Jump to content
Search In
  • More options...
Find results that contain...
Find results in...

Welcome to our site

Take a moment to join our board

Sign in to follow this  
Spirited

Client: Disassembling Conquer in Hopper

Recommended Posts

Introduction

Before you start disassembling Conquer, it's important that you understand the basics of assembly. For a tutorial on Assembly Languages, check out Tutorials Point. They cover the basics pretty well. This guide will help you disassemble Conquer for the first time using Hopper Disassembler, which is a reverse engineering tool I use to translate compiler machine languages into higher-level assembly language. Hopper is a paid program; therefore, I will not be providing a copy through this thread. I recommend purchasing a license and would definitely never suggest searching for one of the many, easy-to-find, pirated copies out there.

Environment

Hopper can only be installed on Linux and Mac OS. Therefore, if you're using Windows, you'll need to create a virtual machine. For simplicity, I recommend using either Oracle VirtualBox or VMWare Workstation Player; both have tutorials for running either Linux or Mac OS in a VM. I use Ubuntu 18.04 with VMWare Player. If you need a tutorial, check out this video. Once your virtual machine is set up, install Hopper Disassembler and you're ready to go.

Disassembling Conquer

Now that Hopper is set up, download a Mac client for Conquer. All you need is the dmg file (you don't need to install it). After downloading the file, open it in 7-Zip. Navigate to "Conquer\Conquer.app\Contents\ConquerGameExe.app\Contents\MacOS". This path might be different depending on the client version you downloaded. Extract the ConquerGameExe file and open it in Hopper. Hopper will automatically detect the compiler, so don't change any of its analysis settings. After a few minutes, you should have analyzed assembly. See the picture below.

hopper.PNG

You can search for classes and methods using the Procs tab. Give it a try with a packet name from the wiki. After finding a method, switch between views along the top bar. One particularly helpful view is the "Show Pseudo Code of Procedure" view. This shows the assembly in a C-like assembly syntax. It's not perfect, but it does help show the flow of logic.

You can also search for text using the Strs tab. Once you find a string you're looking for (ex. Monster.dat), you can see all references to the string in the right panel. This can help a lot when trying to understand how files are read by the client.

Conclusion

That's really it. I'm definitely not as experienced as others when it comes to reverse engineering, but Hopper does make it easier for those who have assembly knowledge but no knowledge on the structure of the game client's assembly. This won't help you develop bots or hacks on Windows, but it is helpful when writing a private server.  Happy disassembling! 

 

 

  • Thanks 1

Share this post


Link to post
Share on other sites

When I get this working I'll release all 5808 packet structures lol I already did a lot of research alone (guessing offsets) but for some really unknown packets this is really hard.

  • Like 1

Share this post


Link to post
Share on other sites
1 hour ago, Spuzzum said:

When I get this working I'll release all 5808 packet structures lol I already did a lot of research alone (guessing offsets) but for some really unknown packets this is really hard.

That'd be very appreciated. So far, I've been the only one updating the wiki. 😓

Share this post


Link to post
Share on other sites
3 hours ago, Spirited said:

That'd be very appreciated. So far, I've been the only one updating the wiki. 😓

I have many packets that are almost complete. I managed to get the .exe that I need, now I just need to figure out how to find the structures. I've been guessing by the ::Create() functions, but they don't always have the server structures :/ many does only fill some offsets and jump a lot

Share this post


Link to post
Share on other sites
4 hours ago, Spuzzum said:

I have many packets that are almost complete. I managed to get the .exe that I need, now I just need to figure out how to find the structures. I've been guessing by the ::Create() functions, but they don't always have the server structures :/ many does only fill some offsets and jump a lot

Yeah, the logic isn't consistent. With packets that it only accepts from the server, you'll find the logic in Process most of the time. It depends though. The more complicated packets are harder to follow. You should try the example I used to get your feet wet. It's pretty easy to get the structure, length, and packet id for. You'll figure it out, I'm sure. It just takes patience and effort - not two things I want to put into it right now which is why I posted this tutorial. Lol. I've done enough of this stuff for a while.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Similar Content

    • By Diab
      Introduction
      Conquer Online's older clients do not support higher resolution by default so in this guide I will be explaining how to edit the client's resolution to support higher resolutions, There will be no coding an I will try to explain the assembly instructions as I go, I will be using a 5095 client for this guide but the process should remain the same. Note that this is simply a guide to how it can be accomplished and I recommended doing through coding a dll instead of directly editing the executable to be able to configure it to any resolution without the need of multiple executables.
      All the numbers shown in the pictures are in hexadecimal (base16).
       
      Finding Window Resolution
      By doing a simple search in the client's executable (Conquer.exe) for the constant values 1024 or 768, we find two occurrences which are being stored in a global variable.
      In the first image we have the value of ecx register being set to 2 and being compared to the value of eax , if they aren't equal it jumps to the other image where the value is being compared against 3 by doing some backtracking we realize that the value of ScreenMode in GameSetUp.ini is being checked with 2 in the first and the 3 in the second image which represent 1024x768 window and full screen modes respectively, now by simply editing those values (400h and 300h) we can change the window resolution to any value we want which will only take effect if the client is in 1024x768 resolution mode, I.e. only if the ScreenMode value is set to 2 or 3.
      Having accomplished that we are faced with a few problems one being the client doesn't render the map edges properly if the resolution exceeds a certain value, to fix this we look for another two constants, which after doing some research and debugging ourselves we notice that aren't 1024 or 768 so by trying to identify/link any values to the ScreenMode value we find that there is no such value meaning that there is no actual correlation between the ScreenMode and the rendering resolution so by then trying the other default resolution to the client 800x600 we find the following.

      In that instruction block we find that there is some calculation being made and loop being executed just after that, by changing those values to our desired resolution values we fix the rendering problem , our next problem to fix is the alignment of the UI elements.
       
      Changing UI Alignment
      Since we aren't doing any coding, we will have to change the positions in the GUI.ini but we quickly find that some UI elements do not use the GUI.ini values but rather are hard-coded one of which is the player's heath/action bar/panel,(Skip this part if you don't want to center the player's panel) to find it we use the value we find to be the actual size or position of the panel by doing some searching in the GUI.ini and using the mouse position at the topmost pixel of the panel and the bottommost pixel and subtracting we find that the panel height is 141 ,we obtained the height specifically because we realize that the panel is being correctly positioned on the Y-Axis regardless of the resolution which means that the client uses it's height to determine the y value (being Screen Height - Panel Height) and after looking for that value we find the following.

      we see at the bottom a call to the function CWnd::MoveWindow which takes x,y,width,height and a repaint Boolean as parameters now depending on the function's calling convention the parameters are pushed to the stack in a specific order, since this is a _thiscall function we push the parameters in reverse order repaint>height>width>y>x which storing the class instance in ECX (being CWnd in this case), and so by looking at the instructions we see a call to GetWindowRect which we will ignore as the return value isn't being used then we see a 1 being pushed to the stack which represent a true value as the repaint parameter and then a 8Dh(141) which represent the height and so on. and as we look down we see a call to GetScreenHeight after which 141 is subtracted from the return value stored in EAX(being height) and later on pushing EAX to the stack as the Y parameter, we also see 0 being pushed as the x parameter which we need to change to center the panel but we notice that there is only a space enough for signed byte which can only take up to 0x7f or (127) as a positive number to fix this we will have to rewrite/change the instructions to push a constant Y value and skip the calculation.

      ("db 0" represent an empty byte)
      As seen above, we can edit the to push the y value directly so we have enough space to push a bigger x value as well.
       
      Other elements like the help window button follow similar principles but it's redrawn in a block of code than the original drawing so you will need to patch it twice and the arrow's quiver is a bit trickier but can be done (hint:It's being drawn constantly in a loop, and has several parts that are drawn a few bytes away from each other).
       
      IDA is used to disassemble the executable.
    • By Spirited
      Introduction
      Without a doubt, Conquer Online's emojis / emoticons are outdated. Luckily, adding new emojis to the client is relatively easy. New emojis must be 32x32 pixels. This tutorial also requires editing DDS assets in the client. You can find a tutorial on how to edit those assets here.
      Tutorial
      Open data/EmotionIco in the client's directory Add or edit existing dds files for different frames of the animated emoji (doesn't have to be animated) Add or edit existing JPG files for the same frames in data/EmotionIco/JPG Edit ani/EmotionIco.ani with the new frames (see example below) Restart the client and enjoy your new emojis Example
      [ICON68_bmp] FrameAmount=4 Frame0=data/EmotionIco/jpg/68/1.jpg Frame1=data/EmotionIco/jpg/68/2.jpg Frame2=data/EmotionIco/jpg/68/3.jpg Frame3=data/EmotionIco/jpg/68/4.jpg [ICON68] FrameAmount=4 Frame0=data/EmotionIco/68/1.dds Frame1=data/EmotionIco/68/2.dds Frame2=data/EmotionIco/68/3.dds Frame3=data/EmotionIco/68/2.dds Pictures

    • By Spirited
      Introduction
      Conquer Online is an isometric game made up of 2D assets and 3D object files. These 2D assets are stored in DDS format, used for map tile backgrounds, scenery objects, texture maps for 3D objects, etc. Most DDS files in the client are compressed in WDF files which can be extracted using a tool from the wiki. This tutorial shows how assets can be edited in Paint.NET, a free paint program which supports DDS format. Other editors can be used, such as Photoshop with the following NVIDIA DDS plugin. Gimp also includes a DDS plugin. You can also view DDS files from Windows Explorer using this thumbnail shell extension (still works on Windows 8/10, but only enable DDS viewing to avoid problems with live tiles in the start menu).
      Tutorial
      In this tutorial, I'll be editing a tree in Twin City.
      Start by extracting data.wdf in the root folder of the client Find the tree asset in data/map/mapobj/newplain/plain/ Open np09.dds in Paint.NET and make some modifications When saving the file, select "DXT3" with "Range Fit" compression Restart the client and confirm your edit Pictures
      Saving:

      Before:

      After:

       
    • By Spirited
      Introduction
      This feature was added with the release of the first Conquer Online 2.0 client (patch 4282) to advertise other games (such as Zero Online). It was removed with the New Dynasty expansion client (patch 5032). This feature can be configured to hit your own hosted advertisements for tips and event notifications. Advertisements can be set separately for different servers, and have different colors, fonts, positions on screen, etc.
      Tutorial
      Open ini/common.ini in the client's directory Find the ServerAdv section and define URLs for the two supported resolutions Use the format below for your hosted text file of advertisements Examples
      See attached files for examples.
      ServerAdv.txt
      ServerAdv1024.txt
    • By Spirited
      Introduction
      The Conquer Online client has bubble indications for the server's status. It shows next to an available server icon as a purple, green, yellow, or red bubble. By default, if the client can't contact the server, this bubble will show up as purple. You can set the client to check your own status page when displaying this indication.
      Tutorial
      Open ini/common.ini in the client's directory Find the "ServerStatus" section and edit the URL key to your own website's status page. Format your status page as a line-separated list of server names to status IDs using the table below. Status IDs
      0 = Server Down
      1 = Server Overloaded
      2 = Server Busy
      3 = Server Online
      Example Status Page
      The following is an example of two servers being listed by the plain text status page:
      Meteor 3 Thunder 2 Picture

×

Important Information

By using this site, you agree to our Terms of Use.