Winternals

  1. Funny API function inside ntdll.dll

    Sup ?

    Just while i was bored i and digged a bit inside windows ntdll.dll on winxp sp2.

    the two api functions i found have very funny name declaration:

    Code:
    __stdcall LdrpCheckForSecuROMImage(x)
    __stdcall LdrpCheckForSafeDiscImage(x)
    Im not 100% sure but it seems to be that microsoft is fixing some stuff with special safedisc and securom images. funny, isn't it ?


    This api function is also interesting:

    Code:
    __stdcall LdrpCheckNxIncompatibleDllSection(x)
    Inside it it is checked whether the image is probably a Starfoce or Aspack image.

    It also seems to me that only a russian guy was talking about thoses API functions.
    I hope i can provide more information about it soon.

    Bye

    OH‹en

    Updated February 25th, 2008 at 09:06 by OHPen

    Categories
    Winternals