Commandos - Behind Enemy Lines
I'm going to explain how to copy the game commandos and get it up and running Note: you should only do this if your backing up YOUR original.
Ok first we need to create a copy of the CD, you've probably tried this already but found you can't because there are 4 huge filez, these are BBVN.AFP BTBW.AFP ETAO.AFP TBTP.AFP , so what are these? answer big files :), i'd be interested if anyone has any knowledge on how windoze is tricked into thinking their that size, anyway simply don't copy the four files to your CD.
Now we have a copy, pop your cd in the drive and do a full installation onto your harddrive. Now when you run the game you may notice it doesn't run ;) doh!, i guess those four filez were important so throw away your cd and start again...only joking :p, now if we think hard we can guess that the game is doing a check for these files so lets make the program think everything is ok :D
Disassemble Comandos.exe with WD32asm, it takes a long time........
now when its finished goto the search menu and select find, enter AFP in the find box and click Find.
You'll now see this code, this looks like the section that checks to see if the four files are present, if we scroll on down you'll see the other references to the other AFP files, lets focus on this one at the top first, 99% of the time in these cases the first jump is the jump which jumps depending if the file exists or not, so we should obivously reverse this? well try it.....infact don't i tried it already and it will crash your computer, hmmmm so now what? well if we think about it, if this jump is the files there or not jump then we should go into SoftICE and follow it, then we would eventually be returned from a call which will most likey to followed by a good or bad jump :). You see programmers tend to write a procedures which do certain tasks rather than lots of code all in a main loop, its most likely the programmer wrote a Check_CD-ROM procedure and after this there would a bad or good jump so we need to trace from this jump until we hit a RET a return from this deadly cd check call :)
We need to set a breakpoint before the jump, so lets set one on 0044CB1C, load up Numega SoftICE Symbol Loader, then goto the file menu and select Open Module and select your Comandos.exe now goto the Module menu and select Load click yes to the error about symbol translation, now we can set our breakpoint by typing BPX 0044CB1C now exit from SoftICE by pressing Ctrl+D Comandos will continue to load, now select New game then Single Player during the cD-cHECK SoftICE will kick in and break now press F10 and when we get to that jump at 0044CB2D we see that we jump to the following code
This looks like the second of the files, as we F10 through this code we eventually reach the jmp at the bottom then goto this code
This is the third file, if we keep F10ing we will notice we skip the jump until we reach the jmp again, wonder were we go next :)
Now we are at the fourth file of course you don't really know this as you are steping through the code, its only when you take note of which jumps you jump at and then look back in WD32asm for reference. As we press F10 again through the code we reach the jmp which takes us to
WooHoo! :) we see a RET maybe a return from a Is_The_Stupid_Cd_In_The_Drive procedure proceed on through the code with F10 until we hit the ret, now we return to
Now we have returned from this call lets clear all breakpoints by typing BC * and double click the Call 0044CAF0 it should noew be highlighted, now if we press Ctrl+D to exit SoftICE the Insert CD screen will appear click (R)etry and SoftICE will break in at that call we set, just after this call is a jump press F10 until you are over this jump, we can now see that this jump does jump so lets skip it by altering our EIP, the EIP is the 32bit instruction pointer this tells us what line the next instruction is at, if you look at the top right of your SoftICE screen it will say EIP=0044801C click this and change to EIP=0044801E now the cursor will jump over this jump command, press Crtl+D and Wow! the comandos game continues to load perfectly :)), we can now patch this 7418 to 9090, usually i would explain how to patch the program and get offsets but i feel if your attemping to crack this then you should already know :), my work is done here :) till next time.