Use this tute only for cracking the EXEs of the CDs that you own...
This tutorial is for Educational purpose only.

Author: Creativity
Target Program: Ballance 2.0.0.1 (But the splash page displays v1.13)
Application type: Microsoft Visual C++ application (Use PEiD to find it out)

Tools required:
W32Dasm 8.93 or above.
Olly Debugger 1.10 (Debugging + Patching the game)
PEiD / ClonyXXL / ProtectionID

How to crack:
This is my first cracking tutorial... so please report me or forgive me for my mistakes that I made, I'm a newbie in cracking...

CLONY XXL STEPS:
Step 01: Insert the disc into the drive then click Scan in clony XXL.
Oh great the game doesnot contain any CD protection.

PEiD STEPS:
Step 01: Click on "..." and open the target "Player.exe" in the bin folder in the game's installation directory.
Step 02: Oh cool the game doesn't contain any protection like Securom, safeDisc etc and it is not protected with any Exe protectors. We are lucky... and our cracking burden is reduced.

W32DASM STEPS:
Step 01: Start the game without the CD... oh no... a window with title "Attention" and It says "Place the CD-ROM into the Drive and Start the Game again"
Step 02: Load up W32Dasm and disassemble the file "Player.exe" in the Bin folder...
Step 03: Since the error message "Place the CD-ROM into the drive and start the game again" loads up in the runtime, so it is not possible to search with the string.
Step 04: In W32Dasm click on "String Data references" button in the toolbar. Search for "Attention" thats the title of error message window.An alternate method is by using the menu "Search->Find Text" then type your text,"Attention" in the text box. Click on "Find next".
Step 05: It will take us to the line that displays the following

* Possible StringData Ref from Data Obj ->"Attention"

Step 06: Scroll a little below and you can find these lines.

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0040121B(C)

It says that the jump to this error message is from the address 0040121B and it also indicates what type of jump it is.
(C)-Conditional Jump (JNE's and JE's) and
(U)-Unconditional Jump (JMP)

So our jump is a conditional jump... (ie) it is checked for specific condition and then jumped.okay now that we've got the address where the game checks,Note it down in a piece of paper... Next is to Patch it out... close W32Dasm.

Note: There are two dialog with title "Attention", If you are not sure of which one is the dialog that points to CD-Check then run the target in a debugger to find out the correct Error string.

OLLY DEBUGGER STEPS:
i've added a screen shot of Olly and with the three important windows marked...
http://img102.imageshack.us/img102/9836/ollyinterface7qp.jpg
My interface and yours might differ because I've added new plugins and changed the color of the interface.

Step 01: Open the target file "Player.exe" in OllyDebugger
Step 02: Ollydebugger has many windows, we have to open the CPU window to debug the process. Click on the "C" icon in the toolbar... It will display the decompiled code. Maximize the window.
Step 03: Now Right click in the window and Select "Goto->Expression" and enter the address that you noted in W32Dasm... In this case it is 0040121B and then Click "OK"
Step 04: Ok now we have successfully landed in our checking area 0040121B. We need to bypass the check so that we can run the game without the CD and with the CD. This is really important, because the game must be able to run with a CD and without a CD, in that way we must crack it.

Original code:
00401219 . 84C0 TEST AL,AL
0040121B 75 46 JNZ SHORT Player.00401263

What does this code do ?
To know what it does follow the steps, Select the line 00401219 and then right click Select "Breakpoint->Run to selection" Now look at the information window, the sliced one that is just below the code window slice. We'll find that registerAL=00 if the CD is not inserted and AL=01 when the CD is inserted. so the next line is JNZ(Jump if Not Zero) if the AL value is 0 it will not jump, So it'll jump only when the CD is inserted (ie.)when AL becomes 01, so this is a conditional Jump. We have to change it to unconditional jump, It must jump always. So we have to modify it. So follow the steps below.

