Introduction
As a kid, I used to play Taz: Wanted on my PC, but nowadays it’s impossible to play these old games as most modern PCs don’t have a CD drive. While you can easily download no-CD cracks, where the CD checks have been removed, it’s more fun to create your own no-CD patch. In this post, I’ll show you how I was able to create my own no-CD patch for Taz: Wanted.
CD Check
After installing Taz: Wanted on my PC, I encountered a screen prompting me to insert the Taz: Wanted CD-ROM into my CD drive.
Analysis
Let’s find out how this check is being performed. Quick Googling around, old forum posts mention how games would just check for a CD-ROM drive on the PC, with a disk inserted that has a string
of the game as the label. We will open the Taz.exe file open in Ghidra and see if we can find out if this CD-ROM check is done the same.
Once the executable is open in Ghidra, we will want to use all Analyzers and let it analyse.
My first thought is, if it is just checking if there is a CD Drive on the PC, and then checks if the Label of the CD-Drive is equal to something, I should check libraries that the executable imports.
Under kernel32.dll I see that GetDriveTypeA
and GetVolumeInformationA
are referenced in the executable, and they are only ever referenced once, is this possibly the function that checks the CD-ROM and is the “copy protection”?
If I go to this reference, I can see in the decompiled view below.
At first glance, I can see that GetDriveTypeA
is being assigned a variable, and is then being compared to the value 5
. UVar2 = GetDriveTypeA((LPCSTR)local_138);
if ((UVar2 == 5)
Looking at the documentation for the function GetDriveTypeA we see that a return value of 5, means the drive is a CD-ROM drive. Looks like we have where our check is done.
Looking further down this function, we can see references to a string in the executable TazWanted
as well as CD Found\n
. This gives us further confirmation that this is the function checking that a CD-ROM drive is present, and a CD is inserted that has the label TazWanted
.
If bVar8
is not 0, it then returns what looks to be a non 0 value. We can safely rename this FUN_004a1f10
to CD_CHECK
. With this we can check what is actually calling CD_CHECK
and see if we can just skip calling this CD-ROM function altogether. By showing all references of this CD_CHECK
we can see that it’s mentioned 3 times by 1 other function FUN_004a1de0
. Let’s jump to this function.
We can see that it assigns uVar2 = CD_CHECK();
a variable to the returned result. It then just does a return at the end if a simple condition is met with the returned result of CD_CHECK
.
If we just return out of this function before the CD_CHECK does the game continue on as usual? Let’s patch this CALL CD_CHECK
and change it to just a RET
, then save and export this executable and replace the Taz.exe in the C:\Program Files (x86)\Infogrames Interactive\TazWanted
directory and test it out.
Successs!
The game launches to the main menu now, doesn’t prompt to enter our Taz: Wanted CD-ROM and we can now play the game!