The WindowsWorkstation.com Forum

VRocker

Forum Replies Created

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • 2nd August 2009 at 20:45 in reply to: Windows Vista Games in Server 2008 #45498
    VRocker

      Not been here for a while as i’ve been busy doing other things. Recently got sent a copy of Inkball and asked if i could make that work on 2008, which i have done 🙂

      Inkball is slightly differant to get working on 2008 since it doesn’t run a normal check. The advantage though is that IDA pulls in symbols from the microsoft symbol server making it easier to read and crack. To get inkball working you just need to throw a few NOPs after the ‘CanRunInkball’ call. NOP every byte until you get to where the jnz points to (55 bytes down on the copy sent to me) and hey presto, it works!

      I have no idea which service pack this version of inkball came from. I am currently using Windows server 2008 Enterprise SP2 and these games work fine. Its a shame we cant distribute these executables else i’d throw up a link to a handful of vista games.

      7th May 2009 at 16:39 in reply to: Windows Vista Games in Server 2008 #45495
      VRocker

        Ah sorry, didn’t realise they change with every service pack.

        The addresses are from executable on Vista Home Basic x86 SP2 – English.

        I imagine the jmp will be in the same sort of place in the other executables so heres a screenshot of where i found it (shown the the 2 nop’s). This is in spider solitaire:

        As you can see from that it queries if your able to play the game, then jumps to the function below if you can. Otherwise it would usually jump to a leave and retn at the end of the function.

        6th May 2009 at 00:53 in reply to: Windows Vista Games in Server 2008 #45493
        VRocker

          Just had a play around with getting the vista games working and withing 5 minutes i was playing minesweeper 🙂

          The solution was simple. I opened up minesweeper.exe in IDA, started debugging it and seen where it was exiting.
          I noticed it was taking a jmp after querying the slui thing that olipro mentioned, so all i did was placed 5 No Operation bytes (0x90) at the jmp and hey presto, it works!

          This also worked for the rest of the games, although the cardgames requires CardGames.dll in the system32 directory. and every other game apart from minesweeper has only 2 bytes to NOP.

          For your reference, heres the memory addresses of the places to NOP:

          • Freecell: 0x1026C15 (2 bytes)

          • Hearts: 0x102B557 (2 bytes)

          • Minesweeper: 0x10252F9 (5 bytes)

          • Purple Place: 0x1059BD2 (2 bytes)

          • Solitaire: 0x102B8BA (2 bytes)

          • Spider Solitaire: 0x1029059 (2 bytes)

          Unfortunately i havn’t been able to try the other games since my laptop runs Vista Home Basic (so no funky aero or chess titans :()
          Hope somebody can get the rest using this as a reference 🙂

        • Author
          Posts
        Viewing 3 posts - 1 through 3 (of 3 total)