ل حاجة لازم تجيب البرنامج ده http://www.ollydbg.de/odbg110.zip
BACKUP YOUR Conquer.exe BEFORE any thing
1. Open Conquer in OllyDBG. (File -> Open -> Browser for
Conquer.exe) and let it process the exe
2. Right click on the CPU window -> Search for -> All referenced text strings
4. Right click -> Search for text and type in search box "TQ_CONQUER
Double click the line that says "TQ_CONQUER"
6. Notice the line I have highlighted that says "PUSH 2". This line determines how many clients you can open.
7. You can change the value in it for anything between 0 and 7F (Hexa)
8. Ok, now we have changed the value to 7F! How to save ?
9. Right click CPU window -> Copy to executable -> All modifications -> Copy All
10. Now a new window openened -> Right click on it -> Save file -> Browser for ******** (don't save it on same folder as the original first)
11. Now you need to close OllyDBG and copy the Conquer.exe to Conquer folder!
[/Creating Multiclient]
Removing 'Virus' scanner]
2. Right click on the CPU window -> Search for -> All referenced text strings
3. Scroll up in the list.
4. Right click -> Search for text and type in search box "ZFTqat"
5. Double click the line that says "ZFTqat"
6. Do as I did, highlight those addresses -> Right Click on CPU window -> Binary -> Fill with NOPS (NOP = No OPeration)
7. Right click CPU window -> Copy to executable -> All modifications -> Copy All
8. Now a new window openened -> Right click on it -> Save file -> Browser for ******** (don't save it on same folder as the original first)
9. Now you need to close OllyDBG and copy the Conquer.exe to Conquer folder!
[/Removing 'Virus' scanner]
[Running Conquer.exe directly]
2. Click on CPU window then press Ctrl + F (Open up a command search window)
3. Find "PUSH 273F" The code should look like this. (Couple lines up & down)
004687F6 . 83F8 01 CMP EAX,1
004687F9 . 7C 18 JL SHORT Conquer.00468813
004687FB . 8D85 ECFAFFFF LEA EAX,DWORD PTR SS:[EBP-514]
00468801 . 68 D0DB5500 PUSH Conquer.0055DBD0 ; /s2 = "blacknull"
00468806 . 50 PUSH EAX ; |s1
00468807 . FF15 CC555200 CALL DWORD PTR DS:[<&MSVCRT._stricmp>] ; _stricmp
0046880D . 59 POP ECX
0046880E . 85C0 TEST EAX,EAX
00468810 . 59 POP ECX
00468811 74 29 JE SHORT Conquer.0046883C
00468813 > FF15 54505200 CALL DWORD PTR DS:[<&GraphicData.GameDat>; GraphicD.GameDataSetQuery
00468819 . 8B10 MOV EDX,DWORD PTR DS:[EAX]
0046881B . 6A 10 PUSH 10
0046881D . 68 C8DB5500 PUSH Conquer.0055DBC8 ; ASCII "Error"
00468822 . 68 3F270000 PUSH 273F
00468827 . 8BC8 MOV ECX,EAX
00468829 . FF52 3C CALL DWORD PTR DS:[EDX+3C]
0046882C . 50 PUSH EAX ; |Text
0046882D . 6A 00 PUSH 0 ; |hOwner = NULL
0046882F . FF15 08575200 CALL DWORD PTR DS:[<&USER32.MessageBoxA>>; MessageBoxA
004687F6 . 83F8 01 CMP EAX,1
004687F9 . 7C 18 JL SHORT Conquer.00468813
change the
004687F9 . 7C 18 JL SHORT Conquer.00468813
into
004687F9 . 7C 18 JMP SHORT 0046883C
4. Right click CPU window -> Copy to executable -> All modifications -> Copy All
5. Now a new window openened -> Right click on it -> Save file -> Browser for ******** (don't save it on same folder as the original first)
6. Now you need to close OllyDBG and copy the Conquer.exe to Conquer folder!
[/Running Conquer.exe directly]
[Enabling PM Commands]
1. Backup your Conquer.exe like usually.
2. Open Conquer.exe in OllyDBG (File -> Open -> Browser for its ********)
3. Right click -> Search for -> All referenced text strings -> "PM"
4. Double click the "[PM]" that came up on search.
You should see code block like this :
code
004A6A2A |. 8D7405 D4 LEA ESI,DWORD PTR SS:[EBP+EAX-2C]
004A6A2E |. 8D46 FC LEA EAX,DWORD PTR DS:[ESI-4]
004A6A31 |. 3BC6 CMP EAX,ESI
004A6A33 |. 74 17 JE SHORT Conquer.004A6A4C
004A6A35 BF 2C005600 MOV EDI,Conquer.0056002C ; ASCII "[PM]"
004A6A3A |. 2BF8 SUB EDI,EAX
004A6A3C |> 8A08 /MOV CL,BYTE PTR DS:[EAX]
004A6A3E |. 3A0C07 |CMP CL,BYTE PTR DS:[EDI+EAX]
004A6A41 |. 0F85 08050000 |JNZ Conquer.004A6F4F
004A6A47 |. 40 |INC EAX
004A6A48 |. 3BC6 |CMP EAX,ESI
004A6A4A |.^75 F0 JNZ SHORT Conquer.004A6A3C
004A6A4C |> A0 48AB5600 MOV AL,BYTE PTR DS:[56AB48]
First way :
- NOP all those parts that I've colored red, it's basically the check wether your name contains [PM]
Second way :
- You notice the part that I've colored Dark Orange?
Code:
004A6A33 |. 74 17 JE SHORT Conquer.004A6A4C
- If you look closely on the Address it jumps, you should notice that it jumps straight pass the check;
- Click that JE address and hit spacebar for assemblying it
- Change it to ->
Code:
004A6A33 |. EB 17 JMP SHORT 004A6A4C
يا رب اكون عجبتكوا
BACKUP YOUR Conquer.exe BEFORE any thing
1. Open Conquer in OllyDBG. (File -> Open -> Browser for
Conquer.exe) and let it process the exe
2. Right click on the CPU window -> Search for -> All referenced text strings
4. Right click -> Search for text and type in search box "TQ_CONQUER
Double click the line that says "TQ_CONQUER"
6. Notice the line I have highlighted that says "PUSH 2". This line determines how many clients you can open.
7. You can change the value in it for anything between 0 and 7F (Hexa)
8. Ok, now we have changed the value to 7F! How to save ?
9. Right click CPU window -> Copy to executable -> All modifications -> Copy All
10. Now a new window openened -> Right click on it -> Save file -> Browser for ******** (don't save it on same folder as the original first)
11. Now you need to close OllyDBG and copy the Conquer.exe to Conquer folder!
[/Creating Multiclient]
Removing 'Virus' scanner]
2. Right click on the CPU window -> Search for -> All referenced text strings
3. Scroll up in the list.
4. Right click -> Search for text and type in search box "ZFTqat"
5. Double click the line that says "ZFTqat"
6. Do as I did, highlight those addresses -> Right Click on CPU window -> Binary -> Fill with NOPS (NOP = No OPeration)
7. Right click CPU window -> Copy to executable -> All modifications -> Copy All
8. Now a new window openened -> Right click on it -> Save file -> Browser for ******** (don't save it on same folder as the original first)
