SV trace assembly code

[anantasia]

Quote:

Originally posted by ztthik@Jan 5 2007, 14:18
anantasia:

Followed your posts, I bypassed some instructions and reached 10002860. However, the instructions from 10002860 are quite different from yours (see the picture).

I'm wondering if the .exe and .dll file are the same as the ones you were using.

Any ideas about that?

btw, when the programs reaches 10002860, the agentking seems crashed (no response).

You go on the right way.

Keep on trace that address.

If u found JNE just by pass it to next command.

but if u found JE, JNL just change it to JMP that address.

u may pass many CALL and finally u will find RET. After that just leave run program.

It's will message on txt box that u can start program and F11 to start script.

Cheers.

[anantasia]

Quote:

Originally posted by Domates@Jan 5 2007, 14:36
You cant toggel more than 2 breakpoints

/** set trap and here and by pass
004035CB jne 40378c <- by pass this point to 4035DD
004035D1 cmp [004356e0],edi
004035D7 jne 40378c
004035DD push 00 <--What u have to do here its all same the same in script

I almost got it thnx man

JNE is check program that match critiria or not if not it's will jump exit to 40378C

So what point u need to do. Just by pass jump exit subroutine.

That opcode had 2 JNE so u can by pass it to 4035DD.

[)ª(SLAYER)ª(]

ok most of us dont understand any thing about all this. if you could only give us some pics with the guide it will be great

[Cucurucho]

Quote:

Originally posted by anantasia+Jan 4 2007, 23:21--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (anantasia @ Jan 4 2007, 23:21)</td></tr><tr><td id='QUOTE'> <!--QuoteBegin--fastblade1@Jan 4 2007, 23:14
wow! nice +k good job for release it.. btw it works..? :?

Yah it's work as post picture as above,

I try post this for ask some help but anyone can answer it. So i will answer crack in DIY version. Anyone who want it must do it yourself. I ever ask crack one from ratz but i think i can do it.

I know that it's really hard and take time to trace assembly code. You must have fundamental of basic assembly code.

But for this it's make sure that u can do it yourself without trojan,virus or keylogger,

Have a nice day [/b][/quote]
Really Really nice job +k for it and the guide. I support that DIY metod even while i'm having the cracked version.

[parkieboy]

anny it the current implentation does not support more than 3 breakpoints

[Domates]

does it works for ur self

[retlic]

I got a couple of questions for now:

00403685 call 403CF6 <- call SV routine PF11 to activate and disable button as picture above
Was i suppost to do anything there?

00403CF6 jmp PTR <- Long jump to call countrymakeinus.dll to address 10002860
What does it mean by jmp PTR? And where do i put the 10002860?

[img]text2schild.php?smilienummer=1&text=First crack ever. No experience with programing!' border='0' alt='First crack ever. No experience with programing!' />

[anantasia]

Quote:

Originally posted by parkieboy@Jan 5 2007, 15:42
anny it the current implentation does not support more than 3 breakpoints

Delete old one that u use.

My point is going to some Sub routine in countrymakeinus.dll

[anantasia]

Quote:

Originally posted by retlic@Jan 5 2007, 15:56
I got a couple of questions for now:

00403685 call 403CF6 <- call SV routine PF11 to activate and disable button as picture above
Was i suppost to do anything there?

00403CF6 jmp PTR <- Long jump to call countrymakeinus.dll to address 10002860
What does it mean by jmp PTR? And where do i put the 10002860?

[img]text2schild.php?smilienummer=1&text=First crack ever. No experience with programing!' border='0' alt='First crack ever. No experience with programing!' />

When u found that CALL. Let's try PF7 to step in that subroutine.

You will found JMP PTR. If u PF7 again u will jmp to countrymakeinus.dll

[retlic]

Quote:

Originally posted by anantasia+Jan 5 2007, 16:13--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (anantasia @ Jan 5 2007, 16:13)</td></tr><tr><td id='QUOTE'> <!--QuoteBegin--retlic@Jan 5 2007, 15:56
I got a couple of questions for now:

00403685 call 403CF6 <- call SV routine PF11 to activate and disable button as picture above
Was i suppost to do anything there?

00403CF6 jmp PTR <- Long jump to call countrymakeinus.dll to address 10002860
What does it mean by jmp PTR? And where do i put the 10002860?

[img]text2schild.php?smilienummer=1&text=First crack ever. No experience with programing!' border='0' alt='First crack ever. No experience with programing!' />

When u found that CALL. Let's try PF7 to step in that subroutine.

You will found JMP PTR. If u PF7 again u will jmp to countrymakeinus.dll [/b][/quote]
Ok. I changed PF6 to PF7. And also i changed the other one to "jmp dword ptr [10002860]". Is that right?

[anantasia]

Quote:

Originally posted by retlic+Jan 5 2007, 16:22--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (retlic @ Jan 5 2007, 16:22)</td></tr><tr><td id='QUOTE'>

Quote:

Quote:

When u found that CALL. Let's try PF7 to step in that subroutine.

You will found JMP PTR. If u PF7 again u will jmp to countrymakeinus.dll

Ok. I changed PF6 to PF7. And also i changed the other one to "jmp dword ptr [10002860]". Is that right? [/b][/quote]
PF7 = Press Function Key 7

[retlic]

Quote:

Originally posted by anantasia+Jan 5 2007, 16:28--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (anantasia @ Jan 5 2007, 16:28)</td></tr><tr><td id='QUOTE'>

Quote:

Quote:

Ok. I changed PF6 to PF7. And also i changed the other one to "jmp dword ptr [10002860]". Is that right?

PF7 = Press Function Key 7 [/b][/quote]
Lmao. It has turned to "jmp dword ptr [l0lzo1z2lv0lo120l2zlvol0lzo1z2lv0]". I think i brokeded it. I might just start agen..

[anantasia]

Quote:

Originally posted by retlic+Jan 5 2007, 16:31--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (retlic @ Jan 5 2007, 16:31)</td></tr><tr><td id='QUOTE'>

Quote:

Quote:

PF7 = Press Function Key 7

Lmao. It has turned to "jmp dword ptr [l0lzo1z2lv0lo120l2zlvol0lzo1z2lv0]". I think i brokeded it. I might just start agen.. [/b][/quote]
No, You go right way,

That dll seem strange.

If u press ctrl + alt +s in Memory Viewver Window u will found list of DLL. Looking to that countrymakeinus.dll u will find that 2 function call that name seem like that.

[retlic]

OK lol il continue it in a couple of days. Thnx so much for your help anantasia

[Xibungo]

anantasia what do u mean "Trace"?