EddyHawk's Info List --- Executable Processor Review (ProsInfo) by Independent (IND)
1 of 2 files
eddyhawk
- Browsers may flag this download as unwanted or malicious. If unsure, scan it with VirusTotal.
-
Last modified May 14, 2014 7:56:26 PM
MD5 checksum 2aceb4a1d39472dda60cb8b9517ac01e
Mime type Non-ISO extended-ASCII text, with CRLF line terminators
Download prosinfo_old.txt
Size 130 kB
2001 March
- Text / Computer tool
- EddyHawk, writer credits
EddyHawk's Info List
---
Executable Processor Review (ProsInfo)
----
Writer : EdH
Date : ##-03-2001
Warranter : Alien
Info Source :
herinmi/FI V2.30/Fibex.Txt
herinmi/FI V2.41B
PHaX/GT V2.60
BenC/UNP411.DOC
VeK/TYP-D32 15.04.2000
CyberRax/FeedBackReview
programs DOC
authors comment
EXEList members comment
unpacked program executable :)
self experiment
Program Source :
http://www.suddendischarge.com
Editor :
Program Editor (PEDIT) Light V4.00 (c) Goldshell Digital Media (1995-1999)
Shell :
Volkov Commander (VC) V4.03 (c) Vsevolod V. Volkov (1991-1999)
Volkov Commander (VC) V4.05 (c) Vsevolod V. Volkov (1991-2000)
My Computer :
i486DX4 (100Mhz), 8Mb FPM DRAM, QEMM V8.01, MS-DOS V6.22
CyR's Computer:
AMD 486DX2/100MHz (overclocked), 8MB RAM, MS-DOS 6.22, HiRAM 1.9a
----
LEGEND
---
? = I'm not sure
###b = ### bytes
#86 = (Intel/compatible) 80x86 microprocessor
alloc = alloc(ation)
ADT = Anti (Debug/trace/load/dump/unpack/disasm/patch) Trick
AT = Advanced Technology cpu
AV = AntiVirus(Scanner)/AuthenticVerification
bkpt = breakpoint
config = configuration
CPU = Central Processing Unit
crypt = encrypt(ion)
(dis)adv = (dis)advantages
DLL = Dynamic Loadable Library
doc = documentation
DPMI = DOS Protected Mode Interface
emm = ex(ten/pan)ded memory manager
ex: = example
exec = execution
FCB = File Control Block
FPU = floating point unit
gen = gener(ic/al)
GPL = General Public License
GUI = Graphical User Interface
HD = (hard/fixed) disk
heur = heuristic
hi-mem = high memory
(h/s)w = (hard/soft)ware
IDT = Interrupt Description Table
IVT = Interrupt Vector Table
int(#) = int(#hex)
lab = laboratory
min = minimum
max = maximum
mbr = master boot record
mem = memory
mte = MuTation Engine
orig = original
ovl = overlay
PIC = Programmable Interrupt Controllers
PIQ = Prefetch Instruction Queue
PM = protected mode
popunpak = popular unpackers: TEU V1.82, CUP386 V3.4, ICEUNP V0.31
pro = professional
prog = program
prot = protect(ion)
protor = protector
proted = protected
pres = compress(ion)
presed = compressed, packed
presor = compressor
preslib = compression library
PSP = Program Segment Prefix
pub = public
reg(ged) = register(ed)
reloc = relocation (table/items/entries) or fixups
RM = real mode
scr = screen
src = source (code)
sig = signature
SFX = SelF-eXtract (archive)
spec. = speci(fic/al)
temp = temporary
thx = thanks
TSR = Terminate & Stay Resident
U = you
V86 = virtual 86(real) mode
V/Ver = version
VCPI = Virtual Control Programming Interface
VGA = Video Graphic Array
VM = Virtual Memory
vir = virus
w/o = without
x = executable (covers COM & EXE)
XT = eXtended Technology cpu
(X/E)MS = Ex(tend/pand)ed Memory Specification
----
ABBREVIATED NAME
----
BC = (Borland/Turbo) C
BenC = Ben Castricum/The Netherlands
BP = (Borland/Turbo) Pascal
CG = Christopher Gabler/DTG/UG2000/Germany
ChS = Christian Schwarz/Germany
Cleric = ThE CLERiC! (Carl Elkhabbaz)/Lebanon
CP/M = Control Processor for Microprocessor, by Digital Research
CyR = CyberRax/Estonia
DJGPP = DJ Delorie's DOS port of GNU C/C++ Compiler
DOS = MS-DOS (microsoft disk operating system) & compatible
EdH = (the one & only :) EddyHawk
EIPL = Executable Instant Protector Laboratory (EdH's proposal)
EuH = Euskal Herria, UiP volume contributor
FaB = Fabrice Bellard/France
FaM = Fauzan Mirza
herinmi = Michael Hering/Germany
Jibz = Joergen Ibsen/Denmark
JMT = JauMing Tseng/Taiwan
LZ = (Abraham) Lempel - (Jakob) Ziv compression algorithm
MASM = Microsoft Macro Assembler
MD5 = Message Digest V5 by Ronald Rivest/RSA
Mor = Morgan/Poland
MS-C = Microsoft C
NU = Norton Utilities by Peter Norton/Symantec
NT = (Win) New Technology
OlegPro = Oleg Prokhorov/UG2000/Russia
OS/2 = Operating System 2 for PS/2 cpu by Microsoft/IBM
PaC = Pablo Carboni
PCK = Protector Creation Kit (name is suggested by CyR)
PHaX = Philip Helger/Austria
PS/2 = Personal System 2 cpu by IBM
QB = (MicroSoft) Quick Basic
QEMM = Quarterdeck EMM
realix = Martin Malix/Slovak
ROSE = Ralph Roth/Germany
StE = Stefan Esser/Germany
STN = Stonehead/The Netherlands
Szaszi = Szabo Laszlo/Hungary
TASM = Turbo Assembler
TBScan = ThunderByte (AV)Scanner
TEA = Tiny Encryption Algorithm
UiP = Universal Improved Patcher by dr.Lazy/lkcc
VAG = Vladimir Gneushev/VAGSoft/UG2000/Russia
VeK = Veit Kannegieser/Germany
VP = Virtual Pascal
WC = Watcom C
WIN = MS-WIN (microsoft windows)
Zenix = Zenix Yang/PCE/Taiwan
ZC = Zortech C
----
(PROTECT/CRYPT/SCRAMBL)ER
----
Info Source :
ROSE/RADFAQ/1998
ROSE/STN/HS/V1.19b217/DOC
ROSE/UNTINY
Zenix/FSE/Q&A
CG/TRAP/INSIDER.FAQ
http://www.egroups.com/list/ffse
Protector Source :
http://www.egroups.com/list/exelist
http://aaron.bentium.net (?)
http://www.cracking.home.ml.org {down?}
herinmi :)
----
STANDARD
----
On-line executable protection usually have:
-against passive attacks (direct view/disasm/patch)
.crypt
scramble code to unrecognizable form using random key
.mte
randomly insert junk code between orig code
without affecting the orig code exec
.code integrity check (checksum/CRC32/MD5)
.nebelbombs (opcode crypt) to confuse disassembler
(against IDA V3.80 or Sourcer 7)
harmless instructions which jump to a location within another opcode
-against active attacks (trace/unpack/debug/dump)
.specific trap (against TEU/UPC/TR/Soft-ICE/etc)
-quick & dirty
.backdoor misuse (Soft-ICE worm/magic tunnel)
.mem detection for "string" which is present in
deprotor executable (ATEU V1.2)
.detect the presence of deprotor tempfile (DS-CRP V1.31)
.patch deprotor int handler (iLUCRYPT V4.019)
.BFE (Blind Fury Engine)
by: Morgan (Poland)
bombs standard mem locations & ints of well-known hacktools w/o warning
-clean
.fake entrypoint/exit
.generic trap
-stack playing
-invalid opcode
-running line: self(trace/modify/decrypt) code
only decode 1 instruction at 1 time
not exposing a long fragment of code under analysis
by: Serge Pachkovsky (?)
-auto debug
-fake entrypoint
-passive protection against active attacks:
.scr off
some protectors use it 2 times
.keyboard lock
some protectors don't save & restore keyboard rate
.passive antidumping against int21 based dumper?
-reasonable compatibility with most of popular
processor/OS/memory manager/dos extender
---
-FSE or FFSE (Final Fantasy Security Envelope)
By: Zenix Yang/pCE aka Yang Shiuh-Phong (Taiwan)
Year: 1994, 1997-1999
Type: EXE protor, 386?
V0.55S [Sep 1998]
not disabling TP 7.0 EXEC
is V0.6C removable
adds 6,083-6,454b to proted x
hang on RM of my cpu
V0.6+ [Sep 1998]
can't be run at all on my cpu (RM or V86)
V0.76 [Jul 1999]
is now run on V86 of 486
adds 7,905-8,030b to proted x
slow proted x
disable TP7 EXEC
V0.77 is planned to be 486 RM compatible
Adv:
best prot -> kicks popunpak
mte
free ver available
Disadv:
adds logo + ovl to proted x (but can be removed)
must be the last protor (mostly the only protor)
since Zenix house was crashed by earthquake, he may not continue FSE
again. please pray for his fortune
OlegPro's xFSE V0.01b removable
OlegPro:
In xFSE I use other way to remove protor, called 'bkpt at fault' (BPF).
FSE stores orig x inside FSEd (+header+reloc)
Note:
uses
ZVCE II (mte)
PSP Faker/Shifter?
AdFlt2A
gen ADT
-UPStop (UnPackStop)
By: Szaszi aka Szabo Laszlo (Hungary)
Year: 199?-1999
Type: EXE protor (COM -> EXE), 386
V0.97 [1999]
Adv:
very good prot
gen anti-dump
kicks popunpak
check file size (disable-able)
multiple crypt layer
mte
free ver available
Disadv:
adds 5,465-5,588b or 5,945-6,043b (option /p) to proted x
multiple prot is unallowed
V0.95
hang on Pentium. But some tricks are removed on V0.96
may run on Pentium now?
V0.96/0.97: slow proted x
disables TP7 EXEC
can't prot RAR Archiver V2.06 (doesn't run)
Szaszi: it will be fixed
VAG's DeUPS97 & BW V2.5 removable
Note:
CaS: its invalid opcode trick runs properly under QEMM
EliCZ:
Szaszi is the 2nd comes with autodebug (V0.95?)
V0.97 has anti-EDUMP but crash on NT
-JMCE (JauMing CryptExe)
By: JauMing Tseng or Kevin Tseng (Taiwan)
Year: 1994, 1997-2000
Type: EXE protor, 286
Adv:
good prot
fast proted x
very compatible
shows ASCII slime if one attempts to unpack proted x
V0.7n [Jul 1998] adds 3,160-3,162b to proted x
V0.7o [Sep 1999] anti TR V2.52
V0.7p [Nov 1999] anti UNJMCE
V0.7q [Jan 2000] anti BW V2.5
V0.7r [Jan 2000] better anti TR V2.52
V0.7s [Apr 2000]
restore int1 after decode
adds 3,631-3,653b to proted x
kicks popunpak
anyware: U can send (any/no)thing (but coin) to the author :)
Disadv:
no mte
multiple prot (remove 'Ex' & 'encr' sig 1st) causes hang
V0.7o and below are CG's UNJMCE upackable
V0.7p to 0.7r
proted x crashes WDOS/X if exec-ed before WDOS/X
JMT: anti-unjmce hooks but doesn't restore int1
TR 2.xx + herinmi's Script removable?
V0.7s: BW V2.5 half removable
Note:
V0.7s no longer hangs WDOS/X
JMT plans JMCE2 (strange method which works on Win2K)
-AdFlt2A (Anti Debugging Filters V2A)
By: EliCZ (Czech)
Year: 1998
Type: COM protor, 386?
Adv:
very good prot
PSP Shifter
PM, VCPI, DPMI tricks?
adds 1,488-1,489 byte (w/o reg key) to proted x
proted x can show the owner [ option :o) ]
free
Disadv:
some spec.unpackers available
no mte
src is released
Note:
EXE2COM-ed TP 7.0 prog is TEU V1.82 removable
EliCZ introduces term "auto-debug" not "anti-debug"
CyR: the protor itself is never used, only its code by other protors (?)
EliCZ: most orig protor
Zenix: best COM protor, ultra strong prot, no tool to debug it
Cleric: marvelous & creative protor
-PCG (PC Guard) for DOS
By: Blagoje Ceklic (Yugoslavia)
Year: 1994-2000
Type: EXE protor, 386?
V3.20 PRO [2000]
Adv:
mte?
2 type of prot
LOADER (crypt image,destroy header,clean mem)
ENVELOPE (user-selectable crypt layers)
3 prot modes
NOIC/AUTO/CODE
check debugger/lock position
3 demo mode
TIME/DATE/EXE
GUI
Disadv:
adds at least 6Kb to proted x (1 layer)
commercial
proted x shows message, recipient name & delay
only demo -> proted x can only run several times
must specify recipient name
proted x:
sets keyboard to slowest rate
is slow
complicated proting procedure
CG's UnPCG removable
Note: OlegPro plans to release xPCG, but CG's UnPCG is out first
-EXELock 666
By: ST!LLS0N
Year: 1997-1998
Type: EXE protor, 386
Compiler: BP V7.0
V1.05 [1998]
Adv:
adds 2,471-2,476b to proted x
free
Disadv:
no mte
no crypt
TEU V1.82 -! -m:4 removable
Note: uses scr off & mem detection for TEU
-ProtEXE
By: Tom Torfs (Belgium)
Year: 1995-1997, EXE: 4b - 60/62 kb
Type: x protor
Compiler: WC(++) 16
V3.11 [1997]
Adv:
fast proted x
adds 3,106-3,109b (COM) or 3,174-3,196b (EXE) to proted x
selfcheck (regged -> optionally on ovl)
regged: tie option -> ties depresor & proted x together
can prot TSR
password (optional)
DOS shell-like interface
reports orig & proted x differences
Disadv:
complicated proting procedure
sometimes generate buggy proted x
TEU V1.82 -g -! half removable (even regged ver)
shareware
-$pirit
By: Night $pirit (Russia)
Year: 1995?-1996
Type: x protor, max <= 57000b
V1.5 [1996]
Adv:
mte
multiple prot is allowed if 'N$' sig is removed
adds 558-950b (COM) 710-1,084b (EXE) to proted x
Disadv:
weak prot
CUP386 V3.4 /3 removable, TEU V1.82 -! -g (EXE) removable
uses $UPD mte, which are used by some virs, triggering some AVes's
false-alarm (now I know :)
Note:
uses $UPD ($pirit Universal Polymorphic Device) V2.1
Snow Panther: strong mte
-SS (SuckStop)
By: ’narchistic Ka0t/N0PS (Germany)
Year: 1996/1997
Type: EXE protor
Adv: ROSE: impressive & short protor
Disadv:
older src code is released
Win9x incompatible
weak prot
can't prot > 64 Kb
proted x sets keyboard to slowest rate
V1.00
has 3 sub vers
V1.05
adds string "SuckStop V1.00 (c) DOSE" to proted x
V1.07
rewritten
V1.07.02r
optional password (/p)
proted x hangs my cpu
V1.11r
CUP386 V3.4 /7 removable
ROSE:
some ver have mte
a ver has 386 ADT
latest ver is V1.18
STN: V1.18 is a typo
-ALEC
V0.1
-ALEC
By: rANDOM/UCF
Year: 1996-1997
Type: EXE protor
V1.6.386.pro [1997]
Adv:
password (/p, optional)
adds 3,500+ b to proted x
mte
Disadv:
weak prot
proted x sets keyboard to slowest rate
prog x hangs my cpu while proting certain x
Note: uses scr off
-iLUCRYPT
By: iLUVATAR aka Christian Schwarz (Germany)
Year: 1995-1999
Type: x protor, DOS V3.3, 486+fpu (386+fpu?)
