Shareware Grab Bag

home *** CD-ROM | disk | FTP | other *** search

/ Shareware Grab Bag / Shareware Grab Bag.iso / 009 / frmwrk11.unp < prev next >

Wrap

Text File | 1985-07-23 | 5KB | 100 lines

FRAMEWORK version 1.10 - Unprotect by The Lone Victor The following instructions show you how to bypass the SoftGuard copy protection scheme used on Framework version 1.10. This is the same scheme used for dBase III 1.10 and for Wordstar 2000 1.00. Wordstar 2000 version 1.10 does not use a copy protection scheme, while versions 1.00 of dBase III and FrameWork used ProLock. To unprotect Prolock disks read the file PROLOCK.UNP. First, using your valid, original FRAMEWORK diskette, install it on a fixed disk. Softguard hides three files in your root directory: CML0200.HCL, VDF0200.VDW, and FW.LOD It also copies FW.COM into your chosen Framework directory. FW.LOD is the real Framework program, encrypted. When you run FW, the program FW.COM loads CML0200.HCL high in memory and runs it. CML decrypts itself and reads VDF0200.VDW. The VDF file contains some code and data from the fixed disk FAT at the time of installation. By comparing the information in the VDF file with the current FAT, CML can tell if the CML, VDF, and DBASE.EXE files are in the same place on the disk where they were installed. If they have moved, say from a backup & restore, then Framework will not run. Second, un-hide the three files in the root directory. You can do this with the program ALTER.COM found on any BBS. Make copies of the three files, and of FW.COM, into some other directory. Hide the three root files again using ALTER. eg: ALTER FW.LOD HA Following the Framework instructions, UNINSTALL Framework. You can now put away your original Framework diskette. We are done with it. Next we will make some patches to CML0200.HCL to allow us to trace through the code in DEBUG. These patches will keep it from killing our interrupt vectors. debug cml0200.hcl e 3F9 <CR> 2A.4A <CR> ; change the 2A to 4A e 49D <CR> F6.16 <CR> ; if any of these numbers don't show up e 506 <CR> E9.09 <CR> ; it's not working. e A79 <CR> 00.20 <CR> ; e AE9 <CR> 00.20 <CR> ; e 73C 97 FA FA F4 F1 7E <CR> ; this is an encrypted call to 0:300 w ; write out the new CML file q ; quit debug Now copy your four saved files back into the root directory and hide the CML0200.HCL, VDF0200.VDW, and FW.LOD files using ALTER. We can now run FW.COM using DEBUG, trace just up to the point where it has decrypted FW.LOD, then write that file out. debug FW.COM r <CR> ; write down the value of DS for use below. a 0:300 <CR> ; we must assemble some code here pop ax cs: mov [320],ax ; save return address pop ax cs: mov [322],ax push es ; set up stack the way we need it mov ax,20 mov es,ax mov ax,0 cs: jmp far ptr [320] ; jump to our return address <CR> g 406 ; now we can trace CML t g 177 ; this stuff just traces past some g 1E9 ; encryption routines. t g 54E ; wait while reading VDF & FAT g=559 569 g=571 857 ; FW.LOD has been decrypted rBX <CR> ; length FW.LOD = 2F400 bytes :2 ; set BX to 2 rCX <CR> :F400 ; set CX to AC00. nFWX ; name of file to write to w XXXX:100 ; where XXXX is the value of DS that ; you wrote down at the begining. q ; quit debug Last, unhide and delete the three root files CML0200.HCL, VDF0200.VDW, and FW.LOD. Delete FW.COM and rename FWX to FW.EXE. This is the real Framework program without any SoftGuard code or encryption. It requires only the FW.OVL file to run.