
 Target: Sid Meier's Alpha Centauri (updated 4.0!!!) [UK]
 Toolz: W32Dasm, SICE, Hex-Editor, NotePad+ with Wordwrap ON
 Level: 1
 Protection: cd-check kinda..

 Background info:
 
 I love Sid Meier games and as I haven't cracked this yet this was an obvious
 choice for a subject of this tute.. but enuff bla bla.. let's get on the business
 btw.. if I'm not totally wrong it is possible to play this game without a CD present
 but there's this nag we wanna remove (thou I'd recommend playing with the CD)..
 oh.. also.. it seems like the unpatched version has Securom (which I don't care
 coz I have the ORIGINAL!) but patched version doesn't... leet.. :)

 Again a common approach, BPX GetDriveTypeA and you'll land here:

 * Referenced by a (U)nconditional or (C)onditional Jump at Address:
 |:005E896E(C)
 |
 :005E8912 8D542410                lea edx, dword ptr [esp+10]
 :005E8916 52                      push edx
 
 * Reference To: KERNEL32.GetDriveTypeA, Ord:0104h
                                   |
 :005E8917 FF1540B16400            Call dword ptr [0064B140]
 :005E891D 83F805                  cmp eax, 00000005 -- u are here, and u know this one already
 :005E8920 753E                    jne 005E8960 -- as u do also this one..
 :005E8922 8D442410                lea eax, dword ptr [esp+10] <-- move current drive letter to eax
 :005E8926 881DB8DD9700            mov byte ptr [0097DDB8], bl
 :005E892C 50                      push eax
 :005E892D 68B8DD9700              push 0097DDB8
 :005E8932 E819FA0300              call 00628350 <-- uhm..get the path for the movie to play?
 :005E8937 8B8C2468020000          mov ecx, dword ptr [esp+00000268] <-- move the path to ecx
 :005E893E 51                      push ecx <-- push the path
 :005E893F 68B8DD9700              push 0097DDB8 
 :005E8944 E807FA0300              call 00628350 <-- same call as above
 :005E8949 83C410                  add esp, 00000010 <-- tidy up the stack
 :005E894C 8D94241C010000          lea edx, dword ptr [esp+0000011C] <-- same as above, but move to edx
 :005E8953 52                      push edx <-- push the path
 :005E8954 68B8DD9700              push 0097DDB8
 :005E8959 FFD5                    call ebp <-- call to FindFirstFileA
 :005E895B 83F8FF                  cmp eax, FFFFFFFF <-- compare results
 :005E895E 756B                    jne 005E89CB <-- jump if not equal...<g>
 
 * Referenced by a (U)nconditional or (C)onditional Jump at Address:
 |:005E8920(C)
 |
 :005E8960 8A542410                mov dl, byte ptr [esp+10] <-- mov current drive letter to dl
 :005E8964 FEC2                    inc dl <-- increase counter
 :005E8966 46                      inc esi <-- increase counter
 :005E8967 83FE1A                  cmp esi, 0000001A <-- compare if all drives done
 :005E896A 88542410                mov byte ptr [esp+10], dl
 :005E896E 7CA2                    jl 005E8912 <-- jump if not, (loop getdrivetype routine until all done)
 :005E8970 399C2464020000          cmp dword ptr [esp+00000264], ebx
 :005E8977 7572                    jne 005E89EB
 :005E8979 53                      push ebx
 :005E897A 53                      push ebx
 :005E897B 53                      push ebx
 :005E897C 6AFF                    push FFFFFFFF
 
 * Possible StringData Ref from Data Obj ->"FILEFIND_NOCD" <-- this tells pretty much...

 ok.. i prolly made some mistakes but I think the routine consists of checks like i've described.. but 
 i may be wrong.. but anyways I do already know where to path.. ;) do you? prolly not.. lemme clear it out
 for ye..

 so the above routine is indeed a failed routine for cd-check, well in fact it checks if all cd-drives done
 and loops back to start when all done.. it does nothing more i believe.. but again.. i may be wrong
 
 but the point of interest is the call to FindFirstFileA ..it is in fact the cd-check, urh.. but i cant
 really remember what it does.. heh.. wait a sec.. I'll re-trace it ;) (and eat sumfin in the while)..
 w00p.. uhm, heh.. i'm still not quite sure but I'd say it seeks for the movie path/file and if its found on 
 the target drive (CD) return value is the search handle used in a subsequent call. So the return value
 changes depending on the drive the file is found.

 eg. the return value for my drive G:\ -> BF0304, might differ on your comp

 and coz of this kinda procedure its safer to change the following jump instead of comparing or nopping
 out the whole call, so lets do like this:

    :005E895E 756B  jne 005E89CB
 -> :005E895E 746B  je  005E89CB or
 -> :005E895E EB6B	jmp 005E89CB
 I'm sure you can do the modification on your own so I won't explain it.. if your having problems plz read   some of my earlier tutes or someone else's tutes

 but anywayz if u did like i showed you shouldnt have any nags left when u start the game. i dunno if you
 can play it now without a cd in the drive coz i was too lazy to test it. but i dont really care coz the main
 intention in this tute (and in all my other cd-check tutes!!) is just to disable the cd-check, whether it
 renders the game playable or not.. but enuff crap already... whats done is done, cd-check destroyed!

 Heh.. might I also add that if u look terran.exe with ProcDump you can see something like Selfmod or similar
 .. self-modifying? kinda i'd say.. when I first patched this file in Hiew it changed the opcodes to something
 way of cmp & jne that were supposed to be there... but its no use if u type the offset straightly so that
 it takes u straight on the jne code, then its safe to patch.

 -C_DKnight

 well ok.. C_D can stand for Compact Disc if u really want.. its kinda leet in that way too.. heh.. since 
 almost every tute of mine are about cd-check defeating.. so I'm a valiant knight who protects poor games
 from evil CD-Check wizards!! Huuh.. I thrust with my dark sword and see Wizards eventually perishing.. ;)
 Haha.. well lets proceed onto greetings, shall we?

 #Cracking4Newbies, you guys I respect and greet: (not in any order)

 AB4DS, r!SC, Dead-Mike, NrOC, Warezpup, Hutch, [yAtEs], [E_BLiss], [LaZaRuS], Doufas, SeKt0r, nchanta,
 Icecream (your radio r0xs0rs!! :)), |Xmen|, LordOfLA, F0dder, Predator, aCiDHaC, ACiD BuRN, X-Calibre, 
 DnNuke, noos, nu, Thesmurf, defiler, Sinn0r, ^tCM^, Norika, cTT, Weazel, MisterE, Dawai, RevX, Maybird,
 BlackBird, DarkLord and all the others at #c4n I forgot

 plus these individuals: Tailz, F0ley, MR-B, Mathras, Makis