home *** CD-ROM | disk | FTP | other *** search

---

/ The Elite Hackers Toolkit / TheEliteHackersToolkitVolume1_1998.rar / HACKERS.BIN / appcraks / C4N_EXI.ZIP / EXILE-C.TXT

< prev

next >

Wrap

Text File  |  1990-01-01  |  11KB  |  278 lines

---

1. Program         : Exile I - Escape from the Pit
2. Cracked by      : drlan
3. Date            : 09/27/97
4. Protection      : Registration key, based on a given code
5.                 : creates a file called MISC.DAT
6.  
7. Here's all the relevant code from the dead listing.
8.  
9. * Referenced by a (U)nconditional or (C)onditional Jump at Address:
10. |:0013.2223(U)
11. |
12. :0013.2258 83FF0A                 cmp di, 000A
13. :0013.225B 7CC8                   jl 2225
14. :0013.225D 66817EE6D0070000       cmp dword ptr [bp+7E], 000007D0
15. :0013.2265 7522                   jne 2289
16. :0013.2267 B80000                 mov ax, 0000
17. :0013.226A 8EC0                   mov es, ax
18. :0013.226C 26C6065D6401           mov byte ptr es:[645D], 01
19. :0013.2272 56                     push si
20. :0013.2273 9AFFFF0000             call KERNEL._LCLOSE
21.  
22. * Possible Reference to Menu: MenuID_0001 
23.                                   |
24. * Possible Ref to Menu: MenuID_0001, Item: "New Game   Ctrl+N"
25.                                   |
26. * Possible Reference to String Resource ID=00001: "9"
27.                                   |
28. :0013.2278 6A01                   push 0001
29. :0013.227A 90                     nop
30. :0013.227B 0E                     push cs
31. :0013.227C E8E700                 call 2366
32. :0013.227F 59                     pop cx
33. :0013.2280 33D2                   xor dx, dx
34.  
35. * Possible Reference to Menu: MenuID_0001 
36.                                   |
37. * Possible Ref to Menu: MenuID_0001, Item: "New Game   Ctrl+N"
38.                                   |
39. * Possible Reference to String Resource ID=00001: "9"
40.                                   |
41. :0013.2282 B80100                 mov ax, 0001
42. :0013.2285 EB3B                   jmp 22C2
43.  
44. :0013.2287 EB2C                   jmp 22B5
45.  
46. * Referenced by a (U)nconditional or (C)onditional Jump at Address:
47. |:0013.2265(C)
48. |
49. :0013.2289 66FF76EA               push word ptr [bp-16]
50. :0013.228D 90                     nop
51. :0013.228E 0E                     push cs
52. :0013.228F E83900                 call 22CB
53. :0013.2292 83C404                 add sp, 0004
54. :0013.2295 6698                   cwde
55. :0013.2297 663B46EE               cmp eax, [bp-12]
56. :0013.229B 7518                   jne 22B5
57. :0013.229D B80000                 mov ax, 0000
58. :0013.22A0 8EC0                   mov es, ax
59. :0013.22A2 26C606666401           mov byte ptr es:[6466], 01
60. :0013.22A8 56                     push si
61. :0013.22A9 9AFFFF0000             call KERNEL._LCLOSE
62. :0013.22AE 33D2                   xor dx, dx
63.  
64. [ code snipped ]
65.  
66. This calucalates the Registration Code.  The code is contained in AX
67. and [BP-06] when this function completes.
68.  
69. * Referenced by a CALL at Addresses:
70. |:0013.228F, :0013.242A
71. |
72. :0013.22CB 8CD0                   mov ax, ss
73. :0013.22CD 90                     nop
74. :0013.22CE 45                     inc bp
75. :0013.22CF 55                     push bp
76. :0013.22D0 8BEC                   mov bp, sp
77. :0013.22D2 1E                     push ds
78. :0013.22D3 8ED8                   mov ds, ax
79. :0013.22D5 83EC04                 sub sp, 0004
80. :0013.22D8 668B4606               mov eax, [bp+06]
81. :0013.22DC 666BC017               imul eax, 00000017
82. :0013.22E0 668946FA               mov [bp-06], eax
83. :0013.22E4 668B46FA               mov eax, [bp-06]
84. :0013.22E8 66BB341B0F00           mov ebx, 000F1B34
85. :0013.22EE 6699                   cdq
86. :0013.22F0 66F7FB                 idiv ebx
87. :0013.22F3 668956FA               mov [bp-06], edx
88. :0013.22F7 668B46FA               mov eax, [bp-06]
89. :0013.22FB 6605D0CB0000           add eax, 0000CBD0
90. :0013.2301 668946FA               mov [bp-06], eax
91. :0013.2305 668B46FA               mov eax, [bp-06]
92. :0013.2309 666BC007               imul eax, 00000007
93. :0013.230D 668946FA               mov [bp-06], eax
94. :0013.2311 668B46FA               mov eax, [bp-06]
95. :0013.2315 66BBA0BB0D00           mov ebx, 000DBBA0
96. :0013.231B 6699                   cdq
97. :0013.231D 66F7FB                 idiv ebx
98. :0013.2320 668956FA               mov [bp-06], edx
99. :0013.2324 668B46FA               mov eax, [bp-06]
100. :0013.2328 6605A0860100           add eax, 000186A0
101. :0013.232E 668946FA               mov [bp-06], eax
102. :0013.2332 668B46FA               mov eax, [bp-06]
103. :0013.2336 66BB30750000           mov ebx, 00007530
104. :0013.233C 6699                   cdq
105. :0013.233E 66F7FB                 idiv ebx
106. :0013.2341 6683C264               add edx, 00000064
107. :0013.2345 668956FA               mov [bp-06], edx
108. :0013.2349 8B46FA                 mov ax, [bp-06]
109. :0013.234C EB00                   jmp 234E
110.  
111. * Referenced by a (U)nconditional or (C)onditional Jump at Address:
112. |:0013.234C(U)
113. |
114. :0013.234E 59                     pop cx
115. :0013.234F 59                     pop cx
116. :0013.2350 1F                     pop ds
117. :0013.2351 5D                     pop bp
118. :0013.2352 4D                     dec bp
119. :0013.2353 CB                     retf
120.  
121. :0013.2354 6D6973632E64617400     DB "misc.dat",0
122.  
123. :0013.235D 6D6973632E64617400     DB "misc.dat",0
124.  
125. * Referenced by a CALL at Addresses:
126. |:0013.21CE, :0013.227C
127. |
128. :0013.2366 8CD0                   mov ax, ss
129. :0013.2368 90                     nop
130. :0013.2369 45                     inc bp
131. :0013.236A 55                     push bp
132. :0013.236B 8BEC                   mov bp, sp
133. :0013.236D 1E                     push ds
134. :0013.236E 8ED8                   mov ds, ax
135. :0013.2370 81EC9400               sub sp, 0094
136. :0013.2374 56                     push si
137. :0013.2375 57                     push di
138. :0013.2376 66C746F600000000       mov dword ptr [bp-0A], 00000000
139. :0013.237E 66C746F204000000       mov dword ptr [bp-0E], 00000004
140. :0013.2386 0E                     push cs
141. :0013.2387 685423                 push 2354
142. :0013.238A 16                     push ss
143. :0013.238B 8D866AFF               lea ax, [bp+FF6A]
144. :0013.238F 50                     push ax
145. :0013.2390 680104                 push 0401
146. :0013.2393 9AFFFF0000             call KERNEL.OPENFILE
147. :0013.2398 8BF8                   mov di, ax
148. :0013.239A 83FFFF                 cmp di, FFFF
149. :0013.239D 7514                   jne 23B3
150. :0013.239F 0E                     push cs
151. :0013.23A0 685D23                 push 235D
152. :0013.23A3 16                     push ss
153. :0013.23A4 8D866AFF               lea ax, [bp+FF6A]
154. :0013.23A8 50                     push ax
155. :0013.23A9 680114                 push 1401
156. :0013.23AC 9AFFFF0000             call KERNEL.OPENFILE
157. :0013.23B1 8BF8                   mov di, ax
158.  
159. * Referenced by a (U)nconditional or (C)onditional Jump at Address:
160. |:0013.239D(C)
161. |
162. :0013.23B3 83FFFF                 cmp di, FFFF
163. :0013.23B6 751C                   jne 23D4
164. :0013.23B8 0E                     push cs
165. :0013.23B9 E84DEA                 call 0E09
166. :0013.23BC B80000                 mov ax, 0000
167. :0013.23BF 8EC0                   mov es, ax
168. :0013.23C1 6626C7063897FFFFFFFF   mov dword ptr es:[9738], FFFFFFFF
169. :0013.23CB BAFFFF                 mov dx, FFFF
170. :0013.23CE B8FFFF                 mov ax, FFFF
171. :0013.23D1 E9B900                 jmp 248D
172.  
173. * Referenced by a (U)nconditional or (C)onditional Jump at Address:
174. |:0013.23B6(C)
175. |
176. :0013.23D4 57                     push di
177. :0013.23D5 666A00                 push 00000000
178. :0013.23D8 6A00                   push 0000