Compiler: BP V7.0
V4.019 [1999]
Adv:
2,765b crypted ADT code
presed reloc
FPU operations for decrypt
V4.018
can add one's own ADT (up to 3) modules to loader (/MOD: option)
2 samples is provided
V4.014b
kick debuggers/tracers which storing prog regs in the 1st meg
V4.016
password
128bit key, 64 bit data of modified FaM's TEA (TinyIDEA?) block cipher
Disadv:
no mte
min 486+fpu
Win95/NT/ OS/2 /Linux incompatible (stopped under Win/ OS/2)
PC-DOS/V7.0/IBMAV or similar AV blockers may interfere IluCrypt
can't run on my cpu (orig package), but
Aaron's unpacked protor x re-proted by itself CAN run on my cpu
Weird, isn't it? (maybe Aaron disable some incompatible tricks?)
Note:
ADTs used:
-running line
-V4.015:
NOTing complete int table
mem hw bkpt
invalid opcode
-fake entrypoint
-fake exit (optional), adds extra 100b to proted x
-anti reload functions
successor of CSCrypt Pro
-CSCrypt (Christian Schwarz Crypt) Pro
By: Christian Schwarz (Germany)
Year: 1996 or 1997?
Type: x protor?
Compiler: BP V7.0?
V3.30 [1997?]
Adv: mte
Disadv:
no longer updated because it's easy to hack?
hang on my cpu
Note: predecessor of iLUCRYPT
-C-Crypt
By: De'FeinD/uCT
Year: 1997-1998
Type: max 60kb COM protor (EXE -> COM), 386, FPU
V1.02b1 [Aug 1998]
Adv:
adds 1,080b (COM) or 1,320b (EXE) to proted x
adds string "Protected with C-Crypt" & "MsDos" in end of proted x
fucks (?) all known debugger/unpacker/tracer
kicks popunpak
Disadv:
TR + ConTRa R1 script removable
prog x can't prot read-only x
the only FPU instruction used is FNOP, no problem to step over it
fixed crypt key (at least in this version)
buggy decryptor (not restore the last byte)
prog x hangs on (my & CyR's) cpu
proted EXE hangs on my cpu
-GA (Gardian Angel)
By: Stefan Verkoyen (Belgium)
Type: x protor, 8086
V1.0b [1995]
Adv:
GUI
random ADBlock arrangement
regged ver offers
anti (load & TSR unpackers)
386 ADTs
mte
Disadv:
shareware
weak prot
Win9x incompatible
Note: the author skipped PIQ tricks to stay Pentium-compatible
STN (?): it should be Guardian Angel, not Gardian Angel, but hey,
he's a coder, not a writer :)
-MESS
By: Stonehead/TPiNC (The Netherlands)
Year: 1996-1999
Type: EXE protor (COM -> EXE), 386
Compiler: MASM V6.13
V1.07 [1997]
Compiler: TASM V4.0
V1.31 [1999]
Adv:
Good prot
mte (option /M for fully polymorphic for COM file -> produces COM)
generates different decryptor
proted x can show registration info (option //)
can add ownername to proted x
user-selectable number of crypt layer(s) (option /L<n>)
anti-TEU trick (option /T) -> can't run on WinNT
adds 2,484-2,717b (9 layers) to proted x
free for non-commercial use
run on Cyrix, Linux's DOSEMU
Disadv:
commercial use is prohibited
disables TP7 EXEC
src is released (V1.07 & V1.31)
TEU V1.82 half removable
ICEUNP V0.34 removable
Note:
MESS
is branch of SCRAM! b5
is inspired by Gardian Angle
prog x started with string "FUCKYOU"
uses SHAME (mte) since V1.08
STN: I don't know why DeGlucker can't unpack MESS for some time
-HS (HackStop)
By: ROSE aka Ralph Roth (Germany) & Stonehead (The Netherlands) /ROSE SWE
Year: 1994-2000
Type: x protor, 8086, 80386, COM: ~ < 61000b, EXE: 64b -?b,
max 16,000 reloc
Compiler: MASM V6.0 & V6.13
V1.00 [Apr 1995]
V1.11 [Dec 1995]
V1.13 [Jun 1996]
ripped by Dark Destroyer/TiC and named DarkStop (No Lamer) V1.0 [1996]
V1.16 [Apr 1997] with 386 PM ADT, only for TPiNC party & regged user
V1.17cr [Sep 1997] SMT/SMF: doesn't run under Win
V1.18 [Jan 1998]
requires 386+ to prot
build 70 adds 3,316b (COM) or 3,388b (EXE) to proted x
V1.19
build 206 [May 1999]
adds 3,426b (COM) or 3,743-3,757b (EXE) to proted x
now crypts EXE (body & reloc)
build 217 [July 1999]
adds 3,456b (COM) or 3,838b (EXE) to proted x
is ICEUNP V0.31 (& V0.32?) removable
V1.20 build 227 beta [Apr 2000]
adds ICEUNP & EDUMP (detect/protect)ion
/86(s/d) is ICEUNP V0.34 removable
Adv:
Good prot
running line
heavily tested :)
very compatible
semi? mte
several crypt layers
adds owner name/message to proted x
adds string "HS" & "MsDos" in end of proted x
nebelbombs
crc-check
kicks popunpak, except ICEUNP
Disadv:
Too famous (hacked all the time)
hacked/independently improved HS vers (ex: Rand0m's HS V1.11f,
Dark Destroyer's DarkStop V1.0, ReDragon's IRoNtHoRN V1.0:2k)
a bunch of HS unpackers (ex: Ka0t's unHS, MegaDevil's unpHS,
Stefan Esser's HSR, rAND0M's KillHS, tHE riDDLER's xHS, CG's unHS)
Shareware
src is released [Jul 1998] (V1.11g, MASM V6.0)
Note:
also used to prot ROSE's progs (mainly AV products)
WWPACK >= V3.02a is proted with HackStop V1.0?
EuH: HackStop caused WWPACK can't be modified to crack the regkey
WWPACK V3.04a & V3.05b5 is proted with HackStop V1.11a
HS unpacked x contains string "HBOOT", "BEHBEO" :)
-LSTOP (LamerSTOP)
By: Stefan Esser (Germany)
Type: EXE protor
Compiler: BP V7.0
V1.0b
Adv:
adds 562-585b to proted x
free
can add owner name to proted x
Disadv:
no reloc handler (but RelPack is included)
weak prot
CUP V3.4 /3 removable
Note: CrackStop predecessor
-CS (CrackStop)
By: Stefan Esser (Germany)
Year: 1997-1998
Type: max 600kb EXE protor, 8086
Compiler: TASM V3.5
V1.03 [Jan 1998]
Adv:
adds regged name/message to proted x
no PIQ trick
Disadv:
no mte
adds 4,676b to proted x
proted x turns off-on numlock if it's on
weak prot
can't:
handle reloc (but RelPack is included)
crypt image with reloc
(TEU V1.82 or CG's CSRemover V1.2) removable
shareware
Note:
LSTOP successor
has HackStop-like interface
uses mem detection for TEU
CG: there's CS V1.03 updated
-MASK
By: Jose M. L. Lopes (Portugal)
Year: 1994-2000
Type:
COM protor (EXE -> COM)
8086/8088, DOS V2, 64Kb freemem, proted x: 6b-62Kb
Adv:
anti bkpt-set
security envelope checksum
multiple complex crypt
multi-tracer/debugger/unpacker fucker
hacked/modification warning
Disadv:
shareware
multiple prot is unallowed
incompatible with Game Wizard (Pro), even if it unloaded
(hey, I only want to cheat, not debug!)
Note:
V2.3
Adv:
adds only 700b to proted x
Disadv:
Cyrix + Win incompatible (SMI instruction or INT01/ICEBP trap)
TR V2.52 + CG Script removable
TEU V1.82 removable
V2.4 [Sep 1995]
released on end of 1999 to wait for V2.5
adds only 800b to proted x
crypting method is buggy on some files
has:
more traps
a spec.trick to detect debugger presence -> DESQview incompatible
V2.5 [Jun 2000]
5 years after V2.4 (encouraged by The Archivist/SuddenDischarge
and EXEList :)
Its release is planned on Jan 2K, but actually released on Jun 2K
CG: very difficult to write a MASK V2.5 unpacker because of
-a few DRx tricks & trapflagging + int1(tf/hw) direct modification
(might crashes on NT) to stop hw breaking
-very good crc check to stop sw bkpts
Adv:
adds 1,300b to proted x
removes INT01/ICEBP trap
has much more traps
crypt engine is completely rearranged
proted x checks everything upon running
regged ver has presed code + improved randomizer engine
Disadv:
CG: int1 & int3 called but not pointed to proper location within
codesegment (after starting some files, they will point a corrupt
area)
Quarterdeck Office Systems DESQview V2.41 incompatible
proted x sometimes hang on Win95/98 + active McAfee VShield
shareware ver is CG's UnMask25 removable
UnMask25 is released 3 days after MASK release. how unfriendly :)
proted x:
is rather slow
prints MASK copyright before proceed
contains MASK copyright
-TinyXor (Tiny Xor)
By: dR.No/ViP Software/DTG/UG2000 (Russia)
Type: COM protor, 286
Compiler: BP V7.0
V0.1 [1998]
adds 43b to proted x
src is provided
UNP V4.12b t removable
-XoReR
By: dR.No/ViP Software/DTG/UG2000 (Russia)
Type: COM protor, <= 60Kb
Compiler: BP V7.0
V2.1 [1998]
Adv:
anti-load
herinmi: run on Win98 (+EMS)
Disadv:
shareware
proted x sets keyboard to slowest rate
removable by:
TR + herinmi/CG's script?
BW V2.5?
Pentium incompatible?
herinmi:
destroy (& not restore) int1 & int3
badly coded, all XoReR ver have problem with size 4096
-TRAP
By: Christopher Gabler (Germany)
Year: 1997-2000
Type: x protor, 386 (COM: 4-65000b, EXE: 32b-0.5Mb)
Compiler: batch? compiler
V1.13 : PHaX: can't run on my 486er
V1.24
is now compatible to 486DX4-S
adds 3,946-4,120b to proted x
V1.25
has reloc handler
proted COM never run
VAG's DeTrap V1.5 removable
V1.26b
anti VAG's DeTrap V1.5?
