#1
|
|||
|
|||
Securom protection
Does anyone have any info on the latest Securom protection?
I have a game protected with it (Rollercoaster Tycoon 3). My interest is not in cracking the CD protection (I already have a no-cd crack for the game) but in reverse engineering the target to figure out stuff (such as the formats of the data files used by the game) The game (or the no-cd crack version of it anyway) contains the following segments: (in order) .text (appears to be valid code) .idata (appears to be a normal import table) .rdata (appears to be the usual read-only data like class vtables) .data (appears to be valid data, strings etc) .rdklft (seems to contain more code, small fragments mainly including a small code fragement which SoftIce tells me is where the CreateFile call that opens the data file I am interested in is located) .wpdf (contains data including some strings) .idata (yes, IDA says there is a second segment called idata, doesnt look like an import table to me though) It may well be that the .rdklft and .wpdf segments contain some kind of "runtime library" (securom related, connected with some other obfusication or just that way for programming convenience or whatever I dont know) which deals with making API calls and is then called by the main game code in the .text, .rdata and .data segments. If anyone can give me info/provide links to info about Securom or about anything you can identify from the info I give about (e.g. what the .rdklft segment is for), that would be great. Connected to this wierd protection/exe is references to a mvvcrt.sys and a mvvcrt.vxd inside the exe file. I dont see those files as existing anywhere so they may be dynamically created at runtime somehow. |
#2
|
|||
|
|||
.rdklft (aka .cms_t) Securom Code
.wpdf (aka .cms_d) Securom Data .idata Securom's Import Table everything else is part of the game. If you are working on something that's already been cracked and you still see code getting executed in .cms_t, then it's either - api triggers: fade-kind of checks - code splitter: code blocks from .text that were moved into gaps in .cms_t either way you don't have to worry about it too much... just find where it leads back in .text. |
#3
|
|||
|
|||
Well what I am seeing is that when I open SoftIce and do bpx CreateFile and wait for the file I care about, I end up somewhere in .rdklft, a function specifically for calling CreateFile with various parameters.
I suspect I just need to keep tracing back into the game code to see what it does with the value in EAX (the file handle) then play from there |
#4
|
|||
|
|||
ok, 2 other things:
1.I can see what appear to be embedded PE files inside the main exe file (packed with PETITE it looks like). Are these connected with the securom protection? (some of them look like device drivers because they call ntoskrnl.exe) Is there a program out there that can "rip" these PE files from inside the binary so I can see what it looks like? Also, I have both origonal and cracked exes for one version of this game. I also have a non-cracked exe for another version of this same game. Is cracing this new version hard or easy? (i.e. is it worth trying myself or should I just wait for some crack group to do it?) |
#5
|
|||
|
|||
>1.I can see what appear to be embedded PE files inside the main exe >file (packed with PETITE it looks like). Are these connected with the >securom protection? (some of them look like device drivers because >they call ntoskrnl.exe)
Securom uses device drivers for checking the cd. In the early days of Securom these drivers were patched to crack the protection so they packed them and doing CRC calculation on them... >Is there a program out there that can "rip" these PE files from inside >the binary so I can see what it looks like? Haven't seen anything like this...but should be too hard coding it yourself. >I also have a non-cracked exe for another version of this same game. >Is cracing this new version hard or easy? (i.e. is it worth trying >myself or should I just wait for some crack group to do it?) Depends on your skills I think Securom is the easiest cd game protections out there, but if the game is protected with triggers you have to spend some time to find all of them which is only time consuming but not hard... The rest isn't very hard if you compare it with Safedisc or ProtectCD, so no illegal opcodes or p-code... |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
SecuROM & StarForce | hepL3r | General Discussion | 11 | 02-21-2011 00:42 |
Securom 7.x and CreateProcessA | Human | General Discussion | 2 | 02-26-2007 21:11 |
New Securom... info about | loman | General Discussion | 1 | 02-16-2004 09:49 |