9. Now you need to close OllyDBG and copy the Conquer.exe to Conquer folder!
[/Removing 'Virus' scanner]
[Running Conquer.exe directly]
2. Click on CPU window then press Ctrl + F (Open up a command search window)
3. Find "PUSH 273F" The code should look like this. (Couple lines up & down)
004687F6 . 83F8 01 CMP EAX,1
004687F9 . 7C 18 JL SHORT Conquer.00468813
004687FB . 8D85 ECFAFFFF LEA EAX,DWORD PTR SS:[EBP-514]
00468801 . 68 D0DB5500 PUSH Conquer.0055DBD0 ; /s2 = "blacknull"
00468806 . 50 PUSH EAX ; |s1
00468807 . FF15 CC555200 CALL DWORD PTR DS:[<&MSVCRT._stricmp>] ; _stricmp
0046880D . 59 POP ECX
0046880E . 85C0 TEST EAX,EAX
00468810 . 59 POP ECX
00468811 74 29 JE SHORT Conquer.0046883C
00468813 > FF15 54505200 CALL DWORD PTR DS:[<&GraphicData.GameDat>; GraphicD.GameDataSetQuery
00468819 . 8B10 MOV EDX,DWORD PTR DS:[EAX]
0046881B . 6A 10 PUSH 10
0046881D . 68 C8DB5500 PUSH Conquer.0055DBC8 ; ASCII "Error"
00468822 . 68 3F270000 PUSH 273F
00468827 . 8BC8 MOV ECX,EAX
00468829 . FF52 3C CALL DWORD PTR DS:[EDX+3C]
0046882C . 50 PUSH EAX ; |Text
0046882D . 6A 00 PUSH 0 ; |hOwner = NULL
0046882F . FF15 08575200 CALL DWORD PTR DS:[<&USER32.MessageBoxA>>; MessageBoxA
004687F6 . 83F8 01 CMP EAX,1
004687F9 . 7C 18 JL SHORT Conquer.00468813
change the
004687F9 . 7C 18 JL SHORT Conquer.00468813
into
004687F9 . 7C 18 JMP SHORT 0046883C
4. Right click CPU window -> Copy to executable -> All modifications -> Copy All
5. Now a new window openened -> Right click on it -> Save file -> Browser for ******** (don't save it on same folder as the original first)
6. Now you need to close OllyDBG and copy the Conquer.exe to Conquer folder!
[/Running Conquer.exe directly]
[Enabling PM Commands]
1. Backup your Conquer.exe like usually.
2. Open Conquer.exe in OllyDBG (File -> Open -> Browser for its ********)
3. Right click -> Search for -> All referenced text strings -> "PM"
4. Double click the "[PM]" that came up on search.
You should see code block like this :
code
004A6A2A |. 8D7405 D4 LEA ESI,DWORD PTR SS:[EBP+EAX-2C]
004A6A2E |. 8D46 FC LEA EAX,DWORD PTR DS:[ESI-4]
004A6A31 |. 3BC6 CMP EAX,ESI
004A6A33 |. 74 17 JE SHORT Conquer.004A6A4C
004A6A35 BF 2C005600 MOV EDI,Conquer.0056002C ; ASCII "[PM]"
004A6A3A |. 2BF8 SUB EDI,EAX
004A6A3C |> 8A08 /MOV CL,BYTE PTR DS:[EAX]
004A6A3E |. 3A0C07 |CMP CL,BYTE PTR DS:[EDI+EAX]
004A6A41 |. 0F85 08050000 |JNZ Conquer.004A6F4F
004A6A47 |. 40 |INC EAX
004A6A48 |. 3BC6 |CMP EAX,ESI
004A6A4A |.^75 F0 JNZ SHORT Conquer.004A6A3C
004A6A4C |> A0 48AB5600 MOV AL,BYTE PTR DS:[56AB48]
First way :
- NOP all those parts that I've colored red, it's basically the check wether your name contains [PM]
Second way :
- You notice the part that I've colored Dark Orange?
Code:
004A6A33 |. 74 17 JE SHORT Conquer.004A6A4C
- If you look closely on the Address it jumps, you should notice that it jumps straight pass the check;
- Click that JE address and hit spacebar for assemblying it
- Change it to ->
Code:
004A6A33 |. EB 17 JMP SHORT 004A6A4C
يا رب اكون عجبتكوا