PDA

View Full Version : Need some guidance



ianq13
01-20-2008, 04:33 PM
Hey folks,
&#20*20;们&#22*0*;? I've recently started looking into simple CD protections and read up on that a little bit online and decided to give it a shot. Has anyone ever played Lost Vikings 2 from Blizzard (formerly Silicon&Synapsis)? It's a great game and I've got its CD sitting here. The nice thing about it is that it is from ***5 and requires a CD inserted in the drive. If you're lazy like me, you know that putting the CD in is a PITA.

Consequently, I wanted to see if I can remove that CD check. And here's where my trouble begins haha. Can anyone kind of walk me through something like this?

Here's what I've done:

*. I disassembled Lost Vikings 2.exe using DisASM*2 (www.geocities|com/~sangcho/disasm.html) and got some **8,000 lines of assembler

2. I fired up W*2Dasm to look for the error message, but couldn't locate it. I did, however, find it using XVI*2 (some hex editor).

This is about how far I've gotten haha, because things turned out to be different than in whatever I had read. I was thinking about altering the call to the check routine?

&#*5874;&#*5874; lots in advance!
Ian

coz
01-21-2008, 10:22 AM
I've never done anything like this (no cd protections) but I would assume it would be easy. First use some kind of PE identifier to see if there is any protection on the main program, such as ProtectionID. That could be why you are not seeing the text in your deb***er. The next thing you may want to check into is if the program is using any anti-deb***ing tricks. Most of that crap can be solved using scripts in ollydbg or a fixed deb***er. But don't worry about that unless your breakpoints don't work and weird things happen.

After that I would search for the error text. If found look above the text to see what jumps and or calls that are made before it or that jump to it. Its probably a function that gets called by the main running program so if you just NOP the call it will work.

If you cannot still find the error text use another deb***er and write down the RVA (offset) and find that address in the main deb***er. Most of the time the text is there it just looks different. PE Explorer is great at displaying things nicely and easy to find. You can also set a breakpoint on all MessageBoxA (I think) so when the error pops up it breaks on it. Another thing is after running the main program in olly and the error box pops up if you pause olly and press Alt+F* it will usually jump back to what called the message box. It may take some time to find all of this but using olley will probably be much easier. At least it is for me. Hope something here helps you.