Very well, from now on all posts I make I will try to make as factually correct as possible, and not include any bullshit theories. I can for certain say that all the solutions that I have presented for all the protection options so far aside from the Import redirection and emulated instructions work on my machine.
Also, this post is more in the way of you guys helping me, and maybe even others in the process. Your criticism helps. I admit, I got the idea for writing this post after reading your comments to Sunbeam. You were a lot more critical of him than people would be to me if I posted this information on other cracker forums. All I would get is a 'Thank you'. Thats nice, but what information would I get? Nothing.
Also, for all those interested about the NtQueryInformationProcess check:
http://msdn2.microsoft.com/en-us/library/ms684280.aspx
Quote:
ProcessDebugPort
7 Retrieves a DWORD_PTR value that is the port number of the debugger for the process. A nonzero value indicates that the process is being run under the control of a ring 3 debugger.
It is best to use the CheckRemoteDebuggerPresent or IsDebuggerPresent function.
|
Also, I think the Securom devs should look at that little red text on the top of the page
Oh, and please don't assume that I know everything about this subject. Like I said in the original post, I don't, but I would be happy to learn
Oh, and about the Sunbeam comment, how can I prove to you that I am not Sunbeam?