Dec 092017
Fully functional unprotect for Battlehawks: 1942, BH.EXE version dated 10-6-88.
File BHUNPROT.ZIP from The Programmer’s Corner in
Category Unprotects for Games and Such
Fully functional unprotect for Battlehawks: 1942, BH.EXE version dated 10-6-88.
File Name File Size Zip Size Zip Type
BHUNPROT.DOC 2618 1232 deflated

Download File BHUNPROT.ZIP Here

Contents of the BHUNPROT.DOC file


BH.EXE VER 10-6-88

Okay, here goes....

Battlehawks: 1942 has your basic manual-style protection: you
are asked to type in a password from the manual, depending on what
silouette of what plane you are presented with on the screen. This
one was fairly easy to crack... I used Symdeb 4.0, running the
application on one machine, and directing the code to another.
This seems to be a very effective way of "debugging" most pieces
of code.

To "tune" Battlehawks to no longer need the password (meaning,
just press return, or enter anything), do the following:

1) Copy your current BH.EXE file to BH.OK, in case you have
some version that this fix won't work on. I had downloaded one
other "fix" that in fact did not work on my version (I don't know
why). If this fails miserably (and when they fail, they do fail
miserably), merely copy BH.OK back to BH.EXE and whimper back to
the drawing board.

2) Then, copy BH.EXE to BH.XXX, so that when you load this
up under Debug, it a) does not get relocated as an .EXE file, and
b) so that you can write back out to the file after making said

3) Do the following:

Debug BH.XXX

at the " - " prompt, type

u cs:2d5c

You should see two jumps in a row for the first two
instructions: a conditional jump, JB somewhere, and an
unconditional jump, JMP somewhere. The JMP somewhere will take you
to the working game, while the JB will blow you up if you enter the
incorrect password. So, by NOPing the JB, the routine will
automatically fall through to the JMP somewhere on the first pass,
and you will go to the functioning game. Not so bad.

Next, type the following:

a cs:2d5c

You will then have a prompt with the address at which you are
about to assemble several instructions. You need to enter NOP's
to overwrite the JB command, which is two bytes long. NOP's are
one byte long, so you need to enter two, like so:


nop [return]
nop [return]

and then press return (again), which returns you to the
" - " prompt.

Then, type


Debug says "writing (some number of) bytes"

and, voila! You have overwritten the JB instruction.

Last, copy BH.XXX back to BH.EXE, and run BH. When prompted
for said password, just press return, and you should be on your

Good luck.

 December 9, 2017  Add comments

Leave a Reply