There's a game that I'm working on with some protection that I can't quite figure out. I can't identify the protection nor can any program I've downloaded.

Anyway the exe is packed as I would expect and there's anti-softice code that catches SI even with frogice on bulletproof, boundscheck interface diabled and the backdoor commands diabled (not supprised as there seems to be many ways to detect it). It seems to detect all my other debuggers except for the trw2000 demo. This is really beside the point.

I did a standard dump of the uncommpressed program, rebuilt the working exe and it crashed. I debugged my exe and apparently the unpacker created a tmp file which is in fact an exe or dll (not sure which, it shows as a running program but the game makes calls to it like a dll).

So I assumed I needed to dump this. However, the tmp file has no imports or exports and neither the compressed exe or my dumped version has imports for it. They are apparent added to the uncompressed program durring some stage of the unpacking code.

Has anyone seen this? Maybe know what protection it is using? Or maybe a tutorial?

Oops. Apparently I missed ArthaXerXes' reply on my other thread.

"Sacrifice uses Safedisc 2 (at least patch 1 does), so yes, that is obfuscation + ciphering."

So ArthaXerXes, how did you know it uses Safedisc 2? I'm very new to this and I still don't get how you all find this stuff out.

Also, know any good or any tutorials on Safedisc 2?

BTW: This is board really helps the learning process, thanks ArthaXerXes and everyone else.