D-Bug & Automation Forum
D-Bug & Automation Forum >> Coding >> Introduction to ST Hacking By Hank/Automation PT 1
https://d-bug.mooo.com/dbugforums/cgi-bin/yabb2/YaBB.pl?num=1172673889

Message started by Shw on 28.02.07 at 14:44:48

Title: Introduction to ST Hacking By Hank/Automation PT 5
Post by Shw on 28.02.07 at 14:50:41
;Novela Protection(manual)

;Not so many games use this one but there are the odd ones like
;Carrier Command,Fighter Bomber, Midwinter.

;To crack these you must be more involved with 68000 programing.

;Again leave these ones alone.



;Disk Types:-

;There are 2 types of format in which games appear

;1- the Auto folder booter/Double click booter(desktop)
;2- boot disks - the types with no files visible on the desktop
;i.e. Operation Wolf, Swichblade II(original version).



;Auto folders + Desktop booters can be directly loaded in to monst2
;as executable files.
;you must first load & run the freemem.prg file, then load your
;executable file. (all loading explaned in the monst2 section)

;Boot Disks - These are slightly more tricky as they run from the
;boot sector, To access these you must read in the boot sector
;using the bootfile.prg there is no need to load the freemem.prg
;first you must then "Trace"* through the bootsector, The bootdisk.prg
;file looks something like this:-

*Refer to monst2 section    

     clr.l      -(sp)
     move.w      #$20,-(sp)      ;function supervisor mode
     trap      #1
     addq.w      #6,sp

     move.w      #1,-(sp)      ;read 1 sector
     clr.w      -(sp)            ;side 0
     clr.w      -(sp)            ;track 0
     move.w      #1,-(sp)      ;sector 1
     clr.w      -(sp)            ;dive 0
     clr.l      -(sp)            ;unused long word
     pea      $30000            ;buffer address
     move.w      #8,-(sp)      ;function read sectors
     trap      #14            ;trap xbios
     lea      20(sp),sp      ;correct stack
     jmp      $30000            ;jump to the boot sector

;I will not go into much detail with these as it can become
;quite complicated.

;Once you have read in the bootsector you have accessed the games
;loader.

;For instance if you can get hold of Count Duckula (original)
;then it is a good one to practice on as it loads at a sensible
;address and is not protected in any way.

;1 load the bootdisk.prg.
;2 Insert Count duckula.
;3 fill memory from 10000,80000 with $ee*
;4 trace through the bootdisk.prg until it has jumped to $30000*
;5 trace the Duckula loader until you hit a DBF then do a breakpoint*
;6 your pc should now be on the line JMP (A2)*
;7 trace this line!*
;8 continue tracing until your pc is on the BCC.S line just before
;the JMP (A5) and do another breakpoint.*
;the disk should now be loading into memeory.
;9 when it has finished loading set window M2 to $10000 - ok?
;now do a string search on your fill pattern $ee.
;you may find the odd one in count duckula - just press N until
;you hit a large block of them.
;10 press TAB so you are on window M3 - memory and press the left
;cursor ones.
;11 press TAB twice so you are now on M2 - disassembly and set
;the window to $10000, so now M3 points to the end and M2 points
;to the start!!.
;12 insert a blank formatted disk and save Duckula out as a file.
;to save press S save binary,filename  type DUCK.RAW <return>
;start address,end   - type M2(start),M3(end) <return> it should
;now save out Duckula.  

;N.B. Count Duckula Must allways be run from $10000

;There is a piece of code called "COPY.S" use this to
;relocate Duckula to $10000

;i.e. dest equ      $10000
;incbin      duck.raw

;Full documentation is in this file.


;modifing an executable file.

;As with all executable files(.prg,.tos,.acc,.app,.ttp)
;they have relocation data on the end of the file so if
;you want to crack an executable file you cannot save an
;executable file out if you loaded it into the monitor
;as executable.
;1 you must file memory as with duckula $10000,$80000,$ee
;2 load your program in as binary - press B  Gremlin.prg,$10000
;3 the gremlin.prg will have now loaded at $10000 providing it is
;on the disk!!.
;4 modify the relevent parts.
;5 seach for $ee
;6 point M3 to the end byte by pressing the left cursor as in duckula
;and then set M2 to $10000 and save it out as a binary file as with
;duckula - i hope that is not too complicated.
;N.B. this file will still be executable.

;Monst2 - the best 68000 monitor

;N.B. if you have a spare œ59-99 then buy it!!

;When you press (y) to load the monitor it will prompt you to
;enter an executable file to load.

;1- If you wish to load an exec file type freemem.prg <return twice>
;then press R (run) followed by G (go). Now press ctrl L (load exec file)
;followed by the program you wish to load's name.


;2- A boot disk just type bootdisk.prg <return twice>

;3- A binary file i.e. duckula.raw - press escape
;then B (load Binary file) DUCKULA.RAW,$10000 - easy!
---------------------------------------------------------------

D-Bug & Automation Forum » Powered by YaBB 2.6.0!
YaBB Forum Software © 2000-2021. All Rights Reserved.