Scroll to the bottom for my advice.
First look at the differences in the EXEs:
1.4
- at 4991, changes 39 46 06 to 09 ED 90
Code: Select all
(in play_level())
seg003:006E A1 F8 00 mov ax, copyprot_level
seg003:0071 39 46 06 cmp [bp+level], ax ; <- this
seg003:0074 75 0C jnz loc_47A2
changed to: or bp,bp + nop
Since bp is not zero, jnz will jump, as if level was not equal to copyprot_level.
(copyprot_level tells which level should be preceded by the potions level.)
This happens when you start a new game or load a saved game.
- at 4AAA, changes 39 46 06 to 09 ED 90
Code: Select all
(in play_level())
seg003:0187 A1 F8 00 mov ax, copyprot_level
seg003:018A 39 46 06 cmp [bp+level], ax ; <- this
seg003:018D 75 0E jnz loc_48BD
changed to: or bp,bp + nop
Same as above.
This happens when you go to the next level.
The cracked EXE of CusPop also skips in both ways by changing:
- at 17C3D, changes 02 00 to FF FF
This changes the value of copyprot_level to -1, as if the potions level was already completed.
1.3
- at 22A6, CusPop has EB EB EB EB EB and TUC has 7E 06 A1 B2 44
Code: Select all
(in load_game())
seg000:20A1 83 3E 2E 01 00 cmp copyprot_level, 0
seg000:20A6 7E 06 jle loc_20AE ; <- this
seg000:20A8 A1 B2 44 mov ax, start_level ; <- and this
seg000:20AB A3 2E 01 mov copyprot_level, ax
seg000:20AE loc_20AE:
I'm not sure what was meant here.
"EB EB" jumps to address 0x20A8+(0xEB-0x100)=0x2093, but that is the middle of an instruction!
Maybe 90 (NOP) was meant instead?
- at 4FF1, CusPop has 90 C7 06 9E 00 FF FF EB and TUC has 75 0E 83 3E 2A 01 00 75
Code: Select all
(in play_level())
seg000:4DEB A1 2E 01 mov ax, copyprot_level
seg000:4DEE 39 46 06 cmp [bp+level], ax
seg000:4DF1 75 0E jnz loc_4E01 ; <- this
seg000:4DF3 83 3E 2A 01 00 cmp demo_mode, 0 ; <- and this
seg000:4DF8 75 07 jnz loc_4E01 ; <- and this
seg000:4DFA C7 46 06 0F 00 mov [bp+level], 15
changed to:
Code: Select all
90 NOP
C7069E00FFFF MOV WORD PTR [009E],FFFF
EB75 JMP ...
Here, data:009E is the address of the "copyprot_level" variable *in 1.0(!)* but not in 1.3, so this hack does not work properly!
(In 1.3, data:009E is the middle of the "Error reading 'CONFIG.DAT'." error message.)
When adding CusPop's crack (at "Set up copy protection"), the following also changes:
- at 1B89B, 02 00 to FF FF
This changes the value of copyprot_level to -1, as if the potions level was already completed.
1.0
[V]
- at 46B8, CusPop has 03 and TUC has 01
Code: Select all
(in check_skel())
seg002:0E34 83 3E 9E 40 01 cmp drawn_room, 1
seg002:0E39 74 03 jz loc_44BE
This is a bug in CusPop that I already said a few times:
The skeleton room should default to 1, but CusPop has 3 as default.
(Yes, it's my mistake.)
[W]
- at 4B60, CusPop has 8C 1E 0A 00 FF 1E 08 00 90 and TUC has 89 46 06 A1 9E 00 39 46 06
Code: Select all
(in play_level() of the cracked version)
seg003:0170 8C 1E 0A 00 mov word ptr hack_addr+2, ds
seg003:0174 FF 1E 08 00 call hack_addr
seg003:0178 90 nop
This is a call to some code added by RBM/THG, see below.
[X]
- at 1AA55, CusPop has
0D 00 48 49 00 83 F8 01 75 05 C6 06 0C 00 00 83 F8 02 75 0F 80 3E 0C 00 01 74 08 B8 10 00 C6 06 0C 00 01 89 46 06 A1 9E 00 39 46 06 CB 52 42 4D 2F 54 48 47 20 20 20 20
(..HI....u.........u..>...t..........F....9F..RBM/THG )
and TUC has
4D 53 20 52 75 6E 2D 54 69 6D 65 20 4C 69 62 72 61 72 79 20 2D 20 43 6F 70 79 72 69 67 68 74 20 28 63 29 20 31 39 38 38 2C 20 4D 69 63 72 6F 73 6F 66 74 20 43 6F 72 70
(MS Run-Time Library - Copyright (c) 1988, Microsoft Corp)
RBM/THG made a crack that requires adding some code, and they added it in place of the Microsoft copyright text.
(RBM = R. Bubba Magillicutty, THG = The Humble Guys)
This change also causes a null pointer assignment run-time error when you quit the game,
because this C library checks for null pointer assignment by checking if the null area was changed:
All the bytes from ds:0000 to ds:0041 are xor-ed together, and the result is checked against a fixed value. See check_ms_string in the disassembly.
This check called from exit().
Not the best way to catch NULL pointers, but real mode on a 8086 does not have SIGSEGV / General Protection Fault.
(I already wrote about this here:
viewtopic.php?p=13476#p13476 )
When adding CusPop's crack (at "Set up copy protection"), the following also changes:
- at 1AAEB, changes 02 00 to FF FF
This changes the value of copyprot_level to -1, as if the potions level was already completed.
Note that, after this, a) crashes the game with an "integer divide by 0" error, and b) cracks properly.
CusPop's crack is not compatible with the RBM/THG crack.
The RBM/THG crack checks if the game would load level 2 for the first time, and if this is the case, it tells play_level() to load level 16 instead.
play_level() checks if it should load level 16, and in that case, it loads "copyprot_level" instead (the level that should be preceded by level 15) plus it sets copyprot_level to -1 (disabling level 15).
Now, if CusPoP sets copyprot_level to -1, then this will cause a crash, because the game wants to call tbl_cutscenes[-1].
- [Q] at 4A5F, 75 to EB
Code: Select all
seg003:006A 83 3E 9A 00 00 cmp demo_mode, 0
seg003:006F 75 05 jnz short loc_4866 ; <- this
seg003:0071 C7 46 06 0F 00 mov [bp+level], 15
seg003:0076 loc_4866:
jnz is changed to jmp, to skip going to level 15.
- [R] at 4B72, C7 46 06 0F 00 to 90 90 90 90 90
Code: Select all
(in play_level())
C7 46 06 0F 00 mov [bp+level], 15
Replaced with NOPs.
Disables going to the level 15.
------
I think the best way is to start from the original, non-cracked EXEs, and apply CusPop's crack only.
CusPop's crack changes the value of copyprot_level to -1, as if the potions level was already completed.
- are unpacked,
You can use UPACKEXE for that.
- crack when going from level 1 to level 2,
- crack when immediately loading level 2,
- crack when loading (what? how? where?),
CusPop's crack does that.
- enable all resources in all levels,
CusPop can do that.
- and, finally, preferably do not advertise certain websites in customized texts.
Just start from the original uncracked version.
I'd add yet another thing to your list:
The crack should not have bugs like those mentioned here:
viewtopic.php?p=13476#p13476
I just added CusPop's crack manually to the original EXEs of TUC, and tried the things above.
It seems that this fullfills the crack-related criteria above, but maybe you should also try it.