TORN@DO's Cracking Tutorial for
Microsoft Age of Empires I
 
Tools you need: For tools you need W32DASM and a Hex-Editor. My recommendation on a Hex-Editor is Hacker's View. If you can't get these tools yourself, ask for it in a Cracker-Channel.. 

Warning: You can't use WinIce and place a breakpoint on GetDriveTypeA - your computer will crash! This time you'll have to use W32DASM. 
  
 
Age of Empires is a game like some others. You can install it complete, but you can't run it without the CD inserted in your CD-ROM-Drive. Windows-Games with CD-Checks are normally easy to crack - if you know what calls CD Checks. After you've read my "Cracker's Notes" you should be able to remove CD-Checks from Windows-Games, because in Windows it's easy to do that :-). 
  
Step 1 
Install the full version of Age of Empires and run the game. Have you seen the error message, that you haven't inserted your CD in the CD-ROM-drive? Ok. Exit Age of Empires and QuickView EMPIRES.EXE. Look at the imports: 

Have you seen this GetDriveType?? Very interesting :-). Ok now let's go! 

  
Step 2 
Disassemble EMPIRES.EXE and look at it's imports. Scroll down until you see KERNEL32.GetDriveTypeA. Double click on it. Now have a look at the code: 

  * Reference To: KERNEL32.GetDriveTypeA, Ord:00DEh 
  | 
  :004D65F6    FF1554267000     Call dword ptr [00702654] 
  :004D65FC    83F805               cmp eax, 00000005 
  :004D65FF    7404                    je 004D6605 
  :004D6601    33C0                   xor eax, eax 
  :004D6603    EB53                   jmp 004D6658 

Look at :004D65FC. Have you seen those CMP? It compares EAX to 5. Because you've read "Cracker's Notes" you know, that GetDriveType returns values. In other words: This is the check. 5 is the value for the CD-ROM-Drive, so this line checks it. 
Now you know where the protection is and you should also know how to remove it. You can "NOP" out those 83F8057404! 
Games have not always such an easy protection. They can check several times - but then you can use nearly the same method. 
  
  
Step 3 
Copy the EMPIRES.EXE to EMPIRES.OLD! And then let's go! 
Now you know how to remove the protection, let's go! Crack this silly protection! Press F7, type 83F8057404 and replace it with 90909090909090. Now you see, that you've changed  

  CMP EAX, 00000005 
  JE 004D6605 

to 

  NOP 
  NOP 
  NOP 
  NOP 
  NOP 
  NOP 
  NOP 

There are other ways to circumvent the CD-Check. But I always tried to keep this tutorial as simple as possible, so that every Newbie can see how easy it is to remove a CD-Check from a game. 
  
  
Step 4 
Compare the EMPIRES.OLD with the EMPIRES.EXE with FC and save the differences to a file called PATCH.TXT (FC /B EMPIRES.OLD EMPIRES.EXE > PATCH.TXT). Now edit your patcher-file, compile it. Ren EMPIRES.EXE to EMPIRES.CRK and EMPIRES.OLD to EMPIRES.EXE. Run your patch. Compare EMPIRES.EXE to EMPIRES.CRK and repeat those steps until there were no differences. Enjoy the *NOP'd* Game. 

I recommend, that you read my Cracker's Notes!
 
 
 
 Back to Students Essay's