hi all,

could anyone give me some clues about how to break at EP of an starforce
protected exe?. By searching this board i found only one mention to this
made by Volodya , which states that:

"...Obviously, EP will contain RVA in 98% of cases, but you never took a look on StarForce protection. Code section is NOT present in the PE file ON DISK, but takes some virtual memory! Therefore, EP MUST be VA. "

Can someone explain this a bit ? Where is the code section ?? And how
does starforce load that exe?

Any info will be highly apreciated...

the code section in the sf exe is NOT present on the disk, its put in by the starforce 3 dll, as for breaking on the ep, thats a totally different story

thx a lot for your answer.

the code must be somewhere on the disk
you mean it is in one of the sf3 sys files? or theres also a dll?

second, i wanna find out how to break on EP, that is, the first byte of
the executed code and NOT on the OEP, where sf3 gives control back
to the program.

hope to hear again from you

josefk:

Just a thought, since "it's kind of like my job Dude." You said you searched here for information on your target protection, but did you also search on the net? Try something such as "starforce + cracking" (without the quotes) or try "starforce dll + cracking (or reversing) (again, no quotes). Also did you search here for information on how to reverse dlls? There are several Threads on the exetools forum about this target which you might also want to review. There is a tool on the net that allows one to run your target protection without the CD itself, but don't know whether it has been updated for your version of interest. Lots of information out there for those who learn how to search.

Regards,

yes theres also a dll, check the iat of the exe, note the dlls, one of them is the starforce dll, and did i mention the .sys files.. no ..



heh, slight problem, the iat loads the starforce dll (before oep is reached), dll does its stuff then jumps to the real oep, study the code somemore, either you are out of your depth or you havent studied your target enough

well,

-JMI,
i already 'googled' starforce , but the harvest was pretty poor...
i also found something on exetools , anyway not much since i'm
looking for 'technical' infos ...
btw , it would be very nice if you could implement the search
function on exetools forum for non-member also.
i also know how to use starfuck/sf nightmare/mini-images to launch
a sf3 game.

thx anyway

- evlncrn8,
thx a lot that's exactly the answer i was looking for.
this trick to launch the protection is indeed very simple,
and i must admit that somehow i missed it...i was almost
sure that must be something more complicated.

now i have a starting point...hopefully i will be able to dig out
something from it

ps. you seem to be pretty familiar with starforce.you already
cracked it , or you're from the developers team?

nah i've cracked it before