Announcement

Collapse

Please use the Hentai ID thread for all hentai ID requests. Click me for link!

The Identification Thread is Here:

http://www.hongfire.com/forum/showthread.php/447081
See more
See less

Advanced AGTH Tutorials (Ollydbg Videotutorials Ep 1-3) Up: 2009-03-01

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Advanced AGTH Tutorials (Ollydbg Videotutorials Ep 1-3) Up: 2009-03-01

    Hi folks,

    I've started a small serial to give a start on how to use Ollydbg to figure out custom /h codes for games, that don't work with AGTH by default. I've tested the movies with VLC, if you have performance problems with VLC try this: http://forum.videolan.org/viewtopic.php?f=2&t=42328. For the online (flash) version I suggest to use fullscreen mode and disable scaling.

    Before you start hacking for a h-code, please make sure you read this post carefully http://www.hongfire.com/forum/showth...15#post1441315 and try out the hints there. This can potentially save you a lot of frustration and time to get used to the hacking tools.

    Episode 1: Getting started (Featuring: SilveryWhite by Ohgetsu) ~13mins/21MB [View Online] [Download] [Mirror]
    - shows how to start if there is no useable hook in AGTH
    - shows where to find required parameter
    - introduces basic techniques/tools

    Episode 2: More about hook options (Featuring: SilveryWhite by Ohgetsu) ~14mins/21MB [View Online] [Download] [Mirror]
    - explains the most important hooking parameter in detail with examples

    Episode 3: Contexts and Subcontexts (Featuring: SilveryWhite by Ohgetsu) ~10mins/15MB [View Online] [Download] [Mirror]
    - explaining what contexts and subcontexts are and how to use them
    - summary of all options explained up until now

    Hint: If you're trying to get a code for a game which has the font caching problem (each character only appears once in agth) this approach is probably less time consuming: http://www.hongfire.com/forum/showpo...postcount=2477. However I'd still suggest to view the videos to get an idea about how to construct a proper agth-code.

    Ollydbg: http://www.ollydbg.de/

    The website I'm using can be found at:
    - http://freaka.freehostia.com/charset.php (Hex to Text)
    - http://freaka.freehostia.com/charset2.php (Text to Hex)

    Attached version online examples that work without php for offline use:
    - http://freaka.freehostia.com/charset_js.html (Hex to SJIS)
    - http://freaka.freehostia.com/charset_js2.html (SJIS to Hex)

    Additional resources/tutorials:
    - How to figure out a hook for a game with font caching problem (less and less characters show up in agth): http://www.hongfire.com/forum/showpo...postcount=2477
    - How to figure out a hook for a game that mixes names with text: http://www.hongfire.com/forum/showpo...postcount=2674
    - danj2k posted a tutorial back in the day (2006), which I believe was also my initial resource: http://www.hongfire.com/forum/showth...=36807&page=39

    Anti-Anti-Debugging:
    Some games/programs use Anti-Debugging technologies to prevent Ollydbg from working. This will usually result in the program not working/crashing. In the past 2 ollydbg plugins (extract and copy them into the ollydbg folder, restart ollydbg and their options become visible in the plugin menu) have helped me with that:
    - Advanced Ollydbg (http://www.openrce.org/downloads/det.../Olly_Advanced) I have all Bugfix options enabled besides "enable copy all", most options of Anti-Debug2 (besides ntglobalflag and anti-rdtsc) and the top two and bottom two of the upper list on Anti-Debug.
    - Hide Debugger (http://www.openrce.org/downloads/det.../Hide_Debugger) all options enabled

    Korean:
    If you can read korean or (you're skilled with translating software ) the following links might be interesting for you. Guessing from the pictures I think they explain how to figure out a hook if agth already grabs partly the content. I haven't read or used these guides myself though, I only found them buried in the agth thread.
    - http://blog.naver.com/withl0v2/110022046860
    - http://blog.naver.com/withl0v2/110022112289

    Chinese:
    Same as above for korean, a tutorial and discussion about how to use agth in chinese. I found it while googling around, I wish I could understand it.
    http://bbs.sumisora.com/read.php?tid...toread=&page=1

    Changelog:
    2009-03-01: - added anti-anti-debugging paragraph
    2009-01-31: - added more tutorial links and updated charset script host
    2008-10-08: - added link to danj2k tutorial
    2008-03-14: - added vimeo.com links for online viewing
    2008-03-10: - added links to korean tutorials
    2008-03-07: - added Episode 3
    2008-03-05: - added Episode 2
    2008-03-05: - updated SJIS <-> HEX converter offline version
    2008-03-05: - removed xvid/avi versions, mp4/h264 is way superior, thanks setx
    Attached Files
    Last edited by Freaka; 09-28-2012, 01:42 PM. Reason: fixed mediafire link

  • #2
    Repacked HQ version to 20MB, quality is almost the same (better than MQ 55MB XVID)
    Last edited by Setx; 03-07-2008, 08:24 AM.

