home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
Power DOS 1995 July
/
Power_DOS_CD-ROM_Walnut_Creek_July_1995.iso
/
games
/
crackutl
/
cm386201.txt
< prev
next >
Wrap
Text File
|
1993-03-02
|
9KB
|
176 lines
CrackerMate v2.01
Copyright (C)
by ChanWaiKwong Wilfred
December, 1992
All rights reserved
v1.00: original release in August, 1992
v2.00: 1) added DESQview check
2) added CPU type check
3) slightly improved on Data Analysis so that even fructuating
data can also be found, and a default of 'Decrease' has been
assumed if input is not 'i' or 'I'
4) the input segment and offset in Hardware breakpoint option
has been modified so that only 4-digit-input will be accepted
to avoid unnecessary errors
5) built-in debugger is added so that no external debugger is
needed, CrackerMate become a standalone program
6) compability to Tseng Labs vedio card added
7) bugs in instruction fetch of hardware breakpoint fixed
8) bugs in interrupt handling fixed
9) uninstall option added
10) better display, borderline added
v2.01: 1) some bugs in finding empty vector table slots in installing
fixed
Introduction
---------------
CrackerMate is a game cracking program. It provides the ability
to crack the 'life' as well as the password in a game, especially the
password appears in the middle of a game. It is designed to run with
any debugger to provide the game cracking features.
CrackerMate occupies less than 14.5K of base memory only, using
no expanded nor extended memory. It is purely written in assembly lan-
guage. Since the memory usage is so small, it does not restore the screen
completely in graphic mode. Anyway, the screen will still look alright
in graphic mode and do not affect game cracking.
Current version of CrackerMate does not popup in Dos when Dos is
busy. One reason for this implementation is to save memory usage. Another
reason is that there is no point to popup inside Dos itself in respect
to cracking a game (the code cannot be inside Dos!).
System Requirement
---------------------
1) 386+ machine
2) VGA display
3) Dos 3+
About the new built-in debugger
----------------------------------
The built-in debugger provides all compabilities of the debugger
provided in Dos package except a few options. Anyway, the function avail-
able is more than enough in the purpose of cracking a game. You can just
press '?' to see the commands available. With the built-in debugger,
CrackerMate no longer needs an external debugger. Thus the new version
is more reliable and stable. Furthermore, it will save up more memory
as the built-in debugger occupies much less memory than the external one.
If there are any breakpoint errors, error message 'BP Error' will be
shown on screen where BP means BreakPoint (not a register error!).
Currently maximum of 10 breakpoints can be set.
Usage
-------
1) Data analysis:
Just enter two temporary filenames in first analysis.
In the next analysis, user is required to input Increase
or Decrease which mean the current data is supposed to
be an increase or decrease compared to the previous data
analysed.
2) Start another analysis:
Whenever you want to start over the Data analysis, you can
use this option.
3) List address:
This option let you know what is the address found by the
Data Analysis option.
4) Hardware breakpoint:
Whenever you get the address from List address, you can
set a hardware breakpoint on the address. Usually the
breakpoint is 'write memory' kind since the life is
overwritten by the game to a lesser value. You can then
immediately find the code in next 'life decrease'. You
can modify the code to your like by next option Return
to debugger (you should have some knowlege in assembly
language at this point). The cracking life procedure is
finished. Note that when inputing the addresses, all the
four digits must be entered, e.g. 0011 instead of 11.
5) Uninstall:
When you want to free CrackerMate from memory, you can
use this option.
6) Return to debugger:
This option will allow you to return control to debugger.
Thus allow you to debug the game.
7) Return to game:
If you have returned to debugger, this option will allow
you to return from debugger back to game. Make sure you
'run' (the G command in Dos debugger) the game before you
popup CrackerMate and use this option, otherwise the game
will hang and you will need to reboot.
Procedure of cracking 'life'
-----------------------------
Run the game, then popup CrackerMate.
1) Choose Data analysis, choose Decrease as life is decreasing.
Enter the temporary filenames.
2) Press Esc to return to game.
3) When your life decrease, popup CrackerMate again and choose
Data analysis. This time you are not required to input but
wait for the analysis. My 386 machine take about 15 seconds
for the longest one. Then press Esc to return to game.
4) After several analysis, choose List address to find the
possible addresses of the 'life' data. If the life decrease
in the order 3-2-1, you may want to look at the address with
3-2-1 data. Note the data closest to the address is the most
recent value, so you may see the display like:
4000:0011 01 02 03
5) After knowing the address, set a Hardware breakpoint on it.
Since the address is overwritten by the game, choose the
Write memory option. From step 4, the segment is 4000 and
offset is 0011. Make sure you entered all the four digits,
i.e. 0011 instead of 11. After setting up a breakpoint, press
Esc to return to game. CrackerMate will popup when finding the
code address, you can see the break address by choosing the
Hardware breakpoint option again. Then you can press R to
return to debugger to see the code in the address and modify
the code to your like. Notice the break address is the address
immediately after the actual code modifying the data. So if
you find the break address is 1234:5678, you may look at the
code before the address, e.g.,1234:5675, (depends on the code).
(For the Instruction fetch, the break address will be exactly
the same as the code located, a little bit different from
Read/Write memory breadkpoint.)
6) After modifying the code, you can type g to continue executing
the game if in Dos debugger. Then popup CrackerMate again, press
Esc and the screen of the game will be restored, then you can
continue playing the game (Note it is necessary to continue
executing the game before popup CrackerMate again, otherwise you
may never continue to play the game). You can also record down
the code and modify the code directly in the game file so that
the cracking become 'permanent' not 'temporary'.
Procedure of cracking password
--------------------------------
When prompting for a password, you can popup CrackerMate and return
to debugger. Then you can debug the game to crack the password.
Note that the Hotkey is NumLock or Pause as their scan code are the same.
* Note that CrackerMate has conflicts with EMM386.EXE device driver,
so it is necessary to remove EMM386.EXE (if any) in config.sys.
Any comments are welcome, the e-mail address of the writer are
h9109253@hkuxa.hku.hk