More Awesome Than You!
Welcome,
Guest
. Please
login
or
register
.
2024 November 22, 22:07:21
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
Search:
Advanced search
SUPPORT THE MUNICIPALITY!
Have you destroyed a paysite today?
"Jelenedra" is the new "gay".
All Lythdans are stupid and suck!
DEATH TO ALL STUPID HAIRY-BELLIED NESSES!
All Kewians are stupid and suck! Accept no Kewian-based substitutes!
Clearly, BlueSoup has failed us! You must not! BlueSoup has a fat head!
Hobbsee has a
scrawny pencil neck.
Rohina the Ugly Butted is a Horny Turkey
540287
Posts in
18067
Topics by
6545
Members
Latest Member:
cincinancy
More Awesome Than You!
TS3/TSM: The Pudding
The World Of Pudding
Securom string found in Process Explorer dump of TheSims3.exe
0 Members and 2 Chinese Bots are viewing this topic.
« previous
next »
Pages:
[
1
]
2
Author
Topic: Securom string found in Process Explorer dump of TheSims3.exe (Read 17267 times)
Nightmare
Asinine Airhead
Posts: 36
Securom string found in Process Explorer dump of TheSims3.exe
«
on:
2009 June 15, 09:44:02 »
Hereīs the way to reproduce it:
1. Launch Sims 3.
2. ALT+TAB
3. Launch Process Explorer.
4. Right click on "thesims3.exe" >properties
5.Click on Strings
6. Save
7. Open the file you have saved with wordpad or MSword.
8. Search for Securom
9. Blame yourself for trusting EA
«
Last Edit: 2009 June 15, 10:04:04 by Nightmare
»
Logged
J. M. Pescado
Fat Obstreperous Jerk
El Presidente
Posts: 26288
Re: Securom string found in Process Explorer dump
«
Reply #1 on:
2009 June 15, 09:53:24 »
Err...exactly what are you trying to prove by looking at "thesims2.exe" when trying to point fingers at "The Sims
3
". I'm not sure I follow tihs line of reasoning.
Logged
Grant me the serenity to accept the things I cannot change, the courage to change the things I cannot accept, and the wisdom to hide the bodies of those I had to kill because they pissed me off.
Nightmare
Asinine Airhead
Posts: 36
Re: Securom string found in Process Explorer dump
«
Reply #2 on:
2009 June 15, 09:59:33 »
Quote from: J. M. Pescado on 2009 June 15, 09:53:24
Err...exactly what are you trying to prove by looking at "thesims2.exe" when trying to point fingers at "The Sims
3
". I'm not sure I follow tihs line of reasoning.
IT is a typo. Now it is corrected. You should look at "thesiums3.exe"
Logged
J. M. Pescado
Fat Obstreperous Jerk
El Presidente
Posts: 26288
Re: Securom string found in Process Explorer dump of TheSims3.exe
«
Reply #3 on:
2009 June 15, 10:09:53 »
While slightly less fatally flawed, the mere inclusion of the string "SecuROM" does not signify the presence of SecuROM in and of itself. However, EAxis has already admitted their present system is "designed by SecuROM". However, if it *IS* the same beast, it is almost laughably weak and ineffective, and I can't actually see it DOING anything, given that can be disabled entirely from the equivalent of BHAV code. Whether it is or isn't SecuROM, it is my expert opinion that it is Mostly Harmless.
Logged
Grant me the serenity to accept the things I cannot change, the courage to change the things I cannot accept, and the wisdom to hide the bodies of those I had to kill because they pissed me off.
Nightmare
Asinine Airhead
Posts: 36
Re: Securom string found in Process Explorer dump of TheSims3.exe
«
Reply #4 on:
2009 June 15, 10:29:05 »
For being harmless... are there any crack on the disc version? there isnīt any on trusted sites like GCW. Or could it be that the protection is harmless and good?( I doubt it)
Logged
J. M. Pescado
Fat Obstreperous Jerk
El Presidente
Posts: 26288
Re: Securom string found in Process Explorer dump of TheSims3.exe
«
Reply #5 on:
2009 June 15, 10:35:26 »
No protection is ever "good". However, the present protection used, based on my analysis of its behavior and "rootedness", is far weaker than even the old Safedisc protection used in TS2: It exhibits absolutely no reaction to, for instance, your use of Process Explorer (SecuROM would produce a mysterious "Security Module" error under such conditions), does not care about being watched in Registry Monitor (SecuROM would whine about the security module again), and does not react to the presence of Daemon Tools, even without YASU (SecuROM would whine, even Safedisc blacklists). It lacks any of the traditional SecuROM-EA DLLs, like "paul.dll". Furthermore, it can be trivially crippled using circa-1990s cracking techniques. As far as I can tell, it is a half-assed effort thrown together on short notice after the people rioted against SecuROM, and is basically a low-grade anti-idiot copy protection that has zero effect on anyone with half a brain...which, frankly, is about as much as you can expect out of a copy protection: It's just as useless as far more expensive and difficult protections, but at least it probably didn't cost much to make. As far as I can tell, it is either extremely sophisticated at hiding its activities and yet totally ineffective at doing its actual job, or it is simply harmless.
Logged
Grant me the serenity to accept the things I cannot change, the courage to change the things I cannot accept, and the wisdom to hide the bodies of those I had to kill because they pissed me off.
Nightmare
Asinine Airhead
Posts: 36
Re: Securom string found in Process Explorer dump of TheSims3.exe
«
Reply #6 on:
2009 June 15, 10:45:29 »
But I have seen similar Securom issues in the sims 3 forum. No recognized DVD. Emulation errors. Are these fake? Could it be we are dealing again with Sony paid users to post on forums?
Logged
J. M. Pescado
Fat Obstreperous Jerk
El Presidente
Posts: 26288
Re: Securom string found in Process Explorer dump of TheSims3.exe
«
Reply #7 on:
2009 June 15, 10:47:47 »
It is possible that different regions may carry different protections, but I've dissected this thing throughly. I know exactly WHEN the copy protection check fires (it's far too late for it to be producing DVD errors), and exactly what messages it is capable of printing out. None of those messages are even *IN* there! Those people are probably running either the Online version (which reportedly does contain SecuROM), or the prereleases (which also contained SecuROM).
Logged
Grant me the serenity to accept the things I cannot change, the courage to change the things I cannot accept, and the wisdom to hide the bodies of those I had to kill because they pissed me off.
Nightmare
Asinine Airhead
Posts: 36
Re: Securom string found in Process Explorer dump of TheSims3.exe
«
Reply #8 on:
2009 June 15, 12:57:59 »
I donīt understand EA then. They should have dropped Securom earlier. They still have suffered from Securom scandals and bad PR. It is clear that this option is better than keeping SecuMierda, but they should have done earlier.
Logged
Nightmare
Asinine Airhead
Posts: 36
Re: Securom string found in Process Explorer dump of TheSims3.exe
«
Reply #9 on:
2009 June 15, 13:34:28 »
Quote from: Jordi on 2009 June 15, 13:17:00
Ubisoft dropped DRM for the last PoP which did not sell well, and apparently faced harsh criticism from the industry 'tards over this. Their future games will be infested again.
Soruce please?
Pes, what is your opinion about Securom running, performing processes, or communicating with the RING0 to detect V-drives in stealth mode? Securom runs in RING3 to perform its detection, but some of my sources tell that it communicates with the RING0.
Is that true?
Logged
Nightmare
Asinine Airhead
Posts: 36
Re: Securom string found in Process Explorer dump of TheSims3.exe
«
Reply #10 on:
2009 June 15, 14:29:39 »
Unfortunately I already know that and the industry believes it is a bug of Rootkit Revealer. Any more indicators of Kernel code use?
Logged
Nightmare
Asinine Airhead
Posts: 36
Re: Securom string found in Process Explorer dump of TheSims3.exe
«
Reply #11 on:
2009 June 15, 17:54:55 »
Quote from: Jordi on 2009 June 15, 15:06:06
"The industry"? Care to expand?
The major publishers
Logged
Doc Doofus
Garrulous Gimp
Posts: 310
Re: Securom string found in Process Explorer dump of TheSims3.exe
«
Reply #12 on:
2009 June 16, 00:25:25 »
Quote
What the big companies fail to see is that all DRM can be bypassed.
That's true, but if they don't even make a pathetic, half-hearted little vain attempt, then they risk losing LEGAL control in future lawsuits over the unauthorized use of their product.
Logged
Medusa stared at the two creatures approaching her across the Piazza and, instantly recognizing them as Spanish Gorgons, attempted to stall them by greeting them in their native tongue, "Gorgons, Hola!"
J. M. Pescado
Fat Obstreperous Jerk
El Presidente
Posts: 26288
Re: Securom string found in Process Explorer dump of TheSims3.exe
«
Reply #13 on:
2009 June 16, 00:48:09 »
Quote from: Jordi on 2009 June 15, 13:56:47
Can't disclose my source there as I haven't heard it from official sources either. My source is a "friend". I have found no facts that counter this though -- consider that Ubi refused to release the DLC with the real ending to PoP, citing only "business reasons". The "grapevine" translations of these "reasons" is investor/stockholder pressure to not spend any money at all on PoP since Ubi "invited" the pirates to steal it by not using any DRM.