    Comment


    • #3
      That is awesome! Kudos to you for helping people out withh OllyDebug! Now I gotta go see if it works for the game I'm having trouble with!

      I have a question, could you provide a offline convertor or the files so I could make a offline webpage that can do the same thing, cause I do not have internet access on the computer that I play my H-Games on!
      Last edited by Mabus; 02-28-2008, 12:21 PM.
      If only I could say the things unsaid, the thoughts that run a marathon in my head.
      But I have to keep, lock and key, these thoughts that are the definition of me.
      Faith is the antithesis of truth

      Comment


      • #4
        Originally posted by Setx View Post
        Repacked HQ version to 20MB, quality is almost the same (better than MQ 55MB): http://www.mediafire.com/?w9hixu94hy9
        Wow nice, it's the first time i've done any video creating so something like that was probably to be expected hehe. Which tool and codec did you use to create it? And if any special options I'd be interested in them as well.

        Originally posted by Mabus View Post
        I have a question, could you provide a offline convertor or the files so I could make a offline webpage that can do the same thing, cause I do not have internet access on the computer that I play my H-Games on!
        If you mean by files the '.php' files and you have no problem to install/run a webserver with php on your system, then yeah I have no problem to upload the sources here as well. I'm not sure if a standard php config/installation has japanese support language though.
        I don't plan to create a normal programm for that. I can understand your problem, but my experience with programming normal windows gui application is very limited and I'm lacking the time to start learning it. Maybe somebody else will pick up that task though.

        Comment


        • #5
          Originally posted by Freaka View Post
          Wow nice, it's the first time i've done any video creating so something like that was probably to be expected hehe. Which tool and codec did you use to create it? And if any special options I'd be interested in them as well.
          I've used x264 encoder through MeGUI. For settings i've started from one of anime presets and tweaked it. Exact settings you can find in the file itself - search for 'x264' string.

          With bitrate 200 i've got near transparent quality compared to source of your HQ version. Bitrate 150 produced some visible artifacts, but acceptable to call it MQ.

          If you are going to encode to H264 too i advice you to use mp4 as container.

          Comment


          • #6
            SetX I find your video worked amazing in NeroVision but Zplayer would lock up and only play bits ever 25 seconds or so, I had to convert using AVS convertor to AVI but I found that it made everything really choppy and sped up. What the problem then?

            (I also tried it in iTunes and Quicktime. I didn't try it in windows Media player but I never do because codec support is garbage in Windows Media Player

            Freaka, do you know of any prog. or websites that do the same as yours but not in php? I do not know php so I am at a loss and I don't think i'll set up a php sever...

            The Hex to Japanese text and vice versa is the only thing that is a problem for me. I do not know of any programs that do that kind of conversion
            Last edited by Mabus; 02-28-2008, 05:50 PM.
            If only I could say the things unsaid, the thoughts that run a marathon in my head.
            But I have to keep, lock and key, these thoughts that are the definition of me.
            Faith is the antithesis of truth

            Comment


            • #7
              Originally posted by Setx View Post
              I've used x264 encoder through MeGUI. For settings i've started from one of anime presets and tweaked it. Exact settings you can find in the file itself - search for 'x264' string. [..] If you are going to encode to H264 too i advice you to use mp4 as container.
              Thank you for the infos. I'll most likely try around tomorrow with it a bit. I still have the uncompressed original file so I might be able to generate an even better version, but then again I haven't even really compared hq with it. If I ever do another video I'll try to release .avi and .mp4 though, .avi seems to cost less cpu. Which is a non-issue on recent pc's, but very annoying on old ones hehe.

              Originally posted by Mabus View Post
              SetX I find your video worked amazing in NeroVision but Zplayer would lock up and only play bits ever 25 seconds or so, I had to convert using AVS convertor to AVI but I found that it made everything really choppy and sped up. What the problem then?
              I don't quite understand your issue. If it runs fine with nerovision, why don't you use that? Aside from that VLC (http://www.videolan.org/) supports it, which I personally consider as the only player needed. If it doesn't run in VLC it's not worth to be watched. Besides I've posted avi files in all sorts of sized, what's the point to re-reencode it to mp4 from avi?

              Originally posted by Mabus View Post
              Freaka, do you know of any prog. or websites that do the same as yours but not in php? I do not know php so I am at a loss and I don't think i'll set up a php sever...
              Nope, If I would I wouldn't have made a site for it. However there is a way to get SJIS <-> Hex translation with standard tools. Start up notepad using applocale (jp) then switch to japanese input and write whatever you like to write. Save the file with ANSI coding. (If you get an error msg that some characters get lost, you probably did not start notepad with applocale (jp)) If you open that file now with an hex editor you'll see the hex codes like my site displays them. Backwards you should be able to copy and paste what you get from ollydbg with a hex editor into a .txt file and open that with notepad (that also was started with applocale (jp)) to see the text. I can't name a hex editor though that does that copy stuff though, haven't used a dedicated one in a while. Pretty sure they exist however.

              Actually writing these lines got me the idea that I probably could write a HTML page that uses javascript to do the SJIS <-> HEX conversion. I might be writing such a page tomorrow, but I can't promise it.

              Comment


              • #8
                Uploaded a SJIS<->Hex converter (see first post) that's only based on Javascript and HTML, so should run offline in most browsers.

                Comment


                • #9
                  Great tutorial,thx.
                  I think maybe we could use cheatengine to find the text address if we don't know how to type Japan japanese charset.
                  Just copy the role's name from getchu.
                  search name1,then play game,then name2....
                  same as we find the game scores address.
                  But when I do that with 淫辱スタジオTAKE2~姦獄鬼畜ショータイム, I can't find the address.
                  (I only try sjis to hex, because my room don't have network.)

                  maybe some people could try my idea next time.
                  Because I have many exam later, I cant waste more time in game.

                  Comment


                  • #10
                    Originally posted by noze View Post
                    I think maybe we could use cheatengine to find the text address if we don't know how to type Japan japanese charset.
                    I've never heard about cheatengine before, do you mean http://www.cheatengine.org/index.php ? I've only quickly browsed over the page, but I don't understand how it could help to figure out the addresses? However you gave me a different idea: I've added a hiragana and katakana keyboard so people only need to click the right characters to get their string together.

                    Originally posted by noze View Post
                    Just copy the role's name from getchu.
                    search name1,then play game,then name2....
                    same as we find the game scores address.
                    But when I do that with 淫辱スタジオTAKE2~姦獄鬼畜ショータイム, I can't find the address.
                    Good idea, but names are really problematic. Often they are handled in a different way then game dialogs, so even if you figure out how the naming stuff works you probably still wont have a clue about the texts. I could also image that names generate a huge amount of hits, so personally I wouldn't use them as starting point.

                    Comment


                    • #11
                      Originally posted by Mabus View Post
                      SetX I find your video worked amazing in NeroVision but Zplayer would lock up and only play bits ever 25 seconds or so, I had to convert using AVS convertor to AVI but I found that it made everything really choppy and sped up. What the problem then?
                      Your Zplayer has poor support of modern standards (MPEG4) and AVS convertor dosen't support hacks that are required to mux this video to AVI (AVI is very old but due to some hacks is able to support many modern codecs).

                      Originally posted by Mabus View Post
                      (I also tried it in iTunes and Quicktime.
                      I don't see any reason to try Quicktime if it's not MOV.

                      Originally posted by Mabus View Post
                      I didn't try it in windows Media player but I never do because codec support is garbage in Windows Media Player
                      Quite the opposite: if you don't install the garbage yourself in your system (like some codec pack) it works quite well. To play this file you only need to install MP4 splitter (for example from Nero) and FFDShow or CoreAVC decoder.

                      Originally posted by Freaka View Post
                      If I ever do another video I'll try to release .avi and .mp4 though, .avi seems to cost less cpu. Which is a non-issue on recent pc's, but very annoying on old ones hehe.
                      AVI or MP4 has nothing to do with decoding costs - it's only containers. The difference is AVI is very old and well supported but require some dirty hacks to hold modern encoded data (and these hacks are not so well supported) while MP4 is not widely supported yet but is the native container for any MPEG encoded data.

                      Cpu costly is the video codec i used (H264 or AVC or MPEG4 Part 10 - different names for the same thing) but it's exactly the reason file is 20MB with nearly the same quality as your 93MB XVID. Note that with some hacks you can mux this to AVI too. (If you want i can upload the same 20MB muxed to AVI.)

                      Comment


                      • #12
                        Originally posted by Freaka View Post
                        Good idea, but names are really problematic. Often they are handled in a different way then game dialogs, so even if you figure out how the naming stuff works you probably still wont have a clue about the texts. I could also image that names generate a huge amount of hits, so personally I wouldn't use them as starting point.
                        Because I usually see the text of game show in AGTH like below.
                        「夏目」:「あたしっ、ただの臆病な女の子じゃないんだから!」
                        「咲河」:「普通の学校生活もいいかなって。少しうらやましいです」

                        if we ignore the 「 , it can be consider as start with role's name.
                        when the text in game is"「夏目」:「あたしっ、ただの臆病な女の子じゃないんだから!」"
                        then open the cheatengine, search 夏目 in hex.
                        (cheatengine will search 夏目 in all the memory then write address to log1.)
                        then play game,until the text in game is"「咲河」:「xxxxxxx」"
                        then open the cheatengine, search 咲河 in hex.
                        (cheatengine will compare 咲河 in log1 and remove the wrong address in log1 .)
                        repate this with searching other role's name.
                        in theory,finally we can find only one address that we need.

                        Comment


                        • #13
                          SetX I have very good support for my ZPlayer, I use it to play all the weirdly coded fansubs versions of anime. It has never failed nor has it been choppy. I thought iTunes might work cause in the past I've played mp4s through it.
                          I guess ZPlayer isn't made to well for mp4's?

                          Thanks for the info on AVS, is there a better converter out there?

                          Thanks Freaka for the offline support, the funny thing is I went and found a sjis/hex list (all the characters) and just went through the list of hex codes and coresponding hiragana and katakana. It took a long time and I wasn't able to find anything for the game I want to play( I even the part of your video that shows you translating text to find out different styles of hex code for certain characters. But to no avail!

                          The game I trying to get a custom hook for is call Soukan Yuugi. There already is a AGTH code for it, but for some reason the text AGTH hooks, is missing characters some times. I tried finding all the different addresses that print out text with the /v and /x3 commands but I could not do anything but some trial and errors.. Now normally I wouldn't care but sometimes when I added the missing characters in to QuickAtlas, it made the difference between a very confusing translation and a not so confusing translation.

                          The hook was /HB4*0@403003. The weird thing about the game is OllyDebug recognized the the Header information starts outside of the actual process. When you load up the game 2 different processes boot up. soukan.exe and soukan.000 (I guess maybe there was a safety system built in?)so I am to guess the soukan.000 has something to do with it.

                          I was wondering if you've ever encountered a game with 2 processes that load up? I think this is one of those game you mentioned that your tutorial wouldn't help with

                          All well back to sleuthing for an answer! Thanks for writing this really! It should be made a sticky for people who want to use OllyDebug!
                          If only I could say the things unsaid, the thoughts that run a marathon in my head.
                          But I have to keep, lock and key, these thoughts that are the definition of me.
                          Faith is the antithesis of truth

                          Comment


                          • #14
                            Originally posted by Mabus View Post
                            The hook was /HB4*0@403003. The weird thing about the game is OllyDebug recognized the the Header information starts outside of the actual process. When you load up the game 2 different processes boot up. soukan.exe and soukan.000 (I guess maybe there was a safety system built in?)so I am to guess the soukan.000 has something to do with it.
                            Are those really processes or just threads or maybe soukan.000 is a dll? I don't have much experience with protected games, but that error msg sounds indeed like the game would be packed or so. Did you try to apply the hook after the game was started (with the /pn option)?

                            What could be is, that you're using a different version of the game then that hook was made for.

                            Comment


                            • #15
                              Originally posted by Mabus View Post
                              Thanks for the info on AVS, is there a better converter out there?
                              If you want to convert AVC in MP4 to AVI the best way is probably first demux video to .264 by mp4box and then convert it to AVI by avc2avi (you need to specify fps of your video here with -f option or it'll become 25 fps).

                              Comment

                              Working...
                              X