PDA

View Full Version : Emulation software detected with a backup copy



JackOnFire
10.03.2015, 00:05
Hi,

Some weeks ago I've bought a BNIB CD (Dictionary). The first thing I did was a back up copy with Nero (.iso) just copying files to my HD and then burning them, but I've never tested the copy.
Yesterday my stupid brother brought my CD to his school for a classwork and someone stole it!

Now I've just tested under my Windows XP Pro SP3 my iso copy with daemon tools lite 4.30.1 and it opens a gray window where it's written [I try to translate it] "An emulation software was detected" and "Do you want to analyse booting? Start/No". Below that it says the software was developed to verify any HW/SW incompatibilities on my PC and the analysis will be run as in the Microsoft msinfo32.exe's way. At the end it says this analysis is on voluntary base.

I've tried activating all my DT's emulation options: safedisc, securom, laserlook, rmps but it was useless.
I can add that I had done a similar back up copy with a previous version of that dictionary and it runs under my DT. So I've opened both ones and noted they're very similar but some .manifest files that are present only on the latest release I'd got (the stolen one).

Any help will be appreciated.
See you.

Terramex
11.03.2015, 08:50
The emulation options won't help as the error message indicates it's the New SecuROM copy protection.
Therefore a simple ISO won't work, sorry :(

JackOnFire
11.03.2015, 12:28
So if I'll burn the iso into a blank CD it won't work as well? :confused:

Terramex
11.03.2015, 13:42
I'm afraid not.
To be abolutely sure it's New SecuROM either post a screenshot of the error message or scan the main executable with ProtectionID: Protection ID (http://protectionid.owns.it/)

JackOnFire
11.03.2015, 23:33
Here's the scan

File Type : 32-Bit Exe (Subsystem : Win GUI / 2), Size : 7798112 (076FD60h) Byte(s)
Compilation TimeStamp : 0x49F0885A -> Thu 23rd Apr 2009 15:25:14 (GMT)
[TimeStamp] 0x49F0885A -> Thu 23rd Apr 2009 15:25:14 (GMT) | PE Header | - | Offset: 0x00000D78 | VA: 0x00400D78 | -
-> File Appears to be Digitally Signed @ Offset 076F000h, size : 0D60h / 03424 byte(s)
[File Heuristics] -> Flag #1 : 00000000000000000000000000000101 (0x00000005)
[Entrypoint Section Entropy] : 6.62 (section #5) "Sitext " | Size : 0x71F0 (29168) byte(s)
[DllCharacteristics] -> Flag : (0x0000) -> NONE
[SectionCount] 10 (0xA) | ImageSize 0xCE0000 (13500416) byte(s)
[VersionInfo] Company Name : I.Co.Ge. Informatica S.r.l. - TRENTO
[VersionInfo] Product Name : cdBook - I.Co.Ge. Informatica S.r.l. - TRENTO
[VersionInfo] Product Version : 301dZ - 2009-04-23
[VersionInfo] File Description : cdBook - I.Co.Ge. Informatica S.r.l. - TRENTO
[VersionInfo] File Version : 301dZ - 2009-04-23
[VersionInfo] Original FileName : "Zan.exe"
[VersionInfo] Internal Name : "cdBook"
[VersionInfo] Version Comments : cdBook per Zanichelli Editore S.p.A. Bologna
[VersionInfo] Legal Copyrights : Copyright © 1996-2009
[!] SecuROM Detected - Version 07.40.0009

I guess it's the new securom you referred to! I really don't understand why they put this protection. In the older version I've got of this dictionary the same scanning didn't find any protection! I can't believe the dictionary is lost forever!