================================================================================================= Program Name: Caesar 3 (GAME) Version: 1.0.1.0 Producer: Http://www.sierra.com Cracker: Zaks (zakssim@geocities.com) Tools: W32Dasm 8.9, Hacker's View 6.00 Difficulty: Easy Tutorial No.: 1 ================================================================================================= 1) Install Caesar 3 on your pc. I use the maximum install. Get the patch for it from Sierra. Patch Caesar 3 to ver. 1.0.1.0. 2) Run c3.exe without cd. "Missing CD Please replace your c3 ........". Remember or write down this message. Run W32Dasm and disassemble c3.exe. In string data references look for the message. There is no such message. Look for "Missing CD". No such message also. Shit. 3) What are we supposed to do now? I have tried (with Softice) to break before the message and this also was not succesfull. Then I searched the net and downloaded shadowRUNNER's Caesar3 crack. I run it and then compared the files (original c3.exe and cracked c3.exe) with a program called Binary file compare (bfc.exe). When I saw the difference is in 527908 everything come in place. 4) Now try to run the game with the cd in it. The game runs just fine but what is interesting to us is that after the message "loading sounds" - there come the message Missing CD when we tried to run the game without CD. When running the game with CD after the message "loading sounds" the game starts with intro or in other words the game runs file called intro.smk (easy to see this in C3 instalation). 5) Back in W32Dasm. Lets try to find intro.smk in String data references. We find "smk\intro.smk". Hmm lets go there. The first location is at 4d221F. It does not look like a test and then jmp. Lets try again (double click again on smk\intro.smk). So we are at 5278f9. This look better. We have a CALL then TEST and then JNE - exactly a test routine. So we now know we are at the right place. * Possible StringData Ref from Data Obj ->"smk\intro.smk" :005278F9 687CE25500 push 0055E27C :005278FE E89C9DEDFF call 0040169F ; the check must be made here :00527903 83C408 add esp, 00000008 :00527906 85C0 test eax, eax ; here it tests the returned value :00527908 754F jne 00527959 ; jump here if the Cd is in cd-drive ; Good Boy :0052790A 6A10 push 00000010 :0052790C 6A05 push 00000005 :0052790E E8B7A4EDFF call 00401DCA :00527913 83C408 add esp, 00000008 :00527916 6A11 push 00000011 :00527918 6A05 push 00000005 :0052791A E8F3B6EDFF call 00403012 :0052791F 83C408 add esp, 00000008 :00527922 6A01 push 00000001 :00527924 A190D17300 mov eax, dword ptr [0073D190] :00527929 50 push eax :0052792A 8B0D30DB7300 mov ecx, dword ptr [0073DB30] :00527930 51 push ecx :00527931 8B15EC995B00 mov edx, dword ptr [005B99EC] :00527937 52 push edx 6) So we see 527908 - JNE. We know what to do - see the offset for 527908. It is 126d08. Now copy c3.exe to c3.backup Run Hiew600. Open c3.exe. F4 - decode. F5 - goto 126d08. F3 - edit change 75 (Jne) to 74 (Je). F9 - save the file. ESC - exit. 7) Run the game without CD. It works. Try to run it with C3 CD in your cd-drive. Missing Cd. Exactly as we expected. So we can be happy and play the game with no cd or we can try to change things to work with cd and no-cd. 8) Run Hiew600. Open c3.exe. F4 - decode. F5 - goto 126d08. F3 - edit change 74 (Je) with EB (Jmps). Now the game will directly jumps to intro.smk (and the working game) no matter if the cd is present or not. That's it. ================================================================================================= 08.13.2000 Written by Zaks Credits to shadowRUNNER for showing me the way. add esp, 00000004 - return a 01 in eax if weve got a CD-ROM