古龙群侠传光盘版变硬盘版的方法
昨天偶换了一个大大大硬盘!呵呵
所以要把以前没玩过的游戏补回来,今天去买了一张古龙群侠传,两张光盘那种
安装的时候看见上面写着,完美硬盘版,心想,偶的光驱可以不受罪啦!正在暗暗高兴,安装完毕了
马上启动,冬!!!!请放入游戏光盘!!倒!!!!!!!5555~~~~~~
骗子!55~唉,真想拿去换成硬盘版的,太远了,所以放弃了这个让我更累的想法,呵呵
偶是crack(别人说的)偶要自己想办法!哼
拿出偶那些已经有蜘蛛网的工具:w32adsm 还有UltraEdit-32810b注册版,trw2000(TAE!兄弟汉化版),冲击波2000(不知道是不是注册版,可能是免费使用的),起子,榔头,等等破解必备工具,准备开工!
首先发现gulong.exe文件加了壳的,由于玩游戏心切,所以也没看是什么壳,直接用冲击波看入口,再用trw脱,这里要注意的是,trw有两个命令可以脱壳,一个是ma什么的,一个是pe什么的,呵呵,用ma什么的脱壳后可以在其他平台下使用,而用pe什么的就不能.这个是偶出错多次最后经过坏球兄弟说的,呵呵
脱壳完成后,用w32adsm反,完了以后看IMPORTS点击后找GetDriveTypeA 这个可是获取光驱类型的重要函数哟,
找到后双击来到以下代码处:
* Possible StringData Ref from Data Obj ->"C:\" =========>>哇!首先检查c:\,呵呵看见这个就知道crack不会很难哟.
|
:0042DCB1 BFE05B4500 mov edi,
00455BE0
:0042DCB6 83C9FF
or ecx, FFFFFFFF
:0042DCB9 33C0
xor eax, eax
* Reference To: KERNEL32.GetDriveTypeA, Ord:0000h
|
:0042DCBB 8B2DDCA14400 mov ebp, dword
ptr [0044A1DC]
:0042DCC1 F2
repnz
:0042DCC2 AE
scasb
:0042DCC3 F7D1
not ecx
:0042DCC5 2BF9
sub edi, ecx
:0042DCC7 8BC1
mov eax, ecx
:0042DCC9 8BF7
mov esi, edi
:0042DCCB BFCC6B5500 mov edi,
00556BCC
:0042DCD0 C1E902
shr ecx, 02
:0042DCD3 F3
repz
:0042DCD4 A5
movsd
:0042DCD5 8BC8
mov ecx, eax
:0042DCD7 83E103
and ecx, 00000003
:0042DCDA F3
repz
:0042DCDB A4
movsb
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0042DDA9(C)
|
:0042DCDC BB43000000 mov ebx,
00000043
* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:0042DD8A(C)
|
:0042DCE1 68CC6B5500 push 00556BCC
:0042DCE6 881DCC6B5500 mov byte ptr
[00556BCC], bl
:0042DCEC FFD5
call ebp
:0042DCEE 83F805
cmp eax, 00000005 ===>>>>>这是什么!!!!!!!没破过光盘的兄弟一定要牢记哟,5代表是光驱,3代表是硬盘,呵呵,还用我说什么吗?
:0042DCF1 0F858F000000 jne 0042DD86
=======>>是不等于5就跳走哟
:0042DCF7 BFCC6B5500 mov edi,
00556BCC
:0042DCFC 83C9FF
or ecx, FFFFFFFF
:0042DCFF 33C0
xor eax, eax
:0042DD01 8D542410 lea
edx, dword ptr [esp+10]
:0042DD05 F2
repnz
:0042DD06 AE
scasb
:0042DD07 F7D1
not ecx
:0042DD09 2BF9
sub edi, ecx
* Possible StringData Ref from Data Obj ->"rb"
|
:0042DD0B 6844444500 push 00454444
:0042DD10 8BC1
mov eax, ecx
:0042DD12 8BF7
mov esi, edi
:0042DD14 8BFA
mov edi, edx
:0042DD16 8D542414 lea
edx, dword ptr [esp+14]
:0042DD1A C1E902
shr ecx, 02
:0042DD1D F3
repz
:0042DD1E A5
movsd
:0042DD1F 8BC8
mov ecx, eax
:0042DD21 33C0
xor eax, eax
:0042DD23 83E103
and ecx, 00000003
:0042DD26 F3
repz
:0042DD27 A4
movsb
* Possible StringData Ref from Data Obj ->"Disk3.PAK" ==========>>我发现光盘2上面有这个文件,而且上面也检查了c:\所以...嘿嘿
把这个文件拷贝到c:\去吧
|
:0042DD28 BFC05B4500 mov edi,
00455BC0
:0042DD2D 83C9FF
or ecx, FFFFFFFF
:0042DD30 F2
repnz
:0042DD31 AE
scasb
:0042DD32 F7D1
not ecx
:0042DD34 2BF9
sub edi, ecx
:0042DD36 8BF7
mov esi, edi
:0042DD38 8BFA
mov edi, edx
:0042DD3A 8BD1
mov edx, ecx
:0042DD3C 83C9FF
or ecx, FFFFFFFF
:0042DD3F F2
repnz
:0042DD40 AE
scasb
:0042DD41 8BCA
mov ecx, edx
:0042DD43 4F
dec edi
:0042DD44 C1E902
shr ecx, 02
:0042DD47 F3
repz
:0042DD48 A5
movsd
:0042DD49 8BCA
mov ecx, edx
:0042DD4B 8D442414 lea
eax, dword ptr [esp+14]
:0042DD4F 83E103
and ecx, 00000003
:0042DD52 50
push eax
:0042DD53 F3
repz
:0042DD54 A4
movsb
:0042DD55 E8F1280000 call 0043064B
:0042DD5A 8BF0
mov esi, eax
:0042DD5C 83C408
add esp, 00000008
:0042DD5F 85F6
test esi, esi
:0042DD61 7423
je 0042DD86 ===>>跳到出错的地方!
:0042DD63 56
push esi
:0042DD64 E8A1390100 call 0044170A
:0042DD69 50
push eax
:0042DD6A E811390100 call 00441680
:0042DD6F 56
push esi
:0042DD70 8BF8
mov edi, eax
:0042DD72 E8ED260000 call 00430464
:0042DD77 83C40C
add esp, 0000000C
:0042DD7A 81FFC0C1C006 cmp edi, 06C0C1C0
:0042DD80 0F840CFFFFFF je 0042DC92
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:0042DCF1(C), :0042DD61(C)
|
:0042DD86 43
inc ebx
:0042DD87 83FB5A
cmp ebx, 0000005A
:0042DD8A 0F8C51FFFFFF jl 0042DCE1
:0042DD90 8B0DB0C44C00 mov ecx, dword
ptr [004CC4B0]
:0042DD96 6A01
push 00000001
:0042DD98 51
push ecx
* Possible StringData Ref from Data Obj ->"请插入游戏碟!"
|
:0042DD99 68B05B4500 push 00455BB0
:0042DD9E 6A00
push 00000000
ok 知道怎样做了吗?两种方法,一种是改5为3 另外一种是改85为84
初学crack的朋友一定要记得:
:0042DCEE 83F805
cmp eax, 00000005 ===>>>>>这是什么!!!!!!!没破过光盘的兄弟一定要牢记哟,5代表是光驱,3代表是硬盘,呵呵,还用我说什么吗?
:0042DCF1 0F858F000000 jne 0042DD86
这里的分析哟,如果你还没搞定,就请用起子,榔头来搞,这样又方便有快速的,嘿嘿
BTW:硬盘变大了,以后我将继续写一些光盘版变硬盘版的方法,请大家支持,呵呵
cracked by copyyour[CCG]
2001.8.21
- 标 题:破古龙群侠传的简单过程 (6千字)
- 作 者:copyyour
- 时 间:2001-8-21 21:10:13
- 链 接:http://bbs.pediy.com