I. speed hack:
http://www.zerowaitingtime.com/26001-download-Conquer.exe
--------------------------------------------------
II. còn đây là cotobo:
http://www.zerowaitingtime.com/25772-download-COtobo.rar
--------------------------------------------------
III. speed hack (có trên máy rồi mà tìm lại không thấy đâu) ko upload được đau thật
-------------------------------------------------------------------
I. bot nè nghiên cứu đi, cũng dễ thôi,
- down file SV.exe o đây: http://www.zerowaitingtime.com/25526-download-SV-V070803-P4353V1.17.rar
- down cái này: http://www.cheatengine.org/download.php
cài ra máy và đọc của nợ sau:
Revised May 17,2007
1) Normally SV do it's self like read/write process memory. They hook up conquer process and check value then determine bot action like click,pick,move or jump.
When you activate bot it's will check your current window is conquer that match with bot version or not. If yes they will activate bot.
During bot activate they have timer that synchronize between SV.exe and bot client on each conquer window. So our solution is finding what they talk each other and prevent criteria check that make bot slow or not respond. The most way to trace is using IDA pro for reference and using Cheat Engine for debug software. This program encrypt with UPX 3.0 try download from http://upx.sourceforge.net/ to unpack them before analyze with IDA pro.
After expand countrymakeinus.dll and analyze with IDA pro. We must analyze 2 things on this DLL.
2) One thing is SV bot process. Normally it's start with some kind of command like this"
QUOTE
PUSH EBP
MOV EBP,ESP
MOV EAX,FS:[00000000]
PUSH FF
Just searching from "Search>Find assembly code" to find address of above command.
3) Second, Push your hook tiny code to execute file. I push this code in main loop program
QUOTE
004049FB:
PUSH EBP
PUSH EBX
PUSH ECX
PUSH EAX
PUSH EDX
PUSHFD
PUSH EAX
PUSH ESI
PUSH EDI
PUSH 00000000
Using Search>Find assembly code to find it again then you must using hook command in next step.
4) Hook command, Using function call to trap key stroke is SetWindowsHookExA it's locate in User32.dll. Here is command to hook up process.
QUOTE
push 00000000
push 10000000
push 100039d0 // address first command from step 2
push 02
call SetWindowsHookExA
5) Now it's time to inject code with current SV bot. It's same as SV inject conquer.exe, we using cheat engine to make enable/disable and inject together. Press CTRL,A at memory view window in cheat engine then click Template>Cheat Table framework code at address you will inject in step3. You will got some kind like below. For example, I using return process at address 004049FB and inject to new memory address to run hook process.
QUOTE
[ENABLE]
//code from here to [DISABLE] will be used to enable the cheat
alloc(newmem,2048) //2kb should be enough
label(Loop)
label(exit)
004049FB:
jmp newmem
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
cmp [10044004],ff
je exit
mov [10044000],00
pushad
pushfd
push 00000000
push 10000000
push 100039d0
push 02
call SetWindowsHookExA
mov [10044004],ff
popfd
popad
exit:
push ebp
push ebx
push ecx
push eax
push edx
pushfd
push eax
push esi
push edi
jmp 00404A04
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
004049FB:
push ebp
push ebx
push ecx
push eax
push edx
pushfd
push eax
push esi
push edi
6) Last part is finding protection and place to push obcode,
SV will disable all hook event by call UnhookWindowsHookEx, So just disable unhook process by set this in enable process,
QUOTE
UnhookWindowsHookEx:
ret 0004
Insert protection check that you will not activate hook process again and again by checking memory address like below,
QUOTE
[ENABLE]
cmp [10044004],ff // is bot is already activate or not?
je exit // Yes jump exit
mov [10044000],00 // No set variable wait state to Loop
pushad // Save all register
pushfd // Save flag register
// ** Put Hooking process here
mov [10044004],ff // Set bot already activate
Loop: // Loop until uncheck to disable by checking variable
mov eax,000000ff
push eax
call SleepEx
push eax
cmp [10044000],90 // Check variable is Loop or not Loop
jne Loop
popfd // return all register
popad // return flag
exit:
// ** Code from original code
[DISABLE]
10044000: // Set variable to not Loop
nop
UnhookWindowsHookEx:
ret 0004 // Prevent unhook process
There is routine to call internet open socket. So i find place that open internet connection and replace with code from newmem.
QUOTE
004275C1:
..
..
Call InternetOpenA
..
ret
7) Here is instruction to make standalone version,
QUOTE
1) Start 1.10 and Cheat Engine.
here is infomation link for SV 1.10
http://www.elitepvpers.de/forum/index.php?...90&#entry567171
2) Load CheatEngine with cheatengine script then select ScriptVessel process and check box on SV 1.08-1.10
3) Start Conquer program and login normally and press F11 to activate bot.
___________________________
cái I là chơi nhiều acc, speed hack không tìm thấy, có trên máy nhưng chưa đủ exp để up load
http://www.zerowaitingtime.com/26001-download-Conquer.exe
--------------------------------------------------
II. còn đây là cotobo:
http://www.zerowaitingtime.com/25772-download-COtobo.rar
--------------------------------------------------
III. speed hack (có trên máy rồi mà tìm lại không thấy đâu) ko upload được đau thật
-------------------------------------------------------------------
I. bot nè nghiên cứu đi, cũng dễ thôi,
- down file SV.exe o đây: http://www.zerowaitingtime.com/25526-download-SV-V070803-P4353V1.17.rar
- down cái này: http://www.cheatengine.org/download.php
cài ra máy và đọc của nợ sau:
Revised May 17,2007
1) Normally SV do it's self like read/write process memory. They hook up conquer process and check value then determine bot action like click,pick,move or jump.
When you activate bot it's will check your current window is conquer that match with bot version or not. If yes they will activate bot.
During bot activate they have timer that synchronize between SV.exe and bot client on each conquer window. So our solution is finding what they talk each other and prevent criteria check that make bot slow or not respond. The most way to trace is using IDA pro for reference and using Cheat Engine for debug software. This program encrypt with UPX 3.0 try download from http://upx.sourceforge.net/ to unpack them before analyze with IDA pro.
After expand countrymakeinus.dll and analyze with IDA pro. We must analyze 2 things on this DLL.
2) One thing is SV bot process. Normally it's start with some kind of command like this"
QUOTE
PUSH EBP
MOV EBP,ESP
MOV EAX,FS:[00000000]
PUSH FF
Just searching from "Search>Find assembly code" to find address of above command.
3) Second, Push your hook tiny code to execute file. I push this code in main loop program
QUOTE
004049FB:
PUSH EBP
PUSH EBX
PUSH ECX
PUSH EAX
PUSH EDX
PUSHFD
PUSH EAX
PUSH ESI
PUSH EDI
PUSH 00000000
Using Search>Find assembly code to find it again then you must using hook command in next step.
4) Hook command, Using function call to trap key stroke is SetWindowsHookExA it's locate in User32.dll. Here is command to hook up process.
QUOTE
push 00000000
push 10000000
push 100039d0 // address first command from step 2
push 02
call SetWindowsHookExA
5) Now it's time to inject code with current SV bot. It's same as SV inject conquer.exe, we using cheat engine to make enable/disable and inject together. Press CTRL,A at memory view window in cheat engine then click Template>Cheat Table framework code at address you will inject in step3. You will got some kind like below. For example, I using return process at address 004049FB and inject to new memory address to run hook process.
QUOTE
[ENABLE]
//code from here to [DISABLE] will be used to enable the cheat
alloc(newmem,2048) //2kb should be enough
label(Loop)
label(exit)
004049FB:
jmp newmem
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
cmp [10044004],ff
je exit
mov [10044000],00
pushad
pushfd
push 00000000
push 10000000
push 100039d0
push 02
call SetWindowsHookExA
mov [10044004],ff
popfd
popad
exit:
push ebp
push ebx
push ecx
push eax
push edx
pushfd
push eax
push esi
push edi
jmp 00404A04
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
004049FB:
push ebp
push ebx
push ecx
push eax
push edx
pushfd
push eax
push esi
push edi
6) Last part is finding protection and place to push obcode,
SV will disable all hook event by call UnhookWindowsHookEx, So just disable unhook process by set this in enable process,
QUOTE
UnhookWindowsHookEx:
ret 0004
Insert protection check that you will not activate hook process again and again by checking memory address like below,
QUOTE
[ENABLE]
cmp [10044004],ff // is bot is already activate or not?
je exit // Yes jump exit
mov [10044000],00 // No set variable wait state to Loop
pushad // Save all register
pushfd // Save flag register
// ** Put Hooking process here
mov [10044004],ff // Set bot already activate
Loop: // Loop until uncheck to disable by checking variable
mov eax,000000ff
push eax
call SleepEx
push eax
cmp [10044000],90 // Check variable is Loop or not Loop
jne Loop
popfd // return all register
popad // return flag
exit:
// ** Code from original code
[DISABLE]
10044000: // Set variable to not Loop
nop
UnhookWindowsHookEx:
ret 0004 // Prevent unhook process
There is routine to call internet open socket. So i find place that open internet connection and replace with code from newmem.
QUOTE
004275C1:
..
..
Call InternetOpenA
..
ret
7) Here is instruction to make standalone version,
QUOTE
1) Start 1.10 and Cheat Engine.
here is infomation link for SV 1.10
http://www.elitepvpers.de/forum/index.php?...90&#entry567171
2) Load CheatEngine with cheatengine script then select ScriptVessel process and check box on SV 1.08-1.10
3) Start Conquer program and login normally and press F11 to activate bot.
___________________________
cái I là chơi nhiều acc, speed hack không tìm thấy, có trên máy nhưng chưa đủ exp để up load