Hah. The real reason PoP flopped is purely because it was terrible. As a veteran pirate cat, the lack of DRM never even entered consideration: I ignored it entirely because it was simply a bad game. It just goes to show: If you want to avoid piracy entirely, just make shitty games. No one really tries to pirate dogdoody.
Quote from: Jordi on 2009 June 15, 13:56:47
As for your question for Pes
I didn't ask a question. I already know SecuROM is evil.
Quote from: Doc Doofus on 2009 June 16, 00:25:25
That's true, but if they don't even make a pathetic, half-hearted little vain attempt, then they risk losing LEGAL control in future lawsuits over the unauthorized use of their product.
I can see that, yes. And that pretty much looks like what this current attempt is: A low-budget attempt that carries no real chance of success, just like all the more expensive efforts, but is just there as a token effort that costs little to nothing to make. It works just as well as expensive efforts (I.E., not at all), but it sure as hell doesn't cost as much and doesn't piss people off.
Logged
Grant me the serenity to accept the things I cannot change, the courage to change the things I cannot accept, and the wisdom to hide the bodies of those I had to kill because they pissed me off.
Nightmare
Asinine Airhead
Posts: 36
Re: Securom string found in Process Explorer dump of TheSims3.exe
«
Reply #14 on:
2009 June 16, 09:01:35 »
Pes, whatīs your opinion as an expert about kernel code use in Securom?
Logged
J. M. Pescado
Fat Obstreperous Jerk
El Presidente
Posts: 26288
Re: Securom string found in Process Explorer dump of TheSims3.exe
«
Reply #15 on:
2009 June 16, 11:30:16 »
SecuROM is evil malware. Period.
Logged
Grant me the serenity to accept the things I cannot change, the courage to change the things I cannot accept, and the wisdom to hide the bodies of those I had to kill because they pissed me off.
Nightmare
Asinine Airhead
Posts: 36
Re: Securom string found in Process Explorer dump of TheSims3.exe
«
Reply #16 on:
2009 June 16, 11:35:22 »
Quote from: J. M. Pescado on 2009 June 16, 11:30:16
SecuROM is evil malware. Period.
Evil malware in RING3 doesnīt fall in the same category as a possible low-level operation, RING0 malware.
The first one is an annoying bug, the second is a
deadly compromising
software. The distinction must be done.
Logged
J. M. Pescado
Fat Obstreperous Jerk
El Presidente
Posts: 26288
Re: Securom string found in Process Explorer dump of TheSims3.exe
«
Reply #17 on:
2009 June 16, 11:37:19 »
Quote from: Nightmare on 2009 June 16, 11:35:22
Evil malware in RING3 doesnīt fall in the same category as a possible low-level operation, RING0 malware.
The first one is an annoying bug, the second is a
deadly compromising
software. The distinction must be done.
Yes, but how does stating the obvious change anything?
Logged
Grant me the serenity to accept the things I cannot change, the courage to change the things I cannot accept, and the wisdom to hide the bodies of those I had to kill because they pissed me off.
Nightmare
Asinine Airhead
Posts: 36
Re: Securom string found in Process Explorer dump of TheSims3.exe
«
Reply #18 on:
2009 June 16, 12:29:23 »
Quote from: J. M. Pescado on 2009 June 16, 11:37:19
Quote from: Nightmare on 2009 June 16, 11:35:22
Evil malware in RING3 doesnīt fall in the same category as a possible low-level operation, RING0 malware.
The first one is an annoying bug, the second is a
deadly compromising
software. The distinction must be done.
Yes, but how does stating the obvious change anything?
I want indicators to the Average Joe users that can be understood by bureaucrat CEOīs. I know a few men on the industry, but they want reliable data. If you give me indicators of Kernel code use/low-level operations of Securom I will appreciate it.
I found some interesting string dumping Securom executables strings on latest versions.
\Device\sony_ssm.sys
\DosDevices\sony_ssm.sys
VS_VERSION_INFO
StringFileInfo
Comments
SecuROM Security Module.
CompanyName
Sony DADC Austria AG.
FileDescription
SecuROM Security Module.
FileVersion
LegalCopyright
Copyright (C) 2004/05 Sony DADC Austria AG
OriginalFilename
sony_ssm.sys
A .sys file would be some kind of indicator of low level operation, just as the Aries.sys in XCP
Thoughts
Logged
J. M. Pescado
Fat Obstreperous Jerk
El Presidente
Posts: 26288
Re: Securom string found in Process Explorer dump of TheSims3.exe
«
Reply #19 on:
2009 June 16, 12:32:13 »
Or, more likely, it's the stripped detritus of something no longer in service that was left behind. There's tons of rubbish like this in the game.
Logged
Grant me the serenity to accept the things I cannot change, the courage to change the things I cannot accept, and the wisdom to hide the bodies of those I had to kill because they pissed me off.
Nightmare
Asinine Airhead
Posts: 36
Re: Securom string found in Process Explorer dump of TheSims3.exe
«
Reply #20 on:
2009 June 16, 12:59:02 »
Quote from: J. M. Pescado on 2009 June 16, 12:32:13
Or, more likely, it's the stripped detritus of something no longer in service that was left behind. There's tons of rubbish like this in the game.
But now Iīm not speaking about TS3, but latest TS2 games versions dump. I donīt think those file names are no longer used
Logged
LMahesa
Asinine Airhead
Posts: 13
Re: Securom string found in Process Explorer dump of TheSims3.exe
«
Reply #21 on:
2009 June 16, 15:57:23 »
Quote from: Nightmare on 2009 June 15, 09:44:02
Hereīs the way to reproduce it:
1. Launch Sims 3.
2. ALT+TAB
3. Launch Process Explorer.
4. Right click on "thesims3.exe" >properties
5.Click on Strings
6. Save
7. Open the file you have saved with wordpad or MSword.
8. Search for Securom
9. Blame yourself for trusting EA
OR
1. Launch Notepad
2. Open TS3.exe
3. Hit F3 and search for Securom
Logged
Nightmare
Asinine Airhead
Posts: 36
Re: Securom string found in Process Explorer dump of TheSims3.exe
«
Reply #22 on:
2009 June 17, 13:45:36 »
No conclusive indicators of RING0/low level operations of Securom then?
Logged
J. M. Pescado
Fat Obstreperous Jerk
El Presidente
Posts: 26288
Re: Securom string found in Process Explorer dump of TheSims3.exe
«
Reply #23 on:
2009 June 17, 14:25:23 »
I have not found anything of the sort. However, the entire point of RING0 operation *IS* to be able to hide from any form of detection, which is why it is used by other programs that you probably have installed...but you know they're doing, and they're doing it because you told them to.
On the other hand, putting an elaborate RING0 hider on a copy protection system like the one in TS3 is like slapping an enormous padlock on a knee-high fence gate.
Logged
Grant me the serenity to accept the things I cannot change, the courage to change the things I cannot accept, and the wisdom to hide the bodies of those I had to kill because they pissed me off.
Nightmare
Asinine Airhead
Posts: 36
Re: Securom string found in Process Explorer dump of TheSims3.exe
«
Reply #24 on:
2009 June 17, 18:44:56 »
Yep, but what about the past? What about BV and later games? The most experienced programmers say that indeed it is possible to run in RING3 to prevent emulation. But that protection would be weak.
Securom paranoia against emulation is well known on TS2, Farcry 2 and Falllout 3
http://www.securom.com/message.asp?m=emu&c=2500
I think the emulation is strong, so by common sense, they are not running in RING3.
A pity no one has found any conclusive RING0 operation until now....
Logged
Pages:
[
1
]
2
« previous
next »
Jump to:
Please select a destination:
-----------------------------
TS4: The Pee-ening
-----------------------------
=> Insert Amusing Name Here
=> Facts and Strategery
-----------------------------
TS3/TSM: The Pudding
-----------------------------
=> The World Of Pudding
=> Facts & Strategery
=> Pudding Factory
===> World of Puddings
===> Pudding Plots
-----------------------------
TS2: Burnination
-----------------------------
=> The Podium
===> Oops! You Broke It!
=> The War Room
=> Planet K 20X6
===> Building Contest of Awesomeness
=> Peasantry
===> Taster's Choice
-----------------------------
The Bowels of Trogdor
-----------------------------
=> The Small Intestines of Trogdor
=> The Large Intestines of Trogdor
-----------------------------
Awesomeware
-----------------------------
=> TS4 Stuff
=> Armoire of Invincibility
===> AwesomeMod!
=> The Armory
===> Playsets & Toys
===> The Scrapyard
-----------------------------
Darcyland
-----------------------------
=> Lord Darcy Investigates
-----------------------------
Ye Olde Simmes 2 Archives: Dead Creators
-----------------------------
=> Ye Olde Crammyboye Archives
=> Ye Olde Syberspunke Archives
-----------------------------
Serious Business
-----------------------------
===> Spore Discussions
Loading...