|
you should use windbg instead of softice, because its not that 'intrusive' as softice and you'll need only one simple trick to prevent detection
once you can use a debugger to view interesting parts (like the prodrv06) you'll see a very simple code-decryption, api loading at runtime and a little vm
|