Unfortunately, this site has restricted functionality as this browser does not support the HTML button formaction attribute.
Unfortunately, this site has restricted functionality as this browser has HTML web storage turned off.

How To Kill Prolock. by Independent (IND)

66 of 20,182 files
Often misspelled, this is an unprotect for ProLok from Vault Corporation. Date is a guess.
hide RetroTxt by Defacto2   The open source web-extension to view many ANSI, ASCII and NFO files as text in your browser, available on Chrome Firefox GitHub
[+] Configuration Select all
PROLOCK.UNP          HOW TO KILL PROLOCK     by the Lone Victor

     This file describes how to eliminate the Prolock code from almost any
file.  It will work for DBASE III, FrameWork, and a number of other programs
that I have tried.  All that is needed is a copy of the program, DEBUG,
and this file.  The original Prolock disk is not needed.  After these fixes
are applied the program will be 6K - 8K smaller and will not require the
original disk to run.

     One limitation built into this script file is the search performed for
the .EXE header (4D 5A).  Thus, the original program, before Prolock was applied,
had to be a .EXE instead of a .COM file.  This is true of most programs, such
as dBase and Framework.  Original .COM files could also be unprotected this
way, but I have yet to find any.

     The following instructions use the dBase III file DBASE.EXE as an
example.  Make careful note of where an example address or number is give.
The numbers will be different for a different file.  Enter the commands
given below which are in capital letters, not the comments and examples.
<CR> means press the Carriage Return or Enter key.


DEBUG DBASE.EXE
R <CR>                          ;record the BX and CX registers
        example: BX=0001    CX=C750
U <CR>                          ;skip first screen
U <CR>                          ;look for a LOOP instruction
        example: xxxx:0167  LOOP  0160
                 xxxx:0169  XCHG  DX,AX
                                ;the addresses need not be the same
                                ;as in the example.
G 169 <CR>                      ;go to the address after the LOOP

S 100 3000 83 C4 08 <CR>        ;search for code
        example: xxxx:0746
                 xxxx:13C4      ;<- use the last address displayed
A 13C4 <CR>                     ;assemble code at address found above
XOR  AX,AX <CR>
RET  <CR>
<CR>

S 100 3000 C0 45 F8 <CR>        ;search for code
        example: xxxx:1140      ;<- use this address
E 1140 0B 46 <CR>               ;enter encoded int 80 at address found

M 0:C F 0:200 <CR>              ;copy BPT vector to int 80 vector

G <CR>                          ;prolock tests diskette drives

S 100 3000 4D 5A                ;search for .EXE header
        example: xxxx:03D6
                 xxxx:06E0
                    .
                    .
                 xxxx:1B50      ;<- use last address displayed

;    This number is the addres of the now decoded, original program, before
;Prolock was applied.  We need to subtract this hex number from the size of
;the original Prolock file (BX,CX we recored fist).
        example   1 C750
                -   1B50
                --------
                  1 AC00

;    This can be done using debug:

H C750 1B50 <CR>                ;ask debug for sum and difference
        example  E2A0  AC00     ;<- use last number

RBX <CR>                        ;load BX and CX with new file size
:0001 <CR>
RCX <CR>
:AC00 <CR>

N DBASE <CR>                    ;choose any new file name
                                ;(use no extention)
W 1B50 <CR>                     ;write out file starting at the address
                                ;of the .EXE file that we found above.
Q <CR>                          ;quit debug

REN DBASE DB.EXE                ;rename new file to a .EXE filename


     That's all there is to it.  The new file contains no Prolock code, and
will run without the original disk.  Here is a brief description of what
was actually done.

     The first LOOP decodes the Prolock code.  We do a GO to the end of
that loop.  The Search for the bytes 83 C4 08 finds the code that prints
the error message when Prolock fails to find it's special disk.  We Assemble
new code at that address which returns a 0 in AX.  This tricks Prolock into
thinking the disk was found, and it then decodes the original .EXE file.

    The Search for the bytes C0 45 F8 finds the code that loads the original
.EXE file.  By the time this code is executed, the .EXE file is decoded and
we want to stop and write it out.  We can't put a Break Point there because
Prolock will destroy our BPT vector.  So we enter the code for an INT 80
at this address and copy or BPT vector to the unused INT 80 vector.  In
addition, this code is "encrypted" by having each byte exclusive ORed with
the byte C6.  Our INT 80 code (CD 80) thus becomes the bytes 0B 46.

    The Move 0:C F 0:200 instruction copies the debug Break Point vector
to the INT 80 vector for use there.  We then do a GO and Prolock checks
the A: drive for a Prolock disk, thinks it finds it, and decodes the
original .EXE file.  Before it can execute the file it hits our INT 80,
which returns us to debug.

    Finally we search for the .EXE header, calculate how long the file
is without the Prolock code, and write it out to a file.  This file
is Renamed to a .EXE file and can then be run.

→e file
is without the Prolock code, and write it out to a file.  This file
is Renamed to a .EXE file and c