===============================================================================================================
       Title : ECSTATICA 2 (GAME)
     Version : 1.0 (should work with all versions)
  Protection : Cd Check
    Producer : http://www.psygnosis.com
     Cracker : Zaks (zakssim@geocities.com)
       Tools : None
  Difficulty : Easy
Tutorial No. : 4
	Font : Courier New
===============================================================================================================

1) Install Ecstatica 2. Remove the cd from your cd drive. Run the game "You must have Ecstatica cd in your...". Remember or better write down the message. Now make backup of e2win95.exe and look for a moment at your install dir (exmpl c:\games\ecst2). You quickly notice a file called : cdpath . Looks interesting. Lets open it (notepad should work just fine). Hmm we just have there our cd drive letter (to me it was E:). Ok lets try to change it to our install dir (exmpl c:\games\ecst2). Now copy all yor cd into your install dir. You should have four new directories : Code, Hires, Music, Views. Everything is about 586 MB. Run the game. Same error message. Shit.

2) Open your backuped exe (exmpl e2win95.bak) in W32dasm. First look for getdrivetypea. Could not find it. So do I. Now lets search for our error message. At the end of String data references you find "You must have ECSTATICA CD". Perfect. Double click on this message. We are here :

* Possible StringData Ref from Data Obj ->"%sCODE\ECSTATIC.FAN"
                                  |
:00410844 6870034700              push 00470370
:00410849 8D842494010000          lea eax, dword ptr [esp+00000194]
:00410850 31FF                    xor edi, edi
:00410852 50                      push eax
:00410853 893DE49D4700            mov dword ptr [00479DE4], edi
:00410859 E823E60400              call 0045EE81
:0041085E 83C40C                  add esp, 0000000C
:00410861 31D2                    xor edx, edx
:00410863 8D84248C010000          lea eax, dword ptr [esp+0000018C]
:0041086A E8894A0300              call 004452F8				<- This looks very familiar
:0041086F 85C0                    test eax, eax				<- Exact check routine
:00410871 0F8583000000            jne 004108FA				<- Good Boy
:00410877 8B2D9C9D4700            mov ebp, dword ptr [00479D9C]
:0041087D 83FD03                  cmp ebp, 00000003
:00410880 750D                    jne 0041088F
:00410882 8B159CAE5E00            mov edx, dword ptr [005EAE9C]
:00410888 A198AE5E00              mov eax, dword ptr [005EAE98]
:0041088D EB5C                    jmp 004108EB

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00410880(C)
|
:0041088F 83FD01                  cmp ebp, 00000001
:00410892 753C                    jne 004108D0
:00410894 68DF000000              push 000000DF

* Possible StringData Ref from Data Obj ->"Die ECSTATICA CD mu%c sich in "
                                        ->"Ihrem CD-ROM Laufwerk"
                                  |
:00410899 6884034700              push 00470384
:0041089E 8D442408                lea eax, dword ptr [esp+08]
:004108A2 50                      push eax
:004108A3 E8D9E50400              call 0045EE81
:004108A8 83C40C                  add esp, 0000000C
:004108AB 68F6000000              push 000000F6

* Possible StringData Ref from Data Obj ->"befinden, wenn Sie das Spiel spielen "
                                        ->"m%cchten."
                                  |
:004108B0 68B8034700              push 004703B8
:004108B5 8D8424D8000000          lea eax, dword ptr [esp+000000D8]
:004108BC 50                      push eax
:004108BD E8BFE50400              call 0045EE81
:004108C2 83C40C                  add esp, 0000000C
:004108C5 8D9424D0000000          lea edx, dword ptr [esp+000000D0]
:004108CC 89E0                    mov eax, esp
:004108CE EB1B                    jmp 004108EB

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:00410892(C)
|
:004108D0 83FD02                  cmp ebp, 00000002
:004108D3 750C                    jne 004108E1

* Possible StringData Ref from Data Obj ->"votre lecteur CD-ROM pour jouer "
                                        ->"au jeu."
                                  |
:004108D5 BAE8034700              mov edx, 004703E8

* Possible StringData Ref from Data Obj ->"Vous devez avoir le compact disque "
                                        ->"ECSTATICA dans"
                                  |
:004108DA B810044700              mov eax, 00470410
:004108DF EB0A                    jmp 004108EB

* Referenced by a (U)nconditional or (C)onditional Jump at Address:
|:004108D3(C)
|

* Possible StringData Ref from Data Obj ->"drive to play the game."
                                  |
:004108E1 BA44044700              mov edx, 00470444

* Possible StringData Ref from Data Obj ->"You must have the ECSTATICA CD "	<- Here we are

3) So look at :

:0041086A E8894A0300              call 004452F8				<- This looks very familiar
:0041086F 85C0                    test eax, eax				<- Exact check routine
:00410871 0F8583000000            jne 004108FA				<- Good Boy

We know what to do. Just change jne (85 - in this case) to je (84) or you even can make a jump but it is more difficult. So we do this and run the game.... The cd error is passed but what the hell is this. There is another error and as I see it is conected to a file (so the game can not find a file and can not run without it). Hmm I thought for a minute or two and just returned to our file cdpath.

4) Copy back your original e2win95.exe. Now let us copy thouse directories (Code, Hires, Music, Views to our root directory (exmpl c:\). Open your cdpath file and change E: (in my case) with c: . Run the game. Shit, it says the game can not find graphics or something like this. Copy directory called graphics to your root (c:\).
Run the game. Excelent. It works.

5) Wait a minute. Although the game runs this way I do not like to have this directories in my root. So I installed the game in directory c:\Ecst2. Then in this directory I created a dir called Gamedata and copied thouse directories (Code, Hires, Music, Views and Graphics) in it. Then I wrote in cdpath this: c:\ecst2\gamedata . And it works. I also found that your cdpath will work if :
A) The path is not the same as installed path (exmpl if your installed dir is c:\ecst2 and in cdpath is written c:\ecst2 the game will not run)
B) The level of directories in cdpath do not exceed 2 (this mean that you can not write in your cdpath c:\games\ecst2\gamedata - this is level 3 directories)
I do not know why the cdpath runs in this way  ... There must be some kind of check I think. But the game runs perfectly in c:\Ecst2 and your Code, Hires, Music, Views, Graphics directories in Gamedata and cdpath changed to c:\ecst2\gamedata.
Ohh I almost forgot. You can delete your dir called graphics (in c:\ecst2) because you have it in gamedata.

===============================================================================================================

09.18.2000
Written by Zaks [DBC]