Step 05: Double Click on the line 0040121B or Click on the line and press Spacebar a window with title "Assemble at 0040121B" will pop up, now change "JNZ SHORT 00401263-->JMP SHORT 00401263", I've only changed the first three characters in the line.
Step 06: So we have patched the game in the memory, to patch the executable, Right click in the code window and select "Copy to executable-> All modifications" and click "Copy All", Now a dump window(D in the title) will popup displaying all the modifications that we made. Now Right click in the Dump window and select "Save file" then save the file with some other name, example Player_cracked.exe...

Patched code:
00401219 . 84C0 TEST AL,AL
0040121B EB 46 JMP SHORT Player.00401263

Final Notes:
So we've successfully cracked the game Ballance 2.0.0.1 (V1.13 according to the splash page), Now the game will run when the CD is inserted and also when the CD is not in the drive. There are manys ways to crack this... one method is this one. Every program has its own weakness. Finding the weakness is the solution.

Greets:
To all NO-CD crackers in the world. And all the members of Lethal Injection team and Members in this MGForums.

CLonyXXL !!!!!!!!!!
Please use DiscScanX + A-Ray Scanner

I might be doign somethign wrong Iam trying to learn how to Crack Warcraft exes and its not going over so well Maybe you could help me. Or somebody? I have the disk and all but I have so many and converted them into slimmer cases which are on my bookshelf and everytime i would go thru them when i want to play I dont have much time after my mom gets done rearaging my room. Iam a lil cluttered and at the end of playing before i got to work my games are all over my desk and my mom just puts them back wherever they may be. Iam getting tired of looking thru 5 shelves of dvds/games for ps2 xbox and PC. Thanks

Try to breakthrough into the porgram using Breakpoints like
BPX MessageBoxA -> This will break when messagebox is called or when error messages are displayed.
BPX GetDriveTypeA -> This will make a break when the target scans for your drive type.

or just search for CMP EAX,05 or CMP EAX,03 then try changing 05<=>03 and also check whether conditional jumps(JNZ, JE) are present below this statement and try reversing them or change them to unconditional jump(JMP).

If you still can't find a solution then read tutorials in http://biw.rult.at/
I learned tutorials at this site and they were really helpful.

Use some nice tools like FileMon and RegMon from sysinternals... these tools log which file/regvalue the game accesses... so you can easily crack it..

Some old games use regvalue to store the location of the install source, so if you change this regvalue and copy all the files from the CD it gets working without the CD.

Someother games lookout for a certain files and if the anyone of the files are not found, they popup with message "Insert the Correct CD-ROM" or similar messages !

I hope this info will be helpful !

BPX GetDriveTypeA
Checks for the type of drive you have... (ie) whether it is a floppy,HDD or CD etc
03 = HDD
05 = CDD

Since many ppl requested me for the tools.. i've uploaded them in www.filelodge.com (http://www.filelodge.com)

Links for the tools :
Download Olly Debugger (http://www.filelodge.com/files/room16/399459/Cracktools/Olly%20debugger.rar)
Download PEiD 0.93 (http://www.filelodge.com/files/room16/399459/Cracktools/PEiD.rar)

Enjoy :)

Bye,
Creativity

Dude! What's wrong with you? Why are you posting like this??

Dude! What's wrong with you? Why are you posting like this??
What is wrong ?
What has to be done... what is wrong in my post ???

What is wrong ?
What has to be done... what is wrong in my post ???
What echo means is use the "edit" button ;)

Yes. Posting more than once simultaneously (multiple posting) is against forum rules. I was not talking about the content.

Sorry Pals... sorry for those posts... is there anyway to delete the previous post ??

Bye,
Creativity

Nope. No way of doing that. Just be careful next time. Cheers.

Sometimes you want to update new info by making a new post.

However the edit button is recommended and should be used, otherwise.

Sorted, compatible posts merged. As said, if you wish to add information to and existing post, please use the edit button where possible ;)

hi creativtyy u r a great i have tird ur tutorial & it works . but the problemn is that how can i create a no cd fix for a patch ie i want to crack rome total war v 1.2 since its necessary for the realism total war .

hi creativtyy u r a great i have tird ur tutorial & it works . but the problemn is that how can i create a no cd fix for a patch ie i want to crack rome total war v 1.2 since its necessary for the realism total war .

