Hi,recently a friend came to me and asked to crack some old games for his kinder garden,this games came in diskettes and use a key diskette to run,floppy disk are on the way to extintion so she wants to make the game to run without need to insert the key diskette,one thing came to my head "it must be simple,this is old software so no great protection", run the games, the games are for DOS so no registry's or dll's,filemon showme that the game try to read just the free space of the diskette and his label (special formated disk),so is just a little jump,but i dont know how to attak this old EXE´s, no pe format they are old DOS 2.0 MZ executables,win32dasm dont get any string text;PEID and Protection ID dont recognize any compiler or packer on the file, how can i know where to change the jump to let the game run without needing the disk?.they are 6 games,from the same company (the copany disapeared of bussines years ago).

I'd say, use IDA for disassembling (it will point out what all the interrupt instructions and their parameters mean) in combination with DOS's debug.exe for debugging.

you might also want to consider Borland's Turbo Debugger instead of debug.exe.. it's a bit more robust

DOSBox has a debugger (requires a manual build) which is quite useful for this sort of thing; at one point I even ended up debugging DOSBox with OllyDbg too to fill in the feature gaps

its gotta be related with the int thingy..

The old protections are not always more simple. DOS offers limited functionality, so some protections access the hardware directly to check special sectors and such. If you look at the disassembly you should look for "int 21h" which are calls to DOS functions and "int 13h" which are functions to access the disk drive. Search for "ralf brown interrupt list" at google to get the list with detailed infos about the int 21h and int 13h functions. If you have to debug the DOS app, maybe you can find a copy of SoftICE 2.8.

radix

Do this:

1. Search and get Ralf Brown's Interrupt List (THE definitive manual for DOS interrupts)
2. Get ORC+'s essay on "Tools of the trade".
3. Select one tool from Point 2 above (KGB Monitor is good)
4. Ensure you boot into DOS (not winme and above, but Win95/Win98)
5. Watch those ints and other misc go by, including sector names, file names, and what not!
6. Use (if you can find it: Sourcerer). Beautiful tool for DOS cracking.
7. Let us know your progress on that again...
8. (Optional - You might want to learn to use debug.exe to get a sector-by-sector copy of the entire floppy BEFORE you begin messing around. Understand everything about sectors in a floppy).

Have Phun,

TNX i got all you mention,including Sourcerer 7, i will try to get more info with this and post progress
BTW,im doing this under windows 98 on an old machine.

i guess i'll be revising my reversing notes then..

Recently a few month back i had used trace 2.0 by Liu TaoTao for an protection from microcosm. Its amazing trace for dos mode apps.

Cheers, Sope

If you still have that tool we can add it to our tool library?

Is this it?

ftp://ftp.sac.sk/pub/sac/utilprog/tr252.zip

TR(tracer) by Liu TaoTao

(thanks to bilbo for a mention of that ftp site (Slovak Antivirus Center ftp) - you wouldn't believe some of the oldies but goodies there)

yes, thats the same tracer cheers sope.

Ok, preserved for history:

http://www.woodmann.com/collaborative/tools/TR

Please let me know about those other "gems" from that site, or maybe even add them yourselves to the CRCETL?

you might be able to just rip an image and mount it on a virtual floppy drive...
www.bootdisk.com

but it is much better to crack it