———————————–
Great game to make your mind think
what you will need
——————————
| 1. original game (find here) 2. an amiga or an amiga emulator (winuae) 3. an action replay cartridge or ar3 rom image for use with winuae |
once u have all these set up we shall begin
| our first task is to see what type of protection this game has so boot the orignal up and play for a while ,notice anything pop up saying goto manual page XX line Xx ect….? no? ok cool then i presume the protection is disc based so boot up your copy of X-COPY (what u mean u dont have it ,dont lie everyone had a copy of this) and lets make a backup of the original disc ,now what this does is well make a backup for us to use (if its possible) and also tells us what type of disc protection is on the game so you start to make a copy and oh no first track upper side has an error :O but thats ok the rest of the tracks are clean |
|
so what this tells us is that this game is not MFM protected so load up the backup disk you just made ok so load up the orignal disk you have and wait for the black screen |
when you do hit old blue (action replay button)
then type D and press enter
you should see something like this
| maybe not around the same address as in the picture but around 60000 area so lets see where the start of this code well starts 😛 type NQ 60000 after a short while some jibberish apears on screen press ESC quick when it does should look like this |
| the start of all this jibberish seems to be at address 06A9DA hmm ok so lets see what jumps into this address type FA 06A9DA this will scan the memory for a part of code that jumps ino this address once its done searching we end up with 2 address points |
| we are interested in the second point the JMP one take note of the address of this point which is 0AE6C ok now we are armed with this address point lets reload the backup disk and just before the crash when the screen turns black press thee action replay button and look at the address point 0AE6C type D 0AE6C you should see a jmp but to an unknown address a weird looking one that seems out of range so lets replace that with the JMP we have type A AE6C JMP 6A9DA then press enter twice to get out of write mode |
| now press X to exit AReplay and see what happens AH the CORE logo apears and the game starts to load 🙂 ok so lets change this on a perminant basis reboot wit hthe backup disk and when the black screen appears fire up the action replay and type M AE6C and a line of numbers and letters will appears press esc to get out of that mode and type RT 0 10 050000 this will read the first part of the disk into memory location 050000 what we need to do now is search for those numbers and letters so type f 4e 26 d2 ec f0 and we end up with 2 address points the first is the one we already have but the second is the one from the disk ,this is the one we need to change so lets check that address type D 545D4 yup its the same weird JMP so type a 545D4 JMP 6A9DA press enter twice now lets write this back to disk type WT 0 10 050000 once this is done reboot and try out our new disk |
woo it works
| this is good enough but well it still takes a second or 2 before the CORE logo appears which means the RNC is still doing its routine and checking so just to be safe lets bypass this incase it gives us problems later in the game so reboot with backup disk and hit old blue on black screen |
| the address highlighted in red is the start of this code so take note of that address AE3C type M AE3C taek note of the first lot of binary 33 FC 80 00 ok now we need to find the RNC like most non dos games the boot code normaly goes to address A498 so lets scan this type D a498 scroll down some alot of harmless code do you see the PEA at address A528 typical RNC so lets edit this to jump to the start od the jmp code but we cant do it in memory we have to edit the disk and all these address wont mean a thing when we edit the disk thsi si why we take note of the binary numbers and letters so we can compare the memory locations with data on the disk so type M A528 |
|
now we are armed once again with numbers and digits 😛 and search for these binarys 🙂 first we need to look for a 52C90 |
Publication author
hmm The Cult style? nb!