Newbies guide to cracking |   By ThrawN 
---------------------------

This is the first lession in this series. You should have this txt in a zip containing some other tutorials as well. 
--------------------------------
BASIC CD CHECK CRACKING (GAME)

-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
Target: 3D Ultra Pinball Thrill Ride (c) SIERRA
Website: http://www.sierra.com/attractions/titles/thrillride/ 
Time required: 5 mins or less
Tools required: The game
                Win32dasm
                Hex editor (i suggest www.ultraedit.com)
-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*

This game has the very easyiest that cdchecks can be. Run the game without the cd
and it will say: "The CD is required to play this game." in a messagebox.
So load up win32dasm and dissasemble Pinball.exe.
Now we remember the error message so its a good idea to search for that. You can either search for the text or goto the String ref's to look for it (string ref button is up top, next to the far right one which is print). When u find it, it should look like this:

* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0042F931(C), :0042F939(U)
|
:0042F8FB 8BCB                    mov ecx, ebx
:0042F8FD E84E000000              call 0042F950
:0042F902 84C0                    test al, al
:0042F904 7535                    jne 0042F93B

* Possible StringData Ref from Data Obj ->"The CD is required to play this "
                                        ->"game."
                                  |
:0042F906 6888054700              push 00470588



If your new to cracking this will most likly make no sence to you at all. But honestly its easy, i will explain.
at 0042F8FD its doing a call which is where the cd check routine can be found. This doesnt need to boffer us though so just ignore. A little below there is a conditional jump:
:0042F904 7535                    jne 0042F93B
And if this doesnt jump u can see its going to say the error message. So to avoid this error message we need to the make jump unconditionaly JUMP. Double click on the jump line so it turns green and have a look at the bottom of the win32dasm window. You should see a offset that looks like this: @Offset 0002F904h. Ignore the 'h' and take note of 0002F904. Now open your hex editor and goto offset 0002F904 ( keep scrolling down till you see this at the left hand side).
Now in the asm window you should see on the line somewhere 75 35 68 88 05 47 00
Click on the 75 and type EB so it now should say EB 35 68 88 05 47 00
This changed jne to jmp so it will now always jump no matter what. Save the changes and run the exe. 
No error message and the game loads to the main menu :) congrats you cracked your first game .


I have included the pinball.exe for those that dont have the game. It should ask for the cd and when u patched it it will ask u to insert the cd so it can read the data file. Basicly you still cracked it :)


Contact info:  thrawnc@hotmail.com
