Category : Unprotects for Games and Such
Archive   : PIPEDREM.ZIP
Filename : PIPE.UNP

 
Output of file : PIPE.UNP contained in archive : PIPEDREM.ZIP
Unprotect for Pipe Dreams


Tired of looking up codes to play the expensive game that you purchased?
Well, we can do something about this nasty protection scheme.

Working on the hard disk copy (do not modify the original disk).


RENAME PIPE.EXE PIPE (you can't directly modify an exe file)
DEBUG PIPE (you must have DEBUG.COM in the path or in current
dir)
F 100 FFFF FF (erase memory so only the program will be there)
L (reload the program)
S 100 FFFF 83 7E FE 03 7D (search for the first part of protection check,
will give you an address to be used in the next
step)
U {address} (unassemble to check for the proper code)

The unassembled code should look something like this:

-U4F66


xxxx:4F66 837EFE03 CMP WORD PTR [BP-02],+03
xxxx:4F6A 7D03 JGE 4F6F
xxxx:4F6C E995FE JMP 4E04


Replace the JGE with a JMP by:

E 4F6A EB (Press {Enter} to quit editing mode)

Now let's look for the second and last part.

S 100 FFFF 39 46 EA 75 03

U {address}


-u4F8E

xxxx:4F8E 3946EA CMP [BP-16],AX
xxxx:4F91 7503 JNZ 4F96
xxxx:4F93 E90600 JMP 4F9C
xxxx:4F96 B80100 MOV AX,0001
xxxx:4F99 E90300 JMP 4F9F

Remove the JNZ by:

E 4F91 90 90 (Press {Space} to enter next number, {Enter} to
quit)

W (write the modified code back to disk)
Q (quit DEBUG)
RENAME PIPE PIPE.EXE (and rename file back to exe)

Enjoy!



Note: if you have a different version of the game than mine all these
addresses may be different. Hopefully the code will be the same and the
search command will find the proper address. Modify your edits appropriately.


Courtesy of Bad Bob

________________________________________________________________

Bad Bob's unprotect scheme didn't work on my version of Pipe Dream.
Using Bad Bob's information as a starting point, I developed
another set of modifications that worked for my version. If Bad Bob's
first search doesn't find anything, maybe the following will fix it.

RENAME PIPE.EXE PIPE (you can't directly modify an exe file)
DEBUG PIPE (you must have DEBUG.COM in the path or in current
dir)
F 100 FFFF FF (erase memory so only the program will be there)
L (reload the program)

U 4577 (unassemble to check for the proper code)
xxxx:4577 FF46E0 INC WORD PTR [BP-20]
xxxx:457A 837EE003 CMP WORD PTR [BP-20],+03
xxxx:457E 7C03 JL 4583
xxxx:4580 E9FB00 JMP 467E

U 4699 (unassemble to check for the second part of
proper code)
xxxx:4699 8B46EA MOV AX,[BP-16]
xxxx:469C 3987FA02 CMP [BX+02FA],AX
xxxx:46A0 7406 JZ 46A8
xxxx:46A2 B80100 MOV AX,0001
xxxx:46A5 EB03 JMP 46AA

If both sections of the above code is found, apply the following two changes.
The first change removes the JL in the first section of code. The second
change replaces the JZ with a JMP.

E 457E 90 90 (change JL to NOPs)
E 46A0 EB 08 (replace JZ with JMP 46AA)

W (write the modified code back to disk)
Q (quit DEBUG)
RENAME PIPE PIPE.EXE (and rename file back to exe)

----JDM


  3 Responses to “Category : Unprotects for Games and Such
Archive   : PIPEDREM.ZIP
Filename : PIPE.UNP

  1. Very nice! Thank you for this wonderful archive. I wonder why I found it only now. Long live the BBS file archives!

  2. This is so awesome! 😀 I’d be cool if you could download an entire archive of this at once, though.

  3. But one thing that puzzles me is the “mtswslnkmcjklsdlsbdmMICROSOFT” string. There is an article about it here. It is definitely worth a read: http://www.os2museum.com/wp/mtswslnk/