How to crack paul.dll (BF2, Test Drive Unlimited ...)

{FS}p3ng3l

New Member
1- Look for a decompiler such as PE Explore - you will need the full-blown version. The trial version does not allow date stamp removal

2- Make a backup copy of paul.dll

3- Decompile paul.dll and run CTRL Y command to get all the values available. You will see “000h6h6h6? - this is normal, don’t panic. Just run the dissassembler in preferred mode and it will do all the work for ya.
4- Mark every hex ending with 06 as a “tag for later analysis” in group 1. Just conduct a search for them under group 1 and earmark them for later the information is used to detect the absolute offsets to the various content items in the file (for example: mov eax, offset L0041F46A, jmp L004A49FE) - don’t worry about the “49? values, they will never re-appear in the same column. You should end up with 1026 marked entries. If you have more, then this means you also marked the glossary items found in the same target tree. Just delete these extra files. You will end up saving yourself some time. These entries are created to enable SecuROM in dedicated mode. If you disable this feature, you’ll thank me later. If you don’t then that’s OK, because you’ll have to re-enter a second sample of hexes into the decompiler and crash the old values.
5- Change every earmarked hex (except the ones contained in the 2nd tree ending with hex 0c) to check all the new values. You must first render these values with an hex renderer, such as WEP Key Generator, in order to render the proper values.

OPEN UP WEP
SET UP A KEY GENERATION FOR 16 KEYS
ADD A GENERIC ALGORITHM - SOMETHING LIKE “2X3-4+ all 16/500? THIS WILL SET UP THE NEW KEY GENERATOR AND TELL IT TO GENERATE A KEY FOLLOWING THE ASSIGNED FORMULA.
ONCE YOU HAVE GENERATED A FEW THOUSAND KEYS - I RECOMMEND SETTING UP AT LEAST 25,000 KEYS, COLLATE THEM WITH THE FORMULA AND EXPORT THEM BACK TO PE Explorer UNDER “NEW KEYS” AND END THE STATEMENT WITH THE ORIGINAL FORMULA. YOU DECIDE ON YOUR OWN FORMULA BUDDY. IT’S YOUR ASS, NOT MINE.
NOW YOU WILL HAVE TO ENCODE THE ORIGINAL FORMULA. DON’T PANIC!!! JUST USE SOMETHING LIKE A SAT FORMULA MODEL CHECKER
ENCODE THE FORMULA AND COPY ALL THE RESULTS TO YOUR HEX EDITOR.
COPY THE HEX VALUES AND IMPORT THEM IN PE Explorer.

IS EVERYBODY STILL WITH ME SO FAR???

NOW THE EASY PART!!!

Note that with some PE files, for example those compressed by a packing utility, the original values of these flags do not survive decompression. This can produce very strange disassembly listings. DON’T PANIC !!! To alleviate this problem use the available resource table - NOT THE VALUE TABULATOR, because this will screw everything up. Once you reach the max byte of generated data, you’ll notice something very exciting indeed: YOUR CODE WILL NOW BE RUN IN EMULATION MODE, THEREFORE, IT WILL BE RESIDENT IN THE ACTUAL CODE. Isn’t this just fabulous??? Just a little trick I learned in school… hehe

6- Now don’t get too excited yet…Enter the new values by importing them from PCI Hexer - they will collate themselves in a new library under a second family (tree now ending with the new hexes generated)
7- SecuROM will be automatically disabled at this point - WOOHOO. I always use WS_EX_DLGMODALFRAME command to do this. You decide on your own…
8- Re-enable the partitioned values located in the source .dll and remove the date stamp with PE Explorer
9- re-enter the last tree ending with hex c9 and remove the debug info
10- save the new .dll under paul.dll and overwrite the old file.
replace the overwrite paul.dll with your new project and you’re ALMOST home buddy!

Now you are set to strip the new .dll and restamp it
Restamp the date with PE Explorer
Reset the debug attributes but DON’T IMPLEMENT THE ORIGINAL DATA!!!. This is very important. If you overwrite the data, you’ll screw everything up.
Your last eight (*) bytes are now ready - you should see the new header now commencing with c0060 - this is good
The new class will now be viewable. Delete the original one
save your project

START THE GAME
ENTER THE LAST CODE YOU GENERATED WITH THE WEP KEYGEN

PLAY THE GAME
 

ooo

New Member
wow that is confusing......................holy shit......im like totally lost. im NOT with you lol..someone rewrite it and explain wtf he is doing pls
 
D

DiSTANTX

Guest
if anyone understood this, please upload a patched paul.dll for bf2142 beta
 
D

DiSTANTX

Guest
omg such a n00b question

it lets you get in the beta...for LOCAL playing
 

A_Tiny_Chipmunk

New Member
yea ok soz for a noob question i just had realy no idea what u guys were talking about :p
y would u want it to be beta when u can play local any way ?
 

idunnoman

New Member
Can anyone get me a paul.dll for Terminator Salvation? I'm really desperate for it. I have no idea how to crack it and I can't find it on Google. Please... I would really appreciate it if someone could.
 

Jake

Full Member
Can anyone get me a paul.dll for Terminator Salvation? I'm really desperate for it. I have no idea how to crack it and I can't find it on Google. Please... I would really appreciate it if someone could.


Did you look on the date of the thread?
And I doubt you can use this tutorial to crack Terminator Salvation since this tutorial was made before Terminator Salvation existed.
 
Top