Quote:
|
I tried to crack safedisc right away
|
i did this too after i "cracked" the first cd-check in an old game.
just thought i need to change some jmps etc.... this time i hadn´t any knowledge about commercial protections and about how much effort is needed to remove them. thats the reason i´m mad about ppl asking "how to crack securom/safedisc etc."
wich didn´t even know what a debugger is, lol.
back to topic...
perhaps this securom 7 thread gets updated from time to time... but i doubt it.
http://community.reverse-engineering...pic.php?t=5077
i´ve found a tutorial covering maxpayne 2 (sd 2.30) and nfsu2 (sd 3.20), both written in german.
so i wanted to look at an older safedisc version as a starting point... grabed the Hitman Codename 47 cd, installed, dumped the exe (with cd), fixed the ff15 calls, rebuild pe. when done i compared my unwrapped exe with the flt one to see if it was rebuild the proper way
i prefere to use ollydbg (yeah i know ring3...) wich can handle safedisc till v2 afaik. later versions will use stolen bytes wich will be replaced with the correct ones by the safedisc debugger. you can dump at the oep with olly by noping the call wich executes the sd debugger. but this way you won´t be able to restore the stolen bytes. olly can´t do it cos it conflicts with the sd debugger (both ring3).
newer targets don´t use the int3´s anymore they use SDAPI. olly can handle them. but it´s a lot harder than the stolen bytes.