Download SWIV 3D Assault

Added to site2002-12-31
Rating94/100
Votes10


swiv3dassault.zip (85415 bytes)

namesizecompressed
SWIV 3D Assault.txt 10798 3103
File_ID.diz 472 188
FiX.nfo 2083 1090
swiv3Dfx.com 583 454
swiv_WIN.com 586 460
swiv_DOS.com 582 454
swiv_D3D.com 587 460
.exe 167936 78482

SWIV 3D Assault.txt

Free Information Xchange '98 presents:

SWIV 3D Assault - CD check crack by Static Vengeance

Requirements:
Hex editor and full install

	SWIV is a 3D action shooter that's ok, it allows you to choose between six different
types of vehicles to blast things with.  The 3Dfx version has great graphics and effects and
even the other versions run well.  However there is a little problem with the game and that
is it's copy protection.  And when I read this "** Special Note:  When playing SWIV 3D Assault,
you must leave the CD-ROM in the drive.  Removal of the CD during gameplay will cause the copy
protection to fail and your system may crash. **" in the readme.txt I said screw that!  I'll
just remove it first.  So I go out W32Dasm and disassembled the glide (3Dfx) version of the
game as that's the version I want to play.  I went up to the menu bar and selected "Refs"
and went to 'String data references'  From there I grabbed the slider bar and scrolled down to
"No CD-ROM!" and double clicked it.  Working backwards I had a crack in about 6 minutes.  This
is what I started with, so follow along:

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00424BC2(C)                                                      <-- Long conditional jump
|
* Possible StringData Ref from Data Obj ->"No CD-ROM!"             <-- String we're looking for
                                  |
:00426026 C7056C0D490024044900    mov dword ptr [00490D6C], 00490424

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00426024(U)
|
:00426030 E873B30100              call 004413A8

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00424BB4(C)
|
:00426035 E84A210000              call 00428184

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00424BA7(C)
|
:0042603A E83D450300              call 0045A57C

* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00424B9A(C), :00424D07(C), :00424D28(C), :00424D61(C)
|
:0042603F 89EC                    mov esp, ebp
:00426041 5D                      pop ebp
:00426042 5F                      pop edi
:00426043 5E                      pop esi
:00426044 5A                      pop edx
:00426045 59                      pop ecx
:00426046 5B                      pop ebx
:00426047 C3                      ret

	Looking at this section of code I really didn't seem to see how or what was
leading the program to get to this point... That's becuase I had assumed that the
conditional jump was more local then it turned out to be.  After taking a second
look at the referring jump from 424BC2 I realized it came from a ways a way.  So
we will have to check out that section of code and see what it does.

  -- Program Code--
:00424B93 E80C590300              call 0045A4A4
:00424B98 85C0                    test eax, eax
:00424B9A 0F849F140000            je 0042603F
:00424BA0 E867330000              call 00427F0C
:00424BA5 85C0                    test eax, eax
:00424BA7 0F848D140000            je 0042603A
:00424BAD E8A2C70100              call 00441354
:00424BB2 85C0                    test eax, eax
:00424BB4 0F847B140000            je 00426035
:00424BBA E8A1CEFEFF              call 00411A60            <-- CD check???
:00424BBF 83F801                  cmp eax, 00000001        <-- Check result
:00424BC2 0F855E140000            jne 00426026             <-- Jump to print "No CD-ROM!" routine
:00424BC8 B8B80B0000              mov eax, 00000BB8
:00424BCD E8C2270500              call 00477394
:00424BD2 C745E446000000          mov [ebp-1C], 00000046
  -- More Program Code --

	Seeing the conditional jump that leads to the No CD-ROM! section and the
cmp eax comand, it stands to reason that the preceeding call is some type of CD
check.  So let's check into it a bit to see what it does.

* Referenced by a CALL at Address:
|:00424BBA   
|
:00411A60 53                      push ebx
:00411A61 51                      push ecx
:00411A62 52                      push edx
:00411A63 56                      push esi
:00411A64 57                      push edi
:00411A65 55                      push ebp
:00411A66 89E5                    mov ebp, esp
:00411A68 81ECB4000000            sub esp, 000000B4
:00411A6E 6A00                    push 00000000
:00411A70 6A50                    push 00000050
:00411A72 8D854CFFFFFF            lea eax, dword ptr [ebp+FFFFFF4C]
:00411A78 50                      push eax

* Possible StringData Ref from Data Obj ->"status cdaudio length track 7"
                                  |
:00411A79 B8D4014900              mov eax, 004901D4
:00411A7E 50                      push eax

