home *** CD-ROM | disk | FTP | other *** search
- Quake 3 CD-Check tutorial.....
-
- by Xcellent for TrickSoft - "Software made free by us"
-
- Hi there! Welcome to tutor and this time a new game! Not so fresh
- but... Follow all instructions and be a happy no Cd_in_drive player!
-
- Tools needed:
- W32Dasm - Disassembler and debugger (www.crackstore.com)
- Any hex editor (www.crackstore.com have many!)
-
- This tool we will use (W32Dasm) is an disassembler and a 32 bit debugger, and
- using it is the most simple and easy way to kill cd protections.
- The game I will use to demonstrate is the Quake 3 Arena v1.17, removing the CD
- check routine.
- Run Quake3 and select single player, choose any level and click play...Fucking shit!!
- A message came saying: "INSERT THE CD".
- Now remember this message for use later and start W32Dasm, click open and select the
- quake3.exe file, wait the disassembler work and sleep a little........ZZZZZ....zzzzz..
- oh, what? ready, well, *ahem*, ok, click on menu refs - String Data Reference, a window
- will popup with a lot of messages, now what you need to do is search for that message,
- remember it? it's "INSERT THE CD". Ok, you find it? no? Yep, this time the game will
- use a different name for that dialog that isn't "INSERT THE CD" so we need to find
- something related to CD, like "CD not in drive", "CD not ready" or "Game
- CD not in drive". You'll find the message "Game CD not in drive", so double click
- on it, and you'll be in the right place, now you will see something like this:
- * Referenced by a CALL at Address:
- |:004374FE
- |
- :00432460 83EC54 sub esp, 00000054
-
- * Possible StringData Ref from Data Obj ->"fs_restrict"
- |
- :00432463 6834364B00 push 004B3634
- :00432468 E823CEFEFF call 0041F290
- :0043246D D81DF0F34A00 fcomp dword ptr [004AF3F0]
- :00432473 83C404 add esp, 00000004
- :00432476 DFE0 fstsw ax
- :00432478 F6C440 test ah, 40
- :0043247B 7418 je 00432495
- :0043247D E8BE2E0100 call 00445340 <-- calls CD check routine
- :00432482 85C0 test eax, eax <-- check the result
- :00432484 750F jne 00432495 <-- jump if the result is the expected
-
- * Possible StringData Ref from Data Obj ->"Game CD not in drive" <-- else show that fucking dialog
- |
- :00432486 68A4BE4B00 push 004BBEA4
- :0043248B 6A03 push 00000003
- :0043248D E8FE9EFEFF call 0041C390
- :00432492 83C408 add esp, 00000008
-
- Look at :00432484, that's the place where you will change the bytes, turning the jne to jmp,
- doing this, even if the value wasn't the expected (CD not in drive) or with the CD in drive the game
- will play!! Easy isn't!?
- But to change the bytes, you must know where they are into the executable, to do this move the bar to the
- address :00432484, doing this the bar will turn green, so take a look at the bottom of the screen and you
- will see:
- Line: 103161 Pg 2063 and 2064 of 6946 Code data @:00432486 @Offset 00032484h <-- that's the offset
- The address will always be named as Offset and it will be a hexadecimal value, in this case,
- the offset is 32484.
- So fire your hexadecimal editor, load the quake3.exe file and search for the offset 32484.
- Got it? now just change the 75 value to EB and save the file.
- Run Quake 3, and, wow!! you have cracked it!!
-
- If you enjoyed this tutor and want more, send me a e-mail!
-
- that's enough folks - wait for more....
-
- Xcellent - The Brazillian cracK3r
- xcellent@bol.com.br
- www.tricksoft.net
