Program : Exile I - Escape from the Pit Cracked by : drlan Date : 09/27/97 Protection : Registration key, based on a given code : creates a file called MISC.DAT Here's all the relevant code from the dead listing. * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0013.2223(U) | :0013.2258 83FF0A cmp di, 000A :0013.225B 7CC8 jl 2225 :0013.225D 66817EE6D0070000 cmp dword ptr [bp+7E], 000007D0 :0013.2265 7522 jne 2289 :0013.2267 B80000 mov ax, 0000 :0013.226A 8EC0 mov es, ax :0013.226C 26C6065D6401 mov byte ptr es:[645D], 01 :0013.2272 56 push si :0013.2273 9AFFFF0000 call KERNEL._LCLOSE * Possible Reference to Menu: MenuID_0001 | * Possible Ref to Menu: MenuID_0001, Item: "New Game Ctrl+N" | * Possible Reference to String Resource ID=00001: "9" | :0013.2278 6A01 push 0001 :0013.227A 90 nop :0013.227B 0E push cs :0013.227C E8E700 call 2366 :0013.227F 59 pop cx :0013.2280 33D2 xor dx, dx * Possible Reference to Menu: MenuID_0001 | * Possible Ref to Menu: MenuID_0001, Item: "New Game Ctrl+N" | * Possible Reference to String Resource ID=00001: "9" | :0013.2282 B80100 mov ax, 0001 :0013.2285 EB3B jmp 22C2 :0013.2287 EB2C jmp 22B5 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0013.2265(C) | :0013.2289 66FF76EA push word ptr [bp-16] :0013.228D 90 nop :0013.228E 0E push cs :0013.228F E83900 call 22CB :0013.2292 83C404 add sp, 0004 :0013.2295 6698 cwde :0013.2297 663B46EE cmp eax, [bp-12] :0013.229B 7518 jne 22B5 :0013.229D B80000 mov ax, 0000 :0013.22A0 8EC0 mov es, ax :0013.22A2 26C606666401 mov byte ptr es:[6466], 01 :0013.22A8 56 push si :0013.22A9 9AFFFF0000 call KERNEL._LCLOSE :0013.22AE 33D2 xor dx, dx [ code snipped ] This calucalates the Registration Code. The code is contained in AX and [BP-06] when this function completes. * Referenced by a CALL at Addresses: |:0013.228F, :0013.242A | :0013.22CB 8CD0 mov ax, ss :0013.22CD 90 nop :0013.22CE 45 inc bp :0013.22CF 55 push bp :0013.22D0 8BEC mov bp, sp :0013.22D2 1E push ds :0013.22D3 8ED8 mov ds, ax :0013.22D5 83EC04 sub sp, 0004 :0013.22D8 668B4606 mov eax, [bp+06] :0013.22DC 666BC017 imul eax, 00000017 :0013.22E0 668946FA mov [bp-06], eax :0013.22E4 668B46FA mov eax, [bp-06] :0013.22E8 66BB341B0F00 mov ebx, 000F1B34 :0013.22EE 6699 cdq :0013.22F0 66F7FB idiv ebx :0013.22F3 668956FA mov [bp-06], edx :0013.22F7 668B46FA mov eax, [bp-06] :0013.22FB 6605D0CB0000 add eax, 0000CBD0 :0013.2301 668946FA mov [bp-06], eax :0013.2305 668B46FA mov eax, [bp-06] :0013.2309 666BC007 imul eax, 00000007 :0013.230D 668946FA mov [bp-06], eax :0013.2311 668B46FA mov eax, [bp-06] :0013.2315 66BBA0BB0D00 mov ebx, 000DBBA0 :0013.231B 6699 cdq :0013.231D 66F7FB idiv ebx :0013.2320 668956FA mov [bp-06], edx :0013.2324 668B46FA mov eax, [bp-06] :0013.2328 6605A0860100 add eax, 000186A0 :0013.232E 668946FA mov [bp-06], eax :0013.2332 668B46FA mov eax, [bp-06] :0013.2336 66BB30750000 mov ebx, 00007530 :0013.233C 6699 cdq :0013.233E 66F7FB idiv ebx :0013.2341 6683C264 add edx, 00000064 :0013.2345 668956FA mov [bp-06], edx :0013.2349 8B46FA mov ax, [bp-06] :0013.234C EB00 jmp 234E * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0013.234C(U) | :0013.234E 59 pop cx :0013.234F 59 pop cx :0013.2350 1F pop ds :0013.2351 5D pop bp :0013.2352 4D dec bp :0013.2353 CB retf :0013.2354 6D6973632E64617400 DB "misc.dat",0 :0013.235D 6D6973632E64617400 DB "misc.dat",0 * Referenced by a CALL at Addresses: |:0013.21CE, :0013.227C | :0013.2366 8CD0 mov ax, ss :0013.2368 90 nop :0013.2369 45 inc bp :0013.236A 55 push bp :0013.236B 8BEC mov bp, sp :0013.236D 1E push ds :0013.236E 8ED8 mov ds, ax :0013.2370 81EC9400 sub sp, 0094 :0013.2374 56 push si :0013.2375 57 push di :0013.2376 66C746F600000000 mov dword ptr [bp-0A], 00000000 :0013.237E 66C746F204000000 mov dword ptr [bp-0E], 00000004 :0013.2386 0E push cs :0013.2387 685423 push 2354 :0013.238A 16 push ss :0013.238B 8D866AFF lea ax, [bp+FF6A] :0013.238F 50 push ax :0013.2390 680104 push 0401 :0013.2393 9AFFFF0000 call KERNEL.OPENFILE :0013.2398 8BF8 mov di, ax :0013.239A 83FFFF cmp di, FFFF :0013.239D 7514 jne 23B3 :0013.239F 0E push cs :0013.23A0 685D23 push 235D :0013.23A3 16 push ss :0013.23A4 8D866AFF lea ax, [bp+FF6A] :0013.23A8 50 push ax :0013.23A9 680114 push 1401 :0013.23AC 9AFFFF0000 call KERNEL.OPENFILE :0013.23B1 8BF8 mov di, ax * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0013.239D(C) | :0013.23B3 83FFFF cmp di, FFFF :0013.23B6 751C jne 23D4 :0013.23B8 0E push cs :0013.23B9 E84DEA call 0E09 :0013.23BC B80000 mov ax, 0000 :0013.23BF 8EC0 mov es, ax :0013.23C1 6626C7063897FFFFFFFF mov dword ptr es:[9738], FFFFFFFF :0013.23CB BAFFFF mov dx, FFFF :0013.23CE B8FFFF mov ax, FFFF :0013.23D1 E9B900 jmp 248D * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0013.23B6(C) | :0013.23D4 57 push di :0013.23D5 666A00 push 00000000 :0013.23D8 6A00 push 0000 :0013.23DA 9AFFFF0000 call KERNEL._LLSEEK :0013.23DF 33F6 xor si, si :0013.23E1 E99500 jmp 2479 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0013.247C(C) | :0013.23E4 68A861 push 61A8 :0013.23E7 688813 push 1388 * Possible Reference to Menu: MenuID_0001 | * Possible Ref to Menu: MenuID_0001, Item: "New Game Ctrl+N" | * Possible Reference to String Resource ID=00001: "9" | :0013.23EA 6A01 push 0001 :0013.23EC 9AFFFF0000 call 0004.0000h :0013.23F1 83C406 add sp, 0006 :0013.23F4 6698 cwde :0013.23F6 668946FA mov [bp-06], eax :0013.23FA 837E0602 cmp word ptr [bp+06], 0002 :0013.23FE 7513 jne 2413 :0013.2400 83FE06 cmp si, 0006 :0013.2403 750E jne 2413 :0013.2405 B80000 mov ax, 0000 :0013.2408 8EC0 mov es, ax :0013.240A 6626A13897 mov eax, dword ptr es:[9738] :0013.240F 668946FA mov [bp-06], eax * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:0013.23FE(C), :0013.2403(C) | :0013.2413 837E0602 cmp word ptr [bp+06], 0002 :0013.2417 751D jne 2436 :0013.2419 83FE07 cmp si, 0007 :0013.241C 7518 jne 2436 :0013.241E B80000 mov ax, 0000 :0013.2421 8EC0 mov es, ax :0013.2423 6626FF363897 push word ptr es:[9738] :0013.2429 0E push cs :0013.242A E89EFE call 22CB :0013.242D 83C404 add sp, 0004 :0013.2430 6698 cwde :0013.2432 668946FA mov [bp-06], eax * Referenced by a (U)nconditional or (C)onditional Jump at Addresses: |:0013.2417(C), :0013.241C(C) | :0013.2436 83FE05 cmp si, 0005 :0013.2439 7514 jne 244F :0013.243B 837E0600 cmp word ptr [bp+06], 0000 :0013.243F 7505 jne 2446 * Possible Reference to Dialog: DialogID_07D0 | :0013.2441 B8D007 mov ax, 07D0 :0013.2444 EB03 jmp 2449 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0013.243F(C) | * Possible Reference to Dialog: DialogID_03E8 | :0013.2446 B8E803 mov ax, 03E8 * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0013.2444(U) | :0013.2449 6698 cwde :0013.244B 668946FA mov [bp-06], eax * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0013.2439(C) | :0013.244F 83FE06 cmp si, 0006 :0013.2452 7517 jne 246B :0013.2454 668B46FA mov eax, [bp-06] :0013.2458 668946F6 mov [bp-0A], eax :0013.245C B80000 mov ax, 0000 :0013.245F 668B56FA mov edx, [bp-06] :0013.2463 8EC0 mov es, ax :0013.2465 662689163897 mov es:[9738], edx * Referenced by a (U)nconditional or (C)onditional Jump at Address: |:0013.2452(C) | :0013.246B 57 push di :0013.246C 16 push ss :0013.246D 8D46FA lea ax, [bp-06] :0013.2470 50 push ax * Possible Ref to Menu: MenuID_0001, Item: "Save As..." Search : 83C4043B46FC751E Replace : 9090 Don't take the "bad guy" jump (jnz).