Dan Chisarick wrote:
LucasArts (DOS-based) adventure games drove me crazy because the protection was written in the same interpreted code as the rest of the game (makes sense, some commercial protection schemes are based on their own VM, speaking of protection schemes repeating themselves). Anyway, I found one generic solution for all of them. I wrote something that took a snapshot of the data segment (only 64K) and wrote it to disk (using either Soft-Ice or "Undocumented DOS"). Do that twice in a row with a short pause in between before the protection screen, then do it again after the protection, using the manual, wheel or whatever to get past it. Take the three 64k snapshots, and search for a byte that was unchanged between the first two but changed from like a 0 -> 1 or 0 -> 255 between the second and third snapshot. There'd only be 5-10 such locations. One of them is a boolean flag letting the game know the protection passed and it doesn't have to display it again. Write a loader that pops the 1 or 255 in that location on load but right before startup and it'd think it already ran the protection successfully. Poof. Worked for 4-5 games I think. My parents thought I was insane for that week (80 hours in 5 days, I'll never forget that).

You and everyone else who copied Sierra games (also interpreted). Impressive -- I used a specific program for this kind of thing (ran the game in a V8086 so you could stop execution and do memory compares). I guess that's cheating ;-)
Jim Leonard ([EMAIL PROTECTED]) http://www.oldskool.org/
Want to help an ambitious games project? http://www.mobygames.com/
Or check out some trippy MindCandy at http://www.mindcandydvd.com/

This message was sent to you because you are currently subscribed to
the swcollect mailing list. To unsubscribe, send mail to [EMAIL PROTECTED] with a subject of 'unsubscribe swcollect'
Archives are available at: http://www.mail-archive.com/[EMAIL PROTECTED]/

Reply via email to