After analyzing several versions of the dll, and several no-cd crack, I made ​​mine own, which works very well and that is not detected by my antivirus as a malware or a rootik, or nothing else.

This is proof that there is something wrong with the dll provided by GOG.

I am quite angry to have lost so much time to code a dll myself to play a game I paid.

I do not thank you.

THIS and i am gonna call BS at the whole "i am an IT Security Expert" because NO IT security Expert including myself would put ANY confidence whatsoever in ... and I quote "Mycrosoft Security Essentials" - you certainly seem self-entitled so I will assume the typo is a playful pun ... that or you further add to the lack of credibility in your statement.

Further more you would understand what a false positive is and you would KNOW phrases like Starforce and TAGES and be able to identify with them as the gentlemen below you did ... who in one small sentence answered your question so why you feel the need to go on and on digging a hole of desperation and embarrassment and claiming to be something you are not or not very good at if you are telling the truth is quite frankly sad.

Care to share your magic DLL?

It's not "encrypted", it's obfuscated. There is a difference.

Lots of software uses obfuscators to make reverse engineering more of a challenge. They usually aren't really effective, but they can make it a lot more cumbersome and difficult than non-obfuscated binaries. This happens with both malware and non-malicious applications, it just depends on if/how the developer wants to 'protect' their software.

Malware authors usually use some form of obfuscation to make reverse engineering more difficult. For example, even with the simplest obfuscators you'd have to do some debugging to get strings (urls, etc), whereas with an unpacked binary you could just run 'strings(1)' to get what you want. As a result, AV companies tend to put signatures in place for these packers and detect them as generic or obfuscators since they can't easily detect on other portions of specific malware that would otherwise be there. In addition, their policy is generally going to be 'a few false positives for less false negatives', meaning these generic 'catch all' type rules are their way of catching malware they can't identify directly even though there may be some false positives (which is why you are allowed to approve certain files).

This happens all the time, I wouldn't sweat it, just approve it and move on. I also wouldn't use some DLL a guy gave you on the internet.

Indeed. Using a DLL from a random person on the internet is a bad idea.

"Trusted DRM company" is an oxymoron to me. It is why I have aggressively patronized GOG. Anyone who implements DRM is on my "Don't Trust" list automatically. It's not that I think they're "out to get me", but DRM has had several high-profile cases of sickening computers, sometimes to the extent that a reinstall of the OS is required to purge the problem. I simply don't want to risk installing anything that might be DRM-related on my machine. I suspect this sentiment is quite common amongst GOG patrons.

It seems everyone agrees that it at least once was a component of the TAGES system. There's a very high likelihood that the initial purpose (preventing copying of game files) is gone; otherwise it would be a major blow to GOG's credibility. However, I am alarmed that any of the TAGES moving parts remain in the system. While I have faith in the installer's ability to re-run in the future as I upgrade my computer, I do not have faith that it hasn't done something unpleasant to my system, even if it has nothing to do with digital rights management.

I'd like to see a patch to remove the requirement on this particular DLL altogether. I'd also really like to see GOG officially and specifically commenting on this on the support page; the generic "ignore any antivirus warnings" statement is not reassuring.

I've yet to see those "high-profile" cases, but let's move on...

There are no moving parts, so to speak... the TAGES drivers are not installed and the DLL is not loaded in memory when the game is inactive... for all we know, it might even be stripped of all the original TAGES code and simply emulate it's behaviour (mantaining also the same obsuscation tecnique) to "cheat" the code in the main EXE... in fact, only removing the DLL triggers a request for TAGES installation

It is unfortunate that we have to deal with this stuff, but such is the burden of having DRM slapped on the original game in the first plcae, particularly when you have a game developer, contracted by a publisher, that licenced a 3rd party DRM developer... too much hands on the code.
i'm sure that if the publisher gave GOG proper ways to clean the game completely, they would already used it in from the start...