179. :0013.23DA 9AFFFF0000             call KERNEL._LLSEEK
180. :0013.23DF 33F6                   xor si, si
181. :0013.23E1 E99500                 jmp 2479
182.  
183. * Referenced by a (U)nconditional or (C)onditional Jump at Address:
184. |:0013.247C(C)
185. |
186. :0013.23E4 68A861                 push 61A8
187. :0013.23E7 688813                 push 1388
188.  
189. * Possible Reference to Menu: MenuID_0001 
190.                                   |
191. * Possible Ref to Menu: MenuID_0001, Item: "New Game   Ctrl+N"
192.                                   |
193. * Possible Reference to String Resource ID=00001: "9"
194.                                   |
195. :0013.23EA 6A01                   push 0001
196. :0013.23EC 9AFFFF0000             call 0004.0000h
197. :0013.23F1 83C406                 add sp, 0006
198. :0013.23F4 6698                   cwde
199. :0013.23F6 668946FA               mov [bp-06], eax
200. :0013.23FA 837E0602               cmp word ptr [bp+06], 0002
201. :0013.23FE 7513                   jne 2413
202. :0013.2400 83FE06                 cmp si, 0006
203. :0013.2403 750E                   jne 2413
204. :0013.2405 B80000                 mov ax, 0000
205. :0013.2408 8EC0                   mov es, ax
206. :0013.240A 6626A13897             mov eax, dword ptr es:[9738]
207. :0013.240F 668946FA               mov [bp-06], eax
208.  
209. * Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
210. |:0013.23FE(C), :0013.2403(C)
211. |
212. :0013.2413 837E0602               cmp word ptr [bp+06], 0002
213. :0013.2417 751D                   jne 2436
214. :0013.2419 83FE07                 cmp si, 0007
215. :0013.241C 7518                   jne 2436
216. :0013.241E B80000                 mov ax, 0000
217. :0013.2421 8EC0                   mov es, ax
218. :0013.2423 6626FF363897           push word ptr es:[9738]
219. :0013.2429 0E                     push cs
220. :0013.242A E89EFE                 call 22CB
221. :0013.242D 83C404                 add sp, 0004
222. :0013.2430 6698                   cwde
223. :0013.2432 668946FA               mov [bp-06], eax
224.  
225. * Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
226. |:0013.2417(C), :0013.241C(C)
227. |
228. :0013.2436 83FE05                 cmp si, 0005
229. :0013.2439 7514                   jne 244F
230. :0013.243B 837E0600               cmp word ptr [bp+06], 0000
231. :0013.243F 7505                   jne 2446
232.  
233. * Possible Reference to Dialog: DialogID_07D0 
234.                                   |
235. :0013.2441 B8D007                 mov ax, 07D0
236. :0013.2444 EB03                   jmp 2449
237.  
238. * Referenced by a (U)nconditional or (C)onditional Jump at Address:
239. |:0013.243F(C)
240. |
241. * Possible Reference to Dialog: DialogID_03E8 
242.                                   |
243. :0013.2446 B8E803                 mov ax, 03E8
244.  
245. * Referenced by a (U)nconditional or (C)onditional Jump at Address:
246. |:0013.2444(U)
247. |
248. :0013.2449 6698                   cwde
249. :0013.244B 668946FA               mov [bp-06], eax
250.  
251. * Referenced by a (U)nconditional or (C)onditional Jump at Address:
252. |:0013.2439(C)
253. |
254. :0013.244F 83FE06                 cmp si, 0006
255. :0013.2452 7517                   jne 246B
256. :0013.2454 668B46FA               mov eax, [bp-06]
257. :0013.2458 668946F6               mov [bp-0A], eax
258. :0013.245C B80000                 mov ax, 0000
259. :0013.245F 668B56FA               mov edx, [bp-06]
260. :0013.2463 8EC0                   mov es, ax
261. :0013.2465 662689163897           mov es:[9738], edx
262.  
263. * Referenced by a (U)nconditional or (C)onditional Jump at Address:
264. |:0013.2452(C)
265. |
266. :0013.246B 57                     push di
267. :0013.246C 16                     push ss
268. :0013.246D 8D46FA                 lea ax, [bp-06]
269. :0013.2470 50                     push ax
270.  
271. * Possible Ref to Menu: MenuID_0001, Item: "Save As..."
272.  
273. Search  : 83C4043B46FC751E
274. Replace :             9090
275.  
276. Don't take the "bad guy" jump (jnz).
277.  
278.