Cracked POP w/ copy protection level

[pop1]

Hi everyone, new member here. I have been trying to find a cracked version of pop1 that does not omit the copy protection level. I seem to remember playing a version years ago that included the copy protection level and the only thing different about it was that it allowed the player to just drink any one of the potions to advance to level 2. Does this version actually exist or am I being completely delusional? If not, does anyone know of a guide showing how to hex-edit the prince.exe file to achieve this effect?

[David]

I seem to remember playing a version years ago that included the copy protection level and the only thing different about it was that it allowed the player to just drink any one of the potions to advance to level 2.

I also remember playing such a version.
However, it had some more differences:
* The hurting potions[*] on level 2 and 8 didn't do anything.
This is probably because, to achieve the goal, all hurting potions were changed to opener potions.
[*] I would say "blue potions", but I played that version with a black-and-white screen.
* Time didn't count down, there were always "60 minutes left".

See also the end of this post: viewtopic.php?p=15777#p15777

does anyone know of a guide showing how to hex-edit the prince.exe file to achieve this effect?

To change all hurting potions to opener potions:
(On all levels, as in the version that I played.)

The relevant part of the disassembly:

Code: Select all

seg006:149C                      label_is_potion:
seg006:149C FF 0E 80 4F                          dec     pickup_obj_type
seg006:14A0 A1 80 4F                             mov     ax, pickup_obj_type
seg006:14A3 0B C0                                or      ax, ax
seg006:14A5 74 1F                                jz      label_health_potion
seg006:14A7 3D 01 00                             cmp     ax, 1
seg006:14AA 74 48                                jz      label_life_potion
seg006:14AC 3D 02 00                             cmp     ax, 2
seg006:14AF 74 64                                jz      label_feather_potion
seg006:14B1 3D 03 00                             cmp     ax, 3
seg006:14B4 74 66                                jz      label_invert_potion
seg006:14B6 3D 04 00                             cmp     ax, 4
seg006:14B9 75 03                                jnz     loc_816E
seg006:14BB E9 80 00                             jmp     label_evil_potion
seg006:14BE                      loc_816E:
seg006:14BE 3D 05 00                             cmp     ax, 5
seg006:14C1 74 60                                jz      label_open_potion
seg006:14C3 E9 A0 00                             jmp     locret_8216

(Of course you need to start with a non-cracked version.)
Search for: 3D 04 00 75 03 E9 80 00
Change: 80 to 65

-OR-

To change all potions on level 15 to opener potions:
(Does not affect other levels.)

The relevant part of the disassembly:

Code: Select all

seg008:19DE                      lbl_potion:
seg008:19DE 8B 5E FE                             mov     bx, [bp+curr_tile_modif]
seg008:19E1 B1 05                                mov     cl, 5
seg008:19E3 D2 27                                shl     byte ptr [bx], cl ; shift potion modifier
seg008:19E5 83 3E 9E 0F 0F                       cmp     current_level, 15 ; are we on level 15? (then place an open potion)
seg008:19EA 74 03                                jz      loc_B60F
seg008:19EC E9 02 01                             jmp     end
seg008:19EF                      loc_B60F:
seg008:19EF 8B 36 56 43                          mov     si, copyprot_plac
seg008:19F3 D1 E6                                shl     si, 1
seg008:19F5 A1 66 59                             mov     ax, loaded_room
seg008:19F8 39 84 A2 00                          cmp     copyprot_room[si], ax ; is this the selected room?
seg008:19FC 74 03                                jz      loc_B621
seg008:19FE E9 F0 00                             jmp     end
seg008:1A01                      loc_B621:
seg008:1A01 8B 46 06                             mov     ax, [bp+tile_ix]
seg008:1A04 39 84 BE 00                          cmp     copyprot_tile[si], ax ; is this the selected tile?
seg008:1A08 74 03                                jz      loc_B62D
seg008:1A0A E9 E4 00                             jmp     end
seg008:1A0D                      loc_B62D:
seg008:1A0D 8B 5E FE                             mov     bx, [bp+curr_tile_modif]
seg008:1A10 C6 07 C0                             mov     byte ptr [bx], 0C0h ; place open potion
seg008:1A13 E9 DB 00                             jmp     end

(Of course you need to start with a non-cracked version.)
Search for: 83 3E 9E 0F 0F 74 03
Change: 74 03 to 74 21

[Norbert]

Another way to achieve this is to start with a non-cracked version and then use a level editor to manually change regular blue potions into special blue potions. In apoplexy, the tiles of special blue potions contain the text "activate room 8 upper left". Then it doesn't matter which potion the game changes: all potions will open the level exit door, because they all activate the raise button in the upper left of room 8.

(1) One way to accomplish this: if you export a PRINCE.EXE with CusPop, "Set up copy protection" is already on (level) 2. So all you need then is a level editor to edit the potions level; level 15. With apoplexy you can Shift+left click to easily place another tile you just used.

(2) Another way to accomplish this: start with the cracked PRINCE.EXE in apoplexy's prince/ directory and change FF FF to 02 00 at 0x1C62E to enable the potions level. Then use the level editor as described above.

(3) A third way: Andrew's Ultimate Collection (download) contains various PRINCE.EXE versions, both non-cracked and cracked. You can start with one of its non-cracked variants, but beware that those do not have all resources enabled in all levels. (Out of the box, you won't be able to use a chomper on level 1, for example.)

