syl
May 8th, 2007, 08:15
hi
i wanted to disassemble http://www.sxe-injected.com sXe injected (an anti-cheat program for stand-alone counter-strike releases no-steam) in order to understand why it's not working with vista.
Of course i think that's because of execryptor (PEiD shown that for sxe 2.7 but with sxe 3.3 it's saying "nothing"
used on exe or perhaps because of the driver used for anti-cheat. But i wanted to have your idea.
Also, i want to precise that http://www.sysersoft.com syser and Olly cannot even or can just not really load the exe.
With OllyDbg i tried the "advanced" plugin to break on new TLS callback because i'm pretty sure that's the technique used (but i think there is another in the wild related with PE checks). So well my question is :
* can we be sure that execryptor was used on sXe
* what to do after breaking on TLS callback while loading in Olly
i wanted to disassemble http://www.sxe-injected.com sXe injected (an anti-cheat program for stand-alone counter-strike releases no-steam) in order to understand why it's not working with vista.

Of course i think that's because of execryptor (PEiD shown that for sxe 2.7 but with sxe 3.3 it's saying "nothing"

Also, i want to precise that http://www.sysersoft.com syser and Olly cannot even or can just not really load the exe.
With OllyDbg i tried the "advanced" plugin to break on new TLS callback because i'm pretty sure that's the technique used (but i think there is another in the wild related with PE checks). So well my question is :
* can we be sure that execryptor was used on sXe
* what to do after breaking on TLS callback while loading in Olly