Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page Starforce 3 - The gravestone?
Register Forum Rules FAQ Calendar

Notices

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #28  
Old 11-01-2004, 16:19
Dmit
 
Posts: n/a
Quote:
Originally Posted by dyn!o
protect.dll itself is not a driver, but takes hardocore usage of them . It's the place responisble for the critical task: the CD check.
As far as I know (from about a dozen of SF-protected apps), protect.dll contains _all_ code of original EXE.
Try to analyze "main" executable of protected app with hiew or any other PE editor. There is code section inside but it is initialized to zero!
Moreover, OEP of main EXE points inside zero-initialized section!
Actually Windows loads protect.dll before passing control to OEP, protect.dll checks presence of original CD and either terminates application or decrypts code section of main EXE (which stored in protect.dll) and places it in right position in memory. But some part of processor instructions are converted to pseudo-code which interpreted by SF engine (drivers + protect.dll).

So, modifying protect.dll does not means patching of SF engine only or application data only. Most probably both SF engine and application data where modified.
Reply With Quote
 

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
SecuROM & StarForce hepL3r General Discussion 11 02-21-2011 00:42
starforce - again... etienne General Discussion 13 02-26-2007 18:16
StarForce going down? dyn!o General Discussion 16 09-08-2004 07:37


All times are GMT +8. The time now is 00:20.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )