Spiele - Konsolen, PC, online, mobil 8.968 Themen, 42.552 Beiträge

Half Life erkennt nach erneuter Installation die CD nicht mehr!

(Anonym) / 2 Antworten / Flachansicht Nickles

Ich habe vor kurzem mein Half Life deinstalliert, da ich mir eine 1:1 Kopie davon angelegt habe und testen wollte ob alles funktioniert (Installtion, usw.). Nach der Installation, die reibungslos verlief, wollte ich den Storymodus starten und dann kam die Meldung, daß ich die Half Life CD einlegen sollte. Nachdem er auch nicht die
Original-CD erkannte, auch nach einer Neuinstallation mit dieser nicht, gab ich einem Freund die Kopie und siehe da es funktioniert bei ihm ohne Probleme.
Wäre toll wenn mir jemand bei meinem Problem helfen könnte!

bei Antwort benachrichtigen
(Anonym) Nachtrag zu: „Half Life erkennt nach erneuter Installation die CD nicht mehr!“
Optionen

Probiers mal hiermit, klappt wunderbar!

hi, (very) quick guide to cracking HalfLife v1.0.0.6

need w32dasm8.9(3) & hex editor

run the game without CD, click game/new/easy. it asks for the CD 3 times then says failed authentication.
load hl.exe into wdasm32. no win95 dialog box to ask for the CD, so we check functions/imports
for GetDriveTypeA, double click it and up pops this little snippet...

* Reference To: KERNEL32.GetDriveTypeA, Ord:00DEh
|
:0041EA5D FF15A88B4E00 Call dword ptr [004E8BA8]
:0041EA63 83F805 cmp eax, 00000005 :0041EA66 740C je 0041EA74
:0041EA68 8BC6 mov eax, esi

scroll up a bit to find out the caller(s)

* Referenced by a CALL at Addresses:
|:0041EDAD , :0041EF93

goto the first caller 41EDAD, this drops us in the middle of the the cd-check routine,

* Referenced by a CALL at Address:
|:0041EE42 |
:0041ED30 81EC04010000 sub esp, 00000104
:0041ED36 33C0 xor eax, eax

snip

:0041ED47 50 push eax

* Reference To: KERNEL32.GetLogicalDriveStringsA, Ord:00F7h
|
:0041ED48 8B3DA08B4E00 mov edi, dword ptr [004E8BA0]
:0041ED4E 50 push eax
:0041ED4F FFD7 call edi
:0041ED51 8BF0 mov esi, eax

snip

* Reference To: KERNEL32.GetDriveTypeA, Ord:00DEh
|
:0041EDA0 FF15A88B4E00 Call dword ptr [004E8BA8]
:0041EDA6 83F805 cmp eax, 00000005 :0041EDA9 75E1 jne 0041ED8C
:0041EDAB 55 push ebp
:0041EDAC 57 push edi
:0041EDAD E83EFCFFFF call 0041E9F0 :0041EDB2 83C408 add esp, 00000008
:0041EDB5 83F807 cmp eax, 00000007

O.K. lets go to the caller to this bit then, 41EE42

* Referenced by a CALL at Addresses:
|:0043EEA9 , :0043EEE8 |
:0041EE10 B818120000 mov eax, 00001218
:0041EE15 E806990500 call 00478720
:0041EE1A C744240407000000 mov [esp+04], 00000007
:0041EE22 53 push ebx
:0041EE23 56 push esi
:0041EE24 57 push edi
:0041EE25 55 push ebp
:0041EE26 E8B5020000 call 0041F0E0
:0041EE2B 8D442410 lea eax, dword ptr [esp+10]
:0041EE2F 6866120000 push 00001266
:0041EE34 C744241400000000 mov [esp+14], 00000000

* Possible StringData Ref from Data Obj ->"valve.ico" |
:0041EE3C 68F4D24B00 push 004BD2F4
:0041EE41 50 push eax
:0041EE42 E8E9FEFFFF call 0041ED30 :0041EE47 8A44241C mov al, byte ptr [esp+1C] -- second cd check routine
:0041EE4B 83C40C add esp, 0000000C
:0041EE4E 3A054CC14B00 cmp al, byte ptr [004BC14C] :0041EE54 750D jne 0041EE63 :0041EE56 33C0 xor eax, eax :0041EE58 5D pop ebp
:0041EE59 5F pop edi
:0041EE5A 5E pop esi
:0041EE5B 5B pop ebx
:0041EE5C 81C418120000 add esp, 00001218
:0041EE62 C3 ret

right then, the code that calles this bit checks eax, jne to play the game, so we make it return
not equal all the time. (or patch the code that checks the return value, but thats boring...)

:0041EE54 750D jne 0041EE63 :0041EE56 33C0 xor eax, eax patch offset 1E254 in hl.exe, change the 750D33C0 to 33C04090

or be boring and patch the check after the call to this bit.

:0043EEA9 E862FFFDFF call 0041EE10 :0043EEAE 85C0 test eax, eax
:0043EEB0 7572 jne 0043EF24 patch offset 3E2B0 in hl.exe, change the 7572 to EB72

OK, it was a bit harder than this but I'm telling you the proper way to crack it, I tried patching
the actual checks that check the cd is readonly, has no free space, that the file sizes are correct,
but there was just too much to follow, i gave up, tried again and after about half an hour, came
up with this, yeah, I did it the boring way by patching the both the jne's after the calls at
0043EEA9 & 0043EEE8, realised that if the first one was a jmp, the second one would never be reached.
screw the check for how many times the cd-check was run, because it passes first time anyway.

love R!SC


by TBS

bei Antwort benachrichtigen