Exetools

Exetools (https://forum.exetools.com/index.php)
-   General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)
-   -   Methods of detecting dongle emulator (https://forum.exetools.com/showthread.php?t=9161)

MeteO 02-11-2006 08:46
Methods of detecting dongle emulator
 
1 Attachment(s)
In previous version of HaspAPI (earlier realisation of their VM) iceman (general developer of Aladdin protection) checks match of value of offset PM_API, V86_API, and DeviceIoControl routines. If match, API will continue their work, if not...

Very interesting that API of protected program relocates by hidden interface of HASP Driver from Ring3 to Ring0. In attach i've put example how to use this.

But dongle driver replacing technology is very inconvient, now filter driver technology used in emulating dongle. Very useful to check specific strings at Registry, such as "System\CurrentControlSet\Services\Emulator\HASP" and "Software\HaspEmulPE", but this way is not true detection of emulator.

Can anyone tell me true way for detecting filter drivers?

NeOXOeN 02-11-2006 12:04
It crashes my pc :(

bye

Asus 02-11-2006 13:18
I found 2 IDs on my machine;-)

MeteO 02-17-2006 05:39
Quote:
Originally Posted by NeOXOeN
It crashes my pc :(

bye
You need to install HASP dongle drivers. From v3.81 and till current release HASP driver allow to jump from ring3 to ring0, it's potentially dangerious.

NeOXOeN 02-17-2006 09:43
thx MeteO

i didnt realized that i dont have it installed...


bye


All times are GMT +8. The time now is 09:17.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX