Professional Documents
Culture Documents
:00422690 53
:00422691 33DB
ber of times through CD check
:00422693 56
:00422694 3AC3
:00422696 57
:00422697 0F852C010000
:0042269D 899C2450010000
:004226A4 53
:004226A5 6802000080
:004226AA 53
push ebx
xor ebx, ebx
push esi
cmp al, bl
push edi
jne 004227C9
mov dword ptr [esp+00000150], ebx
push ebx
push 80000002
push ebx
; How many ti
; CD check r
; Another common R
:0042271C
:0042271D
:0042271F
:00422724
:00422727
:0042272B
:0042272C
:0042272E
:00422731
:00422733
:00422734
52
8AD8
E82C8C0800
83C40C
8D442430
50
FFD7
83F805
7528
56
8D4C2454
push edx
mov bl, al
call 004AB350
add esp, 0000000C
lea eax, dword ptr [esp+30]
push eax
call edi
cmp eax, 00000005
jne 0042275B
push esi
lea ecx, dword ptr [esp+54]
:0042279C
:0042279D
:004227A2
:004227A5
:004227A7
50
E8FE140800
83C404
85C0
7538
push eax
call 004A3CA0
add esp, 00000004
test eax, eax
jne 004227E1
* Referenced by a (U)nconditional
|:00422783(C)
|
:004227A9 FEC3
unter
:004227AB 80FB5A
st max time through
:004227AE 7EAD
n keep trying
:004227B0 8D8C2450010000
:004227B7 C7842474040000FFFFFFFF
:004227C2 E879B40900
:004227C7 32C0
means CD check failed
* Referenced by a (U)nconditional
|:00422697(C), :00422800(U)
|
:004227C9 8B8C246C040000
quit to the caller
:004227D0 5F
:004227D1 5E
:004227D2 64890D00000000
:004227D9 5B
:004227DA 81C46C040000
:004227E0 C3
turn
* Referenced by a (U)nconditional
|:00422755(C), :004227A7(C)
|
:004227E1 8D8C2450010000
:004227E8 881D80645400
:004227EE C7842474040000FFFFFFFF
:004227F9 E842B40900
:004227FE 8AC3
a value other then ZERO!
:00422800 EBC7
the quit to caller section
inc bl
; Increase co
cmp bl, 5A
; Check again
jle 0042275D
; If less the
edi
esi
dword ptr fs:[00000000], ecx
ebx
esp, 0000046C
; Finally re
; Loop up to
Well from the above code you can see that the inportant thing is that al
is equal to 01 on
the return from the CD check. After further digging round from the call made fr
om 42D195 bl should
also have a value of 41. So I overwrote each call the primary CD check routine
with code that loads
al with 01 and bl with 41. This requires 4 bytes and the calls take up 5 bytes
so I used one NOP as
a filler. The actual edits required to crack Claw v1.20 are as follows:
Edit Claw.exe v1.2
============================================
Search for: E8 0B 00 00 00 at offset 137,824
Change to : B3 41 C3 01 90