【Apple Silicon】IDA Pro，😁，俺回來了！

Core Purpose

1. Drive Letter Scanning
   Iterates through all drive letters (A: to Z:) to locate CD/DVD drives containing a specific protection file.

2. CD-ROM Verification
   Uses GetDriveTypeW() to verify if a drive is a CD/DVD-ROM (type 5), filtering out other storage devices.

3. File Existence Check
   Searches for a critical file (likely a copy protection signature) using GetFileAttributesW(). Requires:

   • File exists (GetFileAttributesW() != -1)
   • Is a regular file (!(attributes & 0x10), i.e., not a directory)

Key Features

• Error Suppression
  SetErrorMode(1) silences system dialogs (e.g., “no disc” errors) during scanning.

• String Handling
  Dynamically constructs paths:

  sub_55D910(v10, v1);        // Converts drive letter (e.g., 65/'A') to string
  sub_6211E0(Block, v2, L":\\"); // Appends ":\" to drive letter (e.g., "A:\\")

• Resource Management
  Uses buffer reallocation checks (vXX >= 8) and free() calls to manage dynamically allocated path strings.

• Termination Conditions
  Exits early when:

  • A valid CD-ROM drive containing the target file is found (returns drive letter as __int16)
  • All drives (A-Z) are scanned without success (returns 0).

Protection Workflow

Speculated File Characteristics

The target file (referenced in lpFileName) is likely:

• A hidden/read-only file to deter casual copying
• Located in the root directory of the disc
• Contains cryptographic signatures or unique disc identifiers
• Filename possibly obfuscated/hardcoded (not visible in snippet)

Why This Defeats Simple Copies

• Checks for physical media (CD-ROM drive type)
• Requires original disc structure (specific root file)
• Silent operation prevents user debugging via error messages
• Iterative scanning thwarts virtual drive tricks (e.g., unmounted drives)

This function forms the media verification layer of the protection system, ensuring the game only runs with an original disc inserted. Later stages would validate the file’s contents against game binaries.

Looking at this disassembled function, this appears to be a CD-ROM drive detection routine that’s specifically designed to locate a physical CD drive containing what’s likely the original game disc. Here’s my analysis of its purpose and features:

Primary Purpose

This function scans through all available drive letters (A-Z, ASCII 65-90) to find a CD-ROM drive that contains a specific file, presumably part of the copy protection scheme.

Key Features & Functionality

Drive Enumeration: The function iterates through drive letters starting from ‘A’ (ASCII 65) up to ‘Z’ (ASCII 90), systematically checking each one.

CD-ROM Detection: It uses GetDriveTypeW() with a return value check of 5, which corresponds to DRIVE_CDROM in the Windows API. This specifically targets optical disc drives.

File Verification: For each CD-ROM drive found, it constructs a file path and uses GetFileAttributesW() to verify that:

• The file exists (return value != -1)
• The target is a file, not a directory (checks that the directory flag 0x10 is not set)

Error Suppression: The function calls SetErrorMode(1u) at the start, which corresponds to SEM_FAILCRITICALERRORS. This prevents Windows from showing error dialog boxes when accessing drives that might not be ready (like empty CD drives).

Memory Management: The code includes extensive string buffer management and cleanup, suggesting it’s building file paths dynamically.

Copy Protection Strategy

This is a classic “disc-in-drive” copy protection check. The software is likely looking for a specific file that exists on the original CD but wouldn’t be present on a copied disc or when running from a hard drive installation. The function returns the drive letter (as an integer) where the authentic disc is found, or 0 if no valid disc is detected.

This type of protection was common in the 1990s and early 2000s, requiring users to keep the original CD in their drive to play the game, even after installation.

Here’s what this routine is doing, step by step, and why it fits into a CD‑based copy‑protection scheme:

1. Suppressing error pop‑ups

   uMode = SetErrorMode(1);

   It calls SetErrorMode(SEM_FAILCRITICALERRORS), so that if it probes a non‑existent or unready drive (e.g. no disk in the drive), Windows won’t show a “please insert a disk” dialog.

2. Brute‑forcing through all drive letters ‘A’…‘Z’

   for (v1 = 'A'; v1 <= 'Z'; ++v1) {
       // … build up a path based on letter v1 …
   }

   It loops v1 from 65 to 90 (ASCII ‘A’ to ‘Z’), attempting each letter as a candidate.

3. Constructing the root path string

   v2 = sub_55D910(v10, v1);               // e.g. allocates/formats “A:\” in v10
   v3 = sub_6211E0(Block, v2, L":\\");     // maybe splits or duplicates that string
   sub_52F360(v3, 0, -1);                  // something like wcscpy or wcslwr

   Although the exact helpers are unknown, they’re clearly allocating and formatting a wide‐string like "X:\" for the current drive letter.

4. Checking for CD‑ROM drive type

   if ( GetDriveTypeW(lpRootPathName[0]) == DRIVE_CDROM )
       … 
   else
       continue;

   It calls GetDriveTypeW(L"X:\") and compares against 5 (which is DRIVE_CDROM). Only CD‑ROM drives keep going.

5. Reading some volume information or label

   sub_533920(dword_BAE350 + 76, v8);

   This almost certainly calls GetVolumeInformationW under the hood, storing the CD’s volume label (or serial) into a buffer at dword_BAE350 + 76. Many copy‑protections used a custom volume label check.

6. Verifying presence of a special file

   FileAttributesW = GetFileAttributesW(lpFileName[0]);
   if ( FileAttributesW != INVALID_FILE_ATTRIBUTES 
        && !(FileAttributesW & FILE_ATTRIBUTE_DIRECTORY) )
       break;    // success!

   It calls GetFileAttributesW on another constructed path lpFileName[0] (likely something like "X:\PROTECT.DAT" or whatever the protection file is called). If the file exists and is not a directory, it treats that as a match.

7. Cleanup and return

   • On success it stores the drive letter in v0 and jumps out.
   • On failure to find any matching CD‑ROM, it leaves v0 = 0.
   • It frees any heap buffers it allocated along the way.
   • Restores the original error‑mode with SetErrorMode(uMode) and returns v0 (the ASCII code of the working drive, or 0).

What this tells us about the copy‑protection feature

• Drive enumeration & type check: it’s explicitly looking for a CD‑ROM drive, so the software expects an optical disc.
• Volume label check: by calling (presumably) GetVolumeInformationW, it can verify the disc has the correct volume name—many protection schemes would tell users to “label your CD ‘GAMEPROT89’” or rely on the genuine manufacturer’s disk label.
• File‐presence check: it looks for a specific, presumably hidden or custom file (like COPYPROT.DAT or a uniquely named binary blob) that wouldn’t be present on a simple data‐only copy.
• Stealth: suppressing Windows dialogs and cleaning up all allocations makes this check “silent,” so a casual user copying files off the disc wouldn’t even see an error prompt.

Taken together, this function is the classic “find the original CD” routine: scan all drives, find the one that’s a CD‑ROM, verify it has the right volume label and that a secret/protected file exists, and return that drive letter (or zero if no valid CD is found).

Purpose: CD Drive and Media Verification

The primary purpose of this function is to locate a specific file on a CD-ROM drive. This is a very common technique used in CD-based copy protection schemes to verify that the original, authentic game or software disc is present in the computer.

The function systematically checks each available drive, determines if it’s a CD-ROM drive, and if so, looks for a predefined “check file.”

Functional Breakdown

1. Iterate Through Drive Letters: The function loops through all possible drive letters from ‘A’ to ‘Z’. This is evident from the initialization of v1 to 65 (the ASCII code for ‘A’) and the loop’s exit condition, which checks if v1 has exceeded 'Z' (ASCII 0x5A).

2. Suppress System Errors: The call SetErrorMode(1u) at the beginning is crucial. It prevents the operating system from showing a pop-up message (like “There is no disk in the drive.”) if it checks a drive that is empty. This ensures the copy protection check runs silently in the background without interrupting the user. The original error mode is restored at the end of the function.

3. Identify CD-ROM Drives: Inside the loop, the function calls GetDriveTypeW. It specifically checks if the result is 5, which corresponds to DRIVE_CDROM. This step filters out hard drives, network drives, and other non-CD devices.

4. Check for a Specific File: Once a CD-ROM drive is identified, the code calls GetFileAttributesW to check for the existence of a particular file. The function isn’t just checking if any CD is present, but if the correct CD is present, which is verified by the existence of this specific file. The file’s path is constructed by combining the drive letter with a hardcoded filename (likely referenced by dword_BAE350 + 76).

5. Return Value:

   • If a CD-ROM drive containing the target file is found, the loop is broken, and the function returns the ASCII value of the drive letter (e.g., 69 for ‘E’).
   • If the loop completes without finding the file on any CD-ROM drive, the function returns its initial value of 0, indicating failure.

In summary, this function is a classic “CD check” routine. Its sole feature is to confirm the physical presence of the original media by searching all CD-ROM drives for a unique file.

__int16 FindCDDriveWithFile()
{
    UINT uOldErrorMode = SetErrorMode(SEM_FAILCRITICALERRORS);
    __int16 foundDrive = 0;

    for (__int16 driveLetter = 'A'; driveLetter <= 'Z'; driveLetter++)
    {
        // Build drive root path (e.g., "A:\\")
        WCHAR szDriveRoot[4] = { driveLetter, L':', L'\\', L'\0' };
        
        // Check if drive is CD-ROM
        if (GetDriveTypeW(szDriveRoot) != DRIVE_CDROM)
            continue;

        // Build expected file path (global + relative path)
        const WCHAR* pBasePath = *(const WCHAR**)(dword_BAE350 + 76);
        size_t baseLen = wcslen(pBasePath);
        size_t rootLen = wcslen(szDriveRoot);
        
        WCHAR* szFilePath = (WCHAR*)malloc((rootLen + baseLen + 1) * sizeof(WCHAR));
        wcscpy(szFilePath, szDriveRoot);
        wcscat(szFilePath, pBasePath);

        // Check if file exists and is not a directory
        DWORD dwAttrs = GetFileAttributesW(szFilePath);
        if (dwAttrs != INVALID_FILE_ATTRIBUTES && 
           !(dwAttrs & FILE_ATTRIBUTE_DIRECTORY))
        {
            foundDrive = driveLetter;
            free(szFilePath);
            break;
        }
        
        free(szFilePath);
    }

    SetErrorMode(uOldErrorMode);
    return foundDrive;
}

#include <windows.h>

// Helper function prototypes (these would be defined elsewhere)
void* BuildDriveLetterString(void* buffer, int driveNumber);
int AppendString(void* dest, void* src, const wchar_t* suffix);
void InitializeStringBuffer(void* buffer, int unused1, int unused2);
void BuildProtectionFilePath(void* globalData, void* outputBuffer);

// Global data structure containing protection file information
extern void* g_ProtectionData; // Corresponds to dword_BAE350

int16 __cdecl DetectProtectedCDROM()
{
    int16 foundDriveLetter = 0;
    int currentDriveLetter = 'A';  // Start with drive A (ASCII 65)
    
    // String buffers with capacity management
    struct StringBuffer {
        void* data[5];
        unsigned int capacity;
    };
    
    StringBuffer driveLetterBuffer = {0};
    StringBuffer drivePathBuffer = {0};
    StringBuffer protectionFilePathBuffer = {0};
    StringBuffer rootPathBuffer = {0};
    
    // Set capacity for string buffers
    driveLetterBuffer.capacity = 7;
    drivePathBuffer.capacity = 7;
    protectionFilePathBuffer.capacity = 7;
    rootPathBuffer.capacity = 7;
    
    // Disable system error dialogs during drive scanning
    UINT previousErrorMode = SetErrorMode(SEM_FAILCRITICALERRORS);
    
    // Scan through all possible drive letters (A-Z)
    while (currentDriveLetter <= 'Z') {
        // Reset string buffers for this iteration
        memset(&driveLetterBuffer, 0, sizeof(driveLetterBuffer));
        memset(&drivePathBuffer, 0, sizeof(drivePathBuffer));
        memset(&protectionFilePathBuffer, 0, sizeof(protectionFilePathBuffer));
        memset(&rootPathBuffer, 0, sizeof(rootPathBuffer));
        
        driveLetterBuffer.capacity = 7;
        drivePathBuffer.capacity = 7;
        protectionFilePathBuffer.capacity = 7;
        rootPathBuffer.capacity = 7;
        
        try {
            // Build drive letter string (e.g., "C")
            void* driveStr = BuildDriveLetterString(&driveLetterBuffer, currentDriveLetter);
            
            // Build root path string (e.g., "C:\")
            AppendString(&drivePathBuffer, driveStr, L":\\");
            
            // Initialize protection file path buffer
            InitializeStringBuffer(&protectionFilePathBuffer, 0, -1);
            
            // Get the root path for drive type checking
            const wchar_t* rootPath = (const wchar_t*)rootPathBuffer.data;
            if (rootPathBuffer.capacity >= 8) {
                rootPath = (const wchar_t*)rootPathBuffer.data[0];
            }
            
            // Check if this is a CD-ROM drive (type 5 = DRIVE_CDROM)
            UINT driveType = GetDriveTypeW(rootPath);
            if (driveType == DRIVE_CDROM) {
                // Build path to protection file on this CD-ROM
                BuildProtectionFilePath(g_ProtectionData, &protectionFilePathBuffer);
                
                // Get the protection file path
                const wchar_t* protectionFilePath = (const wchar_t*)protectionFilePathBuffer.data;
                if (protectionFilePathBuffer.capacity >= 8) {
                    protectionFilePath = (const wchar_t*)protectionFilePathBuffer.data[0];
                }
                
                // Check if protection file exists and is not a directory
                DWORD fileAttributes = GetFileAttributesW(protectionFilePath);
                if (fileAttributes != INVALID_FILE_ATTRIBUTES && 
                    !(fileAttributes & FILE_ATTRIBUTE_DIRECTORY)) {
                    // Found the protected CD-ROM!
                    foundDriveLetter = currentDriveLetter;
                    break;
                }
            }
        }
        catch (...) {
            // Clean up on any exception and continue to next drive
        }
        
        // Clean up string buffers before next iteration
        if (driveLetterBuffer.capacity >= 8) {
            free(driveLetterBuffer.data[0]);
        }
        if (drivePathBuffer.capacity >= 8) {
            free(drivePathBuffer.data[0]);
        }
        if (protectionFilePathBuffer.capacity >= 8) {
            free(protectionFilePathBuffer.data[0]);
        }
        if (rootPathBuffer.capacity >= 8) {
            free(rootPathBuffer.data[0]);
        }
        
        currentDriveLetter++;
    }
    
    // Final cleanup
    if (protectionFilePathBuffer.capacity >= 8) {
        free(protectionFilePathBuffer.data[0]);
    }
    if (rootPathBuffer.capacity >= 8) {
        free(rootPathBuffer.data[0]);
    }
    
    // Restore original error mode
    SetErrorMode(previousErrorMode);
    
    return foundDriveLetter;
}

// Simplified version without complex string buffer management
int16 __cdecl DetectProtectedCDROM_Simplified()
{
    UINT previousErrorMode = SetErrorMode(SEM_FAILCRITICALERRORS);
    
    // Scan drive letters A through Z
    for (int driveLetter = 'A'; driveLetter <= 'Z'; driveLetter++) {
        wchar_t rootPath[4];
        swprintf(rootPath, 4, L"%c:\\", driveLetter);
        
        // Check if this is a CD-ROM drive
        if (GetDriveTypeW(rootPath) == DRIVE_CDROM) {
            // Build path to protection file
            wchar_t protectionFilePath[MAX_PATH];
            // This would use the actual protection file name from global data
            swprintf(protectionFilePath, MAX_PATH, L"%c:\\PROTECTION_FILE.DAT", driveLetter);
            
            // Check if protection file exists and is a regular file
            DWORD attributes = GetFileAttributesW(protectionFilePath);
            if (attributes != INVALID_FILE_ATTRIBUTES && 
                !(attributes & FILE_ATTRIBUTE_DIRECTORY)) {
                SetErrorMode(previousErrorMode);
                return (int16)driveLetter;
            }
        }
    }
    
    SetErrorMode(previousErrorMode);
    return 0; // No protected CD-ROM found
}

#include <windows.h>

// --- Speculative helper routines ---
WCHAR*   FormatDriveRoot(WCHAR *outRoot, char driveLetter);
//   Sub_55D910: builds L"X:" into outRoot based on driveLetter ('A'–'Z').

WCHAR*   AppendSuffix(WCHAR *outBuf, const WCHAR *base, const WCHAR *suffix);
//   Sub_6211E0: concatenates base + suffix into outBuf.

void     FillMemoryPattern(void *buf, BYTE pattern, size_t size);
//   Sub_52F360: e.g. memset(buf, pattern, size).

void     ReadCdSector(const void *configPtr, int *outSectorData);
//   Sub_533920: perhaps reads a sector or header into outSectorData.

// --- Recovered function ---
uint16_t __cdecl CheckCdCopyProtection(void)
{
    uint16_t foundDriveLetter = 0;
    UINT     prevErrorMode    = SetErrorMode(SEM_FAILCRITICALERRORS);

    // Try each drive letter from 'A' to 'Z'
    for (char letter = 'A'; letter <= 'Z'; ++letter)
    {
        WCHAR rootPath[8] = {0};
        WCHAR workBuf [260] = {0};  // big enough for any Build + suffix + filename
        int   sectorInfo = 0;

        // 1) Build the root path string, e.g. "X:"
        FormatDriveRoot(rootPath, letter);

        // 2) Append ":\\" so we can call GetDriveTypeW()
        AppendSuffix(workBuf, rootPath, L":\\");
        FillMemoryPattern(workBuf, 0, sizeof(workBuf));  // clear out any leftover

        // 3) Check if this drive is a CD-ROM
        if ( GetDriveTypeW(rootPath) != DRIVE_CDROM )
            continue;

        // 4) Read whatever sector or header the copy‑protection needs
        ReadCdSector((const void*)(dword_BAE350 + 76), &sectorInfo);

        // 5) Build the expected “protection file” name into workBuf
        //    (e.g. rootPath + L"\\PROTECT.DAT" or similar, based on sectorInfo)
        AppendSuffix(workBuf, rootPath, /* format depends on sectorInfo */ L"\\PROTECT.DAT");

        // 6) See if that file exists (and is not a directory)
        DWORD attrs = GetFileAttributesW(workBuf);
        if ( attrs != INVALID_FILE_ATTRIBUTES
             && !(attrs & FILE_ATTRIBUTE_DIRECTORY) )
        {
            foundDriveLetter = (uint16_t)letter;
            break;
        }

        // otherwise keep scanning
    }

    // restore previous error‑mode and return 0 if none found, or the ASCII code of the drive letter
    SetErrorMode(prevErrorMode);
    return foundDriveLetter;
}

/**
 * @brief Scans all drives to find the game's CD.
 *
 * Iterates through drive letters 'A' to 'Z', checking for a CD-ROM drive
 * containing a specific, hardcoded protection file.
 *
 * @return Returns the drive letter (e.g., 'A', 'B') if the CD is found, otherwise returns 0.
 */
wchar_t FindGameCD()
{
    wchar_t foundDriveLetter = 0;

    // Suppress system pop-ups for empty drives.
    // SEM_FAILCRITICALERRORS = 1
    UINT previousErrorMode = SetErrorMode(1u);

    // Iterate through all possible drive letters from 'A' to 'Z'.
    for (wchar_t currentDriveLetter = L'A'; currentDriveLetter <= L'Z'; ++currentDriveLetter)
    {
        // Construct the root path for the current drive, e.g., "A:\\".
        // In the original code, this was done through a series of helper functions.
        wchar_t rootPathStr[4] = { currentDriveLetter, L':', L'\\', L'\0' };

        // Check if the drive is a CD-ROM drive. DRIVE_CDROM = 5.
        if (GetDriveTypeW(rootPathStr) == DRIVE_CDROM)
        {
            // Construct the full path to the protection file.
            // The original code used a helper function (sub_533920) and a global
            // variable (dword_BAE350 + 76) for the filename.
            // Let's assume the file is "PROT\\GAME.DAT" for this example.
            wchar_t protectionFilePath[MAX_PATH];
            swprintf(protectionFilePath, MAX_PATH, L"%s%s", rootPathStr, L"PROT\\GAME.DAT");

            // Check if the protection file exists and is not a directory.
            DWORD fileAttributes = GetFileAttributesW(protectionFilePath);
            if (fileAttributes != INVALID_FILE_ATTRIBUTES && !(fileAttributes & FILE_ATTRIBUTE_DIRECTORY))
            {
                // File found, save the drive letter and exit the loop.
                foundDriveLetter = currentDriveLetter;
                break;
            }
        }
    }

    // Restore the previous error mode.
    SetErrorMode(previousErrorMode);

    return foundDriveLetter;
}