 7D5
005AA762   . 68 C0860100    PUSH 186C0

- ChangeJG SHORT Conquer.005AA730 into JMP SHORT Conquer.005AA730
- Change JLE SHORT Conquer.005AA789 into JMP SHORT Conquer.005AA789
- Right click
- Click Copy to executable
- Click All Modifications
- Copy All
- Click the X and Save it

Code:

[B]Warning:[/B] By using this you might DC when you try to jump far off screen (by using shiftscreen/zoomhack).

Faster FatalStrike
- Open conquer.exe in OllyDBG
- Search for -->> All referenced text strings
- Right click -->> Search for text
- Typ in

Code:

KOTeleport

- Press Ctrl+L 2 times
- You will find

Code:

ASCII "KOTeleport"

- Double click it
- You will see this lines at the top

Code:

0065DAC8  |. BF C0BD7E00    MOV EDI,Conquer.007EBDC0                 ;  ASCII "KOTeleport"

- Scroll down 16 Lines from that one
- There you will find this line

Code:

0065DAEF  |> 8B86 1C020000  MOV EAX,DWORD PTR DS:[ESI+21C]           ;  Case 0 of switch 0065DA4D

- Double click it
- Change MOV EAX,DWORD PTR DS:[ESI+21C] into MOV EAX,0
NOTE: Select in the check box "Fill with NOPs"
- Right click
- Click Copy to executable
- Click All Modifications
- Copy All
- Click the X and Save it


Revive While Moving
- Open conquer.exe in OllyDBG
- Press Ctrl+F
- Typ in

Code:

PUSH 186C2

- Scroll 10 lines up
- You will find

Code:

005AF181  |. 74 24          JE SHORT Conquer.005AF1A7

- Change JE SHORT Conquer.005AF1A7 into JMP SHORT Conquer.005AF1A7
- Right click
- Click Copy to executable
- Click All Modifications
- Copy All
- Click the X and Save it


Revive when countdown is at 5 seconds left (or later)
- Open conquer.exe in OllyDBG
- Press Ctrl+F
- Typ in

Code:

PUSH 186C1

- Scroll 10 lines up
- You will find

Code:

005AF14F   . 74 27          JE SHORT Conquer.005AF178

- Change JE SHORT Conquer.005AF178 into JMP SHORT Conquer.005AF178
- Right click
- Click Copy to executable
- Click All Modifications
- Copy All
- Click the X and Save it

Quote:

Copyright by: TheBoyWhoLost®

[gabrola]

Deleted guides? You just posted this

[TheBoyWhoLost]

Quote:

Originally Posted by gabrola

Deleted guides? You just posted this

I copied it from the post i made on codexplosion. Wich has those guides also in it. But that site is not so crowded as this one. To much noob leechers to post those things here. TQ Will try to avoid the edits by making new clients.

So yes they are deleted from the main guide i wrote in this week.

[gabrola]

I see, you get my thanks for the effort

[TheBoyWhoLost]

Quote:

Originally Posted by gabrola

I see, you get my thanks for the effort

Well thank you. Thats atleast 1 then.

[monday87]

Wow...Thx for the guide.
I think i shall made 1 of my own with this.

[monday87]

Em...
Anyway,which OS can be running into this program?

[Viceversa]

Quote:

Originally Posted by monday87

Em...
Anyway,which OS can be running into this program?

any. just gotta dl olly

[SaM.ThE.MaN]

I see,but its already there in olldydbg,but they were all scattered over there,good job,even though i know how to make multis,

[TheBoyWhoLost]

Quote:

Originally Posted by monday87

Em...
Anyway,which OS can be running into this program?

You answer is under here

Quote:

Originally Posted by Viceversa

any. just gotta dl olly

Quote:

Originally Posted by SaM.ThE.MaN

I see,but its already there in olldydbg,but they were all scattered over there,good job,even though i know how to make multis,

Seems like you didn't read the top message befroe checking the guide.
I did not steel it. I made it couse the OllyDBG & CO thread became old., Lots of old stuff. It's spammed to death. Not all guides in theat thread are working (i can know it since i scrolled trough all 50+ pages) even the last one where everything got gathered together.

[Smooth143]

Quote:

Still need to know how to add these features:

Code:

- No chat tips

to remove chat tips.

search > all reference text strings > search text > chattips.cpp

then nop this.

Code:

0062D888  |. 68 F84F7800    PUSH Conquer.00784FF8                    ; /mode = "r"
0062D88D  |. 56             PUSH ESI                                 ; |path => "ini/ChatTips.ini"
0062D88E  |. FF15 44066E00  CALL DWORD PTR DS:[<&MSVCRT.fopen>]      ; \fopen

[TheBoyWhoLost]

Quote:

Originally Posted by Smooth143

to remove chat tips.

search > all reference text strings > search text > chattips.cpp

then nop this.

Code:

0062D888  |. 68 F84F7800    PUSH Conquer.00784FF8                    ; /mode = "r"
0062D88D  |. 56             PUSH ESI                                 ; |path => "ini/ChatTips.ini"
0062D88E  |. FF15 44066E00  CALL DWORD PTR DS:[<&MSVCRT.fopen>]      ; \fopen

nop all the 3 lines? Please be more specific. Thanks for helping out btw.

[Glenneke15]

Nice guide, gonna try this out since it includes the background checks one.. ^^

thanks (thanked)

[TheBoyWhoLost]

Quote:

Originally Posted by Glenneke15

Nice guide, gonna try this out since it includes the background checks one.. ^^

thanks (thanked)

Thank you. I'm sure theres other guides also with the back ground checks removing explained. But as i said. Most guides aren't like i wanted them to be, so made my own updated on hte latest patch. Thats also the reason II'm searching for a few more things (check signature). Need to be sure they are updated.

Again thnx for the compliment

[Smooth143]

Quote:

Originally Posted by TheBoyWhoLost

nop all the 3 lines? Please be more specific. Thanks for helping out btw.

of course, you must nop that 3 lines.