The Cracking Answer 2000 ------------------------ Author : Bug Error ------------------ Target : Dark Omen 1.0 => Removes CD Check ------------------------------------------- - Tools That you'll need ------------------------- - Soft-Ice 3.23 or higher - W32dasm 8.93 - Hiew 6 or higher Initial notes -------------- - First, install the full game - Then, be sure that Soft-ice is loaded in autoexec.bat - Make sure that the cd isn't on your drive :)) First approach with Soft-Ice ---------------------------- - Run the game - When you're in the menu, type CTRL + D to go in soft-ice - In soft-ice pormpt command, type : BPX GetDriveTypeA - Press enter key - Press CTRL + D to go back on Dark Omen - Click on New Game, and surprise, you're back in Soft-Ice :)) - Why ? Cause you've putted a breakpoint to Kernel32!GetDriveTypeA! - OK, in Soft-Ice, press F11 to get the GetDriveTypeA's caller - Aha, you should see that now : 0177:0048a622 call [Kernel32!GetDriveTypeA!] 0177:0048a628 cmp eax, 05 => You're here :)) - Note 0048a628, you'll need this Disassembling File with W32dasm ------------------------------- - Load W32dasm and open "EngRel.exe" - After a few time, the file's going to be disassemble - Now, click on "goto" in the menu - Click on "Goto Code Location" - Type 0048a628 (normally, you've wrote this adress) - You must see that now : * Referenced by a CALL at Address: :0048a5f0 = Hum, very interesting 0048a610 81ec04010000 sub esp, 00000104 0048a616 53 push ebx 0048a617 56 push esi 0048a618 8bb42410010000 mov esi, dword ptr [esp+00000110] 0048a61f 57 push edi 0048a620 55 push ebp 0048a621 56 push esi * Reference To: Kernel32.GetDriveTypeA, ordh:00DEh 0048a622 ff15c0745800 Call dword ptr [005874c0] 0048a628 83f805 cmp eax, 00000005 => You are here 0048a62b 740d je 0048a63a ... - Take a look on the Call's reference - Click on "goto" in the menu - Click on "Goto Code location" - Type 0048a5f0 - You must arrive here : :0048a5f0 e81b000000 call 0048a610 - Haha, this is the call of the cd check's routine :)) - Be sure that you are on 0048a5f0 ! - Take a look on the task, and you'll see the @offset - Here, it's 000899f0h - Note this without the "h", it's to tell that we're in hexadécimal code :)) - Cracking the EXE file ------------------------ - Open Hiew, and load "EngRel.exe" - Press F4 and choose "decode" - Press F5, and enter the offset, here it is 000899f0 - Press F4 and choose "Hex" - Press F3 to edit and type 9090909090 - Press F9 to update the EXE - Big surprise --------------- - Run the game - Click on "New Game" - What's happening ?!????!!!!??? - The game runs without CD :)) Héhé, you've cracked Dark Omen, enjoy :))