Please visit the Home page for a special announcement
I dunno if more in depth information about DRM schemes are encouraged or discouraged, so instead of the main namespace, this page is a subpage of my user page. The purpose of this page is to expose some technical information about Valve's DRM that many developers have elected to use. It's only going to be a general overview of the scheme; you won't be able to write an unpacker based on this information alone.
Steamworks Digital Rights Management wraps your game's compiled executable and checks to make sure that it is running under an authenticated instance of Steam. This DRM solution is the same as the one used to protect games like Half-Life 2 and Counter-Strike: Source. Steamworks DRM has been heavily road-tested and is customer-friendly.—Valve, Steamworks API overview
Steamworks Digital Rights Management wraps your game's compiled executable and checks to make sure that it is running under an authenticated instance of Steam. This DRM solution is the same as the one used to protect games like Half-Life 2 and Counter-Strike: Source. Steamworks DRM has been heavily road-tested and is customer-friendly.
Note Half-Life 2 and Counter-Strike: Source aren't actually Steam DRM protected.
As mentioned above...
A Steam DRM protected executable is modified such that when it starts, the first code that gets executed is the DRM code. This code is responsible for checking ownership. Once complete, the game code is decrypted (if the code was encrypted) and control is passed to the original game code. This "stub" code resides in a PE section named ".bind" tacked on to the end of the executable. The executable is modified to start in this section instead of its original start address (OEP). Some games may contain overlay data. Those are changed to a new PE section named ".extra". No changes to any data sections are made. Note code encryption is optional in all versions and there are numerous Steam DRM protected executables that do not have the original code encrypted. Executable checksum is recalculated after wrapping if it existed originally. Sometimes a Valve custom signature is applied in the executable header to ensure authenticity.
There are four major revisions of Steam DRM.
Not strictly Steam DRM, but it does serve the same purpose.
The first Call of Duty game and its expansion Call of Duty: United Offensive both use this form of DRM for their Steam versions.
A Steam DRM version 1.5 error looks like this:
A Steam DRM late version 1.5 or version 2/3 error looks like this:
Note the code after the colon. Subtract 65432 from this value (it's in decimal), and you will get the return value from GetLastError(). See MSDN for its meaning.
Below are some common error codes (per Google) and their descriptions:
Assuming you're launching the game from Steam...
Sometimes it fixes the problem, sometimes not. If not, reboot your computer too.
If for some reason you can't launch the game from Steam (e.g. using a mod manager), you can manually set the app ID to help the API initialize.
mklink Steam.exe "<Steam-folder>\Steam.exe"
See instructions on the Steam page.
In the real world, Steam DRM is pretty weak. While it's not so trivial that the typical user can defeat it, to anyone who has some experience with reverse engineering DRMs it is quite easy. Its first big weakness is that it has no external dependencies for decrypting game code. That means one doesn't need to own the game or even need to have Steam installed to unpack the executable. If unpacking live, it may be a bit trickier because you have to go around any Steamworks API calls, but it's not that hard. Because the scheme doesn't have this external dependency, it is a good candidate for static unpacking. The second great weakness is that it doesn't encrypt any data sections or really attempt to make it hard to dump. All values in the protected executable are really easy to recover (except for the DOS stub that gets overwritten if a signature is applied). The fact that it doesn't encrypt imports or data sections means only the encrypted code needs to be dumped and written back to the protected executable, along with the original entry point, since code is typically in a read-only segment of memory so it doesn't change. The only thing that it has got going is that it is fairly unobtrusive and works properly 90% of the time (the other 10% can usually be attributed to the Steamworks API not working properly as it tends to do). Further, once control has been passed to the original game code, the DRM has no further part in the game, so no active protection is offered. This scheme is an interesting little thing to study, but is probably not worth the time Valve put into developing it for its rather poor protection value.