Target game: Indy Jones 3D Toolz: SICE (Wdasm) Level: 1 Protection: CD-Check(s) Some thoughts about the target MM.. it was few years (FEW) since I last played any Indy Jones game (The Last Crusade btw) and I thought it rocked! And now I got this new Indy game which I thought had to be cool too.. but I was wrong. Since I never liked any Tomb Raider I dont like Indy Jones 3d either.. But anywayz.. should we look at protection now..?..alrighty I admit I had some troubles finding the correct breakpoint and with the first few tries I was also going after wrong .EXE. Surprisingly the check was found in the loader! But thx to [yAtEs] for giving me the correct breakpoint :) You might want to disasm Jones3D.w32 (or whatever) on Wdasm but thats not necessary (thou it's easier to find the offset in Wdasm). But since this for newbies we'll use Wdasm.. and ur prolly dying to know the breakpoint..or u already know it? Nope. Its not GetDriveTypeA...its GetVolumeInformationA (I cant believe how could I've missed it!) I also spared u the effort of finding the correct return codes for passed/failed checks :) (If ur not sure which return code is for passed check, insert the original CD, breakpoint and check the EAX, usually 1 is for passed and 0 for failed) * Reference To: KERNEL32.GetVolumeInformationA, Ord:0177h | :00403D67 FF1554C04000 Call dword ptr [0040C054] :00403D6D 85C0 test eax, eax <-- The inital (1 for passed, 0 for failed) :00403D6F 7473 je 00403DE4 <-- check for the correct CD :00403D71 8B4DEC mov ecx, dword ptr [ebp-14] :00403D74 3BCB cmp ecx, ebx :00403D76 7405 je 00403D7D :00403D78 8B41F0 mov eax, dword ptr [ecx-10] :00403D7B EB02 jmp 00403D7F * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403D76(C) | :00403D7D 33C0 xor eax, eax * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403D7B(U) | :00403D7F 3BCB cmp ecx, ebx :00403D81 889C05E0FEFFFF mov byte ptr [ebp+eax-00000120], bl :00403D88 7405 je 00403D8F :00403D8A 8B49FC mov ecx, dword ptr [ecx-04] :00403D8D EB02 jmp 00403D91 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403D88(C) | :00403D8F 8BCF mov ecx, edi * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:00403D8D(U) | :00403D91 8D85E0FEFFFF lea eax, dword ptr [ebp+FFFFFEE0] :00403D97 50 push eax :00403D98 51 push ecx * Reference To: KERNEL32.lstrcmpiA, Ord:02FFh | :00403D99 FF15A8C04000 Call dword ptr [0040C0A8] :00403D9F 85C0 test eax, eax <-- The other :00403DA1 7541 jne 00403DE4 <-- check Ok.. reverse the jumps to make the check passed.. or do as I did.. (its not that different) :403D6D 85C0 -> 4090 (INC EAX, NOP) <- Sets EAX always 1, thus pass the check :403D9F 85C0 -> 4090 .. same thing here (if I dont remember wrong..) Thats all.. or not.. I found out that disabling this check WONT let u play Indy Jones.. and I was too lazy to see why does the game exit to Windoze every time (after the line's been drawn on the map).. but anywayz this is just another cd-check tut amongst the others so I dont care :).. find out yourself or buy the game ( I guess the game couldnt find the file(s) for the first level.. see error.txt) (note for r!SC: YES! This game was original, Full version, but I did NOT buy it :)) -C_DKnight Greetz: AB4DS, Sinnny, Thesmurf, cTT, r!SC, Dead-Mike, ByteBurn, Miscreant, [yAtEs], [LaZaRuS], and all the others I forgot -> #Cracking4Newbies plus Tailz, F0ley, Makis, Mathras, MR-B, LM555