Securom string found in Process Explorer dump of TheSims3.exe
Nightmare:
Quote from: J. M. Pescado on 2009 June 16, 12:32:13
Or, more likely, it's the stripped detritus of something no longer in service that was left behind. There's tons of rubbish like this in the game.
But now Iīm not speaking about TS3, but latest TS2 games versions dump. I donīt think those file names are no longer used
LMahesa:
Quote from: Nightmare on 2009 June 15, 09:44:02
Hereīs the way to reproduce it:
1. Launch Sims 3.
2. ALT+TAB
3. Launch Process Explorer.
4. Right click on "thesims3.exe" >properties
5.Click on Strings
6. Save
7. Open the file you have saved with wordpad or MSword.
8. Search for Securom
9. Blame yourself for trusting EA
OR
1. Launch Notepad
2. Open TS3.exe
3. Hit F3 and search for Securom
Nightmare:
No conclusive indicators of RING0/low level operations of Securom then?
J. M. Pescado:
I have not found anything of the sort. However, the entire point of RING0 operation *IS* to be able to hide from any form of detection, which is why it is used by other programs that you probably have installed...but you know they're doing, and they're doing it because you told them to.
On the other hand, putting an elaborate RING0 hider on a copy protection system like the one in TS3 is like slapping an enormous padlock on a knee-high fence gate.
Nightmare:
Yep, but what about the past? What about BV and later games? The most experienced programmers say that indeed it is possible to run in RING3 to prevent emulation. But that protection would be weak.
Securom paranoia against emulation is well known on TS2, Farcry 2 and Falllout 3 http://www.securom.com/message.asp?m=emu&c=2500
I think the emulation is strong, so by common sense, they are not running in RING3.
A pity no one has found any conclusive RING0 operation until now.... :(
Navigation
[0] Message Index
[#] Next page
[*] Previous page