Welcome to my cracking tutorial !

                                                    Made by Fr1c !
 

   Target : Age Of Empires (you can crack on same way Age Of Empires : Rise Of Rome and Age Of Empires 2)

    Protection : CD CHECK

    Tools : W32Dasm and Hex Editor

    Date : 01.03.2000

    CrAcKeR : Fr1c
 

    Ok,lets crack this shit.
 

    Run game and click on single player , you will see : "You must insert game cd...."

    Exit game and run W32Dasm and disassemble Empires.exe.

 
    Click on imported modules and find GetDriveTypeA.

    When you find it , double click on it ,you will see this :

* Possible StringData Ref from Data Obj ->"CDPath"
                                  |
:004E9049 687C525600              push 0056527C
:004E904E 8B8EAC010000            mov ecx, dword ptr [esi+000001AC]
:004E9054 6A00                    push 00000000
:004E9056 E815C4F3FF              call 00425470
:004E905B 8BF8                    mov edi, eax
:004E905D 85FF                    test edi, edi
:004E905F 7504                    jne 004E9065
:004E9061 33C0                    xor eax, eax
:004E9063 EB63                    jmp 004E90C8

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004E905F(C)
|
:004E9065 57                      push edi

* Reference To: KERNEL32.GetDriveTypeA, Ord:00DEh
                                  |
:004E9066 FF1580167E00            Call dword ptr [007E1680]
:004E906C 83F805                  cmp eax, 00000005                        - COMPARE CD
:004E906F 7404                    je 004E9075                                      - JUMP IF CORRECT
:004E9071 33C0                    xor eax, eax
:004E9073 EB53                    jmp 004E90C8

Now , you see that jump ?
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004E905F(C)

Ok , you must find that address , here it is :

:004E905D 85FF                    test edi, edi
:004E905F 7504                     jne 004E9065

No...not yet...you must find another jump ...

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004E8FEE(C)
|
:004E9039 A17C815600              mov eax, dword ptr [0056817C]
:004E903E 85C0                    test eax, eax
:004E9040 7407                    je 004E9049                                                    -JUMP IF EQUAL
:004E9042 B801000000              mov eax, 00000001                                 - MOVE 1 in EAX
:004E9047 EB7F                    jmp 004E90C8                                              -JUMP

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004E9040(C)                    <---- HERE IT IS !!JUMP
|

* Possible StringData Ref from Data Obj ->"CDPath"

Hmm...finally!
:004E9040 7407                    je 004E9049
That's it.
You must change it in
:004E9040 7507                    jne 004E9049

I hope you know how to change it , if you dont know , download my others tuts from www.come.to/Fr1c
 

OK!
Game cracked!
 

Fr1c -dF,TCC,CoDex
www.come.to/Fr1c
www.campercrew.cjb.net
www.codex.cjb.net
E-mail : fric@iname.com
 

GREETZ TO : EdCamper,TechNich,iNFRA,NiXa,mendo,k0rnFleX,mercurio,woody,bjanes,ACID_BURN and others...