Register for your free account! | Forgot your password?

You last visited: Today at 16:07

  • Please register to post and access all features, it's quick, easy and FREE!

 

Fake Ping from Co.exe

Reply
 
Old   #1
 
elite*gold: 0
Join Date: May 2006
Posts: 16
Received Thanks: 1
Fake Ping from Co.exe

Does someone have any idea how to edit co.exe and make it shows up you got 50 ping? i know its fake won't chage nothing from ur gameplay. I know CoAi used to do it before.



vamfmorbyde is offline  
Old   #2
 
elite*gold: 0
Join Date: Apr 2014
Posts: 81
Received Thanks: 41
Yes you can edit the co.exe through memory to edit the display ping but I believe CoAi
did it through the ping packet.


JaniQ is offline  
Old   #3
 
elite*gold: 0
Join Date: Feb 2009
Posts: 212
Received Thanks: 144
you can hook _snprintf, the format is "[%s] (%03d,%03d) Ping: %s; Fps: %02d; FpsAver : %02d %02d/%02d/%d %s %02d:%02d"
teroareboss1 is offline  
Old   #4
 
elite*gold: 0
Join Date: May 2006
Posts: 16
Received Thanks: 1
I found this by ollydbg, but i have no idea how can i edit that line, when i try to whats what shows to me.


vamfmorbyde is offline  
Old   #5
 
elite*gold: 0
Join Date: Oct 2009
Posts: 755
Received Thanks: 531
Quote:
Originally Posted by vamfmorbyde View Post
I found this by ollydbg, but i have no idea how can i edit that line, when i try to whats what shows to me.
Either you attach a DLL and hook _snprintf as teroareboss1 said. If you go this path you can check the format against what you expect it to be and make the required modifications. You would need to use va_ functions to process the varying parameter list.

Or you modify Conquer.exe directly with a different format. The URL you provided shows a PUSH instruction. You can right click it and find the "Follow" option under "Goto" (as far as I can remember). That will take you to the actual area of the memory where that format is stored. If you carefully modify the format you can stay within the memory bounds without losing any bit of information.
By using %n with printf (and any other functions alike) you can output nothing at the cost of damaging the given pointer (the function would write the number of characters written up to that point in the pointer provided for that argument) and because %s expect a string which is in fact a char pointer this works out well. More over because the ping is actually an integer the fact that it is provided as a char pointer means the actual ping value would not suffer by using %n.

A valid format would be this:
"[%s] (%03d,%03d) Ping: %n50; Fps: %02d; FpsAver : %02d %02d/%02d/%d %s %02d:%d"

Notice the changes:
"[%s] (%03d,%03d) Ping: %s; Fps: %02d; FpsAver : %02d %02d/%02d/%d %s %02d:%02d"

%02d makes it so only 2 digits would be written but because we don't really care about that we can just remove those characters (0 and 2) and make up for the 5 and 0 we added for the shown ping.
-impulse- is offline  
Old   #6
 
elite*gold: 0
Join Date: May 2006
Posts: 16
Received Thanks: 1
I tried to edit the way you said, "Follow" doesn't show up on that line... If u guys don't mind, coulda make a tutorial about it? I know im asking too much, don't wanna bother you guys... im using ollydbg to do it
vamfmorbyde is offline  
Old   #7

 
elite*gold: 0
Join Date: Jul 2011
Posts: 6,539
Received Thanks: 3,173
Why do you want to edit your ping................................
that's a really ****** private server cancerism.
Spirited is offline  
Old   #8
 
elite*gold: 0
Join Date: May 2006
Posts: 16
Received Thanks: 1
Only interested on it, yeah i know its **** lol
vamfmorbyde is offline  
Old   #9
 
elite*gold: 0
Join Date: Oct 2009
Posts: 755
Received Thanks: 531
Quote:
Originally Posted by vamfmorbyde View Post
I tried to edit the way you said, "Follow" doesn't show up on that line... If u guys don't mind, coulda make a tutorial about it? I know im asking too much, don't wanna bother you guys... im using ollydbg to do it
Right click on the push instruction then select "Follow in Dump" > "Immediate constant".

That will take you to the memory where the string is stored. The dump area should be in the lower left side of the ollydbg window. You can edit then one character at a time.

Once you finish editing just save the changes to the executable. If you don't know how to do that Google is your friend.


-impulse- is offline  
Reply



« Previous Thread | Next Thread »



All times are GMT +1. The time now is 16:07.


Powered by vBulletin®
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.

Support | Contact Us | FAQ | Advertising | Privacy Policy | Abuse
Copyright ©2017 elitepvpers All Rights Reserved.