COM -> EXE
proted x is 486DX4-S incompatible
V1.26! [2000]
proted x is now 486DX4-S compatible
herinmi called this ver V1.26b1
CG: under 486, the 1st byte of 1st internal decrypted layer is wrong
proted x hangs under win311
non-pub?
Adv:
good prot
tf & opcode runningline
stack crypt
kicks popunpak
several crypt layers
mte
CRC used as decryption value
fast proted x
free
Disadv: adds 4Kb to proted x
Note:
uses
TME (mte)
MMtE (Mini Mutation Engine)
GDD (Generic Dumping Detection)
SADD (Self Anti Debugged Decryption)
Zenix: TRAP 1.2x claimed as EDUMP-resist, but EDUMP can unpack it easily
-ICE (Intrusion Countermeasure Electronics)
By: Keith P. Graham
Type: COM protor
V1.00 [1988]
Adv: pres
Disadv:
lame prot
UNP V4.12b removable
Note: 1 of oldest protors
-COP (Command Obfuscation Processor)
By: Jack A. Orman (USA)
Type: COM protor
V1.3 [1988]
Adv: adds 53b to proted x
Disadv:
lame prot (crypt only)
CUP V3.4 /1 removable
Note:
part? of Armada Utilities
1 of oldest protors
-CRYPTCOM
By: Nowhere Man/[NuKE]
Type: COM protor
Compiler: BC++ V3.0 [1991], tiny model
V2.0 [1992]
Adv: adds 29b to proted x
Disadv:
crypt only
UNP V4.12b removable
Note: part of Nowhere Utilitiess
-PROTECT! EXE/COM
By: Jeremy Lilley (USA)
Year: 1993-1996
Type: x protor, EXE < 600kb, max 16kb reloc
V6.0 [1996]
Adv:
adds 1,835 to proted x
very good mte
serial check
compatible (DOS/Win31/Win95/ OS/2)
password (optional)
CRC check
pres
Disadv:
weak prot
the prog x itself can't run on V86 on my cpu
must be unpacked first
CUP386 V3.4 /3 & ICEUNP V0.31 removable
Note:
V5.6: txt-hacked V5.5 by Marquis/UCF
The most famous protor before HackStop. Many people use (CM), unpack
(UX) and enhance (Ciphator) it. Because every ver of PROTECT! can be
unpacked easily, no more update after PROTECT! V6.0 (give up?)
The author skipped rather incompatible tricks to increase compatibility
Found on CM (Cheat Machine) V2.11
-SECURE
By: Piotr Warezak (Poland)
Last known ver: 0.29
Year: 1995-1997?
Type: EXE protor
Compiler: BP V7.0
V0.19
Adv:
adds 1,800-1,925b to proted x
double crypt
anti-gen-unpacker
can add comment to proted x (max 1024b)
proted x can check 286/386 processor and/or check DOS ver
Disadv:
no mte?
multiple prot is unallowed
experimental, non-pub
shareware?
TEU V1.82 slow removable
EdH: plz! send me V0.29 (really curious)
-EXEGUARD
By: Ivanov Vadim (Russia)
Year: 1996-1997
Type: EXE protor, 8086
Compiler: BP V7.0 + TASM V4.0
V1.3 [1997]
Adv:
adds 849-863b to proted x
free
option:
/V -> enter vector number
/C -> ?
Disadv:
no mte
no crypt
TEU 1.82 removable
-PCRYPT (Program CRYPTor)
By: Andry Kobilykov aka AVK aka MERLiN /DTG/UG2000 (Russia)
Year: 1995-1997
Type: x protor, 386
V2.6 [1996]
V3.43: com support?
V3.51 [1997]
Adv:
mte
32bit code
free keyfile
clears proted x after its running
proted x can show message before running
adds message to proted x?
Disadv:
src is released
can't run on V86 on my cpu, proted x does nothing on real mode
EliCZ: can't run in DOS
EdH: then what its target? DOS progs running on Win32? explanation,plz!
Note: uses MPME (mte)
-Protect
By: Andry Kobilykov aka AVK aka MERLiN /DTG/UG2000 (Russia)
V7.1 [1996]
-Password
By: Andry Kobilykov aka AVK aka MERLiN /DTG/UG2000 (Russia)
V6.1 [1996]
-DS-CRP (Dark Stalker's CRyPt)
By: Dark Stalker/UCF
Year: 1996-1997
Type: COM protor, 386
V1.31 [1997]
Adv:
adds 23##b-26##b to proted x (w/o & with regkey)
3/4 size of MD5 checksum
kicks DUMPCOM V3.55 PRO
Disadv:
can add user name to proted x, but needs regkey, which isn't included :)
proted x sometimes hang
src is released
Note:
unpacked prog x contains string "HBOOT", "SOFTICE1", "$OFTPROB"
proted x does cold-reboot if find ASAP.$1 (CUP temp file) & PASS1.DAT
ADTs are for:
Game (Tools/Buster/Wizard), CUP386, DumpEXE, RAND0M unpacker,
MegaDevil COM dumper, (Soft/Win)ICE, SoftPROBE, UPC, EntPack, AutoHack,
Intruder
-fds-cp
Type: COM protor, < 50,000b, 386?
V0.4a [1997]
by fds0ft (Hungary?)
