Results 1 to 15 of 37

Thread: FLEXNet

Threaded View

  1. #1
    : Code Injector : nikolatesla20's Avatar
    Join Date
    Apr 2002


    I've only got small experience playing with this protection (Of course, it IS a "new" thing out now). It's from Macrovision, so I'm thinking it's based off of FlexLM and the like. Anyway, the new Install***** 11 is based on it.

    Version 11 of the mentioned product has a 15 day demo out. One interesting thing about it is that after it expires on your machine, even re-imaging the hard disk doesn't restore the demo. In other words, I have a XP image of my hard disk from before I install the product, that I reapply to the drive. I tested this as well without any internet connection. So it appears to be physically writing something off somewhere else on the disk.

    I've read a tut by Tseph about SafeCast doing such a thing, writing to sector 0x32 on the hard drive, and that tut's target (I mean the protection on the target) was also from Macrovision, so no doubt a similar technique is being used here.

    Although I didn't notice any *.sys files being used by the app, one would think that would be necessary to write to the drive at the low level. Under Win2K and XP you can open the physical drive just as a file handle (CreateFile("\\.\\.\\\PhysicalDrive0")) but as far as I knew you could really only read from it, not write to it. I've done that myself to parse MBR and partition tables. Hm yes I guess you can write too....

    Anyway, pretty sure they are either doing it this way or writing something to BIOS (pretty inconcievable). Any else have some ideas?

    Guess I'll have to try BPX on WriteFile.

    I'm also going to play with it in VirtualPC and see how it behaves.

    Last edited by nikolatesla20; October 5th, 2005 at 09:17.


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts