Category : Unprotects for Games and Such
Archive   : BHUNPROT.ZIP

Output of file : BHUNPROT.DOC contained in archive : BHUNPROT.ZIP


BH.EXE VER 10-6-88

Okay, here goes....

Battlehawks: 1942 has your basic manual-style protection: you
are asked to type in a password from the manual, depending on what
silouette of what plane you are presented with on the screen. This
one was fairly easy to crack... I used Symdeb 4.0, running the
application on one machine, and directing the code to another.
This seems to be a very effective way of "debugging" most pieces
of code.

To "tune" Battlehawks to no longer need the password (meaning,
just press return, or enter anything), do the following:

1) Copy your current BH.EXE file to BH.OK, in case you have
some version that this fix won't work on. I had downloaded one
other "fix" that in fact did not work on my version (I don't know
why). If this fails miserably (and when they fail, they do fail
miserably), merely copy BH.OK back to BH.EXE and whimper back to
the drawing board.

2) Then, copy BH.EXE to BH.XXX, so that when you load this
up under Debug, it a) does not get relocated as an .EXE file, and
b) so that you can write back out to the file after making said

3) Do the following:

Debug BH.XXX

at the " - " prompt, type

u cs:2d5c

You should see two jumps in a row for the first two
instructions: a conditional jump, JB somewhere, and an
unconditional jump, JMP somewhere. The JMP somewhere will take you
to the working game, while the JB will blow you up if you enter the
incorrect password. So, by NOPing the JB, the routine will
automatically fall through to the JMP somewhere on the first pass,
and you will go to the functioning game. Not so bad.

Next, type the following:

a cs:2d5c

You will then have a prompt with the address at which you are
about to assemble several instructions. You need to enter NOP's
to overwrite the JB command, which is two bytes long. NOP's are
one byte long, so you need to enter two, like so:


nop [return]
nop [return]

and then press return (again), which returns you to the
" - " prompt.

Then, type


Debug says "writing (some number of) bytes"

and, voila! You have overwritten the JB instruction.

Last, copy BH.XXX back to BH.EXE, and run BH. When prompted
for said password, just press return, and you should be on your

Good luck.

  3 Responses to “Category : Unprotects for Games and Such
Archive   : BHUNPROT.ZIP

  1. Very nice! Thank you for this wonderful archive. I wonder why I found it only now. Long live the BBS file archives!

  2. This is so awesome! 😀 I’d be cool if you could download an entire archive of this at once, though.

  3. But one thing that puzzles me is the “mtswslnkmcjklsdlsbdmMICROSOFT” string. There is an article about it here. It is definitely worth a read: