ChkEXE v1.17   by Independent (IND)

│ │ ┌─ │ \ │ \ │ ┌─ │ ┌─ │ ┌─ │ │ \ │ │ \ │ │ │ ┘ ┘ ┘ ┘ ┘ ┘ ┘ ┘ ───┘ ChkEXE v1.17 (SAVE-Kennung: HBO_CKE) FreeWare from Hann0 B”ck <[email protected]> F�r deutsche Dokumentation siehe ChkEXE.TXT ChkEXE is a program, which can detect several EXE-packers and protectors. Usage of ChkEXE: CHKEXE [filename] [/A] [/X] [/N] [/C] [/L] Description of all Parameters: /A Usually ChkEXE will only show you files that are packed/protected. This Parameter will show you all files, also files that aren't detected as packed/protected files. Useful if you want to know if there is a file not packed/protected. /X Shows also known compilers. I've added this function because many people asked for it. It can only detect a very small number of compilers. I wanted to release an own program for it, but it was not worth releasing it, so I've added it to ChkEXE. /N Usually ChkEXE stopps after 25 lines. If you use this parameter, it won't. Use this if you want to have the output in a file (CHKEXE > FILE.TXT). /C Will show you the first 30 bytes of the program-code. In EXE-files this is at CS:IP. In COM-files these are the 30 first bytes of the file. I've added this function as an undocumented feature for testing new protectors. I thought it was very useful, so I made it to a documented parameter. /L Shows you a list of all detected packers/protectors. You can also use Wildcards (*, ?) to specify the filename. It's impossible to set a path as a parameter. This is because of some PowerBasic-functions. Maybe I'll rewrite this part in a future version. You can also set parameters with the SET CHKEXE=... If you want to have a parameter as standart, you can do this in your AUTOEXE.BAT. Example: SET CHKEXE=/X (Check always for known compilers) ChkEXE is FreeWare, you can use it free of charge. For bugs, suggestions, improvements, new packers etc. contact me. ChkEXE is protected with LZEXE v1.00a, REC v0.35, CrackStop v1.01 and some additional tricks. ------------------------------------------------------------------------------ Notes: HackStop v1.17: In this version there are countless several betas. The version-numberings have the following meanings: v1.17▀3 means ▀3, shareware and regged version v1.17▀8r means ▀8, regged version v1.17▀8s means ▀8, shareware v1.17▀8/386 means ▀8, 386-version v1.17▀8x means special version, which is only used by Ralph Roth v1.17 B63 means v1.17 Built 63 (version numbering of newer versions) CRYPT/CRYPTEXE/CRYPTCOM/COM2TXT/PACK/SECURE: With these names there are always two completely different programs: CRYPT from Dismember and from Light Show/Eclipse. CRYPTEXE from Doors of Perception and from Dmitriy Borisov. CRYPTCOM from Nowhere Man/NuKE and from Frank Baumgartner. COM2TXT from Dark Stalker/UCF and from NIDE Naoyuki PACK from TurboPower Software and from NoddegamrA SECURE from Piotr Warezak and from G. M. McKay SuckStop: There are several 1.0-versions of this program. Until now, only one version is detected (618), because the others have a mutation engine and are very difficult to detect. NE/PE/LX-protectors: I've got big problems in detecting protectors for Windows and OS/2. ChkEXE detects only a small number of them. I would be glad if anyone could help me with them. ------------------------------------------------------------------------------ Greetings fly out to: Dark Stalker [UCF]: You did it again, you have unpacked ChkEXE v1.16. But hey, it wasn't as easy as previous versions. And I've improved the selfcheck a bit more for v1.17. Liu TaoTao: Now I made a selfcheck that can't be faked with MKEXE. Try to find something against it. It's an old and well known methode. Random [UCF]: In one of your first mails to me you said that you will release a new ALEC, when I add a detection for it. Not what's up? Rich856: Your ERP is really cool. It shows everybody the useless of non-encrypting protectors. BTW, thanks for your great help with the ALEC-detection. Ralph Roth: Hey, now you MUST add EXE-encryption. Just look at ERP. And what's about the promised Mutation Engine, PE-Encryption etc.? You already have these options in other programs (REC, RCC ...), so why don't you add them to HackStop. Stefan Esser: Hey, MutaWWP is a little joke. It took me a few minutes to write a detection for it. Try to write a really good MtE with no constant bytes. (But I think I will add detection for every MutaWWP you will release) JVP: TEU is excellent. It's nearly impossible to stop it. tBB [KLF]: What's about the party for the Hideout BBS? Members of the exe-mailing-list: It was a good idea, wasn't it? The mailing-list now has over 60 members. ------------------------------------------------------------------------------ I do not guarantee for error-free Software, although I try to do. I'm not responsible for what you do with it. All Trademarks are recognized, although if they're not signed as. I'm a member of the Shareware Autoren VEreinigung (SAVE). The SAVE is a group of german ShareWare-authors. For more information check out the SAVE-Homepage under http://www.s-a-ve.com ********************************* * Hann0 Boeck <[email protected]> * * Plauenerweg 4 * * D-71540 Murrhardt * * http://www.xoom.com/hanno * ********************************* Type Bits/KeyID Date User ID pub 1024/9359B6E5 1997/05/10 Hann0 Boeck <[email protected]> -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.3i mQCNAzN0qr4AAAEEALq58qHsHbqjwUFOTP1O8nh+Gu6nT432VX11s1zqU73W9wOd vuQ1an5k1m+j6V/+GDER7AaTaMgHR9idnOQzcqZ5G8gSh+6y+EYCzS+WbWH0VUqo qbOK1LxuM+mSNdsEdpgQObgoJavWs4AdnZ/G3sMNKxS9huZRgUrOlQuTWbblAAUR tBpIYW5uMCBCb2VjayA8aGFubm9AZ214LmRlPokAlQMFEDPwo05KzpULk1m25QEB bZcD/2tIhtOj/dsfrRx2TshY+f2F/kKZ+0sN7nbxv6S2l/cr+QkJSFE7ftx0kZWa xXckF35/d8vvx8u35Es5ZocPeB13B2PxkKZHVaxg9bDF+9FSHa/R5KBNj/VXqmIy SrdJp3mwuKV8yfOxulfUY84Mk5dcK/vGZrxRqQKtWN7zh8dt =RpyL -----END PGP PUBLIC KEY BLOCK-----