SV trace assembly code

[anantasia]

@Cucurucho :

Quote:

I Reach perfect to:

10002860 SUB ESP, 000000C8 <- here is starting of countrymakeinus.dll

1.mm just a question. I have to BYPASS those CALL like OR LET THEM RUN?:

.
-1000288B CALL 1001E804
.
-10002AC0 CALL dword ptr[100303a0]
.

Let them run thru in that CALL and set trace /debug and step in that sub routine.

Quote:

2. And what about this one?(It happens be4 those ones and if i let it run it makes a big jump and seems to take me out of countrymakeinUS.dll)
.
-10002875 CALL DWORD PTR[100301fc]<--- JUMPS TO 00973928 -PUSH GETSYSTEMTIME

Like this CALL there are some others betwen 10002860 SUB ESP and 10003110 RET that take me out from countrymakeinUS.dll i mean If only change those JNE betwen 10002860 SUB ESP and 10003110 RET and let the CALL's run It makes jumps that don't let me reach to 10003110 RET

You just press F8 when hit that instruction. I post it to reference only just for your information.

@ztthik :

Quote:

I followed the traces and made it work finally.

I have no problems to release all the data. However, anantasia suggested to do it yourself. I'm not going to release them at the moment.

Cool, Nice job great man.

@steve00 :

Quote:

/** set trace
00403685 call 403cf6 <- call SV routine (PF11 to activate and disable button as picture below)
. I think this is saying to press the F11 key but then later in the forum ananstia said this:

This is just information that this command will call Scripte routine you must enter to trace/debug it
.
00403CF6 JMP DWORD PTR[00429508] <- this command jump to long address. Almost use pointer to point long address to go. So PTR[00429508] = 10002860
. ok, the trick here was explained by anantasia on a later page in the forum, what you have to do is replace the 00429508 in the brackets with 10002860, WHEN YOU DO THIS you will end up with a very weird string that looks something like this jmp dword ptr [l0lzo1z2lv0lo120l2zlvol0lzo1z2lv0]..(again if i am correct)

This is information again to known that after above CALL will send u here and it's will starting execute command in countrymakeinUS.dll

Good for explain that. If possible i would like to ad more information in RED text and I think you copy wrong guide please look in Post #1.

Quote:

how do u use the co.ct file?

It's use with CE(Cheat Engine). To monitor/freeze memory address.

@Enki :

Quote:

Any idea? when i hit start my client close.

Try not ruin code by change it to NOP. Just only change EIP.

[steve00]

uuungh, im sorry, but i just cannot follow your terms, the words you use i cannot seem to follow, could u break down the steps just a little more? im doing the best i can ><

[leon85]

hi anantasia, ty for helping
im juz wondering if you or any other person that has cracked it using ur method, make a more detail or simple screen shots, step by step, it make life alot more easy and u wont flamed with help me, i duno juz a thought

[anantasia]

Guide to speed hack,

1. use your CE to start first scan
2. try change your speed by use archer to fly or cyclone or dh
3. click CE at next scan for unknow value
4. you may found few address that change every time you change your speed
5. Try modify that data for change speed

For my hack,
I got 128 when cyclone 1028 when Superman and 2048 when Fly at address 512066

Guide to zoom in/out,

1. Same as above but only change is your zoom view window

Lower value is zoom out / Higher value is zoom in,

Benefit of zoom
- Use in TG for reduce cpu overload
- Use in PK / Lvling to see more monster/ppl

Attach file is CE dot CT file to use with current 4335 Patch

[Domates]

hehe sorry friend but wat is eip :P
good hacking for a 16 old ^^

[Cucurucho]

Quote:

Originally posted by anantasia@Jan 6 2007, 10:24
@Cucurucho :

Quote:

You just press F8 when hit that instruction. I post it to reference only just for your information.

You've said : 'i post it to reference only..' and u didn't post nothing about this call.

-10002875 CALL DWORD PTR[100301fc]<--- JUMPS TO 00973928 -PUSH GETSYSTEMTIME


As i unterstand, i have to do this btween 10002860 SUB ESP and 10003110 RET is:

1. Press F8 for each CALL i find.
2. Bypass al JNE (change EIP to the next dir.)

and with it it must work... right?

lemme try...

[anantasia]

Quote:

Originally posted by Cucurucho+Jan 6 2007, 12:18--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (Cucurucho @ Jan 6 2007, 12:18)</td></tr><tr><td id='QUOTE'> <!--QuoteBegin--anantasia@Jan 6 2007, 10:24
@Cucurucho :

Quote:

You just press F8 when hit that instruction. I post it to reference only just for your information.

You've said : 'i post it to reference only..' and u didn't post nothing about this call.

-10002875 CALL DWORD PTR[100301fc]<--- JUMPS TO 00973928 -PUSH GETSYSTEMTIME


As i unterstand, i have to do this btween 10002860 SUB ESP and 10003110 RET is:

1. Press F8 for each CALL i find.
2. Bypass al JNE (change EIP to the next dir.)

and with it it must work... right?

lemme try... [/b][/quote]
Yah,that right, only 2 thing to do that F8 on call and change EIP to next command when found JNE command

I modified first post. Please look for more info

@Domates

EIP is Execute Instruction Pointer use to locate what address that program will execute. From CE in Memory Viewer you find it locate on upper right window.

Double click on that EIP to change it.

[Domates]

*5* Set trap at 403685. When CE stop press F7 to trace in to sub routine 403CF6
00403685 CALL 00403CF6 <- this command to call routine at address 00403CF6 and when hit command RET. It's will return to next address 40368A
0040368A mov eax,[esi+1c]

heeh what where doing here,
I did 403685 set trap. and pressed f7 come to 403cf6.. and the we have to hit ret how we do that.
thnx

ok ... but wat is fyi Sorry for asking much :P:P but i think iam gonna crack it

[tetnes]

Is there any point in doing this as i have just read a thread saying a new version of script vessel is getting relesed in 10 days?

hears the thread



if this is true im going to be ******

[ahmednoos]

Thanks

[Cucurucho]

Quote:

Originally posted by Cucurucho+Jan 6 2007, 12:18--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (Cucurucho @ Jan 6 2007, 12:18)</td></tr><tr><td id='QUOTE'> <!--QuoteBegin--anantasia@Jan 6 2007, 10:24
@Cucurucho :

Quote:

You just press F8 when hit that instruction. I post it to reference only just for your information.

You've said : 'i post it to reference only..' and u didn't post nothing about this call.

-10002875 CALL DWORD PTR[100301fc]<--- JUMPS TO 00973928 -PUSH GETSYSTEMTIME


As i unterstand, i have to do this btween 10002860 SUB ESP and 10003110 RET is:

1. Press F8 for each CALL i find.
2. Bypass al JNE (change EIP to the next dir.)

and with it it must work... right?

lemme try... [/b][/quote]
DOING THIS, AT 10027B7C JMP 10027BF9 (here im supposed to let jmp jump)AGENTKINGS CLOSES.

[Cucurucho]

Ok i last i got it. After RET it's frozen but pressing F11 it works anyway =P i'll keep working on it till no erros for a screenshot. thx

[Domates]

i am close i had F11 to start the partner there is a nwe version...
CE can run anymore cant chnage EIP
i saved cant load btw

[Flyers]

Thanks, i got it working. +k for your kind patience, prompt reply and definitely for this guide.

Lol i still have this question, do i always have to on cheatengine and repeat everything in order to get t SV working?

Thanks again

[parkieboy]

/*5* Set trap at 403685. When CE stop press F7 to trace in to sub routine 403CF6
00403685 CALL 00403CF6 <- this command to call routine at address 00403CF6 and when hit command RET. It's will return to next address 40368A
0040368A mov eax,[esi+1c]
.
.
/*6* Routine 403CF6 will send you to address 10002860. Press F7 to step to countrymakeinUS.dll
00403CF6 JMP DWORD PTR[00429508] <- Just FYI, this command jump to DLL. DWORD PTR[00429508] = 10002860

Can someone explain these lines for me. The F7 button is disable on my program or am i suppose to run the memory code?