Is this still a problem?
Some time ago, Andrew asked me in PM about disabling the potions level. (He wrote he was making an "Ultimate Prince Patching Project", but he didn't post anything related to that.)
This was the simplest I could come up with: (You need to start with the original EXE.)
David wrote:Also, I have found yet another way for disabling in PoP1:
Find the word "unpack". After that, there are some 00-s (and in 1.3 and 1.4, the version string), and then a 02.
That 02 determines which level should be preceded by the copy protection level. Interestingly, if you replace it with 00, the copy protection level will not appear, not even when loading a saved game.
The only problem with this method is that 1.3 and 1.4 restore this value after a Ctrl-R. In these versions, you should replace 02 and the 00 following it with FF FF.
The other cracks (which all seem to be based on the RBM/THG one) have this bug: (Andrew said that's why he wanted to redo them.)
Make sure you have a saved game.
Start the game in cheat mode. Press Ctrl-L on the title screen.
Press Shift-L until you get to level 1. - Or, press Ctrl-R and any key to start a new game.
If you press Shift-L now, you'll get to the saved level.
But wait, there's more:
Again, press Shift-L until you get to level 1. (Don't use Ctrl-R this time!)
If you press Shift-L now, the game will crash with an "R6003 - integer divide by 0" error, leaving DosBox in a messy state.
I debugged the game to see what's happening, and the bug involves these:
- some code was added in place of the "Run-Time Library" text, *
- some flag-byte is used by this code, that is not in sync with the rest of the game,
- this code would load level 16 that would come after level 15, and the game would use it to detect when it needs to continue after an interruption - but only the first time,
- level 16 is an out-of-bounds index into the cutscenes table,
- this causes the game to jump into random memory (0001:010C),
- and finally an ES: AAM ON 0
instruction (26 D4 00) (at 0001:0400) stops all this madness.
* By the way, this is why the game always exits with an error, which originally was "R6001 - null pointer assignment", but RBM/THG replaced it with their message.
The location of the null segment can be observed in a link map. It starts at DS:0 and is 42H bytes long. The Microsoft copyright notice is written there at program startup and if this area is written to during the course of the program, the run-time error R6001 will be generated upon program termination.
Indeed, this is the part of prince.exe that checks this:
Code: Select all
seg010:0FFE check_ms_string proc far ; CODE XREF: exit+2CP
seg010:0FFE push si
seg010:0FFF xor si, si
seg010:1001 mov cx, 42h ; 'B'
seg010:1004 xor ah, ah
seg010:1007 loc_17AC7: ; CODE XREF: check_ms_string+Cj
seg010:1008 xor ah, al
seg010:100A loop loc_17AC7
seg010:100C xor ah, 55h
seg010:100F jz loc_17AE2
seg010:1011 call write_runtime_error
seg010:1016 mov ax, 1 ; null pointer assignment
seg010:1019 push ax
seg010:101A call write_errmsg
seg010:101F mov ax, 1
seg010:1022 loc_17AE2: ; CODE XREF: check_ms_string+11j
seg010:1022 pop si
seg010:1023 check_ms_string endp
(Uhh, I've been writing this post for almost an hour! (It's not unusual for my detailed posts!) I'd better submit it now!)