If you agree to use it for study purpose here is guide to crack SV. There so many versions SV but only new SV can work with patch 4347.
** If you successfully crack Script Vessel and want to using it work as CO2 business (Smooth and Safe) . I suggest you support 9net9 who is creator of SV by buy it from website. **
Strategy to crack this program is finding way to hook process to keyboard and bypass all protection and random timer checker. You can read how to crack from step 1-6 or jump to step 7 to make your own cracked bot.
Revised May 17,2007
1) Normally SV do it's self like read/write process memory. They hook up conquer process and check value then determine bot action like click,pick,move or jump.
When you activate bot it's will check your current window is conquer that match with bot version or not. If yes they will activate bot.
During bot activate they have timer that synchronize between SV.exe and bot client on each conquer window. So our solution is finding what they talk each other and prevent criteria check that make bot slow or not respond. The most way to trace is using IDA pro for reference and using Cheat Engine for debug software. This program encrypt with UPX 3.0 try download from to unpack them before analyze with IDA pro.
After expand countrymakeinus.dll and analyze with IDA pro. We must analyze 2 things on this DLL.
2) One thing is SV bot process. Normally it's start with some kind of command like this"
Just searching from "Search>Find assembly code" to find address of above command.Quote:
PUSH EBP
MOV EBP,ESP
MOV EAX,FS:[00000000]
PUSH FF
3) Second, Push your hook tiny code to execute file. I push this code in main loop program
Using Search>Find assembly code to find it again then you must using hook command in next step.Quote:
004049FB:
PUSH EBP
PUSH EBX
PUSH ECX
PUSH EAX
PUSH EDX
PUSHFD
PUSH EAX
PUSH ESI
PUSH EDI
PUSH 00000000
4) Hook command, Using function call to trap key stroke is SetWindowsHookExA it's locate in User32.dll. Here is command to hook up process.
5) Now it's time to inject code with current SV bot. It's same as SV inject conquer.exe, we using cheat engine to make enable/disable and inject together. Press CTRL,A at memory view window in cheat engine then click Template>Cheat Table framework code at address you will inject in step3. You will got some kind like below. For example, I using return process at address 004049FB and inject to new memory address to run hook process.Quote:
push 00000000
push 10000000
push 100039d0* * //* address first command from step 2
push 02
call SetWindowsHookExA
6) Last part is finding protection and place to push obcode,Quote:
[ENABLE]
//code from here to [DISABLE] will be used to enable the cheat
alloc(newmem,2048) //2kb should be enough
label(Loop)
label(exit)
004049FB:
jmp newmem
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
cmp [10044004],ff
je exit
mov [10044000],00
pushad
pushfd
push 00000000
push 10000000
push 100039d0
push 02
call SetWindowsHookExA
mov [10044004],ff
popfd
popad
exit:
push ebp
push ebx
push ecx
push eax
push edx
pushfd
push eax
push esi
push edi
jmp 00404A04
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
004049FB:
push ebp
push ebx
push ecx
push eax
push edx
pushfd
push eax
push esi
push edi
SV will disable all hook event by call UnhookWindowsHookEx, So just disable unhook process by set this in enable process,
Insert protection check that you will not activate hook process again and again by checking memory address like below,Quote:
UnhookWindowsHookEx:
ret 0004
There is routine to call internet open socket. So i find place that open internet connection and replace with code from newmem.Quote:
[ENABLE]
cmp [10044004],ff** // is bot is already activate or not?
je exit* * * * * * * * * * * // Yes jump exit
mov [10044000],00 // No set variable wait state to Loop
pushad* * * * * * * * * * // Save all register
pushfd* * * * * * * * * ** // Save flag register
// ** Put Hooking process here
mov [10044004],ff* // Set bot already activate
Loop:* * * * * * * * * * * // Loop until uncheck to disable by checking variable
mov eax,000000ff
push eax
call SleepEx
push eax
cmp [10044000],90 // Check variable is Loop or not Loop
jne Loop
popfd* * * * * * * * * * ** // return all register
popad* * * * * * * * * * * // return flag
exit:
// ** Code from original code
[DISABLE]
10044000:* * * * * * * // Set variable to not Loop
nop
UnhookWindowsHookEx:
ret 0004* * * * * * * ** // Prevent unhook process
7) Here is instruction to make standalone version,Quote:
004275C1:
..
..
Call InternetOpenA
..
ret
Stand Alone version of SV with CheatEngine (No internet connection)Quote:
1) Start 1.10 and Cheat Engine.
here is infomation link for SV 1.10
2) Load CheatEngine with cheatengine script then select ScriptVessel process and check box on SV 1.08-1.10
3) Start Conquer program and login normally and press F11 to activate bot.
1) Load SV V1.10
2) Check box at SV V1.08-1.10 then exit Cheat Engine.
3) Start conquer and press F11 to activate bot.
DIY hexedit Scriptvessel (No need CheatEngine)
1) Open Hexedit and goto offset $49FB (by press Ctrl ,G and insert at hexadecimal box) then replace existing value XX XX XX ... with code E9 C1 2B 02 00
2) goto offset $275C1 (by press Ctrl + G and insert at hexadecimal box) then replace existing value XX XX XX ... with BOLD value code below.
3) Save then start programQuote:
81 3D 04 40 04 10 FF 00 00 00* * CMP [10044004],000000FF
74 25* * * * * * * * * * * * * * * * * * * * * * JE 004275F2
60* * * * * * * * * * * * * * * * * * * * * * * ** PUSHAD
9C* * * * * * * * * * * * * * * * * * * * * * * ** PUSHFD
68 00 00 00 00** * * * * * * * * * * * * * PUSH 00000000
68 00 00 00 10* * * * * * * * * * * * * ** PUSH 10000000
68 D0 39 00 10* * * * * * * * * * * * * ** PUSH 100039D0
6A 02* * * * * * * * * * * * * * * * * * * * * * PUSH 02
FF 15 64 E4 42 00* * * * * * * * * * * * CALL DWORD PTR [0042E464]
C7 05 04 40 04 10 FF 00 00 00* * MOV [10044004],000000FF
9D* * * * * * * * * * * * * * * * * * * * * * * ** POPFD
61* * * * * * * * * * * * * * * * * * * * * * * ** POPAD
55* * * * * * * * * * * * * * * * * * * * * * * ** PUSH EBP
53* * * * * * * * * * * * * * * * * * * * * * * ** PUSH EBX
51* * * * * * * * * * * * * * * * * * * * * * * ** PUSH ECX
50* * * * * * * * * * * * * * * * * * * * * * * ** PUSH EAX
52* * * * * * * * * * * * * * * * * * * * * * * ** PUSH EDX
9C* * * * * * * * * * * * * * * * * * * * * * * ** PUSHFD
50* * * * * * * * * * * * * * * * * * * * * * * ** PUSH EAX
56* * * * * * * * * * * * * * * * * * * * * * * ** PUSH ESI
57* * * * * * * * * * * * * * * * * * * * * * * ** PUSH EDI
E9 04 D4 FD FF* * * * * * * * * * * * * ** JMP 00404A04
How-to find obcode (from code above) and hexedit SV V1.10 (1.6 MB)
or
There is bug in orig SV that let you waste pot by using MP Pot.
Here is How to fix bug toaist alway using MP pot(Edit your conquer.exe) for SV 1.10
1) Open unpack Conquer.exe with Hex Editor. Check size of conquer.exe should more than 1 MB. If not goto step 4 to unpack it.
2) Goto offset 7AEC4 replace existing XX XX XX XX XX XX with E9 0A 65 01 00 90.
3) Goto offset 913D3 replace existing XX XX XX XX XX XX XX XX XX XX XX XX XX XX with FF 92 80 00 00 00 8B C8 E9 EA 9A FE FF.
4) Download UPX.exe from then unpack your conquer.exe with this command "UPX -d conquer.exe" *Don't miss to backup file*
Or try load this script to fix bug toaist alway using MP pot
1) Run cracked Scriptvessel, CheatEngine and Conquer.exe then Load below script then select conquer process.
2) Check box "Fix SV 1.10 for MP bug"
3) Play conquer and activate bot as normally
*New* Stand alone SV 1.11 add Follower can jump and fix MP bug
1) Open SV with hexeditor (XVI32) then press Ctrl + G goto Hexadecimal offset $2596D replace existing 5 bytes with E9 CF 1B 00 00
2) then Press Ctrl + G goto Hexadecimal offset $27541 replace 48 bytes with 60 9C 68 00 00 00 00 68 00 00 00 10 68 D0 39 00 10 6A 02 E8 78 9C 00 7E 9D 61 85 C0 0F 84 49 E4 FF FF 85 FF 0F 84 18 E4 FF FF E9 05 E4 FF FF 90
3) Save file then start SV and don't press anything. Goto game and press F11 to activate bot.
Enjoy!