Disclaimer:
This file was written for educational purposes only. I'm not
responsible for the actions u cause by using the information
provided herein. YOU are responsible.


Hi, to all the Newbies reading my first tutorial about cracking.
---------------------------------------------------------------------

A.
I think you all know what cracking means and surely you've heard about
such shit words like, ASM, SoftIce.... Well, the sense of cracking
is to kill the shit evaluation limits, nag-screens, serialz,
CD-testings and so on... OK, my first tutorial is about CD-Cracking.
If a friend of u has got a game and u want it to, don't wanna burn
the CD, but the shit game only runs with the original CD then you
can crack this protection and it will work without the shit CD.

I tried not to let the document grow to much, so it's not explained
in any details u don't need if u aren't a stupid fool.
Oh I also have to say sorry for my bad english.

OK, here the progs you need at first:

W32dsm8.9  -->Disassembler
Hiew       -->Hex-Editor
I think you won't need SoftIce (debugger) at first, you'll have to
get some experiances with the ASM-Code first then you'll be able
to use the ++master-tool++. I'll explain SI in a later tutorial!

So, you'll also need a game to crack it. Use a game with only one
CD first!

First of all:
CD-Cracking, means how to crack a game which wanna have the original 
CD in drive to start.
There are many different ways of doin' this here are the most 
recommended ways I know:

1.
First of all, install the biggest configuration available and start 
the game without the CD, then you'll get the shit error-msg like,
couldn't find CD in Drive!! Fuck it!
Well ok write it down.
Goto WDASM and edit a copy of the .exe file and disassemble it.
Now click on STRNG References or something like this and search the
error-msg and doubleclick on it. Now you're at the place you have 
to be.

But at first, let's give ya some knowledge of ASM-codes:

ASM       WHAT DOES IT MEAN
---------------------------
jne       jump if not equal
je        jump if equal
jmp       jump directly to
nop       no operation
ja        jump if above
jna       jump if not above
jae       jump if above or equal
jnae      jump if not above or equal
jb        jump if below
jnb       jump if not below
jbe       jump if below or equal
jnbe      jump if not below or equal
jg        jump if greater
jng       jump if not greater
jge       jump if greater or equal
jnge      jump if not greater or equal
jl        jump if less
jnl       jump if not less
jle       jump if less or equal
jnle      jump if not less or equal

OK! Got it?
Well now search for a call, right over the message, it ain't the
one directly over the msg everytime but most time it is, if not
try the next, till it works.
We're now going to nop (no operate) it. Place the bar on it and note 
the offset-Number without the h.
Now start your Hiew and open the original exe. Press F4 and then 
on decode and you'll get the ASM-Code. Press F5 and enter the 
Number. Press F3 to edit the file.
Remember that every 2 Numbers are one byte! --> f80h74 These would be 3 bytes.

0000000000 <--- this number would be 5bytes.Just change the number into
9090909090 <--- nop the call.Dont panic if the line jumps down after you
pressed 90 just continous entering four more 90's.
Now press F9 and F10 to save and exit Hiew.
Run the prog and enjoy the game! If it has not worked try the next pos.

2.
Sometimes the game knows that you have nop it. So we'll have to make
the game believe it had a CD in drive everytime.
Just do the same as before, but now you don't nop it, you will 
type the following: B8010000000 <-- For a 5byte long call.
What have you now done?? The prog checks eax, if it is 0 it will
jump to the error-msg if it is 1 it will jump to the next position.
It works? No, then try the next:

3.
Just look out for a jne or a jn command over the msg, when you got it,
open Hiew insert the offset-Number and change it. Change a
75 (jne) to 74 (je), a
85 (jne) to 84(je), a
74 (je) to 75(jne) or a
84 (je) to 85(jne).
Now it should work!
Not? well then let's try the last possibility. The prog must be fucked up!

4.
OK, goto WDASM and search for a line like   "getdrivetypea" .
Look around, do u see a call? and a cmp (compare) with a 0005 ?? (example)
00005 stands for CD-Drive
00003 stands for Hard-Drive
hehe, got it?? Yes, we will change the 00005 to 00003! Just edit the
line cmp00005 and change it to  cmp00003.

OK these are the most used ways for cracking CD Protections.
My next tutorial will be about how to crack Serialz and time-limits.
So check out my homepage and feel free to give this document to 
everyone you want.

This tutorial was written by **ThaMinder**
To get more of this shit visit me at  http://jump.to/ThaMinder
or write to ThaMinder@yahoo.de

C ya next time,
ThaMinder

Germany, 1999