Thrillseeking

[caki]

Quote:

Sorry if its a bit sketchy it was actually closer to 9 years.. i looked back at my old code tonight

I kind of have an idea of what you are talking about, especially where it uses the return address of a call to calculate the correct API to go to Only thing they really added in safedisc these days are stolen bytes, (which is where safedisc attatches its own ring 3 debugger to the process, which catches int 3's executed in the code sections and emulates commands that those int 3's had replaced) and a developer API that basically decrypts values that the devs give it. For example, the devs encrypt 2 ints, and then pass it to the Safedisc API, and then it returns two decrypted integers (I might be wrong, but hey thats all I could guess without the original source code ).

Anyways, I expect the stolen bytes to give sunbeam here a bit of trouble. Why? Well think about it: Its impossible for 2 ring 3 debuggers to debug the same process, right? So the safedisc ring 3 debugger will never attach to the process as long as Olly is debugging it, and the process that Olly is debugging will hang forever waiting for the safedisc debugger to attach. There is a way around this, but it is long and cumbersome (and apparently doesn't work in Vista ).

As for securom, well seems like they hired some sadistic motherfuckers to recode the protection for them, lots of new features in it... and I probably haven't found all of them yet ^^