* Reference To: WINMM.mciSendStringA, Ord:0004h              <-- Calls through WINMM.DLL
                                  |
:00411A7F 2EFF1590045E00          Call dword ptr cs:[005E0490]
:00411A86 8D854CFFFFFF            lea eax, dword ptr [ebp+FFFFFF4C]
:00411A8C E838B80600              call 0047D2C9
:00411A91 8945EC                  mov dword ptr [ebp-14], eax
:00411A94 6A00                    push 00000000
:00411A96 6A50                    push 00000050
:00411A98 8D854CFFFFFF            lea eax, dword ptr [ebp+FFFFFF4C]
:00411A9E 50                      push eax

* Possible StringData Ref from Data Obj ->"status cdaudio length track 9"
                                  |
:00411A9F B8F4014900              mov eax, 004901F4
:00411AA4 50                      push eax

* Reference To: WINMM.mciSendStringA, Ord:0004h
                                  |
:00411AA5 2EFF1590045E00          Call dword ptr cs:[005E0490]
:00411AAC 8D854CFFFFFF            lea eax, dword ptr [ebp+FFFFFF4C]
:00411AB2 E812B80600              call 0047D2C9
:00411AB7 8945F0                  mov dword ptr [ebp-10], eax
:00411ABA 6A00                    push 00000000
:00411ABC 6A50                    push 00000050
:00411ABE 8D854CFFFFFF            lea eax, dword ptr [ebp+FFFFFF4C]
:00411AC4 50                      push eax

* Possible StringData Ref from Data Obj ->"status cdaudio length track 3"
                                  |
:00411AC5 B814024900              mov eax, 00490214
:00411ACA 50                      push eax

* Reference To: WINMM.mciSendStringA, Ord:0004h
                                  |
:00411ACB 2EFF1590045E00          Call dword ptr cs:[005E0490]
:00411AD2 8D854CFFFFFF            lea eax, dword ptr [ebp+FFFFFF4C]
:00411AD8 E8ECB70600              call 0047D2C9
:00411ADD 8945F4                  mov dword ptr [ebp-0C], eax
:00411AE0 6A00                    push 00000000
:00411AE2 6A50                    push 00000050
:00411AE4 8D854CFFFFFF            lea eax, dword ptr [ebp+FFFFFF4C]
:00411AEA 50                      push eax

* Possible StringData Ref from Data Obj ->"status cdaudio length track 5"
                                  |
:00411AEB B834024900              mov eax, 00490234
:00411AF0 50                      push eax

* Reference To: WINMM.mciSendStringA, Ord:0004h
                                  |
:00411AF1 2EFF1590045E00          Call dword ptr cs:[005E0490]
:00411AF8 8D854CFFFFFF            lea eax, dword ptr [ebp+FFFFFF4C]
:00411AFE E8C6B70600              call 0047D2C9
:00411B03 8945F8                  mov dword ptr [ebp-08], eax
:00411B06 837DEC04                cmp dword ptr [ebp-14], 00000004
:00411B0A 7506                    jne 00411B12
:00411B0C 837DF00A                cmp dword ptr [ebp-10], 0000000A
:00411B10 7402                    je 00411B14

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00411B0A(C)
|
:00411B12 EB09                    jmp 00411B1D

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00411B10(C)
|
:00411B14 C745FC01000000          mov [ebp-04], 00000001
:00411B1B EB1E                    jmp 00411B3B

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00411B12(U)
|
:00411B1D 837DF406                cmp dword ptr [ebp-0C], 00000006
:00411B21 7506                    jne 00411B29
:00411B23 837DF805                cmp dword ptr [ebp-08], 00000005
:00411B27 7402                    je 00411B2B

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00411B21(C)
|
:00411B29 EB09                    jmp 00411B34

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00411B27(C)
|
:00411B2B C745FC01000000          mov [ebp-04], 00000001       <-- Remember the cmp eac,00000001?
:00411B32 EB07                    jmp 00411B3B

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00411B29(U)
|
:00411B34 C745FC00000000          mov [ebp-04], 00000000

* Referenced by a (U)nconditional or (C)onditional Jump at Addresses:
|:00411B1B(U), :00411B32(U)
|
:00411B3B 8B45FC                  mov eax, dword ptr [ebp-04]   <-- How eax gets load with value
:00411B3E 89EC                    mov esp, ebp
:00411B40 5D                      pop ebp
:00411B41 5F                      pop edi
:00411B42 5E                      pop esi
:00411B43 5A                      pop edx
:00411B44 59                      pop ecx
:00411B45 5B                      pop ebx
:00411B46 C3                      ret

