When it does, unless you can crack the game yourself.
Unreal Engine Fallen Doll: Operation Lovecraft [v0.4.9 Cracked] [Project Helius]
- Thread starter monroe
- Start date
Yeah i see your point. When talking to someone that is old, you probably could perceive more detail in a face to face conversation. In our case, when the desired effect is to have everything look pretty these details aren't really perceived because pretty ladies use makeup anyway. For guys sure having something like this would be nice.Depends on many factors but overall yeah i agree with you it is often overdone and out of the view of a camera lens in macrospace in a range of 80 mm Portrait shoot, we can't really zoom in that way
It is more that we are used to it from Movies, TV and Photography
But the thing is this is the data that is there and how a lens can capture it overall it is existing we just don't see it this extreme but wee need all this data you see because it makes up the finer parts we can percept in eye to eye contact conversation distance, unless their is so much makeup in the face that we percept only the foundation that also blocks most natural light responses.
You don't have permission to view the spoiler content. Log in or register now.
First step: done
But
God, what the hell am I seeing? Too much for my brain, i'm getting killed by alien unknown strings.
I am not sure if it's changed, as I never put the time in to fully understand reverse engineering and bypassing authentication.
"Open up in any x64 debugger, BP on LoadLibraryA, remove ALL BPs on target, run, on first break of LoadLibraryA it should be trying to load EK's dll. Search for OEP, set new origin, dump, fix IAT and rebuild."
Reply:
I am always glad when someone tries to learn and grow.The information is relevant to FallenDoll and Paralogue (or anything else that uses ElecKey protection...). I posted the information in various places on the FallenDoll thread. Here is a decent summary:
This being x64, use x96Dbg. If you set any BPs on an executable protected by ElecKey, it'll muss it up. Remove all BPs. Then add a BP on "LoadLibraryA". If you get random "stalls", it is because you left a BP somewhere in the module. (Disable all, except for your LoadLibraryA)... Run. Allow the kernel to load EKC6420, let it execute until it returns to main executable, step over the stack pointer add. You'll see a jmp just above before the call that caused the loading of EKC6420. Set EIP to follow, continue until you see a jmp rax (function end isn't a return but a simple jmp OEP). That is your jump to OEP. Step, you're now at OEP. 60 seconds tops.
IAT technically doesn't need rebuilding, you just need to undo ASLR, if you don't want a few skitzy AVs freaking out. If using Scylla for dumping, it doesn't correctly calculate some IAT sizes. Use original packed executable for that info. Wipe ssbt header AND from file (change section size, AND IMAGE SIZE). Rebase image to 140000000 (UE games...) OEP offset can be seen during those steps to jmp rax after that first jmp. Set your .text and .rdata sections to remove WRITABLE. They do not need it, skitzy AVs will also flag because of that. Pretty the timestamp. 5 minutes to do.
Basically, ElecKey adds a section to the PE header, and its own code to end of file, encrypts/scrambles/obfuscates .text section, sets OEP to ElecKey. Just undo those things and copy over your dumped .text section in this case. (That way you'll keep a clean IAT which is easier than rebasing...)
If in doubt, install Epic Games Launcher and make a 'do nothing' game just to compare executables. Remember, first executable is just a loader for second. .\WindowsNoEditor\Paralogue\Binaries\Win64\Paralogue-Win64-Shipping.exe is actual game.
Last edited:
- Mar 2, 2017
- 431
- 2,411
na, this guys is from 270 iterations in the future.
Dude, just spend a bit of time exploring the program. You're going to need to read some outside sources to find additional learning material. This post isn't going to teach you everything. Funog1 and Bupo expect that you do research. They have previously given hints to people that show they are actually learning and trying to teach themselves how to do this. LoadLibraryA is there. Read up on what LoadLibrary and Dynamic Link Library is.
In programming, loading DLL's is simple. I've learned how to code but reverse engineering is beyond me. But that's really because I haven't taken the time to learn how to crack this. But after I re-posted this, once Funog1 quit cracking, someone took that and made a crack for everyone. So that tells me what Bupo wrote is accurate for the majority for the Paralogue cracks.
Edit addition
Ok, so I'll post a link that I've given in the past. I forgot about it until I hit a system breakpoint, which I should have disabled in the preferences, after manually removing all the ones in the application itself.
Link:
You must be registered to see the links
Follow the instructions, read, and you'll make progress to. These images are 16 minutes of progress. I'm not going to post anymore than what I have because I'll fear I'll just piss off Funog1 and Bupo.
Last edited:
Update the page every half an hour, in the hope that a crack will appear
Same, but I just hope that someone will finally upload uncracked VR version.Update the page every half an hour, in the hope that a crack will appear