Introduction: Kingpin, well what can I say...........aim, shoot, get covered in guts........nuff said, you all know what it is!
Get the latest patch v1.21 and update the game before trying this crack. Although it may work the same way on the original exe too, haven't tried yet........let me know.

Tools needed: WDASM, Hexeditor.

The Protection: Very, very Simple CD-check, rather like Requiem. Easy to find and easy to crack.

The Crack:
Do a full install then then, let's see what happens when you run the game without the CD in the drive. Oops, a message pops up 'You must have the KINGPIN CD in the drive to play the game'
Oh no we dont' let's prove them wrong shall we??

Load up the kingpin.exe into WDASM and search for the text message that pops up. There are several references to it but we come in at the top of the list below:

:00449061 55 push ebp
:00449062 8BEC mov ebp, esp
:00449064 51 push ecx
:00449065 833D4C1D480000 cmp dword ptr [00481D4C], 00000000 -----> Test something
:0044906C 7402 je 00449070 --------------------------------------------------------> Display error message if failed.
:0044906E EB67 jmp 004490D7 ----------------------------------------------------> Good guy jump here passed.
:00449070 E837FFFFFF call 00448FAC
:00449075 8945FC mov dword ptr [ebp-04], eax
:00449078 837DFC00 cmp dword ptr [ebp-04], 00000000
:0044907C 750F jne 0044908D
* Possible StringData Ref from Data Obj ->"You must have the KINGPIN CD in "
->"the drive to play."
:0044907E 6860A04500 push 0045A060
:00449083 6A00 push 00000000
:00449085 E89076FDFF call 0042071A
:0044908A 83C408 add esp, 00000008
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0044907C(C)
:0044908D 8B45FC mov eax, dword ptr [ebp-04]
:00449090 8A08 mov cl, byte ptr [eax]
:00449092 51 push ecx
:00449093 E81DFEFFFF call 00448EB5
:00449098 83C404 add esp, 00000004
:0044909B 85C0 test eax, eax
:0044909D 750F jne 004490AE
* Possible StringData Ref from Data Obj ->"You must have the KINGPIN CD in "
->"the drive to play."
:0044909F 6894A04500 push 0045A094
:004490A4 6A00 push 00000000
:004490A6 E86F76FDFF call 0042071A
:004490AB 83C408 add esp, 00000008
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0044909D(C)
:004490AE 8B55FC mov edx, dword ptr [ebp-04]
:004490B1 52 push edx
:004490B2 E824000000 call 004490DB
:004490B7 83C404 add esp, 00000004
:004490BA 85C0 test eax, eax
:004490BC 750F jne 004490CD
* Possible StringData Ref from Data Obj ->"You must have the KINGPIN CD in "
->"the drive to play."
:004490BE 68C8A04500 push 0045A0C8
:004490C3 6A00 push 00000000
:004490C5 E85076FDFF call 0042071A
:004490CA 83C408 add esp, 00000008
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004490BC(C)
* Possible Reference to String Resource ID=00001: "WinQuake"
:004490CD C7054C1D480001000000 mov dword ptr [00481D4C], 00000001
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0044906E(U)
:004490D7 8BE5 mov esp, ebp ----------------------> Land here if passed and exit routine.
:004490D9 5D pop ebp
:004490DA C3 ret



So that's basically it then. So all we have to do is put 2 NOPs at address 44906C to crack the check. So goto offset 4906Ch in kingpin.exe and enter 9090 in place of 7402 and save it. You've just cracked Kingpin.........you're so clever!!

Another one bites the dust......