home *** CD-ROM | disk | FTP | other *** search
/ The Elite Hackers Toolkit / TheEliteHackersToolkitVolume1_1998.rar / HACKERS.BIN / appcraks / C4N_EXI.ZIP / EXILE-C.TXT < prev    next >
Text File  |  1990-01-01  |  11KB  |  278 lines

  1. Program         : Exile I - Escape from the Pit
  2. Cracked by      : drlan
  3. Date            : 09/27/97
  4. Protection      : Registration key, based on a given code
  5.                 : creates a file called MISC.DAT
  6.  
  7. Here's all the relevant code from the dead listing.
  8.  
  9. * Referenced by a (U)nconditional or (C)onditional Jump at Address:
  10. |:0013.2223(U)
  11. |
  12. :0013.2258 83FF0A                 cmp di, 000A
  13. :0013.225B 7CC8                   jl 2225
  14. :0013.225D 66817EE6D0070000       cmp dword ptr [bp+7E], 000007D0
  15. :0013.2265 7522                   jne 2289
  16. :0013.2267 B80000                 mov ax, 0000
  17. :0013.226A 8EC0                   mov es, ax
  18. :0013.226C 26C6065D6401           mov byte ptr es:[645D], 01
  19. :0013.2272 56                     push si
  20. :0013.2273 9AFFFF0000             call KERNEL._LCLOSE
  21.  
  22. * Possible Reference to Menu: MenuID_0001 
  23.                                   |
  24. * Possible Ref to Menu: MenuID_0001, Item: "New Game   Ctrl+N"
  25.                                   |
  26. * Possible Reference to String Resource ID=00001: "9"
  27.                                   |
  28. :0013.2278 6A01                   push 0001
  29. :0013.227A 90                     nop
  30. :0013.227B 0E                     push cs
  31. :0013.227C E8E700                 call 2366
  32. :0013.227F 59                     pop cx
  33. :0013.2280 33D2                   xor dx, dx
  34.  
  35. * Possible Reference to Menu: MenuID_0001 
  36.                                   |
  37. * Possible Ref to Menu: MenuID_0001, Item: "New Game   Ctrl+N"
  38.                                   |
  39. * Possible Reference to String Resource ID=00001: "9"
  40.                                   |
  41. :0013.2282 B80100                 mov ax, 0001
  42. :0013.2285 EB3B                   jmp 22C2
  43.  
  44. :0013.2287 EB2C                   jmp 22B5
  45.  
  46. * Referenced by a (U)nconditional or (C)onditional Jump at Address:
  47. |:0013.2265(C)
  48. |
  49. :0013.2289 66FF76EA               push word ptr [bp-16]
  50. :0013.228D 90                     nop
  51. :0013.228E 0E                     push cs
  52. :0013.228F E83900                 call 22CB
  53. :0013.2292 83C404                 add sp, 0004
  54. :0013.2295 6698                   cwde
  55. :0013.2297 663B46EE               cmp eax, [bp-12]
  56. :0013.229B 7518                   jne 22B5
  57. :0013.229D B80000                 mov ax, 0000
  58. :0013.22A0 8EC0                   mov es, ax
  59. :0013.22A2 26C606666401           mov byte ptr es:[6466], 01
  60. :0013.22A8 56                     push si
  61. :0013.22A9 9AFFFF0000             call KERNEL._LCLOSE
  62. :0013.22AE 33D2                   xor dx, dx
  63.  
  64. [ code snipped ]
  65.  
  66. This calucalates the Registration Code.  The code is contained in AX
  67. and [BP-06] when this function completes.
  68.  
  69. * Referenced by a CALL at Addresses:
  70. |:0013.228F, :0013.242A
  71. |
  72. :0013.22CB 8CD0                   mov ax, ss
  73. :0013.22CD 90                     nop
  74. :0013.22CE 45                     inc bp
  75. :0013.22CF 55                     push bp
  76. :0013.22D0 8BEC                   mov bp, sp
  77. :0013.22D2 1E                     push ds
  78. :0013.22D3 8ED8                   mov ds, ax
  79. :0013.22D5 83EC04                 sub sp, 0004
  80. :0013.22D8 668B4606               mov eax, [bp+06]
  81. :0013.22DC 666BC017               imul eax, 00000017
  82. :0013.22E0 668946FA               mov [bp-06], eax
  83. :0013.22E4 668B46FA               mov eax, [bp-06]
  84. :0013.22E8 66BB341B0F00           mov ebx, 000F1B34
  85. :0013.22EE 6699                   cdq
  86. :0013.22F0 66F7FB                 idiv ebx
  87. :0013.22F3 668956FA               mov [bp-06], edx
  88. :0013.22F7 668B46FA               mov eax, [bp-06]
  89. :0013.22FB 6605D0CB0000           add eax, 0000CBD0
  90. :0013.2301 668946FA               mov [bp-06], eax
  91. :0013.2305 668B46FA               mov eax, [bp-06]
  92. :0013.2309 666BC007               imul eax, 00000007
  93. :0013.230D 668946FA               mov [bp-06], eax
  94. :0013.2311 668B46FA               mov eax, [bp-06]
  95. :0013.2315 66BBA0BB0D00           mov ebx, 000DBBA0
  96. :0013.231B 6699                   cdq
  97. :0013.231D 66F7FB                 idiv ebx
  98. :0013.2320 668956FA               mov [bp-06], edx
  99. :0013.2324 668B46FA               mov eax, [bp-06]
  100. :0013.2328 6605A0860100           add eax, 000186A0
  101. :0013.232E 668946FA               mov [bp-06], eax
  102. :0013.2332 668B46FA               mov eax, [bp-06]
  103. :0013.2336 66BB30750000           mov ebx, 00007530
  104. :0013.233C 6699                   cdq
  105. :0013.233E 66F7FB                 idiv ebx
  106. :0013.2341 6683C264               add edx, 00000064
  107. :0013.2345 668956FA               mov [bp-06], edx
  108. :0013.2349 8B46FA                 mov ax, [bp-06]
  109. :0013.234C EB00                   jmp 234E
  110.  
  111. * Referenced by a (U)nconditional or (C)onditional Jump at Address:
  112. |:0013.234C(U)
  113. |
  114. :0013.234E 59                     pop cx
  115. :0013.234F 59                     pop cx
  116. :0013.2350 1F                     pop ds
  117. :0013.2351 5D                     pop bp
  118. :0013.2352 4D                     dec bp
  119. :0013.2353 CB                     retf
  120.  
  121. :0013.2354 6D6973632E64617400     DB "misc.dat",0
  122.  
  123. :0013.235D 6D6973632E64617400     DB "misc.dat",0
  124.  
  125. * Referenced by a CALL at Addresses:
  126. |:0013.21CE, :0013.227C
  127. |
  128. :0013.2366 8CD0                   mov ax, ss
  129. :0013.2368 90                     nop
  130. :0013.2369 45                     inc bp
  131. :0013.236A 55                     push bp
  132. :0013.236B 8BEC                   mov bp, sp
  133. :0013.236D 1E                     push ds
  134. :0013.236E 8ED8                   mov ds, ax
  135. :0013.2370 81EC9400               sub sp, 0094
  136. :0013.2374 56                     push si
  137. :0013.2375 57                     push di
  138. :0013.2376 66C746F600000000       mov dword ptr [bp-0A], 00000000
  139. :0013.237E 66C746F204000000       mov dword ptr [bp-0E], 00000004
  140. :0013.2386 0E                     push cs
  141. :0013.2387 685423                 push 2354
  142. :0013.238A 16                     push ss
  143. :0013.238B 8D866AFF               lea ax, [bp+FF6A]
  144. :0013.238F 50                     push ax
  145. :0013.2390 680104                 push 0401
  146. :0013.2393 9AFFFF0000             call KERNEL.OPENFILE
  147. :0013.2398 8BF8                   mov di, ax
  148. :0013.239A 83FFFF                 cmp di, FFFF
  149. :0013.239D 7514                   jne 23B3
  150. :0013.239F 0E                     push cs
  151. :0013.23A0 685D23                 push 235D
  152. :0013.23A3 16                     push ss
  153. :0013.23A4 8D866AFF               lea ax, [bp+FF6A]
  154. :0013.23A8 50                     push ax
  155. :0013.23A9 680114                 push 1401
  156. :0013.23AC 9AFFFF0000             call KERNEL.OPENFILE
  157. :0013.23B1 8BF8                   mov di, ax
  158.  
  159. * Referenced by a (U)nconditional or (C)onditional Jump at Address:
  160. |:0013.239D(C)
  161. |
  162. :0013.23B3 83FFFF                 cmp di, FFFF
  163. :0013.23B6 751C                   jne 23D4
  164. :0013.23B8 0E                     push cs
  165. :0013.23B9 E84DEA                 call 0E09
  166. :0013.23BC B80000                 mov ax, 0000
  167. :0013.23BF 8EC0                   mov es, ax
  168. :0013.23C1 6626C7063897FFFFFFFF   mov dword ptr es:[9738], FFFFFFFF
  169. :0013.23CB BAFFFF                 mov dx, FFFF
  170. :0013.23CE B8FFFF                 mov ax, FFFF
  171. :0013.23D1 E9B900                 jmp 248D
  172.  
  173. * Referenced by a (U)nconditional or (C)onditional Jump at Address:
  174. |:0013.23B6(C)
  175. |
  176. :0013.23D4 57                     push di
  177. :0013.23D5 666A00                 push 00000000
  178. :0013.23D8 6A00                   push 0000
  179. :0013.23DA 9AFFFF0000             call KERNEL._LLSEEK
  180. :0013.23DF 33F6                   xor si, si
  181. :0013.23E1 E99500                 jmp 2479
  182.  
  183. * Referenced by a (U)nconditional or (C)onditional Jump at Address:
  184. |:0013.247C(C)
  185. |
  186. :0013.23E4 68A861                 push 61A8
  187. :0013.23E7 688813                 push 1388
  188.  
  189. * Possible Reference to Menu: MenuID_0001 
  190.                                   |
  191. * Possible Ref to Menu: MenuID_0001, Item: "New Game   Ctrl+N"
  192.                                   |
  193. * Possible Reference to String Resource ID=00001: "9"
  194.                                   |
  195. :0013.23EA 6A01                   push 0001
  196. :0013.23EC 9AFFFF0000             call 0004.0000h
  197. :0013.23F1 83C406                 add sp, 0006
  198. :0013.23F4 6698                   cwde
  199. :0013.23F6 668946FA               mov [bp-06], eax
  200. :0013.23FA 837E0602               cmp word ptr [bp+06], 0002
  201. :0013.23FE 7513                   jne 2413
  202. :0013.2400 83FE06                 cmp si, 0006
  203. :0013.2403 750E                   jne 2413
  204. :0013.2405 B80000                 mov ax, 0000
  205. :0013.2408 8EC0                   mov es, ax
  206. :0013.240A 6626A13897             mov eax, dword ptr es:[9738]
  207. :0013.240F 668946FA               mov [bp-06], eax
  208.  
  209. * Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
  210. |:0013.23FE(C), :0013.2403(C)
  211. |
  212. :0013.2413 837E0602               cmp word ptr [bp+06], 0002
  213. :0013.2417 751D                   jne 2436
  214. :0013.2419 83FE07                 cmp si, 0007
  215. :0013.241C 7518                   jne 2436
  216. :0013.241E B80000                 mov ax, 0000
  217. :0013.2421 8EC0                   mov es, ax
  218. :0013.2423 6626FF363897           push word ptr es:[9738]
  219. :0013.2429 0E                     push cs
  220. :0013.242A E89EFE                 call 22CB
  221. :0013.242D 83C404                 add sp, 0004
  222. :0013.2430 6698                   cwde
  223. :0013.2432 668946FA               mov [bp-06], eax
  224.  
  225. * Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
  226. |:0013.2417(C), :0013.241C(C)
  227. |
  228. :0013.2436 83FE05                 cmp si, 0005
  229. :0013.2439 7514                   jne 244F
  230. :0013.243B 837E0600               cmp word ptr [bp+06], 0000
  231. :0013.243F 7505                   jne 2446
  232.  
  233. * Possible Reference to Dialog: DialogID_07D0 
  234.                                   |
  235. :0013.2441 B8D007                 mov ax, 07D0
  236. :0013.2444 EB03                   jmp 2449
  237.  
  238. * Referenced by a (U)nconditional or (C)onditional Jump at Address:
  239. |:0013.243F(C)
  240. |
  241. * Possible Reference to Dialog: DialogID_03E8 
  242.                                   |
  243. :0013.2446 B8E803                 mov ax, 03E8
  244.  
  245. * Referenced by a (U)nconditional or (C)onditional Jump at Address:
  246. |:0013.2444(U)
  247. |
  248. :0013.2449 6698                   cwde
  249. :0013.244B 668946FA               mov [bp-06], eax
  250.  
  251. * Referenced by a (U)nconditional or (C)onditional Jump at Address:
  252. |:0013.2439(C)
  253. |
  254. :0013.244F 83FE06                 cmp si, 0006
  255. :0013.2452 7517                   jne 246B
  256. :0013.2454 668B46FA               mov eax, [bp-06]
  257. :0013.2458 668946F6               mov [bp-0A], eax
  258. :0013.245C B80000                 mov ax, 0000
  259. :0013.245F 668B56FA               mov edx, [bp-06]
  260. :0013.2463 8EC0                   mov es, ax
  261. :0013.2465 662689163897           mov es:[9738], edx
  262.  
  263. * Referenced by a (U)nconditional or (C)onditional Jump at Address:
  264. |:0013.2452(C)
  265. |
  266. :0013.246B 57                     push di
  267. :0013.246C 16                     push ss
  268. :0013.246D 8D46FA                 lea ax, [bp-06]
  269. :0013.2470 50                     push ax
  270.  
  271. * Possible Ref to Menu: MenuID_0001, Item: "Save As..."
  272.  
  273. Search  : 83C4043B46FC751E
  274. Replace :             9090
  275.  
  276. Don't take the "bad guy" jump (jnz).
  277.  
  278.