|
Securom protection
Does anyone have any info on the latest Securom protection?
I have a game protected with it (Rollercoaster Tycoon 3).
My interest is not in cracking the CD protection (I already have a no-cd crack for the game) but in reverse engineering the target to figure out stuff (such as the formats of the data files used by the game)
The game (or the no-cd crack version of it anyway) contains the following segments: (in order)
.text (appears to be valid code)
.idata (appears to be a normal import table)
.rdata (appears to be the usual read-only data like class vtables)
.data (appears to be valid data, strings etc)
.rdklft (seems to contain more code, small fragments mainly including a small code fragement which SoftIce tells me is where the CreateFile call that opens the data file I am interested in is located)
.wpdf (contains data including some strings)
.idata (yes, IDA says there is a second segment called idata, doesnt look like an import table to me though)
It may well be that the .rdklft and .wpdf segments contain some kind of "runtime library" (securom related, connected with some other obfusication or just that way for programming convenience or whatever I dont know) which deals with making API calls and is then called by the main game code in the .text, .rdata and .data segments.
If anyone can give me info/provide links to info about Securom or about anything you can identify from the info I give about (e.g. what the .rdklft segment is for), that would be great.
Connected to this wierd protection/exe is references to a mvvcrt.sys and a mvvcrt.vxd inside the exe file.
I dont see those files as existing anywhere so they may be dynamically created at runtime somehow.
|