|
|
#22
09-12-2019, 10:23 AM
|
|||
|
Themida is an application that protects and hides the nature of trojan infections. While Themida itself is not a trojan or a virus, it can be used by the creators of these programs to hide the nature of the malware threats.
| ||
|
|||
|
#23
09-12-2019, 10:30 AM
|
|||
|
Vulnerabilities in software protectors
Other software protectors have important vulnerabilities, which prevent them from being a perfect solution to protect an application against reverse engineering or cracking. The following section identifies some of those vulnerabilities and shows how Themida resolves them. Obsolete protection techniques Most modern software protection systems use already broken techniques that are quite easy to bypass. Normally, an attacker will reuse the same proven tools that have been used over years to break protection systems. Often the attacker will release a global technique to attack every application protected by a specific protection system. SecureEngine uses new technology in software protection to ensure each protected application is unique thus preventing any cracking tool from being used to create a universal crack to your application. Attackers are one step ahead of the protection system When a software protection system has been broken, their authors implement patches to avoid a specific attack from being used again on new versions. Typically attackers will inspect the new changes that have been applied in the new version and will easily bypass them again. In this common scenario, attackers are always one step ahead from the protection system because the new applied patches can easily be identified and defeated. SecureEngine has a different approach to avoid this. If vulnerability is found the vulnerable object is quickly changed (due to the mutable technology used in SecureEngine) instead of releasing a patch against the specific threat. The new object, joined with the rest of the SecureEngine objects, creates a completely new protection system. The benefits of this, when compared to common software protectors, is that attackers will have to reexamine the whole protection code to bypass the new changes. Understanding the risk When an application is being created, the Compiler will compile the application source code into several object files made of machine language code. Then the object files are linked together to create the final executable. In the same manner that the source code of an application is converted into machine code at compilation time, there are tools that can convert a compiled application into assembly language or a higher programming language. These tools are known as dissemblers and de-compilers. An attacker can use a dissembler or de-compiler to study how a specific application works and what a specific routine does. When the attacker has a good knowledge of the target application, he can modify the compiled application to alter his behavior. For example, the attacker could bypass the routine that checks for the trial period in an application and make it run forever or even worse, cause the application to behave as if it was registered. | ||
|
|
|||
|
#24
09-12-2019, 10:36 AM
|
|||
|
Since software protectors were born, many attackers have centered most of their efforts on attacking the software protectors themselves instead of the applications. Many tools have been developed that aid in the attacking of software protectors. These attacks often result in the attacker obtaining the original application that is decrypted and has the protection wrapper removed.
The main problem with software protectors is that they use protection techniques very well known by crackers, so they can be easily bypassed with traditional cracking tools. Another important problem in software protectors is that they have restricted execution by the operating system, that is, they run with normal application privileges. Because of this attackers can use cracking tools that run at the same priority level as the operating system allowing them to fully supervise what a software protector is doing at a certain time and attack it in specific places. Something new to decode virtualized code. Usually these sections are important enough that the game developer wants to hide in the client so they are probably important for at least something; client authentication, etc. Now you can decode these sections with an IDA Plug-in this guy made: DeCV — a decompiler for Code Virtualizer by Oreans https://github.com/pakt/decv | ||
|
|
|||
|
#25
09-16-2019, 09:00 AM
|
|||
|
EQ used to be a lot worse. Fighting with sound drivers, graphics drivers, directX etc.
And all the same problems with AV etc. I remember velious came out DirectX version switched, i had awful problems for days. Had to buy a new gpx card in the end. Be thankful that all that is behind us now. | ||
|
|
|||
|
#26
09-16-2019, 09:43 AM
|
|||
|
This is exactly why my off ramp for my primary OS was Windows 7. Windows Shit 10 is such a pain in the ass to run anything on anymore now days. While I do keep a copy of it for DX12 games on a bootable storage partition on my hard drive and keep Windows 7 on another hard drive for competitive games. I will say my main OS on my rig now is Ubuntu 18.04 LTS and I have had very little issues when it comes to running older games on Wine. I would say if you guys are that worried about viruses then I'd break off a partition for either that OS or another Linux distribution of your choice. The odds of you copping a virus on a Linux distro. is about the same as you winning the lottery in real life mates. lol [You must be logged in to view images. Log in or Register.]
| ||
|
|
|||
|
#27
09-16-2019, 10:03 AM
|
|||
|
Reinstall Windows
Had to reinstall my windows to install the 49b patch. Kept saying my EQ folder was in use, when it was not. But it's all working good now.
| ||
|
|
|||
|
#28
09-17-2019, 08:18 AM
|
||||
|
Quote:
| |||
|
|
||||
|
#30
09-20-2019, 07:42 AM
|
|||
|
| ||
|
|
|||
 |
|
|
Linear Mode
