Quote:
Originally Posted by anonymous1381
I'll have to admit that I have no idea what a FARPROC array is, and will look into it, but from what I understand you are referring to JMP DWORD PTRs that point to an API in the IAT? And then there are Calls to those JMP DWORD PTRs, so instead of wasting 6 bytes on a call dword ptr[pointer to api in iat] (FF 15 xx xx xx xx), the compiler will generate a normal call (E8 xx xx xx xx), and thus waste less space in the final program?
I'm sorry to say, I highly doubt this, because all of the dword's that I have listed are pointers to the Securom section of the game. It is true that they might have originally been VA's pointing to the IAT, but now they have been replaced by securom pointers, and are used for the securom IAT redirection, thus something must be done about them.
|
farproc = api va.. at one stage those dwords were probablty api va's...
going to the securom section sure.. maybe to the securom iat?
Quote:
Now, 2 things to learn, FARPROC arrays and how NtQueryInformationProcess is used for debugger detection. I have some reading to do. Please, feel free to continue with the criticism, or tell me to fuck off. I wont be the least bit offended either way.
|
oh you've got a fair bit more to learn than that... you've made progress sure, but you're coming across like you know all about the subject, then you change and admit you dont know bits...
why not research it fully, spend your time on it, then make a post.. that way its more useful to people later and less full of bullshit and second guessing..
i have to admit though your approach and style, are very similar to sunbeam.. and its clear im not the only one thinking that...