OriginStubDecrypter icon indicating copy to clipboard operation
OriginStubDecrypter copied to clipboard
verified publisher icon PotatoOfDoom

Mass Effect 2 has no ooa section, but it is Origin-protected

Open mirh opened this issue 2 years ago • 0 comments

Protectionid reports this, and I know for a fact that license 1005288.dlf is used.

Scanning -> C:\Program Files (x86)\Origin Games\Mass Effect 2\Binaries\ME2Game.exe
File Compression State : 0 (Not Compressed)
File Type : 32-Bit Exe (Subsystem : Win GUI / 2), Size : 16419944 (0FA8C68h) Byte(s) | Machine: 0x14C (I386)
Compilation TimeStamp : 0x4BD611DB -> Mon 26th Apr 2010 22:21:15 (GMT)
[!] Digital Signature signed by a known DRM provider -> Electronic Arts
[TimeStamp] 0x4BD611DB -> Mon 26th Apr 2010 22:21:15 (GMT) | PE Header | - | Offset: 0x00000118 | VA: 0x00400118 | -
[TimeStamp] 0x4BD60F20 -> Mon 26th Apr 2010 22:09:36 (GMT) | Export | - | Offset: 0x00DFBDC4 | VA: 0x011FBDC4 | -
[TimeStamp] 0x4BD611DB -> Mon 26th Apr 2010 22:21:15 (GMT) | DebugDirectory | - | Offset: 0x00BC60F4 | VA: 0x00FC60F4 | -
-> File Appears to be Digitally Signed @ Offset 0FA72F0h, size : 01978h / 06520 byte(s)
-> File has 752 (02F0h) bytes of appended data starting at offset 0FA7000h
[LoadConfig] Struct determined as v8 (Expected size 140 | Actual size 64)
[!] Executable uses SEH Tables (/SAFESEH) (4298 calculated 4298 recorded... 0 invalid addresses) 
[LoadConfig] CodeIntegrity -> Flags 0x1 | Catalog 0x0 (0) | Catalog Offset 0x535C3A44 | Reserved 0x5F325846
[LoadConfig] GuardAddressTakenIatEntryTable 0x6C697542 | Count 0x66735C64 (1718836324)
[LoadConfig] GuardLongJumpTargetTable 0x475C3278 | Count 0x5C656D61 (1550151009)
[LoadConfig] HybridMetadataPointer 0x6E69614D | DynamicValueRelocTable 0x726E555C
[LoadConfig] FailFastIndirectProc 0x456C6165 | FailFastPointer 0x6E69676E
[LoadConfig] UnknownZero1 0x425C3365
[File Heuristics] -> Flag #1 : 00000100000000000000000100010100 (0x04000114)
[Entrypoint Section Entropy] : 8.00 (section #0) ".text   " | Size : 0xAED451 (11457617) byte(s)
[DllCharacteristics] -> Flag : (0x0100) -> DEP
[SectionCount] 5 (0x5) | ImageSize 0x1029000 (16945152) byte(s)
[Export] 100% of function(s) (315 of 315) are in file | 0 are forwarded | 315 code | 0 data | 0 uninit data | 0 unknown | 
[VersionInfo] Company Name : BioWare
[VersionInfo] Product Name : Mass Effect 2
[VersionInfo] Product Version : 01604.00
[VersionInfo] File Description : Mass Effect 2
[VersionInfo] File Version : 01604.00
[VersionInfo] Original FileName : BioGame.exe
[VersionInfo] Internal Name : Mass Effect 2
[VersionInfo] Legal Copyrights : (C) 2010 EA International (Studio and Publishing) Ltd.
[ModuleReport] [IAT] Modules -> Core/Activation.dll
[ModuleReport] [DelayImport] Modules -> d3d10.dll | dxgi.dll | PhysXLoader.dll
[Debug Info] (record 1 of 1) (file offset 0xBC60F0)
Characteristics : 0x0 | TimeDateStamp : 0x4BD611DB (Mon 26th Apr 2010 22:21:15 (GMT)) | MajorVer : 0 / MinorVer : 0 -> (0.0)
Type : 2 (0x2) -> CodeView | Size : 0x5D (93) 
AddressOfRawData : 0xDA1798 | PointerToRawData : 0xDA1798
CvSig : 0x53445352 | SigGuid 52AC055C-70D6-42CD-837FE93D7070E540
Age : 0x1 (1) | Pdb : D:\SFX2_Build\sfx2\Game\Main\UnrealEngine3\Binaries\LTCG-BioGame.pdb
[!] EA Drm Stub Loader detected!
[:] EA Drm -> True OEP : 0x00964438 (0x00D64438) / True IAT : 0x00DF81D8 (0x011F81D8)
[CdKeySerial] found "Unregistered" @ VA: 0x00BD8FFF / Offset: 0x00BD8FFF
[CdKeySerial] found "Invalid code" @ VA: 0x00BE0DF0 / Offset: 0x00BE0DF0
- Scan Took : 2.703 Second(s) [0000008F9h (2297) tick(s)] [566 of 580 scan(s) done]

If it can help, there is a fleeting mention of Core/Activation.dll at the beginning of .data.

mirh avatar Feb 16 '23 01:02 mirh