FRMWRK2.UNP        Breaking Framework II's Softguard 2.03 Protection
                                  by The Lone Victor

                              Adapted to Framework II by
                              George V. Hartmann / David Jelen

     United States copyright law SPECIFICALLY grants you the right to
make copies of programs you buy on magnetic media.  Programs are copy
protected IN VIOLATION OF YOUR RIGHTS UNDER U.S. LAW.

     Programs that are protected by the Softguard system are distinguished
by the files CML0203.HCL and VDF0203.VDW which are hidden in the root
directory when you install the program on your fixed disk.  The 0203
part of the file names is the Softguard version (2.03) while CML stands
for Common Loader and VDF is the Volume Descriptor File.  The extensions
HCL and VDW stand for Hard-disk Common Loader and Verify Descriptor Working
copy.  In addition, there will be a hidden root file with a .EXE or .LOD
or some other extension.  This is the REAL program, which has been
encrypted and hidden.

     The program FW.COM, in the product directory is the Softguard
miniloader.  All it does is call the Common Loader.  For example, when you
run FW, the program FW.COM loads CML0203.HCL high in memory and
runs it.  CML decrypts itself and reads VDF0203.VDW.  The VDF file contains
some code and data from the fixed disk FAT at the time of installation.  By
comparing the information in the VDF file with the current FAT, CML can
tell if the CML, VDF, and FW.A26 files are in the same place on the disk
where they were installed.  If they have moved, say from a backup &
restore,then CLIPPER will not run.

     This text file is designed to let you unprotect the most current
version of Framework, Framework II, which is protected by a variation of
Softguard 2.03. (not 2.03A)

               -- INSTRUCTIONS --

     First, using your valid, original FRAMEWORK diskette, install it on a
fixed disk.  You cannot use this text to unprotect the floppy directly!
Softguard hides three files in your fixed disk root directory: CML0203.HCL,
VDF0203.VDW, and FW.A26.  It also copies FW.COM into your chosen
FRAMEWORK directory.  FW.A26 is the real FRAMEWORK program, encrypted.  The
extension of this file does not matter.  It is really an encrypted .EXE
file.

     Second, un-hide the three files in the root directory.  You can do
this with the programs ALTER.COM or FM.COM found on any BBS.

     Make copies of the three files, and of FW.COM, into some other
directory.

     Hide the three root files again using ALTER or FM.

     Following the FRAMEWORK instructions, UNINSTALL FRAMEWORK.  You can
now put away your original FRAMEWORK diskette.  We are done with it.

     Now copy your four saved files back into the root directory and hide
the CML0203.HCL, VDF0203.VDW, and FW.A26 files using ALTER or FM.

     We can now run FW.COM using DEBUG, trace just up to the point where it
has decrypted FW.EXE, then write that file out.

                               LET 'ER RIP!

     Instructions                            Comments


debug CLIPPER.com        ; name of file that runs the product
r <CR>                   ; dump debug's registers

       ****    WRITE DOWN THE VALUE OF DS FOR USE BELOW.  ****
     ****  THIS VALUE IS DEPENDENT ON YOUR PARTICULAR MACHINE. ****

g 4D7                    ; now we can trace CML
t
g 1B5
t
e cs:A2
     74.EB               ; debug reports the 74 here, you enter EB
e cs:127                 ;
     E8.90               ; you enter the 90's followed by a space, and
     D1.90  05.90 <CR>   ; a carriage retirn after the 3rd 90 (no space).
g 127
a 185
     jmp 1C5
     <CR>                ; this second CR gets you out of the assembler
a 22B
     jmp 265
     <CR>
a 41F
     mov ax,22
     <CR>
e cs:42F
     01.89               ; debug reports the 01, you enter 89
a 4CE
     mov bl,7A
     <CR>
g 4DF
g 281
t
g 24D
t
g 5A6                    ; wait while reading VDF & FAT
g=5B1 5C1
g=5C9 9DA                ; FW.EXE has been decrypted

d cs:1E7 L8              ; just for grins, here's the password

rBX <CR>
:3                       ; set BX to 3
rCX <CR>
:7600                    ; set CX to 7600

n fw.bin                 ; name of file to write to
w XXXX:100               ; where XXXX is the value of DS that
                         ; you wrote down at the beginning.
q                   ; quit debug

REN FW.BIN FW.EXE
     
     Now unhide and delete the files FW.A26, VDF0203.VDW and CML0203.HCL.
FW.COM should also be deleted from the root directory and the product
directory.  Copy FW.EXE from the root directory to the product directory
and you are done.  (And so is Ashton-Tate)

NOTE:     The Lone Victor is the author of this method to unprotect
Softguard protected products, and deserves all the credit.  I adapted his
method to Framework II and "cleaned-up" a "chain-letter" unprotection file
that some novices would have had trouble fathoming.  Robert White and Steve
Diamond had nothing to do with this.  GVH
                                                    
                                               