Tutorial Dark Reign - GOG Insert Your CD - No-CD Patch

Hexui Undetected CSGO Cheats Sinkicheat PUBG Cheat

timb3r

Semi-Retired
Dank Tier VIP
Jul 15, 2018
767
22,668
47
Important:
We do not encourage any copyright infringement. This game will not work as purchased because of a bug in the release at GOG. If you purchase the game there is no way to play it without this patch. On the GOG forums they have posted another patch as well so please don't think we're the bad guys here. They won't fix the release or take it down from the store so in order to play the game you must do this.

dark-reign-snow.jpg


Game: Dark Reign & Expansion
Engine: DR Engine
Studio: Auran Games
Version: GOG
Buy: GOG

The year is 1997: Starship Troopers has just been released with mind blowing special effects and a promptly been torn apart by critics much to the chagrin of Paul Verhooven. It’s also the year the band The Prodigy started releasing their weird 90s electronica.

The 90s was a weird time to be alive anyway this isn’t about pop culture it’s about a little known RTS called Dark Reign. Dark Reign was released to little fan fare and to this day remains relatively obscure. It may have something to do with this being released a few months later.

Opting to play more popular titles at the time Dark Reign would go unknown to me for several years. I’m told (by Wikipedia) that it was exceedingly popular in Australia and Germany. If you played it as a kid drop me comment below.

A few weeks ago I cruising the internet and stumbled across the ‘leaked’ source for Dark Reign 2. Dark Reign 2? I vaguely remember that! I wonder if they have the source code for the original? What followed was a bunch of futile efforts to locate old developers and such to attempt to see if it was even remotely possible to get them to dump it on GitHub ala Id Software.

Something that’s also hilarious is the original site is still up!



Giving up and finding a download

My next step was to find some place to download it. Considering it’s age and relative obscurity I assumed that GOG would probably have it buried under 500 pages of obscure bullshit, and they did (with the expansion).

Launching the game with the GOG supplied exes resulted in this:

are-you-serious.png

Are you fucking serious?

In addition to this kick in the bollocks their “launcher” also terminated my explorer instance. Did they get the intern to do this? What a dumpster fire.

While like usual the community has picked up the slack and fixed it, it still bugged me to no end that GoG would release something in such a broken state and have the audacity charge 10 USD for their slap dick launcher!

Digging into the code

I suspected their ‘launcher’ was nothing more than some AutoIT exe as process explorer informed me they were launching taskkill.exe to terminate explorer. I was more interested in their ‘patch’ and how they were bypassing this old school copy protection method.

Since it’s external I was 99% sure they were calling WriteProcessMemory to patch the game’s logic however it didn’t seem like they were doing this well as the game would either refuse to run, crash or simply do nothing.

Firing up API Monitor it was easy enough to obtain the memory addresses and the bytes they were writing.:

FAIL.png

Well attempting to write to anyway.


Taking those addresses and looking into the program’s memory you can see they correspond to the copy protection routine.

Here’s the start with the MessageBox:

messagebox.png


jmp-yesnocancel.png

CMP EAX, 2 (IDCANCEL)

If you click yes (EAX = 7) the code will jump to this location here:

copy-protection.png

Those two API are the primary means for the copy protection.

Without boring you too much basically the game performs two checks which the calls to WriteProcessMemory fix.

The first is call to GetLogicalDrives to get the number of drives available on the system. The next call is to determine the the drive type (the game searches for DRIVE_CDROM). If it fails to find a CDROM at this point it jumps back to the MessageBox.

If it finds a CDROM it then checks the label to see if it matches “Dkreign” for the original game or “Shadowhand” for the expansion. If it matches the game’s execution is allowed to continue and the game runs normally.

Also to note this routine is called while the game is running as well. So if you ever ejected the CD-ROM while the main game executable was running you’d be kicked back out.

Patching it out

While I could have easily written a ‘launcher’ and copy’n’pasted the WPM calls I’d run into the same problem the GoG launcher had (being terrible). I also ran into another issue: the game unpacks itself at run time.

yep.png

Something is supposed to be here.

Luckily whenever I run into something like this I tend to do things the lazy way. The program as already given us a suitable entry point with the call to MessageBoxA. All we need to do is get code running in the address space of the game and hook / detour a few choice API calls.

After playing around with a proxy DLLs I had laying around and running into yet more issues I ended up proxying the game’s anet2.dll. The approach is simple: anet2.dll is loaded early enough to patch MessageBoxA without crashing the game, then once the hook it called (as MessageBoxA will block the thread) we can safely apply our other hooks and patch the copy protection.

First we modify the call to GetLogicalDrives and add a ‘fake’ drive A:. Then when GetDriveType is called we check to see if it’s A: drive, if it is we lie and return DRIVE_CDROM. Finally when GetVolumeInformationA is called we check for A: again and return the appropriate label for the device.

Correctly doing this means we’ve bypassed the copy protection in a way that will work 100% of time.

Issues

I ran into a strange bug that occurred sometimes on Windows 10 where when launching the Expansion resulted in a blank button appearing on the Single Player Menu. I could have spent more time debugging this but it seemed kind of pointless for a quick no-cd fix for the GoG version.

Clicking on the blank area will still launch the expansion campaign anyway so I didn’t worry about it. If you want to fix this yourself the code is available on Github.

There’s also occasional weirdness with things not loading in correctly (I believe this is due to game unpacking itself at run-time and using relative pointers to decode assets). If you run into issues simply throw the GoG version into the bin and use the community stuff.

Source code attached.
 

Attachments

Last edited by a moderator:

Rake

Cesspool Admin
Administrator
Jan 21, 2014
11,573
78,998
2,316
I was just checking the GOG forums and they still haven't fixed this issue, timb3r to the rescue!
 
Attention! Before you post:

Read the How to Ask Questions Guide
99% of questions are answered in the Beginner's Guide, do it before asking a question.

No Hack Requests. Post in the correct section.  Search the forum first. Read the rules.

How to make a good post:

  • Fill out the form correctly
  • Tell us the game name & coding language
  • Post everything we need to know to help you
  • Ask specific questions, be descriptive
  • Post errors, line numbers & screenshots
  • Post code snippets using code tags
  • If it's a large project, zip it up and attach it

If you do not comply, your post may be deleted.  We want to help, please make a good post and we will do our best to help you.

Community Mods League of Legends Accounts