SCO
Arcane
- Joined
- Feb 3, 2009
- Messages
- 16,320
I'm attempting (again) to no-cd King of the dragon pass.
The executable is actually a launcher for the .\Opal\Mtplayer95.exe file. Although the launcher has a few weak checks, the main wtf checks are on the Mtplayer95 file.
The way to skip the stupid check on the launcher is to edit it's offset 1338 (hex) from 75 to EB (unconditional jump).
If you then attach a debugger to the running Mtplayer95, search for X:\ and attach a read memory breakpoint, run it and press tutorial, you can get at the general place where the copy protection is doing its job (after the return). It seems to replace the first letter (X) in a cycle and checks their volumename or if it's not writeable or something. I need to skip this whole cycle and replace the X:\ by ..\ or something and not allow it to change. Problem is when i tried this the thing freaked out (started creating KotDP instead or something).
The code seems deliberately obfuscated in some strange way - a thing that seemed like a infinite cycle when i stepped through with the cd on, but when "run" it worked ... things like that.
Just sharing my findings for now.
The executable is actually a launcher for the .\Opal\Mtplayer95.exe file. Although the launcher has a few weak checks, the main wtf checks are on the Mtplayer95 file.
The way to skip the stupid check on the launcher is to edit it's offset 1338 (hex) from 75 to EB (unconditional jump).
If you then attach a debugger to the running Mtplayer95, search for X:\ and attach a read memory breakpoint, run it and press tutorial, you can get at the general place where the copy protection is doing its job (after the return). It seems to replace the first letter (X) in a cycle and checks their volumename or if it's not writeable or something. I need to skip this whole cycle and replace the X:\ by ..\ or something and not allow it to change. Problem is when i tried this the thing freaked out (started creating KotDP instead or something).
The code seems deliberately obfuscated in some strange way - a thing that seemed like a infinite cycle when i stepped through with the cd on, but when "run" it worked ... things like that.
Just sharing my findings for now.
