home *** CD-ROM | disk | FTP | other *** search
- dBase III version 1.10 - Unprotect
- by The Lone Victor
-
- The following instructions show you how to bypass the SoftGuard
- copy protection scheme used on dBase III version 1.10. This is the same
- scheme used for FrameWork 1.10 and for Wordstar 2000 1.00. Wordstar
- 2000 version 1.10 does not use a copy protection scheme, while versions
- 1.00 of dBase III and FrameWork used ProLock. To unprotect Prolock disks
- read the file PROLOCK.UNP.
-
- First, using your valid, original dBase III diskette, install it on
- a fixed disk. Softguard hides three files in your root directory:
- CML0200.HCL, VDF0200.VDW, and DBASE.EXE. It also copies DBASE.COM into
- your chosen dBase directory. DBASE.EXE is the real dBase III program,
- encrypted. When you run dbase, the program DBASE.COM loads CML0200.HCL
- high in memory and runs it. CML decrypts itself and reads VDF0200.VDW.
- The VDF file contains some code and data from the fixed disk FAT at the
- time of installation. By comparing the information in the VDF file with
- the current FAT, CML can tell if the CML, VDF, and DBASE.EXE files are
- in the same place on the disk where they were installed. If they have
- moved, say from a backup & restore, then dBase will not run.
-
- Second, un-hide the three files in the root directory. You can do
- this with the programs ALTER.COM or FM.COM, or UNHIDE.COM and HIDE.COM
- found on any BBS.
-
- Make copies of the three files, and of DBASE.COM, into some other
- directory.
-
- Hide the three root files again using ALTER or FM.
-
- Following the dBase instructions, UNINSTALL dBase III. You can now
- put away your original dBase diskette. We are done with it.
-
- Next we will make some patches to CML0200.HCL to allow us to trace
- through the code in DEBUG. These patches will keep it from killing our
- interrupt vectors.
-
- DEBUG CML0200.HCL
- E 3F9 <CR> 2A.4A <CR> ; change the 2A to 4A
- E 49D <CR> F6.16 <CR> ; if any of these numbers don't show up
- E 506 <CR> E9.09 <CR> ; it's not working.
- E A79 <CR> 00.20 <CR> ;
- E AE9 <CR> 00.20 <CR> ;
- E 73C 97 FA FA F4 F1 7E <CR> ; this is an encrypted call to 0:300
- W ; write out the new CML file
- Q ; quit debug
-
-
- Now copy your four saved files back into the root directory and
- hide the CML0200.HCL, VDF0200.VDW, and DBASE.EXE files using ALTER or FM.
-
- We can now run DBASE.COM using DEBUG, trace just up to the point
- where it has decrypted DBASE.EXE, then write that file out.
-
- DEBUG DBASE.COM
- R <CR> ; write down the value of DS for use below.
- A 0:300 <CR> ; we must assemble some code here
- POP AX
- CS:
- MOV [320],AX ; save return address
- POP AX
- CS:
- MOV [322],AX
- PUSH ES ; set up stack the way we need it
- MOV AX,20
- MOV ES,AX
- MOV AX,0
- CS:
- JMP FAR PTR [320] ; jump to our return address
- <CR>
- G 406 ; now we can trace CML
- T
- G 177 ; this stuff just traces past some
- G 1E9 ; encryption routines.
- T
- G 54E ; wait while reading VDF & FAT
- G=559 569
- G=571 857 ; DBASE.EXE has been decrypted
- rBX <CR> ; length DBASE.EXE = 1AC00 bytes
- :1 ; set BX to 1
- rCX <CR>
- :AC00 ; set CX to AC00.
- nDBASE ; name of file to write to
- W XXXX:100 ; where XXXX is the value of DS that
- ; you wrote down at the begining.
- Q ; quit debug
-
- Last, unhide and delete the three root files CML0200.HCL, VDF0200.VDW,
- and DBASE.EXE. Delete DBASE.COM and rename DBASE to DBASE.EXE. This is the
- real dBase III program without any SoftGuard code or encryption. It requires
- only the DBASE.OVL file to run.
-
- If you have any comments on this unprotect routine or the PROLOCK.UNP
- routine, please leave them on the Atlanta PCUG BBS (404) 634-5731.
-
- The Lone Victor - 4/15/85
-
- �����������������������������������������������������
