Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 02-11-2006, 08:46
MeteO
 
Posts: n/a
Question Methods of detecting dongle emulator

In previous version of HaspAPI (earlier realisation of their VM) iceman (general developer of Aladdin protection) checks match of value of offset PM_API, V86_API, and DeviceIoControl routines. If match, API will continue their work, if not...

Very interesting that API of protected program relocates by hidden interface of HASP Driver from Ring3 to Ring0. In attach i've put example how to use this.

But dongle driver replacing technology is very inconvient, now filter driver technology used in emulating dongle. Very useful to check specific strings at Registry, such as "System\CurrentControlSet\Services\Emulator\HASP" and "Software\HaspEmulPE", but this way is not true detection of emulator.

Can anyone tell me true way for detecting filter drivers?
Attached Files
File Type: zip getid_by_hasp.zip (7.4 KB, 47 views)
Reply With Quote
  #2  
Old 02-11-2006, 12:04
NeOXOeN NeOXOeN is offline
Friend
 
Join Date: Jan 2005
Posts: 273
Rept. Given: 2
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 2
Thanks Rcvd at 18 Times in 18 Posts
NeOXOeN Reputation: 3
It crashes my pc

bye
Reply With Quote
  #3  
Old 02-11-2006, 13:18
Asus Asus is offline
VIP
 
Join Date: Feb 2005
Posts: 585
Rept. Given: 112
Rept. Rcvd 27 Times in 13 Posts
Thanks Given: 127
Thanks Rcvd at 84 Times in 35 Posts
Asus Reputation: 28
I found 2 IDs on my machine;-)
Reply With Quote
  #4  
Old 02-17-2006, 05:39
MeteO
 
Posts: n/a
Quote:
Originally Posted by NeOXOeN
It crashes my pc

bye
You need to install HASP dongle drivers. From v3.81 and till current release HASP driver allow to jump from ring3 to ring0, it's potentially dangerious.
Reply With Quote
  #5  
Old 02-17-2006, 09:43
NeOXOeN NeOXOeN is offline
Friend
 
Join Date: Jan 2005
Posts: 273
Rept. Given: 2
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 2
Thanks Rcvd at 18 Times in 18 Posts
NeOXOeN Reputation: 3
thx MeteO

i didnt realized that i dont have it installed...


bye
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT +8. The time now is 17:18.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )