Hi. I am new to ASM and am trying to remove a CD check. I have been successful at this a few times on some older stuff, but this new one I am trying to remove has me stumped. I have tried a few JMP's, but without any luck.

Any gurus out there want to share a bit of wisdom with an ASM n00b?

Thanks in advance!

Sorry, almost forgot:

Protection ID Output:

File Type : Exe, Size : 5908224 (05A2700h) Byte(s)
-> File Appears to be Digitally Signed @ Offset 05A1800h, size : 0F00h / 03840 byte(s)
[Heuristics] -> Flag : 00000000000000000000000000100100
[!] File appears to have no protection or is using an unknown protection
- Scan Took : 0.454 Second(s)

Errr whats the game?

It's not a game, its a driving app. I was hoping someone with ASM experience would be able to give me a bit of help eitherway.

place breakpoints on

GetDriveTypeA
GetDriveTypeW

see what happens, or try and x-ref the text shown in the messagebox asking for the disk

A driving Application?

I think TippeX didnt notice that.

So is this App protected by a serial? But a name for the program would be an advantage.

Tried that. I was able to turn off the 'Please insert CD' (once I change the JMP the actual pop-up dialog box comes up, but the text saying 'Please insert CD' is missing.

Normally, I know exactly what you mean, finding the text and changing JE to JNE or vise verse works. Something is different this time.

I searched the string references in W32DASM and found a few references to the 'Please insert' CD - attached is a JPG from the output in W32DASM.

I also did a search for GetDriveTypeA and changed the CALL CMP 05 to CALL CMP 03 in the two offsets where I found GetDriveTypeA, but that had no effect either.

I have attached a picture of the 'please insert CD' text from W32DASM.

A driving Application?

I think TippeX didnt notice that.

So is this App protected by a serial? But a name for the program would be an advantage.

Nope, no serial, just a CD check.

I tried making an image in Alcohol and DaemonTools, but it noticed that and gave an error stating imaging software detected. Trying to mount a network drive also threw up an error as it could tell it the CD wasn't local.

Above the first instance of the string, find out if there is coding before hand.

There may be a jmp just before it which takes into the cd-check sub routine. From there you can change some stuff.

Or it could show you if the coding jumped to that location, then its a matter of going back to where its referenced from and seeing what transpires there.


There is also the possibility that information like videos or whatever is run from the CD instead of the HD. So when you even change some coding, it may still look for that file which presents you with another insert CD message.

1. you're using beginner tools.. w32dasm is DEAD.. try olly, its considerably better
2. patching cmp eax, 03 from cmp eax, 05 is a VERY old trick, and i doubt it works now, it sounds like the program is checking deeper, volume name, serial etc...


if you can find the procedure doing it all, usually patching it to a 33 c0 40 c3 ( or 33 c0 c2 xx depending on the params passed, and its scope)... might do the trick...