Cracking tutorial-04

 CRACKING 101 - 2008edition

                                    Lesson 3

                    ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿
                    ³ CHAMBER OF THE SCI-MUTANT PREISTEST ³
                    ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ


              Oh shit, I have finally found a newer program that has
         on disk copy protection.  Good, you'all need a refresher
         course on so here it is (YO JB study hard, you might learn
         something).

              CHAMBER of the SCI-MUTANT PREISTEST (CSMP) is a really
         fucked up game but was simple to unprotect.  So, lets dive
         right in.  We will be using DEBUG here (although I used
         periscope but then shit I'm special) to do the crack.  Lets
         dive in.  When we first load CSMP (the file ERE.COM) and
         unassemble it here is what we get.

         u 100 10B

         119A:0100 8CCA          MOV DX,CS
         119A:0102 81C2C101      ADD DX,01C1
         119A:0106 52            PUSH DX
         119A:0107 BA0F00        MOV DX,000F
         119A:010A 52            PUSH DX
         119A:010B CB            RETF

              I included the register listing for a reason.  NOTICE
         that this piece of code just seem to stop (the RETF)
         statement.  Well, what is really does is place the address
         (segment and offset) of the real starting point on to the
         stack and the execute a far return to that location.  Now