Beware of StarForce Copy Protection Software

What is StarForce?

Starforce is a software copy protection tool installed by PC game publishers, which is designed to prevent the casual copying of retail CDROM applications. It installs as a hidden device driver, without the end-user's knowledge or consent.


What is StarForce do that consider can threatening or damaging our PC ?

- StarForce drivers are installed separately from the game's official installer -- with NO EULA attached.
Game EULA mentions nothing about Starforce or what it does or will do. It fails to mention that it will rewrite how your DVD or CD drive will interpret information.

- The Starforce hardware/Software conflicts are well known but until recently end users where never officially told about these

- Ability to use your drives in DMA mode and problem concerning SATA and SCSI
As disks deteriate with usage, read errors start to occur. StarForce is so over zealous about its sector checking that if it loses these it will refuse to function. On top of this XP reads this as a disk I/O error. Which in turn causes it to step down the IDE speed to compensate. Eventually it will step down to the older 16 bit mode which disables DMA access altogether. No DMA means:

1. No Digital access to play audio CD
2. Unable to play DVD videos from DVD
3. Most current CD/DVD Games/Application will not run.
4. CD/DVD writing becomes almost impossible (Up to 2 hours for a full DVD on 16x DVD writer) and it will make many coasters even on burn proof drives.

The issues concerning DMA can be cured by uninstalling StarForce and then uninstalling the CD/DVD drivers as well as the Primary and Secondary IDE controllers. Then reboot. Forcing XP to reload those drivers.

If you did not know about Starforce (didn't realize that your computer had already have StarForce installed) or you didn't remove StarForce first, you can now be faced with another problem. Normally windows searches and reinstalls the drivers. However with Starforce present this can cause the system to either fail to find the hardware or fail to find the drivers. Creating the illusion that the hardware has failed. It is not so much to do with XP not finding them. Without the original drivers loaded XP seems to go with what ever it has and as far as I can trace down XP starts comparing the Starforce Virtual IDE protection drivers as being the Drive Hardware thus obviously it cannot find the software for them and in turn this prevents the rest of the drives drivers being installed as its unable to complete the cycle.

Some SCSI drivers do function with the older versions of Starforce. Older HP printers as an example use a virtual SCSI driver. In many cases you have to remove this as well if Starforce has been present when you try to recover the DMA functionality. Even some USB and Fire wire drives have to be disconnected to even play the games as well as recover DMA access.

- Hardware failure
Its standard IDE conflict that mostly occurs upon misreading or writing to CD/DVD

This explains some of the DMA issues and data time outs:
http://support.microsoft.com/default.aspx?scid=kb;en-us;817472

Basically its simple data loss issue (Many people are aware just how often Starforce screws up and does not read its own test sectors on the disk) XP reads this as a disk I/O error and eventually XP steps down until it reaches PIO mode. A lot of new CD/DVD hardware is not PIO mode compatible. Thus any period of time being used in this old 16bit mode can be interpreted by some drives as attempts to Overburn/Read an excessively over burned disk. I.E in over burning, you force the laser to go right to the edge of the disk. This results in the laser in many cases hitting the side casing of its guide and in turn stripping the threads off the worm gear. Basically it trashes the hardware.

Some drives also interpret the search for specific sectors indicated by StarForce as an over burn read/write command.

Because the Starforce protection drivers load themselves as virtual IDE drivers, this means they are using some undocumented function calls. Any coder knows that undocumented function calls inherently carries with them serious uses concerning the stability of systems that you deploy that software on. As other Software/Hardware producers are not able to make allowances for them. Thus hardware/software conflicts are almost inevitable. To be honest I am surprised that there has not been more reports. However given that approx’ 85% of Starforce users do not even know they are users of that software, then I should correct that to that it does not surprise me that more problems have not been reported.

- Security
In Windows XP Starforce gives Ring 0 (super user level access) to Ring 3 (User level applications). In normal English this basically means that any third party application such as Trojans or Viri are given the ability to have full access the both software and hardware. Trojan creators do not need to be clever to realise that they can dump the code into the CMOS storage space. So gaining access even after you have formatted.

FYI, Ring 0 exploits have existed since Windows 2000. At last count there is about 5,000 of them (maybe more as I have not checked the figures lately).

- The StarForce drivers aren't removed by uninstalling them from the "non plug and play drivers" menu.
They will remain on the hard drive and will still load at start-up, so you should use the official uninstaller to remove them. However this confirms one thing, these drivers are not using the standard IDE system. If they had of been then simply removing the hardware (in this case the supporting software) would allow complete removal. Instead they are set up in such a format that they reload themselves which is actually a Trojan Technique.

Now it could be argued that this was to prevent end users accidentally removing them and rendering their games unplayable. Yet again though how many any users go to the device manger, select show hidden devices, go to non plug and play drivers and blindly start deleting entries?

If they did then that would be a system crash just waiting to happen. So its unlikely that they are going to be playing the game without a fresh install anyway.

Which then begs the question. Why make them so difficult to remove?

- StarForce will kill your ability to debug your software using any of the mainstream legitimately available logger/Debuggers.
Debugger/Logger are not illegal; most programmers use them on a daily basis. These are legitimately sold software tools. StarForce attacks their ability to function as intended. Thus preventing legitimately purchased and licensed diagnostic software from being used. StarForce openly admit their intention is to block this software in this manner.

If it only occurred whilst the Game was running, then obviously nobody (other than those checking for serious security holes before they allowing it on there computers) would mind. However StarForce does not just sit their quietly as proven with other issues. It actively seeks to block these diagnostic tools on a 24/7 basis. Its exactly the same as with SATA and SCSI. Those apps will not function correctly with StarForce installed (Period)

Thus in admitting that is their intention. Then in turn they would be admitting to obtaining unauthorised access to a computer system with malicious intent. As I keep pointing out the EULA does not exclude malicious intent.


Is My Computer had Already StarForce installed ?
Starforce installs itself as an hidden IDE driver, during the installation of a game, without letting the user know about it. It's not displayed in the add/remove program.

In order to detect it, you need to go through the following steps:
- Right-click on My Computer, select Properties and the Hardware tab. Enter the device manager


- In the menu above select View and select Show Hidden Devices:


- If you have Starforce, it will be listed under the Non-plug and play drivers tree:



How to uninstall StarForce ?
Use this Official Starforce Removal Tool, has only worked for some.


How to cure (Code 41) error in the device manager
(CODE 41): Windows successfully loaded the device driver for this hardware but cannot find the hardware device. (Code 41)

For those of you that are getting (Code 41) errors with your CD/DVD drive in the device manager after using/removing an SF enabled game.
First, Use the Official StarForce removal tool, as mentioned above, and reboot.

If you still get (code 41), do this:
To workaround this behavior:

Create a restore point start menu-all programs-accessories-system tools-System restore and follow the prompts.

1. Save the filter driver registry entries, just in case of problems, goto start menu-run type in "CMD.exe" without the " " then (left click ok) and at the Command shell prompt type in:

and 'hit' enter, that should save the filters section of the registry.

2. using 'notepad' Copy / Paste the following and save it to a NoFilter.reg file in the root , windows or my documents folder:

3. Merge the NoFilter.reg file with your registry or start menu-run type in "regedit /s NoFilter.reg" without the " " and click OK.

4. Shutdown and restart your computer.

If you notice loss of functionality in any remaining DVD/CD-ROM software, you may need to uninstall and re-install it.

Oddly enough you may also need to uninstall and reinstall windows media player.

Should it all go belly up, boot into safe mode and carry out a system restore to the previously saved restore point, or at a command shell type "regedit /s SaveFilters.reg" to merge the previous filters back.


How to cure DMA step down of DVD/CD rom drives
1. Use the official StarForce removal tool. (if you have used any games that use that protection)
2. Go to the device manager and (left click) on DVD/CD rom drives
3. (Right click) on each drive and click uninstall. (cancel the message to reboot)
4. (Left click) IDE ATA/ATAPI controllers.
5. (Right click) the primary IDE channel and (left click) uninstall. Do the same for the secondary IDE channel (and the IDE controller if its really stubborn).

If no hardware failure has occurred when you reboot, The system will search and reload the drivers, (Reinstating DMA instead of PIO mode access).


Other related links about this issues
1. http://www.n-gage-help.com/modules.php?name=Forums&file=index&c=25 (NGH site)
2. http://www.glop.org/starforce/ (Boycott Starforce Site)
3. http://www.similarities.org/starforce.html (List of games that use StarForce) or you can go to http://www.gamecopyworld.com (find the game that you seek, and there will be info about what protection software is being used by that game)
4. http://www.gamespot.com/pc/strategy/heroesofmightandmagicv/show_msgs.php?topic_id=25996274&pid=927207&page=0 (Customer Problem ticketing and how StarForce Customer Support handle it)
5. http://www.boingboing.net/2006/01/31/starforce_threatens_.html (StarForce threatens to sue boingboing for criticizing its products)
6. http://www.sysinternals.com/Forum/forum_posts.asp?TID=2527
7. http://virtual-hideout.net/articles/Copy_protection_pt2/index.shtml
8. http://forums.ubi.com/groupee/forums/a/tpc/f/561108232/m/2871061083/p/5
9. http://forums.ubi.com/groupee/forums/a/tpc/f/2881085392/m/9291013073
10. http://forums.ubi.com/groupee/forums/a/tpc/f/857101043/m/4001086693/p/3

Credited to: I3thHouR at http://www.n-gage-help.com and various forums