Comment Re:After Searching through the Crapware site itsel (Score 1) 72
Starforce does have a very clever way of preventing debugger to work.
To explain it requires some little background about how an OS like Windows handle the initialisation of a process that uses dynamic libraries.
Basically, Windows will create a process environment (virtual memory, ...) and load the exe in it. It then check which dll is required by the exe and load them as well. Each dll as a usually small function that is called by the OS when the dll has been loaded, before the exe is even started, for initialisation purpose.
Windows debuggers usually use the same method for loading the process, they let Windows do everything that has been described above and only debug the executable itself, after each dll has initialized.
Starforce protected games come in the form of (at least) one exe and one dll. The exe is dependant on the dll. The big trick is that the function that initialize the dll contains the first part of the protection schemes. It probably check wether the process is being debugged there.
Debugging such a software require to rewrite the whole process initialization procedure which is something not very easy to do, and I as already said, not done by most debuggers. A kernel debugger is probably even required because Starforce use drivers, which is the main issue people in the mentionned forums have problem with.
BTW, What I find annoying about Starforce drivers is that they are loaded everytime the computer is running, It would make much more sense to only start the driver when a copy-protected game is launched and stopped when the game is stopped. Maybe this require administrative privilege and that's why they did not do it this way.
To explain it requires some little background about how an OS like Windows handle the initialisation of a process that uses dynamic libraries.
Basically, Windows will create a process environment (virtual memory,
Windows debuggers usually use the same method for loading the process, they let Windows do everything that has been described above and only debug the executable itself, after each dll has initialized.
Starforce protected games come in the form of (at least) one exe and one dll. The exe is dependant on the dll. The big trick is that the function that initialize the dll contains the first part of the protection schemes. It probably check wether the process is being debugged there.
Debugging such a software require to rewrite the whole process initialization procedure which is something not very easy to do, and I as already said, not done by most debuggers. A kernel debugger is probably even required because Starforce use drivers, which is the main issue people in the mentionned forums have problem with.
BTW, What I find annoying about Starforce drivers is that they are loaded everytime the computer is running, It would make much more sense to only start the driver when a copy-protected game is launched and stopped when the game is stopped. Maybe this require administrative privilege and that's why they did not do it this way.
