Fix for SecuROM bug

Originally posted by PzAz04Maus Uhm.. Hey, new guy here (who  also is not very good with programming languages, or even knows about anything to do with them besides their purpose). I'm sorry, but how exactly do you use this? Most of the installations and edits that I've done were simply placing files in proper locations (ala mods) at a per-file basis, or just getting an easy installer to do it for me, so this, I'm not even sure where to start with. Do you run the .exe (which seems to be the source code if the readme is telling me right). In other words, the readme didn't help a relative luddite at all, so how is this used? It seems that SecuriRom also has expanded to the World in Conflict Beta, along with C&C 3, so now it's even deeper into the hole. So far as I can tell, it's programming language that I put somewhere (do you put it into a certain set of code for a program or something, or is it something that is an exe?).  Wouldn't this SecuROM also technically be illegal, since that the other software is forcing you to not use another set of software for it to run at all? It's a game, but still, if Photoshop wanted to, they could do this whole bull**** to, for instance, copies of GIMP. Basically it's forced incompatability issues against another program, which could be malicious since I love Process Explorer much more than the Microsoft default ever did. In Short, how do I gain the benefits of this program, what are the potential problems, and if it'd help, how to uninstall? Many thanks to those who can help out someone dumber than they in this certain field of knowledge.

Sorry - missed this post.  It's probably best to email me as well if you want a faster response!

To use the program in a simple manual way, extract the .exe from the .zip file to somewhere on your system (I'll use c:\util as an example).  Next, create a shortcut on your desktop (or wherever) to "c:\util\hidepe100 -m".  Running this shortcut will hide the Process Explorer driver from SecuROM as long as Process Explorer itself isn't running.

You can have it automatically start the game by putting the full path to the game instead of the "-m" but I'll leave that to your experimentation.  As an example, my shortcut for C&C3 points to:

C:\util\HidePE100.exe "C:\Program Files (x86)\Electronic Arts\Command & Conquer 3\CNC3.exe"

The "programming language" bit is just the code that I wrote that actually makes the .exe file.  You don't need this.  It's simply for complete disclosure of what is in the program if you're one of those paranoid types who suspects I may be distributing a virus (after all, you don't know me).  This would allow you to either make the program yourself or ask someone you trust more than me to make it for you.

Legally, SecuROM can do whatever it wants to and prevent you from running whatever it wants to on your machine at the same time it's running.  You legally have the option of not purchasing and running the game if that bothers you too much.  As I documented, my correspondence with Sony leads me to believe that the behavior of SecuROM in preventing a game from being run even after you close Process Explorer itself is a bug in their code, so I am simply providing a workaround to that bug.  I have heard nothing from SecuROM themselves, and have provided their CS folks with the same .zip file posted on my site for their perusal.  They've not contacted me in any way over it, so I can only assume that they don't mind.

To uninstall it - just delete the .exe from your system.  It installs nothing into your registry, installs nothing on your HDD, and does nothing permanent to your machine after running.

Again, sorry for the delay posting.  Just for reference, it also works against BioShock (both the demo and Steam versions that I've tested so far), but requires the "-m" method I initially recommended because the game itself runs itself.  No clue on why it does, but I can't track grandchild processes quite as simply.

Anyway - if you have any more questions, shoot me an email or post here.  I'll do my best to answer.

Cheers.

Note that the new v11 of the Process Explorer driver is not detected by SecuROM.  The running executable is, but just exiting Process Explorer v11 will let you play your games for now.

I suspect Sony will update SecuROM in the near future to throw a fit at the v11 driver.  I'm also going to look at the code posted by EP_X0FF on another thread to see if I can't just unload the driver manually.

we need the sysinternals universal unloader :)

Edited by x-faktor - 31 July 2008 at 11:58pm

Hey throx, how did you code this without using the .net framework since it was in the VS.net 2005 IDE?

I've tried doing this before but was unable to succeed (although this was using VS.net 2005 - VB, perhaps C++ is different?) Did you select console application or something?

Also I was going to mess around with your code a little bit and do some testing, although I keep getting this error when Debugging, or Building (compiling):
fatal error LNK1104: cannot open file '..\..\winddk\3790.1830\lib\wxp\i386\ntdll.lib'    HidePE100


How would I fix something like this?
I am thinking it might have something to do with this line #pragma comment(lib, "ntdll.lib") although I am unsure.

ntdll.lib is included in the Solution Explorer window, so I am not really sure what is wrong. Do I have to point some option in the project properties to ntdll.lib?

Hmm, I never knew that. I swear I've tried this in VB.net 2005 and it seemed to take no affect (I refuse to program in the .net framework due to the slow  application load time =[ )

Sry about the ntdll.lib, I swear it was included in the folder, but I guess not.
I just deleted that one referenced in the project and added it from where I put the DDK (I guess the wnet version is correct)
P:\WINDDK\3790.1830\lib\wnet\i386


In any case. I am very surprised that this works. In fact I don't really understand why replacing a driver's symbolic link security descriptor with nothing does anything. (Actually, I didn't even know drivers have symbolic links...)




Edited by Matts_User_Name - 30 July 2008 at 2:23am