3D Ultra Pinball Thrill Ride

@DrWatson

Published in

Hacking Tutorials

· 6 years ago

Target: 3D Ultra Pinball Thrill Ride (c) SIERRA
Website: http://www.sierra.com/attractions/titles/thrillride/
Time required: 5 mins or less
Tools required: The game
Win32dasm
Hex editor (i suggest www.ultraedit.com)

This game has the very easyiest that cdchecks can be. Run the game without the cd and it will say: "The CD is required to play this game." in a messagebox.
So load up win32dasm and dissasemble Pinball.exe.
Now we remember the error message so its a good idea to search for that. You can either search for the text or goto the String ref's to look for it (string ref button is up top, next to the far right one which is print). When u find it, it should look like this:

 
* Referenced by a (U)nconditional or (C)onditional Jump at Addresses: 
|:0042F931(C), :0042F939(U) 
| 
:0042F8FB 8BCB                    mov ecx, ebx 
:0042F8FD E84E000000              call 0042F950 
:0042F902 84C0                    test al, al 
:0042F904 7535                    jne 0042F93B 

* Possible StringData Ref from Data Obj ->"The CD is required to play this " 
                                        ->"game." 
                                  | 
:0042F906 6888054700              push 00470588

If your new to cracking this will most likly make no sence to you at all. But honestly its easy, i will explain.
at 0042F8FD its doing a call which is where the cd check routine can be found. This doesnt need to boffer us though so just ignore. A little below there is a conditional jump:

 
:0042F904 7535                    jne 0042F93B

And if this doesnt jump u can see its going to say the error message. So to avoid this error message we need to the make jump unconditionaly JUMP. Double click on the jump line so it turns green and have a look at the bottom of the win32dasm window. You should see a offset that looks like this: @Offset 0002F904h. Ignore the 'h' and take note of 0002F904. Now open your hex editor and goto offset 0002F904 ( keep scrolling down till you see this at the left hand side).
Now in the asm window you should see on the line somewhere

 
75 35 68 88 05 47 00

Click on the 75 and type EB so it now should say

 
EB 35 68 88 05 47 00

This changed jne to jmp so it will now always jump no matter what. Save the changes and run the exe.
No error message and the game loads to the main menu :) congrats you cracked your first game .

3D Ultra Pinball Thrill Ride

Share this article

Let's discover also

Fun Time: Press Release - Ultra Violent Worlds

Archon Ultra

Famicom: America Oodan Ultra Quiz

Famicom: Chōjin Ultra Baseball

Famicom: Ultraman Club 3: Mata Mata shutsugeki!! Ultra Kyoudai

Famicom: Family Pinball

Famicom: Pinball

Famicom: Pinball Quest

Famicom: Super Pinball

Hyper 3D Pinball

Recent Articles

Mind Control Cult Newsletter -- Issue #5

Mind Control Cult Newsletter -- Issue #4

Mind Control Cult Newsletter -- Issue #3

Mind Control Cult Newsletter -- Issue #2

Mind Control Cult Newsletter -- Issue #1

Physics (Book 8) by Aristotle

Physics (Book 7) by Aristotle

Physics (Book 6) by Aristotle

Physics (Book 5) by Aristotle

Physics (Book 4) by Aristotle

Recent Comments