If you don't want to do any hex editing, use variant (1).

[pop1]

@Norbert
Thanks for the response. I've never used a level editor, so I was looking for a simple solution like the one David has mentioned.

@David
Went with the second option and it worked like a charm. Thanks so much for that. And just to clarify, when you say level 15, I assume you mean the copy protection level?

[David]

And just to clarify, when you say level 15, I assume you mean the copy protection level?

Yes, level 15 is the copy protection level. (Also known as potions level.)
Level editors display it as level 15. But now I see that you "never used a level editor".

[pop1]

And just to clarify, when you say level 15, I assume you mean the copy protection level?

Yes, level 15 is the copy protection level. (Also known as potions level.)
Level editors display it as level 15. But now I see that you "never used a level editor".

Gotcha, thanks.

[Andrew]

To change all potions on level 15 to opener potions:
(Does not affect other levels.)

The relevant part of the disassembly:

Code: Select all

seg008:19E5 83 3E 9E 0F 0F                       cmp     current_level, 15 ; are we on level 15? (then place an open potion)
seg008:19EA 74 03                                jz      loc_B60F
.
.
.
seg008:1A0D                      loc_B62D:
seg008:1A0D 8B 5E FE                             mov     bx, [bp+curr_tile_modif]
seg008:1A10 C6 07 C0                             mov     byte ptr [bx], 0C0h ; place open potion
seg008:1A13 E9 DB 00                             jmp     end

(Of course you need to start with a non-cracked version.)
Search for: 83 3E 9E 0F 0F 74 03
Change: 74 03 to 74 21

Hi David, just a couple of questions to increase my understanding:

1) Since current_level is being compared to 15 and not 0, shouldn't the JZ after the CMP be a JE instead? Edit: Ok, I answered this myself with the help of Intel's Programmer's Reference Manual. Looks like the opcode (74) for both JZ and JE are the same, so they are mnemonically equivalent. Wonder why they had to unnecessarily confuse matters by using 2 names though?

2) By replacing the 03 with 21 you're making it jump directly to the loc_B62D label, right?

[Norbert]

Wonder why they had to unnecessarily confuse matters by using 2 names though?

According to someone on Stack Overflow the difference is used to indicate what you're doing: explicitly testing for something being equal to zero (JZ) or a CMP instruction (JE).

[Andrew]

According to someone on Stack Overflow the difference is used to indicate what you're doing: explicitly testing for something being equal to zero (JZ) or a CMP instruction (JE).

Ah, so in the disassembly above it should have been JE just as I initially thought, right?

[David]

Ah, so in the disassembly above it should have been JE just as I initially thought, right?

Yes.
The disassembler I used, IDA, disassembles this opcode as JZ, and it has no option to change it to JE.
Other disassemblers can do it differently, though.
Those that I know pick either JZ or JE and always use that.
(Similarly for the other conditional jumps.)

Looks like the opcode (74) for both JZ and JE are the same, so they are mnemonically equivalent. Wonder why they had to unnecessarily confuse matters by using 2 names though?

The idea is that CMP does a subtraction and sets the flags according to the result.
The result is zero if the two numbers are equal.

They could have made separate flags for Equal and Zero, but why if they can merge them?
Therefore, they also had to merge JZ and JE.

Note that when you're *writing* assembly code, you can use either JZ or JE as you wish.

Other CPUs also merge Equal and Zero, and the assemblers may or may not support alternate mnemonics.

Code: Select all

6502/65816: BEQ addr ( / BZ addr / BIZ addr )
68k: BEQ addr
Z80: JR Z,addr
ARM: BEQ addr
SPC700: BEQ addr
IBM 370: BC 8,addr ( / BZ addr / BE addr )
It's also called BEQ on various other CPUs...

2) By replacing the 03 with 21 you're making it jump directly to the loc_B62D label, right?

To calculate the destination address:
0x19EA (the address of the jump instruction) + 0x2 (the length of the jump instruction) + 0x21 (the new byte) = 0x1A0D
Yes, it jumps there.

[Andrew]

They could have made separate flags for Equal and Zero, but why if they can merge them?
Therefore, they also had to merge JZ and JE.

All right, although I still don't see why JZ is required. Isn't JZ after all the same as Jump if Equal to 0? So why is 0 so special that a special mnemonic JZ is required for it, whereas for all other numbers JE can be used?

Thanks for the info., especially the interesting bit about other CPU architectures.

[David]

I know one case when JE instead of JZ might be confusing: after TEST instructions.

For example:

Code: Select all

test ax,1
jz label

This jumps if the least significant bit of ax is Zero.

[Andrew]

Nice, finally a use case where JZ makes sense.

[Andrew]

Speaking of the copyprot level, how do I replicate the following?



Also, is something like this possible for PoP2 as well?

[Norbert]

Reminds me of this:

[...]

Jalal once made a MOD for the potions level, where it was not called: "Drink potion with the first letter of the blablabla word in the blablabla line of the blablabla page in the manual."
but: "Drink potion, labeled blablabla."

"Drink the potion labelled A."
It's here: http://www.popuw.com/forum/viewtopic.php?t=2111

(That forum link no longer works and it's not in any of the archives either.)