Uninformed: Informative Information for the Uninformed

Vol 9» 2008.Jan

Authenticity Check Performed on Lockdown Module Caller

An additional new protection scheme introduced in the Lockdown module is a rudimentary check on the authenticity of the caller of the module's export, the CheckRevision routine. Specifically, the module attempts to ascertain whether the return address of the call to the CheckRevision routine points to a code location within the Battle.snp module. If the return pointer for the call to CheckRevision is not within the expected range, then an error is deliberately introduced into the checksum calculations, ultimately resulting in the result returned by the Lockdown module becoming invalidated.