Tech Arsenal 1

home *** CD-ROM | disk | FTP | other *** search

/ Tech Arsenal 1 / Tech Arsenal (Arsenal Computer).ISO / tek-03 / unprobas.zip / UNPROBAS.DOC < prev

Wrap

Text File | 1985-05-26 | 4KB | 78 lines

UnProtecting Basic Programs v 0.1 of Tue May 21 85 Unprotecting BASICA (or GW Basic) files is a fairly simple task, if you have the right tools and know what to look for. The following sequence is the procedure for creating a copy of BASICA, version 2.0, that will NOT test the protect flag when you ask for a LIST, LLIST, SAVE, etc. Here I use Microsoft's SYMDEB version 3 (part of version 3 MASM-86) but the same can be done with DEBUG. This procedure is possible as the BasicA LOAD or implied (command line) program load both convert the program to BasicA's normal tokenized internal format and just relies on an internal flag to disallow those commands. This patch changes that flag test to always return "allowed". The comments below following the "*" character have been added as an explanation. In the following we patch the main version of BASICA (in this version, three programs make up the BASIC set, they are named BASIC.COM, BASICA.COM and BASICA.EXE. The first two are just loaders for the latter, which we'll patch). Note, finally, that the search pattern I used is for the OR AL,AL JMP +2 POPF RET and JMP opcodes, which makes the search version inde- pendent (where the exact addresses may vary). D> copy basica.exe b.xxx * Make a writable copy to patch 1 File(s) copied * (DEBUG won't write .EXE files). D> SymDeb b.xxx * Invoke SYMDEB, or use DEBUG B.XXX Microsoft Symbolic Debug Utility Version 3.00 (C)Copyright Microsoft Corp 1984 Processor is [8086] -s cs:0 l ffff 0a c0 75 02 9d c3 e9 * Search for the test, NO addresses. 786B:A557 * SYMDEB only found the right address. -u cs:a554 * UNASSEMBLE 3 bytes BEFORE that. 786B:A554 A00C06 MOV AL,[060C] 786B:A557 0AC0 OR AL,AL 786B:A559 7502 JNZ A55D 786B:A55B 9D POPF 786B:A55C C3 RET 786B:A55D E95068 JMP 0DB0 786B:A560 807C2800 CMP Byte Ptr [SI+28],00 786B:A564 7403 JZ A569 * NOTE in the above that the address * of the first instruction may vary * slightly with the BASICA version. -a cs:a554 * ASSEMBLE the following patch: 786B:A554 mov al,0 * Put a zero into AL, 786B:A556 nop * NOP for the correct code length. 786B:A557 * RETURN only to stop ASSEMBLE. -u cs:a554 * UNASSEMBLE the code to check it. 786B:A554 B000 MOV AL,00 786B:A556 90 NOP 786B:A557 0AC0 OR AL,AL 786B:A559 7502 JNZ A55D 786B:A55B 9D POPF 786B:A55C C3 RET 786B:A55D E95068 JMP 0DB0 786B:A560 807C2800 CMP Byte Ptr [SI+28],00 -w * Looks good, WRITE it to disk, Writing FF90 bytes * this may vary slightly on yours, -q * and QUIT the SYMDEBugger. D> Ren b.xxx b-unprot.exe * REName the file to use it. D> That does it. You now have a program named B-UnProt that will allow you to load a protected file, LIST, SAVE, edit, etc, it to your heart's content. If anyone is interested in the technique used to determine this patch, let me know and I'll detail it. In short, SYMDEB made it easier, but the same "tricks" can be done even with a primitive debugger, such as DEBUG. Also, if your version does NOT give you an address, let me know and I'll attempt to provide additional information. Forward any comments to me. Enjoy. Len C... [72115,214]