H A T R E D P R E S E N T S.T.A.L.K.E.R.: Shadow of Chernobyl (C) GSC 19/03/2007 :.. Rel.date . protection ..: SR 7.31.0010. 1 DVD :... disc(s) . genre .......: Shooter On the afternoon of April 12 in 2006, a massive explosion shattered the Chernobyl area. The Zone, as the area got to be known, was characterized by anomalous energy disturbances, rendering even the most advanced form of protective suits worthless to would be rescue teams. Months passed and nothing could be done. The military quarantined the area to prevent unauthorized entry and perhaps even reassure the local populace that the area was under control and confinement. Almost 4 years after the initial event, expeditions can now safely traverse several kilometers deep into the Zone. Among these are the Stalkers, poachers that enter the zone searching for artifacts and anomalous formations that are highly sought after by certain organizations and groups. The player controls a Stalker, venturing into the Zone in order to acquire information, technology and artifacts to sell and possibly put a mysterious puzzle together. Avoiding the dangers within and the military because as a Stalker you are effectively a thief, and the army that has quarantined the area, don't take kindly to trespassers. Within the Zone you will have to detect and avoid the bizarre phenomenon's (anomalies) that plague the area, avoid or eliminate various kinds of mutants and you can even expect competition from other Stalkers. PROPER NOTES: Well, well... STALKER got released as clone from Unleashed (who have had their own share of problems lately) and only a few hours later ViTALiTY managed to release the ISO. Impressive, almost too good to be true... and guess what... it was... First of all we want to stress that we don't like to proper because the whole NFO-wars is really not helping the scene. We have tolerated much from ViTALiTY... First they did some SecuROM cracks where all the essential hard-to-rebuild code was not reconstructed but rather just stolen from an executable with a weaker protection (Battlestations.Midway-ViTALiTY) and later we witness a giant 8 MB executable that was UPXed and PE-Sections renamed to hide this embarrassing fact. We really had to restrain ourselves to witness them label this as a "fully rebuilt crack" (Supreme.Commander.Update.1.0.3217-ViTALiTY). We reacted to none of these insults in public. But this time ViTALiTY has gone too far. We all know that STALKER is a major title and it came as a surprise to us how weak a flavor of SecuROM is on it. In fact there is only 1 spot where SecuROM have molested the original code, otherwise its a simple matter of dumping + fixing entry point (which is a task any baboon can manage). We like to keep an eye on the competition so we examined this crack from ViTALiTY, and we were shocked at the low-quality of cracking ViTALiTY is now ready to release. Lets have a look shall we? The single SecuROM modification that i speak of is located here: 004acb80 (03) 81ec 40030000 SUB ESP, 0x340 004acb86 (05) e9 32639000 JMP 0xdb2ebd As some of you may know this "SUB ESP, 0x340" is a typical routine header instruction and following it is a jump redirecting to the "artem" section (one added by SecuROM). This is what we call a partially relocated routine where SecuROM relocates part of a routine so that if the SecuROM modules are removed the code will fail. The relocated code in the SecuROM section is this: 00db2ebd (05) 68 bbcb4a00 PUSH 0x4acbbb 00db2ec2 (05) e8 598ba4ff CALL 0x7fba20 00db2ec7 (01) 90 NOP 00db2ec8 (01) 50 PUSH EAX 00db2ec9 (01) 9c PUSHF 00db2eca (01) 53 PUSH EBX 00db2ecb (01) 9c PUSHF 00db2ecc (06) 8b1d 202ddb00 MOV EBX, [0xdb2d20] 00db2ed2 (01) 51 PUSH ECX 00db2ed3 (06) 8b0d 58014000 MOV ECX, [0x400158] 00db2ed9 (02) d3c3 ROL EBX, CL 00db2edb (01) 59 POP ECX 00db2edc (01) 9d POPF 00db2edd (03) 871c24 XCHG [ESP], EBX 00db2ee0 (01) 90 NOP 00db2ee1 (01) 54 PUSH ESP 00db2ee2 (05) 68 702cdb00 PUSH 0xdb2c70 00db2ee7 (05) b8 b983dae8 MOV EAX, 0xe8da83b9 00db2eec (01) 90 NOP 00db2eed (05) 35 590a82e8 XOR EAX, 0xe8820a59 00db2ef2 (01) 90 NOP 00db2ef3 (01) eb DB 0xeb 00db2ef4 (02) ffd0 CALL EAX 00db2ef6 (01) 57 PUSH EDI 00db2ef7 (04) 8b7c24 04 MOV EDI, [ESP+0x4] 00db2efb (02) 03c7 ADD EAX, EDI 00db2efd (04) 894424 04 MOV [ESP+0x4], EAX 00db2f01 (01) 5f POP EDI 00db2f02 (01) 90 NOP 00db2f03 (01) 58 POP EAX 00db2f04 (03) c1e9 00 SHR ECX, 0x0 00db2f07 (01) 9d POPF 00db2f08 (03) 870424 XCHG [ESP], EAX 00db2f0b (02) 6a 00 PUSH 0x0 00db2f0d (04) 8d4424 08 LEA EAX, [ESP+0x8] 00db2f11 (01) 50 PUSH EAX 00db2f12 (03) ff51 0c CALL [ECX+0xc] 00db2f15 (03) 8d1424 LEA EDX, [ESP] 00db2f18 (01) 52 PUSH EDX 00db2f19 (08) c74424 04 40000000 MOV DWORD [ESP+0x4], 0x40 00db2f21 (05) 68 8bcb4a00 PUSH 0x4acb8b 00db2f26 (01) 90 NOP 00db2f27 (01) 90 NOP 00db2f28 (05) 68 674ca66e PUSH 0x6ea64c67 00db2f2d (01) 9c PUSHF 00db2f2e (08) 817424 04 47f6d96e XOR DWORD [ESP+0x4], 0x6ed9f647 00db2f36 (01) 90 NOP 00db2f37 (01) 9d POPF 00db2f38 (01) 58 POP EAX 00db2f39 (02) ffd0 CALL EAX 00db2f3b (02) 85c0 TEST EAX, EAX 00db2f3d (02) 74 5a JZ 0xdb2f99 00db2f3f (04) 8b4424 08 MOV EAX, [ESP+0x8] 00db2f43 (04) 8b4c24 0c MOV ECX, [ESP+0xc] 00db2f47 (04) 0facc8 14 SHRD EAX, ECX, 0x14 00db2f4b (03) c1e9 14 SHR ECX, 0x14 00db2f4e (01) 50 PUSH EAX 00db2f4f (01) 50 PUSH EAX 00db2f50 (02) 8bff MOV EDI, EDI 00db2f52 (05) b8 f09d5800 MOV EAX, 0x589df0 00db2f57 (03) c1e5 00 SHL EBP, 0x0 00db2f5a (01) 54 PUSH ESP 00db2f5b (05) 68 9f2cdb00 PUSH 0xdb2c9f 00db2f60 (02) ffd0 CALL EAX 00db2f62 (02) 8d00 LEA EAX, [EAX] 00db2f64 (04) 394424 04 CMP [ESP+0x4], EAX 00db2f68 (01) 58 POP EAX 00db2f69 (01) 58 POP EAX 00db2f6a (02) 76 3e JBE 0xdb2faa 00db2f6c (04) 8b5424 18 MOV EDX, [ESP+0x18] 00db2f70 (04) 8b4c24 1c MOV ECX, [ESP+0x1c] 00db2f74 (04) 0facca 14 SHRD EDX, ECX, 0x14 00db2f78 (05) 68 cbcb4a00 PUSH 0x4acbcb 00db2f7d (05) e8 9e8aa4ff CALL 0x7fba20 00db2f82 (03) c1e9 14 SHR ECX, 0x14 00db2f85 (01) 50 PUSH EAX 00db2f86 (05) b8 e0895800 MOV EAX, 0x5889e0 00db2f8b (01) 54 PUSH ESP 00db2f8c (01) 90 NOP 00db2f8d (05) 68 c92cdb00 PUSH 0xdb2cc9 00db2f92 (02) ffd0 CALL EAX 00db2f94 (02) 3bd0 CMP EDX, EAX 00db2f96 (01) 58 POP EAX 00db2f97 (02) 76 11 JBE 0xdb2faa 00db2f99 (05) 68 dbcb4a00 PUSH 0x4acbdb 00db2f9e (05) e8 7d8aa4ff CALL 0x7fba20 00db2fa3 (06) 81c4 40030000 ADD ESP, 0x340 00db2fa9 (01) c3 RET 00db2faa (01) 56 PUSH ESI 00db2fab (01) 57 