Bug Error 2000 --------------- The Cracking Answer -------------------- Nox 1.1 NO CD -------------- Tools That you'll need ----------------------- - W32dasm 8.93 - Hiew 6 or higher Initial notes -------------- - First, install the full game - Make sure that the cd isn't on your drive :)) First approach with the CD-check protection -------------------------------------------- - Run the game - You must see this : "Nox CD Not Found" - Click on OK, we'll correct this bug ;) Disassembling File with W32dasm ------------------------------- - Load W32dasm and open "game.exe" - After a few time, the file'll be disassemble - Now, click on "Strn Ref" button => Next to Print button - Scroll down till you find : "CDFailText" - Double-click on this, and you'll see : * Possible StringData Ref from Data Obj ->"CDFailText" | :00413273 68D47A5700 push 00577AD4 :00413278 E833BDFFFF call 0040EFB0 :0041327D 83C410 add esp, 00000010 :00413280 50 push eax :00413281 68C7000000 push 000000C7 - Now, scroll up till you see this : * Referenced by a CALL at Address: |:0043B372 | :00413210 A188405F00 mov eax, dword ptr [005F4088] :00413215 83EC08 sub esp, 00000008 :00413218 56 push esi :00413219 BE06000000 mov esi, 00000006 :0041321E 3BC6 cmp eax, esi :00413220 0F87F3010000 ja 00413419 :00413226 FF248530344100 jmp dword ptr [4*eax+00413430] :0041322D E87EEC0000 call 00421EB0 => If you trace into this, you'll see GetDriveTypea, argggggggg, i dislike this ;) :00413232 85C0 test eax, eax :00413234 A38C405F00 mov dword ptr [005F408C], eax :00413239 7559 jne 00413294 :0041323B E870020000 call 004134B0 :00413240 E85B740300 call 0044A6A0 :00413245 6800080000 push 00000800 :0041324A E84173FFFF call 0040A590 :0041324F 83C404 add esp, 00000004 :00413252 85C0 test eax, eax :00413254 7405 je 0041325B :00413256 E835020000 call 00413490 - Be sure that you're on 0041322d and take a look at the bottom to see the offset, this is 0001322d - Not this offset, you'll need this Crack the "fordrac.exe" file ----------------------------- - To do this, you'll need Hiew - Launch Hiew, and load "game.exe" - Press F4 and choose "decode" - Press F5, and enter the offset, here it is 0001322d - Press F4 and choose "Hex" - Press F3 to edit and type B80200 - Press F9 to update the EXE - Run the game, and, Hiiiiiiiihaaaaaaaaa, you cracked Nox 1.1 ;) Cracking source code --------------------- Const FileN : String = 'game.exe'; {name of file to patch} BytesToChange : Integer = 3; {bytes to patch} FileS : LongInt = 1802240; {size if the exe, to check the version} A : Array[1..3] of Record A : Longint; B : Byte; End = ((A:$1322d;B:$b8), {offset to modify + code to replace} (A:$1322e;B:$02), (A:$1322f;B:$00)); Var F : File; Ch : Char; I : LongInt; Begin fichier.filename := '*.exe'; fichier.filter := FileN; if fichier.execute then begin AssignFile(F, fichier.filename); Reset(F,1); If FileSize(F)<>FileS then begin ShowMessage('File is incorrect size'); halt(1); end else begin end; For I := 1 to BytesToChange do begin Seek(F,A[I].A); Ch:=Char(A[I].B); Blockwrite(F,Ch,1); end; ShowMessage ('File successfully cracked'); end; end; end.