	So from this you can see that the game checks for the CD through a series of calls
to WINMM (windows Multi-Media dll).  At the end of the routine there is a short section that
returns with either a 00000000 or 00000001.  Ok, if we change the call to the above code to
mov eax,00000001 then the game will think everything is fine and will continue on as if it
had found the CD in the drive, which is what we want.  There are 4 diferent versions of
SWIV 3D Assault out right now.  A windows version, a Win 3Dfx, a DOS versions and there is a
version that was released on the net that is a Direct3D version.  I have provided the crack
for all four versions:


Edit each version of SWIV
swiv_wfx.exe (3Dfx) at offset 85,946
swiv_win.exe (win)  at offset 85,946
swiv_wdx.exe (D3D)  at offset 85,418
=============================
Search for: E8 A1 CE FE FF
Change to : B8 01 00 00 00

Edit swiv_dos.exe at offset 298,490
===================================
Search for: E8 05 DC FE FF
Change to : B8 01 00 00 00

	If the bytes are not there, then search for 83 F8 01 0F 85 5E 14 00 00, then when
you find them, back up five (5) bytes and chagne the "E8 xx xx xx xx" to "B8 01 00 00 00"
That will produce a cracked version of SWIV.  Funny, that each version including the DOS
version had the same offset in the conditional jump.  Well that's it for SWIV 3D Assault!
No more CD checks for this one becuase it's been FiX'ed

Static Vengeance


File_ID.diz

----------------------------------------
       Free Information Xchange
         Share the Knowledge!
________________________________________
      ____________    ___
     /  ______/\  \  /  /   FiX  
     \  \_____  \  \/  /
      \_____  \  \    /
     ______/  /   \  /
     \_______/tatic\/engeance
________________________________________
 Tutorial and crack for SWIV 3D Assault
         From SCI / Interplay
----------------------------------------


FiX.nfo

       Free Information Xchange  -=|=-  Share the Knowledge!

   Date: [ 01/18/98 ]       CD crack and tutorial by Static Vengeance ]
Program: [ SWIV 3D Assault SCI / Interplay Production                 ]
    URL: [                                                            ]
Comment: [ Covers Windows, 3Dfx, D3D and DOS versions                 ]
Protect: [ Read the tutorial for complete information                 ]
Contact: [ [email protected]                             ]

   http://www.crackstore.com   Simply the best for game cracks!

 Greets: [ shadowRUNNER  esoteric  TonyTOP  Zor                       ]

   Lame: [ Hall of Lame Members - "crackers" who have stolen my work:

    Smakker : MK4 patch1
The GODLike : MK4
        BCX : MK4 patch1
      Gonzo : VR Powerboat Racing

Credit where credit is due lamers, otherwise crack it yourself!

FiX Tutorials:
Addiction Pinball
Balls of Steel v1.0 - v1.2
Battle Arena Toshinden 2
Centipede 3D
Claw v1.20 & 1.3beta
Cyber Gladiators
CyberTroopers: Virtual-On
Daytona USA
Daytona USA Deluxe v1.0 & D3D patch
Deathtrap Dungeon
Frogger v1.0 - v3.0u
Get Medieval
Hardcore 4x4
Hexen II v1.03 - v1.11 OpenGL and DirectX
House of the Dead
Incoming v1.0 - current & OEM bundled
Last Bronx
ManxTT Supperbikes v1.0 & v1.1
Master Mind CD & v7.3
Monopoly StarWars Edition v1.00z & v1.03b
Mortal Kombat 3
Mortal Kombat 4 v1.0 - Patch3
Motocross Madness
Need for Speed 3 CD & net patch1
Pandemonium
Powerboat Racing
Powerslide
ProPinball - The Web
ProPinball - Timeshock! v1.05 - 1.09b
RE-Loaded Win95/PowerVR patch
Sega Rally v1.0 & MMX upgrade
Sega Touring Car Championship v1.0 & v1.03
Shadow Master
Shipwreckers!
Speedboat Attack DirectX & 3Dfx
SWIV 3D Assualt all versions
Tempest 2000
The Divide
Turok
Twisted Metal 2
Ultim@te Race Pro all upto v1.4
Unreal all versions CD - 2.16
Virtua Figter v1.0 & DirectX3 upgrade
Virtua Figter 2 all versions
Virtua Squad
Virtua Squad 2
Wargods
WipeoutXL D3D & PowerVR
World Wide Soccer v1.0 & D3D patch


# 0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z