home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Tech Arsenal 1
/
Tech Arsenal (Arsenal Computer).ISO
/
tek-03
/
unprobas.zip
/
UNPROBAS.DOC
< prev
Wrap
Text File
|
1985-05-26
|
4KB
|
78 lines
UnProtecting Basic Programs
v 0.1 of Tue May 21 85
Unprotecting BASICA (or GW Basic) files is a fairly simple task, if
you have the right tools and know what to look for. The following
sequence is the procedure for creating a copy of BASICA, version 2.0,
that will NOT test the protect flag when you ask for a LIST, LLIST,
SAVE, etc. Here I use Microsoft's SYMDEB version 3 (part of version
3 MASM-86) but the same can be done with DEBUG. This procedure is
possible as the BasicA LOAD or implied (command line) program load both
convert the program to BasicA's normal tokenized internal format and
just relies on an internal flag to disallow those commands. This patch
changes that flag test to always return "allowed". The comments below
following the "*" character have been added as an explanation.
In the following we patch the main version of BASICA (in this version, three
programs make up the BASIC set, they are named BASIC.COM, BASICA.COM
and BASICA.EXE. The first two are just loaders for the latter, which
we'll patch).
Note, finally, that the search pattern I used is for the OR AL,AL
JMP +2 POPF RET and JMP opcodes, which makes the search version inde-
pendent (where the exact addresses may vary).
D> copy basica.exe b.xxx * Make a writable copy to patch
1 File(s) copied * (DEBUG won't write .EXE files).
D> SymDeb b.xxx * Invoke SYMDEB, or use DEBUG B.XXX
Microsoft Symbolic Debug Utility
Version 3.00
(C)Copyright Microsoft Corp 1984
Processor is [8086]
-s cs:0 l ffff 0a c0 75 02 9d c3 e9 * Search for the test, NO addresses.
786B:A557 * SYMDEB only found the right address.
-u cs:a554 * UNASSEMBLE 3 bytes BEFORE that.
786B:A554 A00C06 MOV AL,[060C]
786B:A557 0AC0 OR AL,AL
786B:A559 7502 JNZ A55D
786B:A55B 9D POPF
786B:A55C C3 RET
786B:A55D E95068 JMP 0DB0
786B:A560 807C2800 CMP Byte Ptr [SI+28],00
786B:A564 7403 JZ A569
* NOTE in the above that the address
* of the first instruction may vary
* slightly with the BASICA version.
-a cs:a554 * ASSEMBLE the following patch:
786B:A554 mov al,0 * Put a zero into AL,
786B:A556 nop * NOP for the correct code length.
786B:A557 * RETURN only to stop ASSEMBLE.
-u cs:a554 * UNASSEMBLE the code to check it.
786B:A554 B000 MOV AL,00
786B:A556 90 NOP
786B:A557 0AC0 OR AL,AL
786B:A559 7502 JNZ A55D
786B:A55B 9D POPF
786B:A55C C3 RET
786B:A55D E95068 JMP 0DB0
786B:A560 807C2800 CMP Byte Ptr [SI+28],00
-w * Looks good, WRITE it to disk,
Writing FF90 bytes * this may vary slightly on yours,
-q * and QUIT the SYMDEBugger.
D> Ren b.xxx b-unprot.exe * REName the file to use it.
D>
That does it. You now have a program named B-UnProt that will allow you
to load a protected file, LIST, SAVE, edit, etc, it to your heart's content.
If anyone is interested in the technique used to determine this patch, let
me know and I'll detail it. In short, SYMDEB made it easier, but the same
"tricks" can be done even with a primitive debugger, such as DEBUG.
Also, if your version does NOT give you an address, let me know and I'll
attempt to provide additional information. Forward any comments to me.
Enjoy. Len C... [72115,214]