Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page Methods of detecting dongle emulator
Register Forum Rules FAQ Calendar

Notices

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1  
Old 02-11-2006, 08:46
MeteO
 
Posts: n/a
Question Methods of detecting dongle emulator
In previous version of HaspAPI (earlier realisation of their VM) iceman (general developer of Aladdin protection) checks match of value of offset PM_API, V86_API, and DeviceIoControl routines. If match, API will continue their work, if not...

Very interesting that API of protected program relocates by hidden interface of HASP Driver from Ring3 to Ring0. In attach i've put example how to use this.

But dongle driver replacing technology is very inconvient, now filter driver technology used in emulating dongle. Very useful to check specific strings at Registry, such as "System\CurrentControlSet\Services\Emulator\HASP" and "Software\HaspEmulPE", but this way is not true detection of emulator.

Can anyone tell me true way for detecting filter drivers?
Attached Files
File Type: zip getid_by_hasp.zip (7.4 KB, 47 views)
Reply With Quote
 

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


All times are GMT +8. The time now is 11:25.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )