klamacz 447 Posted May 11, 2011 After decompressing I can functions like: __getmainargs, GetCommandLineA I suppose there can be some params :) Share this post Link to post Share on other sites
SwiftyBoy 0 Posted May 11, 2011 Already said, the binary is compressed with upx Cheers mate, wondered what that meant... OK Smart Alec, I've just run Create Dump File inTask Manager on seeker.exe and it's saved it out a .dmp file. Gives the usual load of gibberish when opened in notepad but also lots and lots of readable text. Is it likely there'll be any clues in that, do you think? PS it's a huge file. Share this post Link to post Share on other sites
le_culto 0 Posted May 11, 2011 (edited) you can change the date with the cheat engine: Uploaded with ImageShack.us but the displayed text is only changed when a specific date is reached, so the best solution is to wait for someone with reverse engineering knowledge. Edited May 11, 2011 by Le_CuLtO Share this post Link to post Share on other sites
Bulldogs 10 Posted May 11, 2011 GIBS3000 anyone find a way to change that into a time/date? Share this post Link to post Share on other sites
darkiron 1 Posted May 11, 2011 I wait to pass in 2011 :) that long maybe the solution and the next hack .... still runnning Share this post Link to post Share on other sites
Daniel 0 Posted May 11, 2011 Hopefully it'll ping at some other historic dates that feed the plot. Maybe some important Persian/Iranian or Greek dates. Share this post Link to post Share on other sites
maddogx 13 Posted May 11, 2011 Hopefully it'll ping at some other historic dates that feed the plot. Maybe some important Persian/Iranian or Greek dates. You're thinking the year number could stand for that year in any century, not strictly 19xx? That is a good point. Share this post Link to post Share on other sites
Daniel 0 Posted May 11, 2011 Actually no I was still thinking 19xx, but yeah, that is a good point! :p Share this post Link to post Share on other sites
Bulldogs 10 Posted May 11, 2011 Looks like my crazy time travel theory is getting some more support! ---------- Post added at 09:34 PM ---------- Previous post was at 09:33 PM ---------- Btw, may try the year 21 (Greek independence) and the dates on the map (first hack) ---------- Post added at 09:35 PM ---------- Previous post was at 09:34 PM ---------- Remember, those dates were an estimate, so around then Share this post Link to post Share on other sites
klamacz 447 Posted May 11, 2011 found start date in EXE file: 0F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0A 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 73 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 now looking for other dates Share this post Link to post Share on other sites
Yegor 10 Posted May 11, 2011 You're thinking the year number could stand for that year in any century, not strictly 19xx? That is a good point. it can be only 1907...google 1907 Hague Convention. Share this post Link to post Share on other sites
maddogx 13 Posted May 11, 2011 (edited) it can be only 1907...google 1907 Hague Convention. I'm aware of that. Read my post properly. I said the number does not strictly need to stand for 19xx. In this case it does, of course, but any further years that come up could point to events in different centuries. Edited May 11, 2011 by MadDogX Share this post Link to post Share on other sites
Tomatosauce 10 Posted May 11, 2011 10 OCT 11: Effective end of the Chinese Empire Share this post Link to post Share on other sites
derdoe 10 Posted May 11, 2011 Tomatosauce, is this an output directly from seeker.exe? Share this post Link to post Share on other sites
maddogx 13 Posted May 11, 2011 I'll be able to confirm in about ten minutes. This would point to all dates being in the 1900's. Share this post Link to post Share on other sites
LkFp 10 Posted May 11, 2011 You can speed up seeker a little by hexediting uncompressed exe. Look for C74424085A (instruction which is setting timer timeout to 5A (90ms) on offset 0000:0924. Now you can change 5A at the end to something lower. Minimum value is 0A (10ms). :) Share this post Link to post Share on other sites
SwiftyBoy 0 Posted May 11, 2011 10 OCT 11: Effective end of the Chinese Empire Wuchang Uprising of October 10, 1911. End of the Qing Dynasty. Share this post Link to post Share on other sites
Yegor 10 Posted May 11, 2011 Read my post properly.I said the number does not strictly need to stand for 1907. In this case it does, of course, but any further years that come up could point to events in different centuries. oh, sorry... missunderstood...**11 october is end of imperial china, so it is still 19**.. Share this post Link to post Share on other sites
Tomatosauce 10 Posted May 11, 2011 Yeah, I was probably first to open the .exe thats what it says now. Share this post Link to post Share on other sites
maddogx 13 Posted May 11, 2011 At least this will confirm if my automatic monitoring script works. :D EDIT: Yup. Works. Share this post Link to post Share on other sites
klamacz 447 Posted May 11, 2011 Changing start date of app to 1-May-2011 : App started with this date, but it shows the same message. There has to be some counter inside - changing date wont give us new messages Share this post Link to post Share on other sites
Tomatosauce 10 Posted May 11, 2011 Also to confirm it replaces the old text with new one. So history lesson will be missed if you sleep. Share this post Link to post Share on other sites
maddogx 13 Posted May 11, 2011 Change the start date to 9th October 1911. See if the message about the chinese empire still pops up the next day. Also to confirm it replaces the old text with new one. So history lesson will be missed if you sleep. Look a few pages back. I've written an AutoIt script that logs all messages. :) Share this post Link to post Share on other sites
SwiftyBoy 0 Posted May 11, 2011 Heh, I wonder if December 15, 1925 is going to figure? Share this post Link to post Share on other sites
klamacz 447 Posted May 11, 2011 Change the start date to 9th October 1911. See if the message about the chinese empire still pops up the next day. it wont Share this post Link to post Share on other sites
