On 4/22/06, Alistair John Strachan <[EMAIL PROTECTED]> wrote: > On Saturday 22 April 2006 10:09, Marcus Meissner wrote: > > Here is the culprit: > > > > trace:virtual:VIRTUAL_SetProt 0x462000-0x4e7fff c-rW- > > trace:virtual:VIRTUAL_DumpView View: 0x400000 - 0x57bfff (anonymous) > > trace:virtual:VIRTUAL_DumpView 0x400000 - 0x400fff c-r-- > > trace:virtual:VIRTUAL_DumpView 0x401000 - 0x449fff c-r-x > > trace:virtual:VIRTUAL_DumpView 0x44a000 - 0x57bfff c-rW- > > > > This covers the 0x00495000 address. Note that the area lacks the x-bit. > > > > What is happening is likely the copy protection. The original loader is > > likely executable, but the copyprotection decrypts the code in a > > datasection and then executes it. > > Well, I'm using a "modified" game executable which does not check for the > presence of a CD. However, it hooks into the original game executable so that > the game can validate itself. Alas, it's probably not the more pure win32 > application known to man.. >
Do you mean you're using a loader? Please try to recreate without the loader. Loaders are known to be buggy -- even on x86 architechure. Jesse
