Securom and Process Explorer

I just tested to make sure, and Securom “protected” games (specifically nwn2) will not run if you use process explorer before trying to use them. It is ridiculous, considering the other (fairly piratical) stuff I have on my computer, that the only thing that actually triggers securom is process explorer. You’d think bittorent, daemon tools, a .iso converter, limewire, or the innumerable cracks I’ve got would be what sets off this garbage.

But nope, it is in fact a fairly innocent tool I use to keep an eye on whats going on on my computer.

Just figured I’d share that.

That’s amazingly daft. I use Process Explorer when looking for suspicious or software. I guess you found some!

I don’t think Securom specifically tries to block Process Explorer. When you run PE it loads a DLL which makes calls into the Win32 debugger APIs which are very powerful and allow one process to easily control much of another process, which is great for debugging and for figuring out what is going on in a system but not so great if you have an executable to run that you don’t want other executables on the system with admin privs to be mucking around with. Because of the way DLL caching work in Windows, even after you close Process Explorer this DLL is still resident in memory until a reboot. Securom probably sweeps all the open processes and resident DLLs and bails if it detects any use the Win32 debug APIs, thus you can’t play Securom titles until rebooting after you load Process Explorer.

It isn’t that they are searching for specific programs that mark you as a likely end-user pirate, they are searching for specific programs/DLLs in memory that may be used to subvert their protection by active hackers. While PE itself doesn’t really help that much with this, it uses a DLL that might, and they are probably blocking on patterns rather than specific instances of programs (the way many modern virus scanners work). Some false positives are bound to occur.

Not that I’m defending Securom here… Harmful and annoying copy protection is one of the primary reasons I’m much more of a console gamer than a PC one these days… just pointing out why this happens and how they probably aren’t speficially blacklisting Process Explorer.

That makes it no less ridiculous, especially since PE has been Microsoft owned freeware since 2006. I can’t use something issued by the creator of my OS because of a cruddy copy protection system? That makes as much sense as the platypus.

Process Explorer wasn’t ‘created by the owner of your OS’, it was bought by the owner of your os last year.

As to the processes hiding thing, it’s a known problem with the XP kernel design. I don’t think you can pull it off in Vista.

I’d guess that with enough debugging knowledge and tools like PE it becomes somewhat easy to figure out how to crack securerom. Hence the draconian measure against it. It’s still stupid though as I’d bet anyone who could successfully crack securerom could also find away to mask those dlls.

Note the use of the word issued in the second sentence of my previous post. Also, issued by the creator != created by the owner. I’m the licensee, MS is the owner, neither of us created PE.