MSG LEFT BY: RESET VECTOR IN THESE DAYS OF POWERFUL CRACKING TOOLS LIKE NMI BOARDS AND ADVANCED DEMUFFIN, IT IS FAIRLY EASY FOR A NOVICE AT THE TRADE TO CRACK A LARGE NUMBER OF PROGRAMS. I THINK THAT MOST NOVICES, HOWEVER, THINK THAT THE SECTMOD IS SOMETHING RESERVED FOR THOSE CRACKING GENIUSES WHO SPEAK MACHINE LANGUAGE AS WELL AS THEY SPEAK ENGLISH. WELL, TO A CERTAIN EXTENT THIS IS TRUE, BUT THERE IS NO REASON FOR THE CRACKER WITH LITTLE KNOWLEDGE OF MACHINE OR ASSEMBLER TO GIVE UP WITHOUT TRYING. THERE ARE CERTAIN TRICKS YOU CAN USE TO DO SUCCESSFUL SECTMODS EVEN IF YOU KNOW HARDLY ANY MACHINE LANGUAGE AT ALL! NOW FOR THE ASTOUNDING TRUE CONFESSION - IF YOU HAVE BEEN READING BOARD #2 YOU WILL HAVE SEEN QUITE A LARGE NUMBER OF SECTMODS POSTED BY ME, AND YOU PROBABLY THINK I KNOW A LOT ABOUT PROGRAMMING. THE TRUTH IS THAT I KNOW ALMOST NO MACHINE LANGUAGE AT ALL! DOING A SUCCESSFUL SECTMOD IS ON A PAR WITH A RELIGIOUS EXPERIENCE (AT LEAST IF YOU HAVEN'T DONE A LOT OF THEM) SO LET'S GET CRACKING... THERE ARE A FEW TOOLS YOU WILL NEED IN ORDER TO EMBARK UPON THIS STUDY. FIRST OF ALL, YOU WILL NEED SOME METHOD OF SEARCHING A DISK FOR A STRING OF HEX. THE BEST PROGRAM FOR THIS PURPOSE IS THE TRACER FROM THE C.I.A. FILES, BECAUSE IT ALLOWS YOU TO DO WILDCARD SEARCHES. I ALSO USE DISK EDIT BECAUSE IT IS VERY FAST. THE SECOND TOOL YOU NEED IS AN NMI BOARD. ANY BOARD THAT GIVES YOU THE ADDRESS OF THE PROGRAM COUNTER AND THE ADDRESSES ON THE STACK WILL DO JUST FINE (AND I THINK THEY JUST ABOUT ALL DO THIS). REPLAY ][ IS BY FAR MY FAVORITE BOARD, BUT WHATEVER YOU HAVE IS OK. FINALLY YOU NEED A SECTOR EDITOR THAT WILL ALLOW YOU TO DISASSEMBLE A SECTOR; I FIND ZAP FROM BAG OF TRICKS THE EASIEST TO USE, BUT A LOT OF THEM ARE JUST FINE. NOW, THE FIRST TYPE OF DISK YOU WILL WANT TO SECTMOD IS THE ONE THAT IS NORMALLY FORMATTED (CAN BE COPIED WITH COPYA) BUT WILL NOT BOOT WHEN COPIED. THE EINSTEIN COMPILER (VERSION 5.2) IS A GOOD EXAMPLE OF THIS. THE FIRST THING TO DO IS TO COPY THE DISK AND THEN SEARCH THE DISK FOR THE HEX STRING BD 8C C0. THIS IS COMMONLY USED CODE TO SET UP THE DISK DRIVE AND CHECK FOR A CERTAIN SIGNATURE (USUALLY A SEQUENCE OF BYTES) ON THE DISK. WRITE DOWN EACH SECTOR WHERE YOU FIND THIS SEQUENCE. NOW EINSTEIN WAS NICE BECAUSE THIS SEQUENCE IS FOUND ONLY ONCE ON THE WHOLE DISK. IF YOU THEN USE YOUR SECTOR EDITOR TO DISASSEMBLE THE AREA WHERE YOU FOUND THIS BD 8C C0, YOU WILL FIND THAT THAT CODE IS FOLLOWED BY A BUNCH OF CMP AND BNE OR BEQ OR BPL (THE LATTER BEING CODES DIRECTING YOUR APPLE WHERE TO BRANCH IF IT FINDS OR DOESN'T FIND WHAT IT IS LOOKING FOR IN THE CMP - COMPARE - STATEMENT). YOU WILL FIND THIS ALL REPEATED SEVERAL TIMES. GENERALLY, AT THE END OF ALL THIS YOU WILL FIND AN RTS ("60"), AND THE FIRST WAY TO TRY TO CRACK A PROGRAM LIKE THIS IS TO JUST MOVE THE RTS TO THE VERY START OF THAT CODE AND THEN SEE IF THE PROGRAM WILL RUN. HOWEVER, WITH EINSTEIN IF YOU LOOK THROUGH ALL THE CODE IN THAT AREA, YOU WILL SEE THAT AT THE END IS A JMP INSTRUCTION; WHAT HAPPENS IS THAT IF THE PROGRAM FINDS EVERYTHING IT IS LOOKING FOR, IT FALLS THROUGH TO THIS JMP INSTRUCTION. NOW, WE KNOW IT IS NOT GOING TO FIND WHAT IT IS LOOKING FOR, BUT WE WANT IT TO EXECUTE THE JMP TO START THE PROGRAM, SO ALL YOU DO IS MOVE THAT JMP INSTRUCTION TO THE START OF THAT AREA OF CODE AND VOILA! - COPYA EINSTEIN COMPILER! SEE THE NEXT MESSAGE...