DokuWiki

User Tools

Site Tools

Trace:
windowsdlls

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
windowsdlls [2009/06/27 19:31] – Add link to Jan Newgers blog glaubitzwindowsdlls [2010/04/29 14:48] (current) megadiscman
Line 124: Line 124:
  
 </code> </code>
- 
 ===== OpenMG Secure Module - Implementation Architecture ===== ===== OpenMG Secure Module - Implementation Architecture =====
  
Line 159: Line 158:
 <code> <code>
 .................................................................................................... + UI .................................................................................................... + UI
- SonicStage+ SonicStage                                                              omgjukebox.exe
 .................................................................................................... ....................................................................................................
  ^    ^  ^    ^
Line 239: Line 238:
 The OCM files (except for init.ocm which contains an extra layer of packing) are interpreted as [[OCMBytecode]] The OCM files (except for init.ocm which contains an extra layer of packing) are interpreted as [[OCMBytecode]]
  
-Here is a decode for native code blocks from OCM files. It is severe works-for-me-quality, having at least the following issues:+Here is a decoder for native code blocks from OCM files. It is severe works-for-me-quality, having at least the following issues:
   * It does not name imports from salwrap, it just puts offsets into the import table into a generic name. Check here for some name [[OCMSalwrapExports]]   * It does not name imports from salwrap, it just puts offsets into the import table into a generic name. Check here for some name [[OCMSalwrapExports]]
   * It is unable to parse named exports   * It is unable to parse named exports
Line 246: Line 245:
 The output of the program is an assembler source file (completely unreadable) that is intended to be compiled by the GNU assembler (Win32 port or cross-assembler in linux) and then loaded into a good disassembler, like IDA 4.9 Freeware for example. The output of the program is an assembler source file (completely unreadable) that is intended to be compiled by the GNU assembler (Win32 port or cross-assembler in linux) and then loaded into a good disassembler, like IDA 4.9 Freeware for example.
  
-[[codeblockparser]]+[[codeblockparser]] (the format of the codeblocks is in [[codeblockformat]])
  
 Some info about analysing an OCM file can be found in this part of chat log: Some info about analysing an OCM file can be found in this part of chat log:
Line 256: Line 255:
   * Netmd.ocm: [[netmdocm]]   * Netmd.ocm: [[netmdocm]]
   * Device.sal: [[devicesal]]   * Device.sal: [[devicesal]]
 +  * Trkinf: [[trkinfocm]]
  
 ===== Links ===== ===== Links =====
  
   * [[http://newgre.net/antire]] - Anti-Reverse Engineering Techniques in DRM Code   * [[http://newgre.net/antire]] - Anti-Reverse Engineering Techniques in DRM Code
- 
windowsdlls.1246131079.txt.gz · Last modified: 2009/06/27 19:31 by glaubitz
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki