Introduction: Needs no introduction, we've been waiting long enough for it and personally I think it was worth the wait. It looks and plays brilliantly. This tutorial is for those who have bought the game (like me) and would like to play it from the hard drive (slightly faster too).

Tools needed: WDASM. Hex-Editor

The Protection: Well, the setup installs very little on the hard drive so it's up to you to copy the rest of the files and folders over.
Make sure the following files/folder are present in your game folder:
FMV - [Folder]
AUDIO - [Folder
DATA - [Folder]
Script.dat
English.dat
Larac.mov

This protection is (or seems to be!) a simple file check on the CD-ROM drive. The program looks for X:\script.dat (where X: is the CD drive) and if it doesn't find it the you get the message box 'Tomb Raider - The Last Revelation CD' with Retry/Cancel'

It is entirely up to you if you want to play the game from the CD as it will take over 650MB if you copy all the files to the hard drive - the choice is yours.


Ok then, lets get on with it.

The Crack:
Load Tomb4.exe into WDASM and search for the test string mentioned above. The one you want is at 48D8C6.
Now look above this code and you'll see some checks being done on the code:

:0048D8BB E8F060FEFF call 004739B0 ----------------> If you trace through this call you will see that it checks for a CD drive and the file script.dat on it then makes the CD drive the default path for the game. We can remove this call altogether by entering 5 NOPs here (909090909090).

:0048D8C0 84C0 test al, al ----------------------------------> The final check is made here. We can ignore this or remove it by entering 2 NOPs here (9090).
:0048D8C2 7525 jne 0048D8E9 ----------------------------> If correct then jump over the message box. We can make the program jump here with the default game folder path when the program started. Enter Jmp here (EB)

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
:0048D8E7(C)
:0048D8C4 6A25 push 00000025
* Possible StringData Ref from Data Obj ->"Tomb Raider"
:0048D8C6 6838354B00 push 004B3538
* Possible StringData Ref from Data Obj ->"Tomb Raider - The Last Revelation CD"
:0048D8CB 6810354B00 push 004B3510
:0048D8D0 53 push ebx
* Reference To: USER32.MessageBoxA, Ord:01BEh
:0048D8D1 FF15CC814A00 Call dword ptr [004A81CC]
:0048D8D7 83F802 cmp eax, 00000002
:0048D8DA 0F84DB030000 je 0048DCBB
:0048D8E0 E8CB60FEFF call 004739B0
:0048D8E5 84C0 test al, al
:0048D8E7 74DB je 0048D8C4
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
:0048D8C2(C)
:0048D8E9 E8123BFCFF call 00451400 --------------> We land here and carry on as normal as if the files were being read from the CD drive.

THIS IS WHAT YOU HAVE TO DO TO REMOVE THE CHECK

With your hexeditor:Goto offset 8D8BB and enter 90909090909090EB
OR enter B801000000 - this is the instruction MOV EAX, 1

Either method will crack the CD/File check

Well that's basically it, although I have a sneaky feeling that something may happen later in the game, or am I just being paranoid ?. Let's see what happens shall we. So, until another check comes up (if at all) then watch this space.

Another one bites the dust....


UPDATE: 26/12/99

Just cracked the updated version of tomb4.exe..............the same protection, different place. Goto offset 8EA0C and insert the bytes B801000000 to crack the CD-Check...