Jump to content
Tuts 4 You
Sign in to follow this  
ixiodor

CPU "Features"

Recommended Posts

ixiodor

Hi guys,
I heared about DENUVO that uses a CPU bound code to make it harder to crack, some code that run only on your CPU. So i was looking for some nice trick and testings tring to emulate that.
I started using CPUD changing values in EAX, my curiosity was on:
 

MOV EAX, 0Bh
CPUID

This give me some values, including in EDX wich core is executing that CPUID. (core1 - core2 etc)

BUT
i found this "feature" , if you do:
 

MOV ECX, 100h
MOV EAX, 0Bh
CPUID

You reset all your registers and you get only a value in EDX, where is showed your current core...
Is that normal??
I have a i7-2600, can someone with different CPU try if have same results?

Share this post


Link to post
mrexodia

The Denuvo thing is probably utter horseshit (especially if you read this on reddit).

Anyways, you can find the documentation of the CPUID here: http://x86.renejeschke.de/html/file_module_x86_id_45.html

On my PC, it clears EAX, EBX, ECX, EDX (which are registers that CPUID puts results in according to the documentation). It doesn't clear any other registers:

3tfvpj4.png

Greetings

  • Like 2

Share this post


Link to post
ixiodor

Thanks for your time ^_^

Share this post


Link to post
mrexodia

CPY didn't unpack denuvo, they hooked some stuff to bypass license and integrity protections :D

  • Like 1

Share this post


Link to post
arlequim

Wow, they did even better. Thanks for info Mr.eXoDia ;)  Although i dont know at all this protector, i think they chose the most intelligent tactic and cracking approach, i mean no unpack and secured result :)

Share this post


Link to post
evlncrn8

uses a fair bit more than just cpuid information like hdd info (boot drive serial number, and videocard data enum) to name a few

Share this post


Link to post
ddev
On 3/19/2016 at 8:48 AM, evlncrn8 said:

uses a fair bit more than just cpuid information like hdd info (boot drive serial number, and videocard data enum) to name a few

Anyone confirmed what info is actually used in denuvo(VMProtect) ?

Share this post


Link to post
evlncrn8

well for the ea stuff, its the same thing in denuvo - hdd serial, video card enum, computer name etc, all built up into a hash.. for the steam stuff, steam user id etc along with he usual cpuid stuff securom used..

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
×
×
  • Create New...