MAGIC THE GATHERING: BATTLEMAGE
-------------------------------
A very easy cd-rom protection, tools needed:
w32dasm 8.9x
hiew (or another hex editor)
start MAGIC.EXE and you'll see a messagebox with this
Please insert the `Magic: The Gathering - Battlemage' CD and restart
application.
ok, that's all we need to know =), load the file in w32dasm and goto
'String Data References' and search for 'Please insert the .....'
and doubleclick on the text when you have found it, and you will be here:
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0043654B(C)
|
:00436559 E802FBFFFF call 00436060 ; some kind of cd check
:0043655E 85C0 test eax, eax ; test if the cd is in
:00436560 7533 jne 00436595 ; is it? then jump
:00436562 6A00 push 00000000
:00436564 A1EC244B00 mov eax, dword ptr [004B24EC]
* Possible StringData Ref from Data Obj ->"CD Not Found"
|
:00436569 68FCB14500 push 0045B1FC ; else print the msgbox and exit
* Possible StringData Ref from Data Obj ->"Please insert the `Magic: The "
->"Gathering - Battlemage' CD and "
->"restart application."
|
:0043656E 68A8B14500 push 0045B1A8
:00436573 50 push eax
* Reference To: USER32.MessageBoxA, Ord:0195h
|
:00436574 FF1520574D00 Call dword ptr [004D5720]
:0043657A 8B0DEC244B00 mov ecx, dword ptr [004B24EC]
* Reference To: USER32.DestroyWindow, Ord:008Ah
|
:00436580 8B2DBC564D00 mov ebp, dword ptr [004D56BC]
:00436586 51 push ecx
:00436587 FFD5 call ebp
:00436589 33C0 xor eax, eax
:0043658B 5D pop ebp
:0043658C 5F pop edi
:0043658D 5E pop esi
:0043658E 5B pop ebx
:0043658F 83C41C add esp, 0000001C
:00436592 C21000 ret 0010
ok, all we have to do now is to make the program do that jump, (jne 00436595), and how
do we make the program to do it?, we patch the program!! simply just change the 75 33 to EB 33
which means JMP 00436595 and then it will jump UNCONDITIONALY.
start the game again and poOf! it starts without the cd!!
/Klefz . fallen - massive value for CD-ROM drive