it was the first version of the new securom back then and as basic as it was it still presented lots of problems for a new "reverser" looking to prove his worth( i say basic but it was as good as it got back then even though seccy had a rep for being fairly easy , it certainly kept the lamers at bay.. but of course no such thing as VM's being used back then) it was nothing compared to sd2 but it was a great place to start, one of its main features was (similar to sd) an encrypted iat, which needed to be decrypted and resolved, easiest way to do this was to attach a small dll which basically fed the decryption routine its own iat and collected the nice neat fixed one out the other end, but as i mentioned above the decryptor had a check on it to make sure only a certain amount of apis were being passed.. my dumper worked fine because it only passed a few at a time before capture.. yatez passed the lot through and after "3ch" passes i beleive the results are corrupted. sd worked in much the same way except it had more exits from its decryptor so a little harder to catch the results, plus im sure as anyone who has tackled it knows the way it formulates its api relies on its decryption pipes as i called them (because visually its what they were) using a forumla which included the address its situated at so feeding the iat section to the decrptor was not an option and a more LIVE approach was needed by simply patching the decryptor and running the game, generally this worked for most games, of course people become wise and would put apis at the very end of the game which your decryptor couldnt catch because u hadnt been there but just a good look over what u had was good enuff to spot if you had missed any, then they started adding multiple iat entries .. not sure what else to call them really.. because the formulated apis were now LIVE and relying on position as well as the iat address in memory they started to use the same iat address with a different location to formulate another api.. in the end it wasnt a huge problem.. then they added the BREAK AWAY sections.. again.. not sure what else to call them.. because i dont read tutorials i call things as i see them, this was a section of apis that were not stored with the MAIN set so u couldnt just copy an entire section of iat and hope for the best but again.. as tippex says this is what its all about.. u make new countermeasures to get around such things.. hope that explains a little. Sorry if its a bit sketchy it was actually closer to 9 years.. i looked back at my old code tonight