While admittedly the Sony XCP fiasco was for protecting music rather than games, it was a DRM implementation that ultimately reduced the security of affected systems, to the extent that it was used as a vector (in the wild, ie "for real") for actual malware. It also injects itself between the CD-ROM and the OS's CD drivers (for the purposes of filtering unauthorized access of tracks from Sony CDs); I recall complaints that this prevented CD-ROMs from working, but can't find confirmation of that.

Also for media rather than games, Microsoft had an escalation vulnerability in drmstor.dll, though I don't know how long that went unpatched.

SafeDisc had an escalation vulnerability that was a zero day for at least a month before being patched.

But that's why I buy games here. I don't want that burden; I don't want a hint of that burden. If the game is so horribly wedded to its DRM that it can't be fully excised, I'm not interested. There are too many good games I have not played yet to diddle with one that even might be DRM-infested. I've literally bought half of GOG's offerings, and am way behind on playing them. I'm pleased GOG is attracting other vendors. But if we're moving into shades of gray where "we can assume it's safe" and "it's mostly gone", then I'll retire and start working off my backlog. Hell, I'll play Fallout for a third time, it's been three years.

Why the heck was this issue marked "solved" over a post that says it is a bad idea to trust someone offering a .dll on the Internet is beyond me, I want an official reaction by GOG until I consider this "Solved".
If I don't see an official reaction by GOG within a week I'm going to ask for a refund. Any traces of a DRM system are unacceptable to me.

He wasn't serious. The threadstarter just has his ultimate believe in signed executables. Doesn't matter if it makes no difference.

...but you will find traces in every game that never had a true (as in official + compiled from source - as in developer supplied/ not third party) unprotected exe.

That sounds plausible.
I guess I mostly play older games then, that do not suffer from invasive DRM

Hi,

I have had similar problems trying to get Chronicles of Riddick to run. I have Norton Security and it blocks it before I can even get the game to install. I submitted the file to have it checked and I was told not to use it and it has a possible origination from the country of Iran. This is definitely not cool. Can you please check this file and guarantee it to be safe ? I would never think GOG would knowingly let this pass as this is your livelihood. I just want to be sure.

Thank you,

Tom J.

Out of pure boredom I'm down to 12/42 / 13/41 (did one crash?) false positives:

Original (taken from this thread) - 23/42 detected:
https://www.virustotal.com/file/ca8fe8d6f44f7503735d7a664e3809254ba120a8b306a6fd180a5f467f62661a/analysis/

Very (very!) simple - try #1 - 12/42 detected:
https://www.virustotal.com/file/e974dd25c218b339de4a83987e3bc026a8b58fab169a2e19672cd9f76480f73a/analysis/

Very (very!) simple - try #2 (slightly modified try #1 - easily noticeable)- 13/41 detected (PCTools crashed?):
https://www.virustotal.com/file/03158b8c1df46425d096dd715e4ce4786eb543bbe30a1bd8ca909eb330032655/analysis/

In case someone has problems with virustotal not showing the results:
go to virustotal.com - click search - copy & paste the sha256 string (the string between "/file/" and "/analysis")

dvm.dll is easily compressible and it will still work with darkathena.exe. Might work with your favorite exe packer without any real work on your side. Give it a try.

It's your choice and i have no problems with that... personally, i tend to give the whole DRM business the fair amount of perspective.

"DRM free" for me is something that is not tied to a specific physical medium (the old CD checks that made 1:1 backup difficult) nor to some kind of service, internal or external to the machine, that might prevent any future installation if not validated.

In short, a package that is self-sufficient, is deployable everywere, won't tamper with the O.S. and is installable at will when offline, is "free".

Now, everyone dealing with development knows pretty well that hacking a piece of software without the full source available is dirty business, so, i'm aware that the "GOG magic" can only go so far.... If it happens to be some inactive, leftover code, well, I will not dance with joy, but i'll manage... it's a far more safe and inferior price to pay compared to the original alternative.