****************************************** ** ** ** IceTea Cracking Group ** ** ** ** NO-CD tutorial for Pandemonium ** ** ** ** Written by IceBox ** ** ** ****************************************** TOOLS: ====== W32Dasm 8+ Hacker's View Pandemonium ----------------------------------------------------------- Hello ! In this little tutorial we shall trying to patch Pandemonium, so we don't need the original cd anymore. 1. Copy PANDY.EXE to 1.EXE for backup, run W32Dasm and disassemble 1.EXE 2. Run PANDY.EXE without the cd in the drive. 3. Write down the message: "The Pandemonium CD must be in the CD-ROM drive before you can play." 4. Get out of the game and flip over to W32Dasm. 5. Press the SDR button and find the text: "The Pandemonium CD..." 6. Dbl-click and press close when you have found it. 7. Look at this: * Referenced by a CALL at Address: |:0042F1E5 <------------------------------- The dlgbox is called from here ! | :00442DE0 A1FC824600 mov eax, dword ptr [004682FC] <--- Get cd information :00442DE5 85C0 test eax, eax <------------- Comparing :00442DE7 7417 je 00442E00 <----- If correct cd jump else show dlgbox * Possible StringData Ref from Data Obj ->"The Pandemonium CD must be in " ->"the CD-ROM drive before you can " ->"play." | :00442DE9 680C9D4600 push 00469D0C :00442DEE E87D000000 call 00442E70 :00442DF3 83C404 add esp, 00000004 :00442DF6 6A00 push 00000000 :00442DF8 E8332A0100 call 00455830 :00442DFD 83C404 add esp, 00000004 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00442DE7(C) | :00442E00 C3 ret :00442E01 CC int 03 : : : :00442E0F CC int 03 8. Look at 442DE7. if eax equal jump to 442E00 and run game. If not equal continue and Show the bad dlgbox. 9. Let's think ! Here we have a jump with conditions. What shall we do ? Of course we shall replace the conditioned jump with a jump without conditions, so it always will jump to the good place. 10. Of course we can also just replace the "je" with "jne" but then it will fuck up if we have the original cd in the drive so to be more professional we change "je" to "jmp" 11. The code for "je" is 74 and the code for "jmp" is EB. 12. When patching the file we shall know the offset for the command. 13. Place the green bar at :00442DE7 7417 je 00442E00 and look at the bottom of the screen "Line:xxx Pg xx of xx Code Data @442DE7 @Offset 421E7 in file:1.EXE 14. Close W32Dasm, open HIEW and load PANDY.EXE 15. Press twice to get into decode mode 16. Press F5 to goto offset and type "421E7" and press 17. Place the indicator at 74 and press F3. Type "EB" and press F9 to update 18. Press F10 to close. 19. Run PANDY.EXE Wow! No dlgBox ! You have cracked Pandemonium I hope you will give this little tutorial to all of your friends and tell them that IceBox cracked the game. NOT you. If you want honour - crack the games yourself! Regardz - IceBox (ICG)
请点击下面的广告！谢谢！ Please Click Banner! Thank You!

Free Advertising from Click2Net!