PUSH EDI 00db2fac (01) 50 PUSH EAX 00db2fad (01) 9c PUSHF 00db2fae (03) 8d6d 00 LEA EBP, [EBP+0x0] 00db2fb1 (05) b8 908b5800 MOV EAX, 0x588b90 00db2fb6 (01) 54 PUSH ESP 00db2fb7 (05) 68 242ddb00 PUSH 0xdb2d24 00db2fbc (02) ffd0 CALL EAX 00db2fbe (01) 9d POPF 00db2fbf (03) c1ef 00 SHR EDI, 0x0 00db2fc2 (03) 870424 XCHG [ESP], EAX 00db2fc5 (05) 68 9bcb4a00 PUSH 0x4acb9b 00db2fca (01) 9c PUSHF 00db2fcb (06) 8d05 70a8a749 LEA EAX, [0x49a7a870] 00db2fd1 (05) 35 5012d849 XOR EAX, 0x49d81250 00db2fd6 (01) 9d POPF 00db2fd7 (02) ffd0 CALL EAX 00db2fd9 (05) 68 ebcb4a00 PUSH 0x4acbeb 00db2fde (05) e8 3d8aa4ff CALL 0x7fba20 00db2fe3 (05) 68 00010000 PUSH 0x100 00db2fe8 (04) 8d5424 4c LEA EDX, [ESP+0x4c] 00db2fec (01) 52 PUSH EDX 00db2fed (05) 68 fbcb4a00 PUSH 0x4acbfb 00db2ff2 (05) e8 298aa4ff CALL 0x7fba20 00db2ff7 (05) 68 17080000 PUSH 0x817 00db2ffc (01) 56 PUSH ESI 00db2ffd (02) ffd7 CALL EDI 00db2fff (02) 85c0 TEST EAX, EAX 00db3001 (02) 74 7e JZ 0xdb3081 00db3003 (01) 50 PUSH EAX 00db3004 (01) 9c PUSHF 00db3005 (05) 68 4ae4ec07 PUSH 0x7ece44a 00db300a (03) 8d6d 00 LEA EBP, [EBP+0x0] 00db300d (03) 83ec 04 SUB ESP, 0x4 00db3010 (07) c70424 55a96d10 MOV DWORD [ESP], 0x106da955 00db3017 (05) 68 f55ced5a PUSH 0x5aed5cf5 00db301c (01) 54 PUSH ESP 00db301d (05) 68 512ddb00 PUSH 0xdb2d51 00db3022 (03) c1ee 00 SHR ESI, 0x0 00db3025 (05) 68 d81fa724 PUSH 0x24a71fd8 00db302a (07) 813424 3896ff24 XOR DWORD [ESP], 0x24ff9638 00db3031 (01) 58 POP EAX 00db3032 (01) 90 NOP 00db3033 (02) ffd0 CALL EAX 00db3035 (01) 90 NOP 00db3036 (03) c1e9 00 SHR ECX, 0x0 00db3039 (01) 51 PUSH ECX 00db303a (03) c1fa 00 SAR EDX, 0x0 00db303d (04) 8b4c24 04 MOV ECX, [ESP+0x4] 00db3041 (02) 2bc1 SUB EAX, ECX 00db3043 (02) 8bc8 MOV ECX, EAX 00db3045 (01) 56 PUSH ESI 00db3046 (04) 8b7424 0c MOV ESI, [ESP+0xc] 00db304a (03) c1fb 00 SAR EBX, 0x0 00db304d (02) 33ce XOR ECX, ESI 00db304f (02) 8bf1 MOV ESI, ECX 00db3051 (01) 52 PUSH EDX 00db3052 (04) 8b5424 14 MOV EDX, [ESP+0x14] 00db3056 (02) 03f2 ADD ESI, EDX 00db3058 (01) 90 NOP 00db3059 (04) 897424 14 MOV [ESP+0x14], ESI 00db305d (01) 5a POP EDX 00db305e (03) c1e9 00 SHR ECX, 0x0 00db3061 (01) 5e POP ESI 00db3062 (01) 59 POP ECX 00db3063 (03) c1ea 00 SHR EDX, 0x0 00db3066 (01) 58 POP EAX 00db3067 (01) 58 POP EAX 00db3068 (01) 58 POP EAX 00db3069 (01) 9d POPF 00db306a (03) 870424 XCHG [ESP], EAX 00db306d (07) 8d8424 4c010000 LEA EAX, [ESP+0x14c] 00db3074 (01) 50 PUSH EAX 00db3075 (05) 68 18080000 PUSH 0x818 00db307a (01) 56 PUSH ESI 00db307b (02) ffd7 CALL EDI 00db307d (02) 85c0 TEST EAX, EAX 00db307f (02) 75 13 JNZ 0xdb3094 00db3081 (01) 5f POP EDI 00db3082 (05) 68 0bcc4a00 PUSH 0x4acc0b 00db3087 (05) e8 9489a4ff CALL 0x7fba20 00db308c (01) 5e POP ESI 00db308d (06) 81c4 40030000 ADD ESP, 0x340 00db3093 (01) c3 RET 00db3094 (01) 50 PUSH EAX 00db3095 (01) 90 NOP 00db3096 (01) 9c PUSHF 00db3097 (05) b8 ec3b9718 MOV EAX, 0x18973bec 00db309c (01) 54 PUSH ESP 00db309d (01) 90 NOP 00db309e (05) 68 7f2ddb00 PUSH 0xdb2d7f 00db30a3 (05) 35 1ca6cf18 XOR EAX, 0x18cfa61c 00db30a8 (03) c1e8 00 SHR EAX, 0x0 00db30ab (02) ffd0 CALL EAX 00db30ad (01) 9d POPF 00db30ae (03) 870424 XCHG [ESP], EAX 00db30b1 (04) 8d4c24 4c LEA ECX, [ESP+0x4c] 00db30b5 (01) 51 PUSH ECX 00db30b6 (07) 8d9424 50010000 LEA EDX, [ESP+0x150] 00db30bd (01) 52 PUSH EDX 00db30be (02) 6a 00 PUSH 0x0 00db30c0 (05) 68 abcb4a00 PUSH 0x4acbab 00db30c5 (01) 9c PUSHF 00db30c6 (05) b8 d7eb166a MOV EAX, 0x6a16ebd7 00db30cb (05) 35 f751696a XOR EAX, 0x6a6951f7 00db30d0 (01) 9d POPF 00db30d1 (01) eb DB 0xeb 00db30d2 (02) ffd0 CALL EAX 00db30d4 (05) e9 909b6fff JMP 0x4acc69 This is the code as it looks after SecuROM has molested it. This was once a real routine in the virgin executable and clearly plays some sort of role as a part of the game code. Partially relocated routines is a common SecuROM feature and you will see it have been fixed in several previous hatred releases. We were impressed that ViTALiTY was able to crack an executable with this feature so we decided to take a closer look. OH MY GOD! 004ACB80 B8 00000000 MOV EAX,0 004ACB85 C3 RETN What a sophisticated fix. Seems ViTALiTY have decided that this routine is not important and since they were unable to rebuild the original code they simply inserted a "MOV EAX,0; RETN" which means that the entire routine is now disabled. It is not for us to judge whether this routine is an essential part of the game code. If the ViTALiTY crack appears to run flawlessly then it probably isn't but the fact remains that this code was in the original executable and therefore it should also be in the cracked executable. This is an undeniable fact and any unbiased cracker you ask will agree. I mean come on ViTALiTY... This game had only one single SecuROM modification and you couldn't even manage to fix that, and even if you want to replace an entire routine with one that returns 0 you could have at least saved a few bytes by doing "XOR EAX,EAX; RETN". ;) What ViTALiTY should have done (but cant) was to rebuild the routine so that the original code was restored like this: 004acb80 (03) 81ec 40030000 SUB ESP, 0x340 004acb86 (05) e9 75f40c00 JMP 0x57c000 0057c000 (06) 8b0d 7c744c00 MOV ECX, [0x4c747c] 0057c006 (02) 6a 40 PUSH 0x40 0057c008 (02) 6a 00 PUSH 0x0 0057c00a (04) 8d4424 08 LEA EAX, [ESP+0x8] 0057c00e (01) 50 PUSH EAX 0057c00f (03) ff51 0c CALL [ECX+0xc] 0057c012 (03) 8d1424 LEA EDX, [ESP] 0057c015 (01) 52 PUSH EDX 0057c016 (08) c74424 04 40000000 MOV DWORD [ESP+0x4], 0x40 0057c01e (06) ff15 8c704c00 CALL [0x4c708c] 0057c024 (02) 85c0 TEST EAX, EAX 0057c026 (02) 74 2f JZ 0x57c057 0057c028 (04) 8b4424 08 MOV EAX, [ESP+0x8] 0057c02c (04) 8b4c24 0c MOV ECX, [ESP+0xc] 0057c030 (04) 0facc8 14 SHRD EAX, ECX, 0x14 0057c034 (03) c1e9 14 SHR ECX, 0x14 0057c037 (05) 3d f4010000 CMP EAX, 0x1f4 0057c03c (02) 76 22 JBE 0x57c060 0057c03e (04) 8b5424 18 MOV EDX, [ESP+0x18] 0057c042 (04) 8b4c24 1c MOV ECX, [ESP+0x1c] 0057c046 (04) 0facca 14 SHRD EDX, ECX, 0x14 0057c04a (02) 03d0 ADD EDX, EAX 0057c04c (03) c1e9 14 SHR ECX, 0x14 0057c04f (06) 81fa c4090000 CMP EDX, 0x9c4 0057c055 (02) 76 09 JBE 0x57c060 0057c057 (02) 33c0 XOR EAX, EAX 0057c059 (06) 81c4 40030000 ADD ESP, 0x340 0057c05f (01) c3 RET 0057c060 (01) 56 PUSH ESI 0057c061 (01) 57 PUSH EDI 0057c062 (02) 6a 00 PUSH 0x0 0057c064 (06) ff15 90704c00 CALL [0x4c7090] 0057c06a (06) 8b3d 50724c00 MOV EDI, [0x4c7250] 0057c070 (05) 68 00010000 PUSH 0x100 0057c075 (04) 8d5424 4c LEA EDX, [ESP+0x4c] 0057c079 (01) 52 PUSH EDX 0057c07a (02) 8bf0 MOV ESI, EAX 0057c07c (05) 68 17080000 PUSH 0x817 0057c081 (01) 56 PUSH ESI 0057c082 (02) ffd7 CALL EDI 0057c084 (02) 85c0 TEST EAX, EAX 0057c086 (02) 74 19 JZ 0x57c0a1 0057c088 (05) 68 00020000 PUSH 0x200 0057c08d (07) 8d8424 4c010000 LEA EAX, [ESP+0x14c] 0057c094 (01) 50 PUSH EAX 0057c095 (05) 68 18080000 PUSH 0x818 0057c09a (01) 56 PUSH ESI 0057c09b (02) ffd7 CALL EDI 0057c09d (02) 85c0 TEST EAX, EAX 0057c09f (02) 75 0b JNZ 0x57c0ac 0057c0a1 (01) 5f POP EDI 0057c0a2 (02) 33c0 XOR EAX, EAX 0057c0a4 (01) 5e POP ESI 0057c0a5 (06) 81c4 40030000 ADD ESP, 0x340 0057c0ab (01) c3 RET 0057c0ac (02) 6a 10 PUSH 0x10 0057c0ae (04) 8d4c24 4c LEA ECX, [ESP+0x4c] 0057c0b2 (01) 51 PUSH ECX 0057c0b3 (07) 8d9424 50010000 LEA EDX, [ESP+0x150] 0057c0ba (01) 52 PUSH EDX 0057c0bb (02) 6a 00 PUSH 0x0 0057c0bd (06) ff15 b0724c00 CALL [0x4c72b0] 0057c0c3 (05) e9 a10bf3ff JMP 0x4acc69 This is what a rebuilt routine looks like ViTALiTY, take a close look as you might learn something. Like we stated earlier we don't like to proper unless there is a good reason, but ViTALiTY has really been pushing trying to see what sorts of crap they could get away with and it seems ViTALiTY themselves have not been hesitating to proper RELOADED for screw-ups much smaller than this. Well we hope you have all learned something and STALKER is really too big a title to let the world only have the improper crack. The last thing we want is to escalate a silly NFO-war in the scene but ViTALiTY is really insulting all hardworking crackers in the scene by releasing such crap as if it was proper work. I promise you anyone who knows even a tiny bit about cracking will understand that this is a completely amateurish and unacceptable cracking-technique to simply disable a routine instead of rebuilding it. If their executable runs reliably it is PURE LUCK! So please ViTALiTY take a little time to research, develop your techniques and then start releasing again. Long story short: ViTALiTY doesn't know how to fix partially relocated routines therefore they choose to completely disable that routine since they didn't know how to fix it. This routine was present in the original executable and therefore it should also be in the crack. This is a bad crack, and we bring you the proper one. Enjoy ;) 1. Unpack. 2. Install. 3. Copy Crack. 4. Enjoy! HATRED does not condone in selling warez of any kind. HATRED does not respect any p2p networks, NFOrce or anything to make the scene more public. * HATRED does not believe in using DEMO executables to circumvent a protection. To clarify for those groups who are confused, a demo executable isn't a crack. We greet the respectable groups like: SOULDRINKER - GENESIS - FAIRLIGHT DEVIANCE - RAZOR1911 - iMMERSiON ascii art by barium<SAC>
Registrierte Benutzer können Text-, Hintergrund- und ANSI-Art-Farbe individuell anpassen!
Im Jahre 1986 wurde die Erde vom schlimmsten Atomunfall der Geschichte erschüttert. Zwanzig Jahre später machen sich die Auswirkungen erst langsam bemerkbar. Die Furcht einflößende Umgebung wird von... weiter...
Hast du das verstanden? Ja! | Nein!