Re: Joseph's Battles three and four are done
Friday, 19-Mar-99 05:40:31 Greeting to all, Although Battle one was easily fought and won, Battle two still eludes me, mainly because I was not able to locate the enemy troops and my arsenal seems to be uneffective in bringing them to the open. But there were more victories on other front and Battles three and four were fought hard and brought to a victorious conclusion. I already told you how I fought Battle one and here is my strategy fro the last two: Throwing caution to the wind and unheeding the advice of MisteE, I went ahead and used W32dasm to fight all Battles and here how it was done. After careful steady of the assembly code and the imported function calls, I spotted the function call IsDlgButtonChechecked and decided to break on it. In W32dasm you have to find all the occupancies of this call and place a break on each of them, since you will never know which one will be the first to be called. This is one of the disadvantages of W32dasm. I guess in SoftIce one bpx IsDlgButtonChecked will do the job. Any how. After you run Conquer and bring up the window for Battle three and check some boxes anc click on the Try This combination Button the program will break on IsDlgButtonChecked call and you will land on 4018DC and will see the following snippet of code: :004018D4 682D010000 push 0000012D It is very important to pay attention to what is pushed on the stack just before the call is made. The first of the two above pushes is most important. There is a series of those calls and you must go through all of them successfully in order to win the game. Please note the jne 00401A16 is the bad cracker jump. If you are familiar with Assemble code you will easily figure out what is happening and you will be able to check the correct boxes. Battle four was fought with the same weapons and the same break on IsDlgButtonChecked. But checking the correct boxes is not enough here. You have to provide a username and a valid serial number and a validation code number and that requires some skills, but let me get you started. Again after you run the program and check Battle four you will get the Battlefield window. After providing the information which you think is correct and check the fight Button you should land at 401654 and see the following snippet of code: :0040164C 68C8020000 push 000002C8 Again, please pay attention to the values pushed on the stack before the call is made. Here also there is a series of those calls and you should go through all of them successfully to reach the final stage. Perhaps I should note here that the jump to 401822 is the bad cracker jump. In the previous sentence I said the final stage and not the end and that is where the real fun begins. And this begins after the last successful check of the Buttons is made and you come to this suction of code: :0040178E 33C0 xor eax, eax This is where the validation code number is calculated in the most ingenious and interesting manner. Believe it or not this code is calculated not only from the username, as most do, but from the username and the code itself. You figure it out, I find very hard for me to explain although I know how it is done. May be some time later when I am less tired, I will venture an explanation. This is all for now. Good luck. Best regards, Joseph Joseph |
Joseph's Thread Task1 finishe (Joseph) (17-Mar-99 06:14:49) |