Hello,
I found this old game in the attic. I would like to test it on Windows 10.
The game is protected by SolidShield (with DVM 1.9.4.4)
ProtectionID said :
Quote:
File Compression State : 0 (Not Compressed)
File Type : 32-Bit Exe (Subsystem : Win GUI / 2), Size : 3550496 (0362D20h) Byte(s) | Machine: 0x14C (I386)
Compilation TimeStamp : 0x471F5319 -> Wed 24th Oct 2007 14:13:45 (GMT)
[TimeStamp] 0x471F5319 -> Wed 24th Oct 2007 14:13:45 (GMT) | PE Header | - | Offset: 0x00000088 | VA: 0x00400088 | -
[TimeStamp] 0x471F530E -> Wed 24th Oct 2007 14:13:34 (GMT) | Export | - | Offset: 0x0017B810 | VA: 0x00C1E410 | -
[TimeStamp] 0x471F5319 -> Wed 24th Oct 2007 14:13:45 (GMT) | DebugDirectory | - | Offset: 0x0017B900 | VA: 0x00C1E500 | -
-> File Appears to be Digitally Signed @ Offset 0361830h, size : 014F0h / 05360 byte(s)
-> File has 6 (06h) bytes of appended data starting at offset 036182Ah
[LoadConfig] CodeIntegrity -> Flags 0xA3F0 | Catalog 0x46 (70) | Catalog Offset 0x2000001 | Reserved 0x46A4A0
[LoadConfig] GuardAddressTakenIatEntryTable 0x8000011 | Count 0x46A558 (4629848)
[LoadConfig] GuardLongJumpTargetTable 0x8000001 | Count 0x46A5F8 (4630008)
[LoadConfig] HybridMetadataPointer 0x8000011 | DynamicValueRelocTable 0x46A66C
[LoadConfig] FailFastIndirectProc 0x8000011 | FailFastPointer 0x46C360
[LoadConfig] UnknownZero1 0x8000011
[File Heuristics] -> Flag #1 : 00000100000001001100001100010111 (0x0404C317)
[Entrypoint Section Entropy] : 3.93 (section #5) ".init " | Size : 0x600 (1536) byte(s)
[DllCharacteristics] -> Flag : (0x0000) -> NONE
[SectionCount] 7 (0x7) | ImageSize 0xA05000 (10506240) byte(s)
[Export] 0% of function(s) (0 of 12) are in file | 0 are forwarded | 0 code | 0 data | 0 uninit data | 0 unknown |
[VersionInfo] Company Name : tate interactive
[VersionInfo] Product Name : Go West PC
[VersionInfo] Product Version : 1. 0. 0. 1
[VersionInfo] File Description : Lucky Luke: Go West PC
[VersionInfo] File Version : 1. 0. 0. 1
[VersionInfo] Original FileName : LuckyLuke.exe
[VersionInfo] Internal Name : lucky
[VersionInfo] Legal Copyrights : Copyright © 2007 tate interactive
[ModuleReport] [IAT] Modules -> KERNEL32.dll | USER32.dll | ADVAPI32.dll | MSVCP80.dll | OPENGL32.dll | GLU32.dll | glut32.dll | DSOUND.dll | MSVCR80.dll | COMCTL32.dll | DINPUT8.dll | binkw32.dll | HID.DLL | SETUPAPI.dll | AVIFIL32.dll | WS2_32.dll | GDI32.dll | LuckyLuke.dll
[Debug Info] (record 1 of 1) (file offset 0x17B8FC)
Characteristics : 0x0 | TimeDateStamp : 0x471F5319 (Wed 24th Oct 2007 14:13:45 (GMT)) | MajorVer : 0 / MinorVer : 0 -> (0.0)
Type : 2 (0x2) -> CodeView | Size : 0x5D (93)
AddressOfRawData : 0x81E49F | PointerToRawData : 0x17B89F
CvSig : 0x53445352 | SigGuid 8294772A-7C6B-432F-8D1DC927A2A2AFD8
Age : 0x2B (43) | Pdb : c:\TATE\lucky_pc\build\pc8\fm_kao2_buildRetail\kao 2f_buildRetail.pdb
[!] SolidShield EXE Wrapper detected !
- Scan Took : 0.672 Second(s) [0000002A0h (672) tick(s)] [566 of 580 scan(s) done]
|
Unlucky, the original patch on
GWC doesn't work with all the tools I used : Daemon tools lite, Alcohol 52%, ...
I checked out the executable and here are the ddl it loads :
I find out that the luckyluke.dll contains the "cd missing" check :
Quote:
[VersionInfo] Company Name : Solidshield Technologies Ltd.
[VersionInfo] Product Name : DVM Library
[VersionInfo] Product Version : 1. 9. 4. 4
[VersionInfo] File Description : DVM Library
[VersionInfo] File Version : 1. 9. 4. 4
[VersionInfo] Legal Copyrights : © 2006-2007 Solidshield Technologies Ltd.
[ModuleReport] [IAT] Modules -> KERNEL32.dll | USER32.dll | SHELL32.dll | WS2_32.dll
[!] SolidShield Core.dll v1. 9. 4. 4
|
Thanks for the help
EDIT : if interested, I could share a zip with the binary and ddls in the main folder (luckyluke.dll, ...)