I’m currently trying to make the games work in Vista.
so far I’ve figured out that it queries SLGetWindowsInformationDWORD to check if you’re allowed to play the game.
have a look through this list (speciflcally anything starting with Shell-) to see how it knows.
Now, I made a fake DLL that just returns 1 but this causes slui.exe to fire and tell me that the program isn’t made for my edition of windows, so something else is in this crap.
However, an alternative method of attack would be through this
if anyone is familiar with using GetProcAddress then I heartily recommend giving it a punt… I’ve tried but it just throws an exception and crashes although it *IS* getting the address of the function (it’s in ntkrnl.exe or ntkrnlpa.exe and various others depending on your installation, see your system32 folder)
Anyway… if we were able to read it out, we should be able to write it back too, hopefully without firing off the license tampering mechanism.