SV trace assembly code

Quote:

Originally posted by Gera@Jan 6 2007, 22:58 ok this is what i understand and what i did on this tut. /*1* Starting Agent King insert user/password ok douible click on the AK that anastasia gave to dl and its up and running :o /*2* Set trap(breakpoint) on first jump here and click start button at AgentKing window 00403596 je 40378c <- by pass this point to 40359C 0040359C move ecx,[ebp-2c] /*3* When your CE(Cheat Engine) stop at 403596 change your EIP to next command 40359C ok so i open CE load AgentKing from the process list and then i click on memory view, so i get a memory adress list from current project. in the main window i do right click then i choose the option "Go to adress". i type the adress 403596 and CE takes me there. when CE takes me there i press f5 so i click start on my AgentKing client it says something like loading.... and then it hangs for ever BUT!, CE still kinda work and i wait til CE shows me in red numbers what i get from breaking there as soon as CE shows me that i double click on EIP and write down 403590 it gives me in the window with red numbers the EIP 0040359C. so i check if AgentKing is still running and its still there ... hangin i cant do nothing but i keep on my path to mem cracking it and proceed to point 4 /*4* Set trap at here 4035CB. When CE stop at 4035CB change EIP to 4035DD 004035CB jne 40378c <- by pass this point to 4035DD 004035D1 cmp [004356e0],edi 004035D7 jne 40378c 004035DD push 00 so i right click again over the window of the mem list of CE, i choose the option to search for the code and i get to the desired location [4035cb] i press f5 in this point but ... nothing happens from that i gave it minutes even half an hour to wait for CE to respond but nothing happens and AgentKing is pretty dead. so i dont know what its wrong or what i do wrong, i would like to learn more cause im having fun but for now i give up cause i spent half my day to learn from this tut how to crack in mem adress with CE. anastasia i would like to chat with you in any other way if possible so i can agilize my work. thank you very much ×××

After you pause due to set break point at 403596 and change EIP to 40359C and set breakpoint to new address 4059BC. You must choose debug/run on CE menu to make program to running code again.

Quote:

Originally posted by anantasia@Jan 6 2007, 23:25 After you pause due to set break point at 403596 and change EIP to 40359C and set breakpoint to new address 4059BC. You must choose debug/run on CE menu to make program to running code again.

awesome !!! now i got up to point 5

/*5* Set trap at 403685. When CE stop press F7 to trace in to sub routine 403CF6
00403685 CALL 00403CF6 <- this command to call routine at address 00403CF6 and when hit command RET. It's will return to next address 40368A
0040368A mov eax,[esi+1c]

so i did search for that adress and when i found it i put another break as soon as i made the set breakpoint in there i choosed debug/run again so it went right as you said it should work. BUT i dont understand that part i choose F7 and CE takes me to 00403F6 but i dont kno what to do here at this point. i simply dont get it if i have to edit something or if i haveto click in the screen something.
so does point 6.

/*6* Routine 403CF6 will send you to address 10002860. Press F7 to step to countrymakeinUS.dll
00403CF6 JMP DWORD PTR[00429508] <- Just FYI, this command jump to DLL. DWORD PTR[00429508] = 10002860

i dont kno what is FYI and what do i have to change i have to edit the 00429508 to 10002860?

/*7* Starting tracestep at here, look carefully for miss jump/exit program
10002860 SUB ESP, 000000C8 <- here is starting of countrymakeinus.dll

this is just a warning right?

1000288B CALL 1001E804 <- Nothing to do at here just press F8 to step over

this is easy just press f8 and voila.

and points 8 9 10 are easier like the first ones right?. so im confused now at points 5 6 and 7.

thanks in advance !!!

thanks in advance !!

well you got further than me mine still hangs but iv had enough for 1 day try again tomorow grrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr

Quote:

Originally posted by Gera+Jan 6 2007, 23:47--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (Gera @ Jan 6 2007, 23:47)</td></tr><tr><td id='QUOTE'> <!--QuoteBegin--anantasia@Jan 6 2007, 23:25 After you pause due to set break point at 403596 and change EIP to 40359C and set breakpoint to new address 4059BC. You must choose debug/run on CE menu to make program to running code again.

awesome !!! now i got up to point 5

/*5* Set trap at 403685. When CE stop press F7 to trace in to sub routine 403CF6
00403685 CALL 00403CF6 <- this command to call routine at address 00403CF6 and when hit command RET. It's will return to next address 40368A
0040368A mov eax,[esi+1c]

so i did search for that adress and when i found it i put another break as soon as i made the set breakpoint in there i choosed debug/run again so it went right as you said it should work. BUT i dont understand that part i choose F7 and CE takes me to 00403F6 but i dont kno what to do here at this point. i simply dont get it if i have to edit something or if i haveto click in the screen something.
so does point 6.

/*6* Routine 403CF6 will send you to address 10002860. Press F7 to step to countrymakeinUS.dll
00403CF6 JMP DWORD PTR[00429508] <- Just FYI, this command jump to DLL. DWORD PTR[00429508] = 10002860

i dont kno what is FYI and what do i have to change i have to edit the 00429508 to 10002860?

/*7* Starting tracestep at here, look carefully for miss jump/exit program
10002860 SUB ESP, 000000C8 <- here is starting of countrymakeinus.dll

this is just a warning right?

1000288B CALL 1001E804 <- Nothing to do at here just press F8 to step over

this is easy just press f8 and voila.

and points 8 9 10 are easier like the first ones right?. so im confused now at points 5 6 and 7.

thanks in advance !!!

thanks in advance !! [/b][/quote]
In step 5 - 6 -7 , You just step and trace in call routine. Nothing to do just only F7 till u hit address 10002860,

Gera, where u run the modifications? look what i did on CE, i selected agentking.exe on ce and clicked memory view. and traped 2 lines and changed adress in 2 lines, now how u run the modifications?

Getting stuck trying to do this but whatever

im stuck on step 9. when i press F8 after reach 10002AC0 CALL dword ptr[100303a0] agent king closes. can some1 help?

im on the jmp prt,.,,, i cant do anything on it... help

all it do is invalid parameter

finally a guide how to !! thx +k

Okedoke, so I'm really havin fun doing this haha all the way to step 7 woot...but thats where im stumped as of now.

To ana or anyone else who knows,

Im having problems at 7.

/*7* Starting tracestep at here, look carefully for miss jump/exit program
10002860 SUB ESP, 000000C8 <- here is starting of countrymakeinus.dll
.
.
1000288B CALL 1001E804 <- Nothing to do at here just press F8 to step over
.
.

so i get to 10002860 and then i keep doing my PF7 but before i get to 1000288B i jump to like 7CXXXXXX or whatever completey off anyways.

So i thought maybe i was doing this wrong and i went and just manually went to 1000288b and pressed PF8 there too and that also sent me someonewhere completely off or something. Am i just supposed to skip that area and go straight to the bypassing the jne's or what?

Thx in adv to anyone :D

Works great, well done anantasia, I particularly like your idea of making this DIY guide rather than just releasing the crack version to all because this way it encourages ppl to learn :)

DM, please repin this thread, teaching ppl how to make SV work again is a much better idea than just releasing the crack version to to everyone (or even just those that are deemed worthy) as this way only those with a little patience, skill or a willingness to learn new things can "win" the right to use it again.

ded

Ok very easy Guide Step By Step, follow it and u'll make it I SWEAR.

1. Open Cheat Engine
2. Open AgentKing
3. Select Agentking in Cheat Engine (Clicking that PC Icon)
4. Click on Memory View Icon
5. Right Click on upper left window and select 'Go To Adress' 00403596
6. Press F5 (to make a breakpoint)
7. Right Click on upper left window and select 'Go To Adress' 004035CB
8. Go To ScriptVessel and write some letters inside ID and Password fields(min 5 letters), then press Start
9. Go To Cheat Engine and wait till it stop at the first Brake u made (at 00403596).
10. Over upper right window click over EIP word introduce the next adress to the break point, if u look to the left window u'll discover that the next adress is 040359C, introduce this value in that field then click OK.
11. Press F9
12. Now u are at 004035CB and u need to jump to 004035DD so click over EIP and introduce that value (004035DD) and click ok.
13. Right click left window and go to 00403CF6
14. Press F5
15. Click View/Breakpoints select the first one (403596) and delete and close the break point window.
16. At Memory view Window.
17. Press F9
18. Press F7
19. Right click left window and go to 10003110
20. Press F5
21. Press F8 as many times till u get to the first JNE instruction. (in this case is at 10002895, this line must be blue;selected)
22. In the JNE instruction click on EIP and put the next adress to JNE instruction (in this case 10002897) click OK.
23. Repeat steps 21 and 22 till u reach to the last break point u've created. (10003110)
24. Over the 10003110 press F9.
25. You must have it. Got to the game and press F11 to test
26. You can close Cheat Engine If you Want

For those who are Lazzy and dont want to go instruction by instruction pressing F8 and replacing EIP values ( steps 21 and 22).
after step 20 do this:

21. Press F8
22. Now scroll down little by little and for each JNE instruction that you find right click over the instruction and select 'Replace for code that does nothing (or something like that)' do this (scroll down and replace) till u get to the adress 10003110 that one were u have created the last Breakpoint.
23. Over the line of 10003110 instruction and after changing all the JNE for NOP instructions (u did it in the step be4 to this one) click F9.
24. DONE! Go to the game and press F11 to test
25. You can close Cheat Engine If you Want

HOPE IT HELPS FOR THOSE WHO ARE FELLING STUCK, LIKE I WAS ;)

THX ANASTACIA!

Quote:

Originally posted by SilverSnow@Jan 7 2007, 03:14 Okedoke, so I'm really havin fun doing this haha all the way to step 7 woot...but thats where im stumped as of now. To ana or anyone else who knows, Im having problems at 7. /*7* Starting tracestep at here, look carefully for miss jump/exit program 10002860 SUB ESP, 000000C8 <- here is starting of countrymakeinus.dll . . 1000288B CALL 1001E804 <- Nothing to do at here just press F8 to step over . . so i get to 10002860 and then i keep doing my PF7 but before i get to 1000288B i jump to like 7CXXXXXX or whatever completey off anyways. So i thought maybe i was doing this wrong and i went and just manually went to 1000288b and pressed PF8 there too and that also sent me someonewhere completely off or something. Am i just supposed to skip that area and go straight to the bypassing the jne's or what? Thx in adv to anyone :D

Hi,
In step 7 til 9 is hard part,
There is many JNE you must do bypass by change EIP to next instruction code address.
If u found JE,JNL just press F7 to let them jump NOT bypass it.
Well at 1000288B is just for you reference if you debug program reach that instruction from original. it'say that you reach half path of it.

Cheers,

@_|aka|- :

Quote:

im stuck on step 9. when i press F8 after reach 10002AC0 CALL dword ptr[100303a0] agent king closes. can some1 help?

I think you may missing in some JNE. One thing to do same as SilverSnow do. It's you must jump to next instruction by change EIP.

@ded101 :
Yah, Now aday ppl may don't know old language like assembly code. But it's low level machine language on any language.

@Cucurucho :
Cool man, You work great again after cracked by your own.
I forget to do step by step with all keystroke.
Thank you anyway to make it's more clarify,

My noobie approach to making it work...works for me..so hope it work for others..

1. Start AK, Start CE and load AK

2. Open memory viewer, right click on any line and click GO TO ADDRESS, and enter
00403596, once there hit F5, then right click on that line, a window pop up, you then click on the insert code that does nothing, a small window pop up , so you write in it 90 nop and click ok, then F5 to toggle the break point...you are done with the first break.

3.right click on any line and click go to address, enter 004035CB, hit F5 once there, right click on it and click on insert code that does nothing and enter 90 nop.

4. do the same thing at 004035D7 its only a few lines down. after this step you should see a few lines of 90 nop which stop at 004035DD push 00. you are done with the 2nd break.

5. right click on any line again and click go to address, and type in 10002895, hit F5, right click and click on insert code that does nothing and enter 90 nop.

6.do same thing at 100028A2 .

7. then scroll down the address line for the JNE...everytime you see one...do the same as step 5 and 6...put in the 90 nop.

8.keep doing that until you scroll down to the last line, 10003110 RET

9. once at the line with the RET command...F5 that line...then go to AK....enter logon and pw..if you have not...and click start....wait a while...if all is well..you should get instruction to return to game and click F11..


I dont know any programming...i get this from all the reading in this thread...hope it works for you all...big thanks to Anastasia and the rest..

Quote:

Originally posted by anantasia+Jan 7 2007, 03:27--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (anantasia @ Jan 7 2007, 03:27)</td></tr><tr><td id='QUOTE'> <!--QuoteBegin--SilverSnow@Jan 7 2007, 03:14 Okedoke, so I'm really havin fun doing this haha all the way to step 7 woot...but thats where im stumped as of now. To ana or anyone else who knows, Im having problems at 7. /*7* Starting tracestep at here, look carefully for miss jump/exit program 10002860 SUB ESP, 000000C8 <- here is starting of countrymakeinus.dll . . 1000288B CALL 1001E804 <- Nothing to do at here just press F8 to step over . . so i get to 10002860 and then i keep doing my PF7 but before i get to 1000288B i jump to like 7CXXXXXX or whatever completey off anyways. So i thought maybe i was doing this wrong and i went and just manually went to 1000288b and pressed PF8 there too and that also sent me someonewhere completely off or something. Am i just supposed to skip that area and go straight to the bypassing the jne's or what? Thx in adv to anyone :D

Hi,
In step 7 til 9 is hard part,
There is many JNE you must do bypass by change EIP to next instruction code address.
If u found JE,JNL just press F7 to let them jump NOT bypass it.
Well at 1000288B is just for you reference if you debug program reach that instruction from original. it'say that you reach half path of it.

Cheers,

@_|aka|- :

Quote:

im stuck on step 9. when i press F8 after reach 10002AC0 CALL dword ptr[100303a0] agent king closes. can some1 help?

I think you may missing in some JNE. One thing to do same as SilverSnow do. It's you must jump to next instruction by change EIP.

@ded101 :
Yah, Now aday ppl may don't know old language like assembly code. But it's low level machine language on any language.

@Cucurucho :
Cool man, You work great again after cracked by your own.
I forget to do step by step with all keystroke.
Thank you anyway to make it's more clarify, [/b][/quote]
No problem Thx to u also (u did the hard work). U can get what i wrote if u think is more clarify and put it in the first page/post if you think it'll help others, because if more ppl keep posting will be difficult to others to acces the right page of this topic to find it, i also attached a ling to this page of the topic in my sign. GREAT JOB!

EDIT: Spelling