Double DOS ? DOUBLEDO EXE BX = ? CX = ? Big Al & Coffee Man
Spot Light ? SL EXE BX = 0 CX = 6700
Dr. Halo II 2.00 DRHALO EXE BX = 2 CX = A000
The following instructions show you how to bypass the SoftGuard copy
protection scheme using dBase III version 1.10 as an example. To use it
with other products, simply substitute the values in the table above for
the values given below. The only things that change are the file name,
and the size that goes in the BX:CX register pair.
First, using your valid, original dBase III diskette, install it on
a fixed disk. You cannot use this text to unprotect the floppy directly!
Softguard hides three files in your fixed disk root directory: CML0200.HCL,
VDF0200.VDW, and DBASE.EXE. It also copies DBASE.COM into your chosen dBase
directory. DBASE.EXE is the real dBase III program, encrypted. (This file
might also be named DBASE.LOD, but is the same thing.)
Second, un-hide the three files in the root directory. You can do
this with the programs ALTER.COM or FM.COM found on any BBS.
Make copies of the three files, and of DBASE.COM, into some other
directory.
Hide the three root files again using ALTER or FM.
Following the dBase instructions, UNINSTALL dBase III. You can now
put away your original dBase diskette. We are done with it.
Next we will make some patches to CML0200.HCL to allow us to trace
through the code in DEBUG. These patches will keep it from killing our
interrupt vectors.
debug cml0200.hcl
e 3F9 <CR> 2A.4A <CR> ; change the 2A to 4A
e 49D <CR> F6.16 <CR> ; if any of these numbers don't show up
e 506 <CR> E9.09 <CR> ; it's not working.
e A79 <CR> 00.20 <CR> ;
e AE9 <CR> 00.20 <CR> ;
e 73C 97 FA FA F4 F1 7E <CR> ; this is an encrypted call to 0:300
w ; write out the new CML file
q ; quit debug
Now copy your four saved files back into the root directory and
hide the CML0200.HCL, VDF0200.VDW, and DBASE.EXE files using ALTER or FM.è
We can now run DBASE.COM using DEBUG, trace just up to the point
where it has decrypted DBASE.EXE, then write that file out.
**** USE THE FILE NAME LISTED IN THE TABLE ABOVE ****
**** E.G. USE FW.COM INSTEAD OF DBASE.COM FOR FRAMEWORK ****
debug DBASE.com ; name of file that runs the product
r <CR> ; dump debug's registers
**** WRITE DOWN THE VALUE OF DS FOR USE BELOW. ****
**** THIS VALUE IS DEPENDENT ON YOUR PARTICULAR MACHINE. ****
a 0:300 <CR> ; we must assemble some code here
pop ax
cs:
mov [320],ax ; save return address
pop ax
cs:
mov [322],ax
push es ; set up stack the way we need it
mov ax,20
mov es,ax
mov ax,0
cs:
jmp far ptr [320] ; jump to our return address
<CR>
g 406 ; now we can trace CML
t
g 177 ; this stuff just traces past some
g 1E9 ; encryption routines.
t
g 54E ; wait while reading VDF & FAT
g=559 569
g=571 857 ; DBASE.EXE has been decrypted
**** USE THE FILE SIZE LISTED IN THE TABLE ABOVE ****
**** THE VALUES HERE ARE FOR DBASE III 1.10 ONLY ****
rBX <CR>
:1 ; set BX to 1 for dBase
rCX <CR>
:AC00 ; set CX to AC00 for dBase
**** USE THE FILE NAME LISTED IN THE TABLE ABOVE ****
nDBASE.bin ; name of file to write to
w XXXX:100 ; where XXXX is the value of DS that
; you wrote down at the begining.
q ; quit debug
Last, unhide and delete the three root files CML0200.HCL, VDF0200.VDW,
and DBASE.EXE. Delete DBASE.COM and rename DBASE.BIN to DBASE.EXE. This is
the real dBase III program without any SoftGuard code or encryption. It
requires only the DBASE.OVL file to run. Every protected program I have seenèhas the .EXE extention, but it is possible to use Softguard to encrypt .COM
files too. See the table above for the proper extention to put on the de-