#1
|
|||
|
|||
Securom 7.x and CreateProcessA
im playing with rainbox six vegas and new securom, try to apply my oepfind to work with it, new securom now runs and spaws itself with a param as new antidebug protection. when we run it with
R6Vegas_Game.exe /Sonydadc /05f0612d /05f0612d /3F3A8A87 /1 then it runs instantly without spawning another instance. last param is time from GetTickCount to check if its not debuged, but we can write own gettickcount or use from ollyadv that will start from 0 and do +1 every call to it. but case is olly is ring3 debuger that is using CreateProcessA with DEBUG_ONLY_THIS_PROCESS and catches with waitfordebugevent all exceptions. i dont catch any not even one. and there are 2 single_step and about 20 illegal_instruction. does anyone know what can cause that. with asprotect and other protectors i can catch all exceptions. here i cant edit: i figured it out we need to fool also ZwSetInformationThread Last edited by Human; 01-29-2007 at 00:51. |
#2
|
|||
|
|||
i dont know how to run secu 7.x in debugger, but theres a pretty easy way to find the oep: guard the .text section with PAGEGUARD. it will read/write it often during startup, but sooner or later it jumps (via ret) to this section. this is the oep then
keep in mind that every read/write will remove the pageguard bit from that page, so you have to re-enable it |
#3
|
|||
|
|||
niom have you read whole post and checked my oepfind, it works and i solved problem alone. for example latest supreme commander doesnt cause any exceptions at all so we need to enable virtualprotectex hook to reach real oep
|
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
SecuROM & StarForce | hepL3r | General Discussion | 11 | 02-21-2011 00:42 |
Securom protection | jonwil | General Discussion | 4 | 11-03-2004 15:39 |
New Securom... info about | loman | General Discussion | 1 | 02-16-2004 09:49 |