108 lines
4.9 KiB
Plaintext
108 lines
4.9 KiB
Plaintext
Wordstar 2000 version 1.00 - Unprotect
|
||
by Gerald Lee
|
||
|
||
derived from
|
||
|
||
dBase III version 1.10 - Unprotect
|
||
by The Lone Victor
|
||
|
||
The following instructions show you how to bypass the SoftGuard
|
||
copy protection scheme used on WORDSTAR 2000 version 1.00. This is the
|
||
same scheme used for FrameWork 1.10 and for dBase III version 1.10.
|
||
Wordstar 2000 version 1.10 does not use a copy protection scheme, while
|
||
versions 1.00 of dBase III and FrameWork used ProLock. To unprotect
|
||
Prolock disks read the file PROLOCK.UNP.
|
||
|
||
First, using your valid, original Wordstar 2000 diskettes, install
|
||
it on fixed disk. Softguard hides two files in your root directory:
|
||
CML0200.HCL and VDF0200.VDW. WS2000.EXE is the real Wordstar 2000
|
||
program, encrypted. When you run Wordstar, the program WS2000.COM loads
|
||
CML0200.HCL high in memory and runs it. CML decrypts itself and reads
|
||
VDF0200.VDW. The VDF file contains some code and data from the fixed disk
|
||
FAT at the time of installation. By comparing the information in the VDF
|
||
file with the current FAT, CML can tell if the CML, VDF, and WORDSTAR.EXE
|
||
files are in the same place on the disk where they were installed. If
|
||
they have moved, say from a backup & restore, then WORDSTAR 2000 will
|
||
not run.
|
||
|
||
Second, un-hide the two files in the root directory. You can do
|
||
this with the programs ALTER.COM or FM.COM, or UNHIDE.COM and HIDE.COM
|
||
found on any BBS. PC-SWEEP2 is the easiest it will copy the files to
|
||
another directory unhidden.
|
||
|
||
Make copies of the two files, and of WS2000.COM and WS2000.EXE, into
|
||
some other directory.
|
||
|
||
Hide the two root files again if using ALTER or FM. Leave alone if
|
||
using PC-SWEEP2.
|
||
|
||
Following the WORDSTAR instructions, UNINSTAL WORDSTAR 2000. You
|
||
can now put away your original WORDSTAR diskettes. We are done with them.
|
||
|
||
Next we will make some patches to CML0200.HCL to allow us to trace
|
||
through the code in DEBUG. These patches will keep it from killing our
|
||
interrupt vectors.
|
||
|
||
DEBUG CML0200.HCL
|
||
E 3F9 <CR> 2A.4A <CR> ; change the 2A to 4A
|
||
E 49D <CR> F6.16 <CR> ; if any of these numbers don't show up
|
||
E 506 <CR> E9.09 <CR> ; it's not working.
|
||
E A79 <CR> 00.20 <CR> ;
|
||
E AE9 <CR> 00.20 <CR> ;
|
||
E 73C 97 FA FA F4 F1 7E <CR> ; this is an encrypted call to 0:300
|
||
W <CR> ; write out the new CML file
|
||
Q <CR> ; quit debug
|
||
|
||
|
||
Now copy your four saved files back into the root directory and
|
||
hide the CML0200.HCL and VDF0200.VDW files using ALTER, FM or PC-SWEEP2.
|
||
|
||
We can now run WS2000.COM using DEBUG, trace just up to the point
|
||
where it has decrypted WORDSTAR.EXE, then write that file out.
|
||
|
||
DEBUG WS2000.COM
|
||
R <CR> ; write down the value of DS for use below.
|
||
A 0:300 <CR> ; we must assemble some code here
|
||
POP AX <CR>
|
||
CS: <CR>
|
||
MOV [320],AX <CR> ; save return address
|
||
POP AX <CR>
|
||
CS: <CR>
|
||
MOV [322],AX <CR>
|
||
PUSH ES <CR> ; set up stack the way we need it
|
||
MOV AX,20 <CR>
|
||
MOV ES,AX <CR>
|
||
MOV AX,0 <CR>
|
||
CS: <CR>
|
||
JMP FAR PTR [320] <CR> ;jump to our return address
|
||
<CR>
|
||
G 406 <CR> ; now we can trace CML
|
||
T <CR>
|
||
G 177 <CR> ; this stuff just traces past some
|
||
G 1E9 <CR> ; encryption routines.
|
||
T <CR>
|
||
G 54E <CR> ; wait while reading VDF & FAT
|
||
G=559 569 <CR>
|
||
G=571 857 <CR> ; WS2000.EXE has been decrypted
|
||
rBX <CR> ; length WS2000.EXE = 1AC00 bytes
|
||
:1 <CR> ; set BX to 1
|
||
rCX <CR>
|
||
:AC00 <CR> ; set CX to AC00.
|
||
nWS12 <CR> ; name of file to write to
|
||
W XXXX:100 <CR> ; where XXXX is the value of DS that
|
||
; you wrote down at the begining.
|
||
Q <CR> ; quit debug
|
||
|
||
Last, unhide and delete the two root files CML0200.HCL, VDF0200.VDW,
|
||
and WS2000.COM and WS2000 directory. Rename WS12 to WS2000.COM and
|
||
replace in the WS2000 directory. This is the routine that starts the
|
||
real WS2000.EXE program without any SoftGuard code or encryption. It
|
||
requires the .OVL and .MSG files to run. I have not tried it on a two
|
||
disk systems but I think it should work.
|
||
|
||
If you have any comments on this unprotect routine, please leave
|
||
them
|
||
on the Chino RBBS (714) 591-7002.
|
||
|
||
GERALD LEE - 5/12/85
|
||
|
||
|