Unlocking Painkiller's Editor

Joined: Sun Jan 04, 2015 11:23 pm

Unlocking Painkiller's Editor

Post by atom0s » Wed Jun 10, 2015 9:59 am

Here is a simple rundown to unlock Painkiller: Black Edition's level editor. When you start the editor you are greeted with a lovely:
'Please insert the correct CD-ROM'

This is a quick overview of how to find and defeat this message.

1. Load the PainEditor.exe into a program such as IDA. (Or any other disassembler/debugger of your choice.)
2. Search for the string 'Please insert the correct CD-ROM'.
3. Once found, locate the start of the function call where it was used:

Code: Select all

.text:00403510 sub_403510      proc near               ; CODE XREF: sub_403690+3Ap
.text:00403510 LCData          = byte ptr -70h
.text:00403510 Text            = byte ptr -64h
.text:00403510 var_63          = byte ptr -63h
.text:00403510                 sub     esp, 70h
.text:00403513                 push    esi
.text:00403514                 push    edi
.text:00403515                 push    0Ah             ; cchData
4. Trace what called this function:

Code: Select all

.text:004036B9                 xor     ebx, ebx
.text:004036BB                 cmp     [eax+6F8h], bl
.text:004036C1                 jnz     short loc_4036CF
.text:004036C3                 mov     byte_51CB40, 1
.text:004036CA                 call    sub_403510 <------------- CALLS THE NO CD FOUND MESSAGE
5. Patch the jump just before this call from jnz to jmp.

To patch the file easily, open it up in a hex editor. Then search for the bytes:
33 DB 38 98 F8 06 00 00

Just after the bytes are found you will see:
75 0C

Change the 75 to EB.

Done. The editor will now work like normal.
