<pre>
-----------------------------------------------------+
These informations are for educational purposes only!|
-----------------------------------------------------+

Bug Error 2000
---------------

The Cracking Answer
--------------------

Nox 1.1 NO CD
--------------

Tools That you'll need
-----------------------

- W32dasm 8.93
- Hiew 6 or higher


Initial notes
--------------

- First, install the full game
- Make sure that the cd isn't on your drive :))


First approach with the CD-check protection
--------------------------------------------

- Run the game
- You must see this : "Nox CD Not Found"
- Click on OK, we'll correct this bug ;)


Disassembling File with W32dasm
-------------------------------

- Load W32dasm and open "game.exe"
- After a few time, the file'll be disassemble
- Now, click on "Strn Ref" button => Next to Print button
- Scroll down till you find : "CDFailText"
- Double-click on this, and you'll see :


* Possible StringData Ref from Data Obj ->"CDFailText"
                                  |
:00413273 68D47A5700              push 00577AD4
:00413278 E833BDFFFF              call 0040EFB0
:0041327D 83C410                  add esp, 00000010
:00413280 50                      push eax
:00413281 68C7000000              push 000000C7


- Now, scroll up till you see this :


* Referenced by a CALL at Address:
|:0043B372   
|
:00413210 A188405F00              mov eax, dword ptr [005F4088]
:00413215 83EC08                  sub esp, 00000008
:00413218 56                      push esi
:00413219 BE06000000              mov esi, 00000006
:0041321E 3BC6                    cmp eax, esi
:00413220 0F87F3010000            ja 00413419
:00413226 FF248530344100          jmp dword ptr [4*eax+00413430]
:0041322D E87EEC0000              call 00421EB0  => If you trace into this, you'll see GetDriveTypea, argggggggg, i dislike this ;)
:00413232 85C0                    test eax, eax
:00413234 A38C405F00              mov dword ptr [005F408C], eax
:00413239 7559                    jne 00413294
:0041323B E870020000              call 004134B0
:00413240 E85B740300              call 0044A6A0
:00413245 6800080000              push 00000800
:0041324A E84173FFFF              call 0040A590
:0041324F 83C404                  add esp, 00000004
:00413252 85C0                    test eax, eax
:00413254 7405                    je 0041325B
:00413256 E835020000              call 00413490


- Be sure that you're on 0041322d and take a look at the bottom to see the offset, this is 0001322d
- Not this offset, you'll need this


Crack the "fordrac.exe" file
-----------------------------

- To do this, you'll need Hiew
- Launch Hiew, and load "game.exe"
- Press F4  and choose "decode"
- Press F5, and enter the offset, here it is 0001322d
- Press F4 and choose "Hex"
- Press F3 to edit and type B80200
- Press F9 to update the EXE
- Run the game, and, Hiiiiiiiihaaaaaaaaa, you cracked Nox 1.1 ;)


Cracking source code
---------------------

Const
      FileN         : String  = 'game.exe';    {name of file to patch}
      BytesToChange : Integer = 3;               {bytes to patch}
      FileS         : LongInt = 1802240;          {size if the exe, to check the version}
      A             : Array[1..3] of Record
                                      A : Longint;
                                      B : Byte;
                                     End =

((A:$1322d;B:$b8), {offset to modify + code to replace}
(A:$1322e;B:$02),
(A:$1322f;B:$00));

Var
  F     : File;
  Ch    : Char;
  I     : LongInt;

Begin
fichier.filename := '*.exe';
fichier.filter := FileN;
if fichier.execute then
begin
  AssignFile(F, fichier.filename);
  Reset(F,1);
  If FileSize(F)<>FileS then
     begin
     ShowMessage('File is incorrect size');
     halt(1);
     end
     else
     begin
  end;
  For I := 1 to BytesToChange do
     begin
     Seek(F,A[I].A);
     Ch:=Char(A[I].B);
     Blockwrite(F,Ch,1);
  end;
  ShowMessage ('File successfully cracked');
end;
end;
end.

---------------------------------------------------
These informations are for educative purpose only!|
---------------------------------------------------
</pre>