Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 01-29-2007, 00:26
Human
 
Posts: n/a
Securom 7.x and CreateProcessA

im playing with rainbox six vegas and new securom, try to apply my oepfind to work with it, new securom now runs and spaws itself with a param as new antidebug protection. when we run it with
R6Vegas_Game.exe /Sonydadc /05f0612d /05f0612d /3F3A8A87 /1
then it runs instantly without spawning another instance.
last param is time from GetTickCount to check if its not debuged, but we can write own gettickcount or use from ollyadv that will start from 0 and do +1 every call to it.
but case is olly is ring3 debuger that is using CreateProcessA with DEBUG_ONLY_THIS_PROCESS and catches with waitfordebugevent all exceptions. i dont catch any not even one. and there are 2 single_step and about 20 illegal_instruction. does anyone know what can cause that. with asprotect and other protectors i can catch all exceptions. here i cant

edit:
i figured it out we need to fool also ZwSetInformationThread

Last edited by Human; 01-29-2007 at 00:51.
Reply With Quote
  #2  
Old 02-25-2007, 20:14
niom niom is offline
Friend
 
Join Date: Jul 2004
Posts: 21
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 0 Times in 0 Posts
niom Reputation: 0
i dont know how to run secu 7.x in debugger, but theres a pretty easy way to find the oep: guard the .text section with PAGEGUARD. it will read/write it often during startup, but sooner or later it jumps (via ret) to this section. this is the oep then

keep in mind that every read/write will remove the pageguard bit from that page, so you have to re-enable it
Reply With Quote
  #3  
Old 02-26-2007, 21:11
Human
 
Posts: n/a
niom have you read whole post and checked my oepfind, it works and i solved problem alone. for example latest supreme commander doesnt cause any exceptions at all so we need to enable virtualprotectex hook to reach real oep
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
SecuROM & StarForce hepL3r General Discussion 11 02-21-2011 00:42
Securom protection jonwil General Discussion 4 11-03-2004 15:39
New Securom... info about loman General Discussion 1 02-16-2004 09:49


All times are GMT +8. The time now is 05:13.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2023 )