What a patch does is it modifies lines of code in files that have been known to cause bugs/errors. If you go into the .exe file for your game and modify it properly, it will work.

Creativity can we make no-DVD crack with your method and does it works also for protected DVD games like popt2t?

Creativity can we make no-DVD crack with your method and does it works also for protected DVD games like popt2t?

Definitely no...

Definitely no...

Well RELOADED released a way to get around Starforce. I haven't had time to put some time into it (plus, I don't have any of those games), but if you do a search, you may be able to find that.

I will search and try.

someone plz help me wit bfme2....

someone plz help me wit bfme2....i install the game...now it ask me for the
cd....??? im a newbie.....*wonder if dis is illegal?*
any pro...who can exlpain to me in a way dat i understand...like list
der step....

MUCH MUCH APPRECIATION!!!!

d.t.

What happens when you put the original disc in the drive and try to play it? ;)

Do you even have the original disk mate?

not really helpful....i dl der game from torrent portal...im tire of dl-ing movie so i dl load game....but now i need cd key...and der cd..

D.T.

not really helpful....i dl der game from torrent portal...im tire of dl-ing movie so i dl load game....but now i need cd key...and der cd..

D.T.

There's your problem. If you want a game to work, buy a copy. Please don't talk about this in such a thread, because warez gets closed. :nono:

:warez:

MATE .......(READ THE RULES) and BUY the game......
to answer your question about legality yes this conversation is ILLEGAL ;)

ok..ok..ok..gosh...so waste of money..and all dis time i dl....
damn it...*illiagal eh? i wonder if i will get caught?*
hehhehehehehehe

thx alot guys

D.T.

MATE .......(READ THE RULES) and BUY the game......
to answer your question about legality yes this conversation is ILLEGAL ;)
Cracking can be done to break the protection only if you own the original Disc. Cracking can be done to make your backups of the original work when the orignal disc is scratched, unreadable or broken. And remember that even your original is broken into pieces or scratched... keep it with you and dont throw them away, they are the only proof of you owning the original. As I said in my tute cracking is for backups of the legally owned discs only and not for those fake ones.

hi creativtyy u r a great i have tird ur tutorial & it works . but the problemn is that how can i create a no cd fix for a patch ie i want to crack rome total war v 1.2 since its necessary for the realism total war .

Follow those OllyDebugger steps 5 and 6 of my tutorial.. those steps will help you with debugging and patching without the need for an external hex editor

For more tutorials visit :
http://www.yates2k.net/cd.html
http://www.woodmann.com/crackz/Miscpapers.htm#cdchecks

Bye,
Creativity :)

I am following the steps but I fail each time looking in the W32Dasm proggy for the proper string for the jump

I cannot find it ever for any game i try to crack...

I have tried to crack programs this way also and cant find where the in the exe wherew the attention or error come at in the exe file....I cam confused and need help on this........If anyone can help please for all means let me know.....

Please let me know what you can do by way of email.....rich@donotcrush.com

First of all, I give you mad props for making that TUT. but, I am having trouble doing this. I am practicing doing this on Star Craft, when I get to the

Step 04: In W32Dasm click on "String Data references" button in the toolbar. Search for "Attention" thats the title of error message window.An alternate method is by using the menu "Search->Find Text" then type your text,"Attention" in the text box. Click on "Find next".
Step 05: It will take us to the line that displays the following

It says it doesnt exist, the box is not called Attention all it says is "Data File Error" I searched for about an hour looking for this but was unable to find it, if you can help me out that would be great.

I am following the steps but I fail each time looking in the W32Dasm proggy for the proper string for the jump

I cannot find it ever for any game i try to crack...

I have tried to crack programs this way also and cant find where the in the exe wherew the attention or error come at in the exe file....I cam confused and need help on this........If anyone can help please for all means let me know.....

Please let me know what you can do by way of email.....rich@donotcrush.com
Some games have protection... so that the strings will be loaded dynamically while running the game. In that case you have to find out how the game scans for validating the disc... the scan might be search for certain files/ values in a particular file/ crc check etc.. So, try to find out the method that the game uses. For popular and old protections there are a lot of tutorials written by masters in this field. First check whether the CD/DVD contains any protection. Use tools like Aray scanner/Clony XXL.

First of all, I give you mad props for making that TUT. but, I am having trouble doing this. I am practicing doing this on Star Craft, when I get to the

Step 04: In W32Dasm click on "String Data references" button in the toolbar. Search for "Attention" thats the title of error message window.An alternate method is by using the menu "Search->Find Text" then type your text,"Attention" in the text box. Click on "Find next".
Step 05: It will take us to the line that displays the following

It says it doesnt exist, the box is not called Attention all it says is "Data File Error" I searched for about an hour looking for this but was unable to find it, if you can help me out that would be great.
In the case of Ballance.. the title of the dialog box that displayed the error was "Attention". In your case it might be "Wrong CD inserted" or something similar to that.

First off, great tutorial. I'm just starting and it helped me to understand a lot.

Second, I own Civ 4 and want to make a no-cd patch for the newest version because my optical drive is detached from my small laptop and I don't want to have to attach the drive every time I want to play the game. I say this so that there isn't a flood of responses informing me of how bad pirating is. I've decided to try and do the crack myself instead of just using leeching off of someone else's (that, and there isn't one out there yet.

My problem is that I can't find the cd check routine when using W32Dasm on the exe. I have some background in coding (C++) but I can't for the life of me figure it out. I did figure out, like you stated in your last post, that the message was being loaded dynamically from somewhere else; but I can't find where. Do you have any suggestions? I read your last post but I'm still confused about how to find the cd check if there isn't a string present. Also, I don't know if this matters, but the cd has SafeDisc protection.

Thanks.

I own Civ 4 and want to make a no-cd patch for the newest version because my optical drive is detached from my small laptop and I don't want to have to attach the drive every time I want to play the game. I say this so that there isn't a flood of responses informing me of how bad pirating is. I've decided to try and do the crack myself instead of just using leeching off of someone else's (that, and there isn't one out there yet.

Take a look at this (http://www.mgforums.com/forums/showthread.php?t=46474) thread, as it discusses the newest patch ;)

I have some background in coding (C++) but I can't for the life of me figure it out.

Don't take this wrong, but C++ will not really help you when you're dealing with assembly language (which is what you're using to make fixed .exe files). The best advice I can give you would be to take a look at some ASM tutorials on the web (a google search will give you plenty) ;)

Thnx IDipSkoalMint :) for assisting me in replying and solving problems throughout this thread.


My problem is that I can't find the cd check routine when using W32Dasm on the exe. I have some background in coding (C++) but I can't for the life of me figure it out. I did figure out, like you stated in your last post, that the message was being loaded dynamically from somewhere else; but I can't find where. Do you have any suggestions? I read your last post but I'm still confused about how to find the cd check if there isn't a string present. Also, I don't know if this matters, but the cd has SafeDisc protection.


You said that the game has got safedisc protection. Safedisc protected game exes are compressed ones and then they decompress themselves and load into the memory, if you unpack they might not unpack properly, most of the code looks scrambled and looks unusual, so you need to dump them using Procdump or tools like that. Procdump is a tracer that traces out program coding when it starts to unpack itself. More over safedisc has got anti-debugger procedures that closes the debugger/disassembler or shuts down itself and calls BSOD (Blue Screen Of Death).

I recommend you to download this file and read the tutorial in it, i'm a newbie in cracking and not a pro in cracking... i'm to learning how to crack stuff like all you ppl do.

OK here is the link : SafeDisc cracking Tutorial (http://www.yates2k.net/cd/safe.zip)

remove this post mod... problem with my browser and internet connection..

Thanks for the replies; they've been very helpful. I ran through some tutorials on ASM and I started to remember a few things; it turns I did go over this stuff back in college. I'm working now to try and get through Civ 4 and hopefully I can get it done.

On a seperate but similar note: In reading the tutorials that I've found on cracking, most of them refer to Softice. I've tried to find a place that I can get this but is seems that it has been cancelled and is no longer being sold. Does anyone have any idea where I can find Softice?

Thanks

On a seperate but similar note: In reading the tutorials that I've found on cracking, most of them refer to Softice. I've tried to find a place that I can get this but is seems that it has been cancelled and is no longer being sold. Does anyone have any idea where I can find Softice?
Softice is not a freeware and you have to pay for it to get it. Moreover I was unable to get softice working in Windows XP SP 2. So it stick to ollydbg. But softice has got many advanced features than olldbg. Its easy to shutdown ollydbg. But to shutdown softice you have to restart your PC, Softice loads before windows, so you can even debug some protected DLLs of windows. Both programs have got their own advantages and disadvantages. There are other debuggers and disassemblers available, just search using google.

Thnx IDipSkoalMint :) for assisting me in replying and solving problems throughout this thread.

No problem. You don't seem to be on much, and instead of let a problem sit unanswered, I figure I'll butt my nose in, since I have done a decent amount of ASM coding and whatnot. ;)

No problem. You don't seem to be on much, and instead of let a problem sit unanswered, I figure I'll butt my nose in, since I have done a decent amount of ASM coding and whatnot. ;)
I gotta learn a lot of stuff from you.. im just a noob, moreover I dont find time to develop my skills, since I'm busy with final exams in my college. You can also add your tutorials.. how about writing one and sharing ur knowledge with others and illuminating us ?:flash:

This is some serious tutorial! great job! it works

i cant find the error message in Win32ASM, (Strn.REF) :uhoh:

This is my second tutorial. I really got bored by playing games.. so decided to move to classic games. I decided to play Tomb Raider 4... Installed it.. ah.. the game didnt run. So I installed the XP patch from ww.tombraiderchronicles.com. I dont like to insert the CD every time I play the game, so I searched for NO CD Crack and was not able to find any crack for XP version. So I decided to crack it myself.

Some info about the target :
Name : Tomb Raider - The last revelation
Version : Xp patched version downloaded from www.Tombraiderchronicles.com
Protection : CD check.

Cracking tools used : Ollydbg 1.10(Debugger)

Ok lets start cracking.
Intial steps.. run the game without CD. you'll note the following messagebox.

http://img301.imageshack.us/img301/4254/step18xm.gif

I read the text, and clicked on cancel. I loaded OllyDbg and opened the file "tomb4.exe", Its was disassembled and ready to be cracked.

Now I right clicked and selected "Search for > All Referenced Text strings",

http://img137.imageshack.us/img137/5919/step26ss.gif

A new window containing a lot of text popped up. Its called the "References" Window, I right clicked in the references window and chose "Search for text".

http://img301.imageshack.us/img301/4900/step30pq.gif

I typed a part of the string that the game displayed when I didnt insert the CD.. and hit enter.

http://img301.imageshack.us/img301/2101/step40pq.gif

I found the string.

http://img60.imageshack.us/img60/3246/step54zu.gif

Then I double clicked on it. That took me here.

http://img134.imageshack.us/img134/2042/step65gz.gif

I scrolled a few lines up and set a breakpoint on starting point of the routine at 0048E9C0. Later I realised that the check must before displaying the popup.. So I searched for conditional jumps within the routine and above the message string. I found two conditional jumps at 0048EA06 and 0048EA13. So cleared my previous breakpoint and made two breakpoints on 0048EA06 and 0048EA13.

http://img145.imageshack.us/img145/6840/step70hq.gif

Upon analysing these two jumps I found out that first one will take past the message box.. so It might be the second one... there is a strange Call below the previous conditional jump and next conditional jump. That call might be the CDcheck.

0048EA04 |. 84C0 TEST AL,AL
0048EA06 |. 0F85 27040000 JNZ tomb4.0048EE33
0048EA0C |. E8 FF51FEFF CALL tomb4.00473C10---------> Strange Call, CD Check ?
0048EA11 |. 84C0 TEST AL,AL
0048EA13 |. 75 25 JNZ SHORT tomb4.0048EA3A

Take a look at the code below the call, its checking some value returned by the call. I found out that the call returns value 01 when the disc is inserted and 00 when the disc is not in the drive. So, gotta remove the call and replace with someother code. This method is applicable to Ballance also.

So I'm gonna replace my call with MOV EAX,1. So I selected the call line and pressed space and type MOV EAX,1.

http://img145.imageshack.us/img145/9004/step83zg.gif

Other alternate is change the value of AL as 1.. so you gotta replace the call by MOV AL,1. Be sure to check the "Fill with NOP's",

This will also work but after modification the code will look look like this..

0048EA06 |. 0F85 27040000 JNZ tomb4.0048EE33
0048EA0C |. B0 01 MOV AL,1
0048EA0E |. 90 NOP
0048EA0F |. 90 NOP
0048EA10 |. 90 NOP
0048EA11 |. 84C0 TEST AL,AL
0048EA13 |. 75 25 JNZ SHORT tomb4.0048EA3A

The call is a four bit code, since we are replacing it with a single bit code we have to fill NOP's, you'll be able to notice that there are three extra lines (NOP's), so a four bit code has to be replaced by a four bit code... thats what I like it to be.. if you dont use it wont cause any problem. I always try to avoid NOP's. So I recommend you to replace the call by 4 bit code "MOV EAX,1"

when you use MOV EAX,1 the code will look like..
0048EA06 |. 0F85 27040000 JNZ tomb4.0048EE33
0048EA0C |. B8 01000000 MOV EAX,1
0048EA11 |. 84C0 TEST AL,AL
0048EA13 |. 75 25 JNZ SHORT tomb4.0048EA3A

In both these methods the crack will work..

Now I've changed the code only in the memory I gotta change it permanently in the exe file. So I right clicked and selected "Copy to executable > All modifications"

http://img99.imageshack.us/img99/9789/step98bv.gif

and I chose "copy all", a dump window popped up.. I right clicked there and I selected "Save file"

http://img147.imageshack.us/img147/3307/step101hj.gif

and I typed a new name for the cracked file.

Use the same method to crack Tomb raider - Chronicles XP Patched version.

Hey thanks it worked!!!! :eek: TR 4 is now patched and TR 5 too! :hands:

I feel I need to point out though that these games contain FMV and audio data etc thats contained on the CD and these have to be copied over the game folder otherwise the game.exe will just crash with an error because once it's been patched it looks for them on the HDD instead.

Hey thanks it worked!!!! :eek: TR 4 is now patched and TR 5 too! :hands:

I feel I need to point out though that these games contain FMV and audio data etc thats contained on the CD and these have to be copied over the game folder otherwise the game.exe will just crash with an error because once it's been patched it looks for them on the HDD instead.

Ya your are correct.. You need to copy those stuff from your CD. I forgot to add it in my tutorial. Thanks Fruud Dude for pointing it out !

great tutorials mate. Im still learning the baisics. i have a few problems, could you please help me? i have msn if you'd like to talk.

thanks.

great tutorials mate. Im still learning the baisics. i have a few problems, could you please help me? i have msn if you'd like to talk.

thanks.

What exactly are you having trouble with?

well, its that when i scan for a sertain text string. it wont find anything like 'insert cd'. even when i look for it manually. not there.

iv tried numerous games including some EA. but no go. help? :)

well, its that when i scan for a sertain text string. it wont find anything like 'insert cd'. even when i look for it manually. not there.

iv tried numerous games including some EA. but no go. help? :)

Have you ever done any Assembly language coding? If not, take a look at some tutorials. Get an idea for what some of the commands mean, and you can possibly find what you're looking for (trust me, it'll help out overall). What game are you trying to crack?

iv tried lord of the rings bfme2, command and conquer red alert 2, heroes of might and magic iii, black and white, quake 3 annnd tonka construction 2 (yeah i know, not mine ^_^).

and yeah i have taken some tutorials on what the commands mean. im sure i will eventually find it, its just i feel i might have different software orrr im doing something majorly wrong.

is there anyone who could give me some support over msn? ill just be askin odd questions here nd' there.

thanks in advance.

hey is there a vidoe tut or can u make me 1 i can send u oripa screen recorder

(im trying to crack halo combat evolved)

(im trying to crack halo combat evolved)

http://www.gameburnworld.com/gp/gamefixes/halocombatevolved.shtml

;)

Cracking Tutorial 3

Target : Quake 3 Arena
Protection : CD Check

Step 1 : Load OllyDbg and open "quake3.exe", which is our target.

Step 2 : A warning as shown below might popup. Just click "OK" and proceed.

http://img57.imageshack.us/img57/1742/step2xw0.jpg

Step 3 : Right click the CPU window and Choose "Search for > All referenced Text Strings". (Refer pic below)

http://img479.imageshack.us/img479/8004/step3ii9.jpg

Step 4 : Right Click and Choose "Search for Text".

http://img140.imageshack.us/img140/787/step4uy0.jpg

Step 5 : Enter "CD" in the dialog box that popped up and dont forget to check "Case sensitive" and click "OK". (Refer pic below)

http://img126.imageshack.us/img126/8663/step5ku8.gif

Step 6 : Hit "Ctrl+L" until you land in line "Game CD not in drive". Now double click on this line. It will take you to this line which is at the address 0042DFC6.
0042DFC6 |. 68 80E34B00 PUSH quake3.004BE380 ; ASCII "Game CD not in drive"

Step 7 : Observe the following lines, these lines are found above the previous line which we saw.
0042DFC2 |. 85C0 TEST EAX, EAX
0042DFC4 |. 75 0F JNZ SHORT quake3.0042DFD5
TEST EAX,EAX -> Checks whether EAX is 0 or not.
JNZ -> Jump if Non-Zero ie. Jumps if EAX is 1.

Step 8 : Just modify the JNZ to JMP by double clicking on the line, so that the code looks like the one below.
0042DFC4 |. 75 0F JMP SHORT quake3.0042DFD5

Step 9 : Right click in the CPU window and select "Copy to Executable > All modifications" and choose "Copy All" in the dialog that pops up.

http://img107.imageshack.us/img107/130/step10qd1.jpg

Step 10 : A dump window appears, right click on it and select "Save file", type a name, eg. quake3cracked.exe.

http://img116.imageshack.us/img116/2590/step11yi4.jpg

That concludes my third tutorial. I hope you enjoyed it.

*EDIT*
You can also change the 0042DFBD E8 AE210100 CALL quake3.00440170 to 0042DFBD B8 01000000 MOV EAX, 1this CALL is above the line TEST EAX, EAX. There are a lot of ways to crack ! This edit is a good method to crack, cuz it makes the program think that CD has been inserted.

*EDIT2*
Please skip step 2, its caused by WindowBlinds. I unloaded WB for the tutorial but still the DLL loaded. You won't get the error if WB is not installed. Sorry pals..

That concludes my third tutorial. I hope you enjoyed it.

I haven't tried this on my own (as I don't know where that game is), but it appears as though you have done another great job with this tutorial - keep up the good work, buddy ;)

You need to do a maximum install and then apply the crack. I donno whether the crack will work for multiplayer part, since I have cracked only the single player part.

well, its that when i scan for a sertain text string. it wont find anything like 'insert cd'. even when i look for it manually. not there.

iv tried numerous games including some EA. but no go. help? :)Try searching for alternate keywords as in my tutorial 3, or just use a part of the string.

Hi yah Creativity, I see your still around.

I see you have moved from w32dasm to Olly since the old tuts.

Also the tutorials you are writing are very good by the way, Some people skip steps and tend to not explain what is going on.
Just wanted to let you know what i think about your time it take to write out and capture images to get a good tutorial together.
Some dont realize how much time it takes to go and get everything together and explain it in such a way for someone to understand it.
Very good tutorial.
Im actually surprised that Quake 3 only has 1 cd check lmao, unlike ages of empires with 14.

Ollydbg is the ultimate free tool....... i like your custom ini you have :P

Hi yah Creativity, I see your still around.

I see you have moved from w32dasm to Olly since the old tuts.

Also the tutorials you are writing are very good by the way, Some people skip steps and tend to not explain what is going on.
Just wanted to let you know what i think about your time it take to write out and capture images to get a good tutorial together.
Some dont realize how much time it takes to go and get everything together and explain it in such a way for someone to understand it.
Very good tutorial.
Im actually surprised that Quake 3 only has 1 cd check lmao, unlike ages of empires with 14.

Ollydbg is the ultimate free tool....... i like your custom ini you have :PDue to the continuous encouragment from ppl like you, I will be delivering more and more tutorials. I have moved to OllyDbg coz, its a Debugger + Hex-Editor, in the case of W32Dasm, you need to convert the virtual offset and patch using hex-editor, this is not needed in case of OllyDbg, you can directly edit the instructions. BTW I downloaded my Ollydbg from a cracking site.. so its already customized. There are a lot of custom ollydbg circulating in the internet.

The entire forum apretiaties your tutorials crativity..
We thought you would have knows So i guess we havent said..

So some rep on the way for you :D
:(
Seems i cannot give again to you as i havent shared it out enough since the last time i gave you rep lol. (did not remember that i had)
But that just goes to show that We do all apretiate :) and have done.Thanks for your support and rep ppl! I love this forum just as all you ppl do.. this forum rocks !
But was not able to visit the forum cuz I was addicted to OKRUT and TAGGED. Now totally fed up with those.. and moved on to Deviantart and Forums !
Forums seem to educate me a lot. Browsing a lot of forums.

hey all can anybody tell me how to unwrap the elicense 4 that has no trial button step by step plz as i'm a beginner

hey all can anybody tell me how to unwrap the elicense of theatre of war step by step plz as i'm a beginner

Sure, buy the software ... eLicense is not copy protection, but implemented to prevent unauthorized use of software. You will not get help with any illegal activity here at MGF, so please do not post such requests in the future :nono:

I have tried to find a crack for the pc game Hexalot (without a cd) and am not having any luck. Any advice that you can give me?

Thanks
Deb

Any advanced tutorial how to crack Bioshock? :entlueft::clap:

Any advanced tutorial how to crack Bioshock? :entlueft::clap:Currently am not into cracking. Will continue the tutorial when I find an easy way to crack. Mostly will be concentrating on NO-CD cracks only.

I have tried to find a crack for the pc game Hexalot (without a cd) and am not having any luck. Any advice that you can give me?

Thanks
DebI dont think that game requires a CD. Better get a full version of the game.

thanx for this good tutorial

I can't get the error message because then my computer reboots or I am getting a BSOD. The game i want to crack is Pro Cyling Manger 2008, I want to crack the latest patch. I tried to do it by a friend but when we search for Attention we can't find anything. The game has a "PCM Protection.exe". Someone could help? :cry_ani:

(Sorry for my bad English thats because I am from Holland)

I can't get the error message because then my computer reboots or I am getting a BSOD.Some games use strong protection like starforce. They cannot be cracked using this method. They will often show you the BSOD.

Some games use strong protection like starforce. They cannot be cracked using this method. They will often show you the BSOD.
How can i crack it then?:confused:

Because there is no no-cd cracks available for Neverwinter Nights 2 past version 1.11.1153, I would like to create my own cracks for the game so that I can use it in Linux (Wine) instead of Windows. Since I am new to this, I am just wondering if the methods you have suggested here can be applied to this game or if I have to use a different method.

Thanks for your advice.

hey all firstly thanks very much for the tutorials :D

now here is my query i want to make a crack for the sims 2 i expected to find a working 1 as never had trouble before but my sims 2 wont work on vista untill the upgrade so when i upgrade and try the patches i have it still says cannot locate cd-rom i have tried searching the string ref in win32dasm and also followed tutorial 3 with ollydbg im wondering if anyone can help many thanks :confused: