NB: Following my advice is a breach of the EULA one accepts when they install Windows, so it is assumed that you understand this before reading any further.
A while ago, I re-discovered the Inkball game, which I found bundled with an early release of Windows Vista, namely, the Ultimate version.
After trying it on Vista, I then tried to run it on Wine and and Windows 10, but both failed to work because the program used undocumented Windows API functions which, in short, only started if it ran on certain editions of Vista. Luckily there was way around this limitation, and after a small patch, it will work on Windows 10.
When I initially tested the original binary with Wine, I noticed this error message:
00fc:fixme:reg:NtQueryLicenseValue License key L"TabletPCInkBall-EnableGame" not found
I peeked at Wine’s source code, and narrowed down a particular registry key (in the sub-directory dlls/ntdll/unix/registry.c):
So, I tried adding a DWORD (double word) value for “TabletPCInkBall-EnableGame”, and setting it to 1, and tried to run the game again, without success.
I then decided to try analyzing the program with Ghidra, creating a new project, adding the executable, double-clicking the program to bring up the disassembly workspace, and then accepting the dialog box to perform analysis.
Now, finding where the string “TabletPCInkBall-EnableGame” was used was key to discovering the checking process, as it should lead me to the code that I needed to patch.
First, I clicked Search, Search for Strings, and clicked Search to find all the strings, then I looked for “TabletPCInkBall-EnableGame” and double clicked the first result:
Then I could see the string in the listing window:
Then, I needed to find the first reference to the string by clicking on its name, and pressing Ctrl+Shift+F. I double clicked the first result to bring up the de-compiled function. Following the same step, I clicked the symbol, and followed the reference.
I did that a few times, until I found a function containing what looked like to be the condition that determined if the game could run on the version of Windows.
I found a variable that was being set, that called the functions that I followed by reference, and replaced the branch instruction JNZ (jump if not zero) for JMP (jump):
On the selected line, I pressed Ctrl+Shift+G to change the instruction, and entered in JMP. Now I just needed to export the binary, with File and Export Binary choosing PE format, then I could test it:
Now, It works on Windows 10
I hope you learned something, or found this useful.