Adv:
multiple crypt layer
full RM ADT, DRx playing
adds 1,192b to proted x
semi-random crypt keys
checksum check on crypted image
Disadv:
no mte
ENTPACK 14-04-1998 (FOTO) removable?
Note:
adds string "(c) fds0ft" to proted x
uses scr off 2x
V0.5a [1997]
by JauMing Tseng or Kevin Tseng (Taiwan)
called jmt-cp
fds-cp V0.4a's quick hack
adds 1,192b to proted x
adds string "(c)jauming" to proted x
buggy?
-Ciphator Pro
By: mARQUIS de Soiree (aka Franzz? or Martino?) /UCF
Year: 1996-1997
Type: EXE protor
V4.60 [Feb 1997]
should be non-pub
Adv:
Nebelbombs
free for non-commercial use
Disadv:
no crypt
TEU V1.82 removable
proted x stops on 1 June 1998
Note:
uses scr off
the prog x uses ANSI esc-sequence
hooked int 1 & 3 will be unhooked to an IRET
-Inbuild Encryption
By: Christopher Gabler (Germany)
Type: Assembly COM protor
V1.0 [1998]
Adv: self-crypt (anti gen unpacker)
Disadv:
src is released
use first 15 byte of proted x
prog must be assembly & rewritten
DUMPCOM V3.55 PRO removable
-KShell (King Shell)
By: The Double-Star Computer, Inc.
Type: EXE protor
V1.21 [1996]
Adv:
adds 1,968b to proted x
password (optional)
Disadv:
adds ovl
proted x with option /x hangs V86 of my cpu
-RC1 (ROSE COM Crypt I)
By: ROSE aka Ralph Roth/ROSE SWE (Germany)
Type: COM protor
ROSE:
adds 33b to proted x
non-pub (only released for TPiNC party in 1997)
-RCRYPT (ROSE Crypt)
By: ROSE aka Ralph Roth/ROSE SWE (Germany)
V0.91 [1994?]
V0.92 [1995]
Type: COM protor?
Adv: kicks CrkCOM V0.92 & DUMPCOM V3.55 pro
Disadv: CUP386 V3.4 /1 removable
-RCC II/286 (ROSE's COM Crypt II/286)
By: ROSE aka Ralph Roth/ROSE SWE (Germany)
Year: 1995-1999
Type: COM protor
V1.17 [1999]
Adv:
Mild & Hard ver
adds about 376b (mild) or 544b (hard) to proted x
free
ADTs:
fake jump
mutated decryptor
double-crypted entry point
anti debug & unpack tricks
Note:
V1.02:
is experiment for HS-Muteng (mte)
crypt is borrowed from Witch vir
-RC386 or RC 386 (ROSE's COM Crypt 386)
By: ROSE aka Ralph Roth/ROSE SWE (Germany)
Type: COM protor
V0.51 [1995]
Disadv: always hang on V86 on my cpu
-RSCC or RSCC II (ROSE's Super COM-Crypt/286)
By: ROSE aka Ralph Roth/ROSE SWE (Germany)
Type: COM protor, 286?
Compiler: MASM V6.XX
V1.04.02 [1999]
Adv:
adds 126b to proted x
free
mte (fully polymorphic)
Disadv: buggy mte
Note:
based on RCC V1.14
mte is inspired by Uruguay vir family
is experiment for HS-Muteng (mte)
-REC (ROSE's EXE File Cryptor) V0.32
By: ROSE aka Ralph Roth/ROSE SWE (Germany)
Year: 1994-1999
Last known ver: 0.40.06 (1999)
Type: EXE protor
V0.32 [1997]
Adv: adds 1,001b to proted x
Disadv:
only for HackStop's regged user
TEU V1.82 removable
Note: used together with RCC to prot HackStop x (the prog itself)
-REC/Small or RECSmall (ROSE's EXE Cryptor/Small)
By: ROSE aka Ralph Roth/ROSE SWE (Germany)
Year: 1997-2000
Type: EXE protor
V1.05 [2000]
Adv:
adds 83b to proted x (smallest)
free for personal use
Disadv:
can't prot EXE with reloc
gen unpacker removable (ex: CUP386 V3.4 /3, TEU V1.82)
-RECAV or REC/AV or REC/Small/AV (ROSE's EXE Cryptor + Anti Virus)
By: ROSE aka Ralph Roth/ROSE SWE (Germany)
Year: 1999-2000
Type: EXE protor
V1.05 [2000]
Adv:
anti-vir
adds 436b to proted x
free
Disadv:
can't prot EXE with reloc
multiple prot is unallowed
unRECAV removable (included)
TEU V1.82 removable
-SECURE
By: G.M. McKay (Australia)
Type: x protor, 8088?, 1b-600Kb
V2.1b [1995]
Adv:
adds 530-680b to proted x
GUI
checksum
user-random crypt
fail options (print own message/print user message/hang/reboot)
filesize check (optional, adds extra 100b)
multiple crypt is allowed
kicks? popunpak, except TEU V1.82
Disadv:
no mte
shareware (proted x shows message)
slow prot
complicating proting procedure
TEU V1.82 or UPC V1.11 removable
-CRYPTEXE
By: The DoP (Doors of Perception) aka Christian Bradiceanu (Romania)
Type: EXE protor
Compiler: BC(++) V3.0 [1991], small model
V1.04 [1996]
Adv:
adds 536-607b to proted x
kicks CUP V3.4 /1
free
Disadv:
multiple prot is unallowed
no mte
TEU V1.82 removable
Note:
adds string "DoP" in begin of proted x
Its reloc handler is used? in FFSE
-AEP (Addition Encode-Protective)
By: Ke-Jiah Hann
Type: x protor, 386?
V1.00 [Aug 1996]
Adv: adds 1,320b (COM) or 1,384b (EXE) to proted x
Disadv:
removable by:
its own regged ver (option R)
TEU V1.82 -! -G
OlegPro's xAEP V0.01b
weak crypt
OlegPro:
PIQ tricks -> Pentium incompatible
no morph
Note:
adds string 'Written By Ke Jia-Hann' to proted COM
uses scr off
AEP.EXE from SuddenDischarge is processed by:
-AINEXE V2.2
-Protect! V5.5
-TINYPROG V3.6
-Protect! V5.0
-AEP V1.00 2 times
-SCRAM
by: xadi
V0.1
-SCRAM!
By: bushwoelie/ACP
Type: COM protor, 386?, DOS V2?, VGA card?
V0.8a1 [May 1997]
Adv:
good? ADT
mte
adds 1,792-1,839b to proted x
Disadv:
proted x slows down keyboard rate
CUP386 V3.4 /7 removable
Note: earlier ver by bushwoelie & STN
-SCRYPT
By: darkgrey aka Vladimir Gorbunov /DTG/UG2000 (Russia)
Type: COM protor, 286
V0.4 or 1.4 [1998]
Adv:
adds 238b to proted x
kicks CUP386 V3.4 /1 and /3
-LP (LockProg)
By: Myrlochar/Kryst/TPD/PDL
Type: COM protor
Compiler: BP V7.0
V0.5a [1998]
Adv:
adds 185-186b to proted x
adds string "lopro" in end of proted x
kicks TEU V1.82?
Disadv:
certain (normal) proted x hangs on my cpu
CUP386 V3.4 /3 removable
-CRYPT
By: Eclipse/Light Show
Type: EXE protor
V1.21 [1994]
Adv:
add 1029b to proted x
anti Soft-ICE?
Disadv:
no mte
TEU V1.82 & AHCR V1.32 removable?
-CRYPT
By: DISMEMBER aka Alex Lemenkov (Russia)
Type: x protor, 286
Compiler: BP V7.0
Disadv:
weak prot
no mte
V1.7 [1995?]
add 165b (COM) or 436b (EXE) to proted x
COM is DUMPCOM V3.55 PRO removable
EXE is CUP386 V3.4 /3 or TEU V1.82 removable
V2.0 [1996]
add 27b (COM) or 50b (SYS) or 342b (EXE) to proted x
EXE is CUP386 V3.4 /1 removable
-EXE-Manager
By: Solar Designer/BPC (Russia)
Type: EXE protor
Last known ver: 4.0
Compiler: BP
V3.3 [1995]
Adv:
GUI (+ help & sound)
anti 27 unpackers
intercept DOS calls (w/o calling previous handler)
regged ver:
dynamic code decrypt
can only be exec-ed by EXEManager's int3 handler
free registration
password
check the needed hardware
Disadv:
no crypt (?)
prog x hangs real/V86 on my cpu
but some proted x run!
-Aluwain
Type: EXE protor
V8.03
by: Cracker X (?)
V8.09
by: Tequila
Adv:
adds 817b to proted x
checksum?
Note:
adds string "aLuWaIn!" to proted x
protor x is full of 00h (50kb?). if it's unpacked & all 00h are removed, it
can't prot properly. used as proted x image?
-BinLock
By: Hit-BBS Programmers Crew
Type: COM protor
V1.0 [1994] the only (?) version
Adv: kicks popunpak + DUMPCOM V3.55 PRO
Disadv:
very incompatible
ROSE's unCOM V1.21 removable
Note:
CG: uses dangerous trick
STN: CG is right, it's useless
-CeXeC (CrypteXeC)
By: Gabor Keve/ByteWorx (Hungary)
Type: EXE protor, 32kb freemem
Year: 1997-1998
Compiler: BP V7.0 + TASM
V1.01 [1998]
Adv:
2 loader type: DOS & Win3x
smaller & faster DOS loader than (DCREXE/CRYEXE)'s
cardware
Disadv:
DOS loader can't run on multitask environment
adds 8,312b (DOS loader) + 257b to proted x
doesn't wipe temp decrypted file (but still crypted)
DOS loader is TEU V1.82 removable
Note:
write temp decrypted file to disk
DOS loader uses:
Warezak's Secure V0.19
Gabor Keve's UET (anti TEU)
prog x is proted with UET
-DCREXE
By: LuCe
Type: EXE? protor
V2.0 [1997]
Disadv: doesn't wipe temp decrypted file
Note: write temp decrypted file to disk
-LUCESTOP
By: LuCe
Type: x protor
Compiler: BP V7.0
V1.0b [May 1997]
prog x hangs my cpu
adds 23,004b (!) to proted x
adds logo to proted x
uses Protect! V6.0 to prot loader
herinmi: badly coded
Note:
write temp decrypted file to disk
predecessor? of DCREXE
-Crypta (Cryža)
By: Iosco Capitalino aka Valentino Tosatti (Italy)
V2.0
II V2.0: uses other protor (JMCE V0.7j) as loader (?)
II V3.0: uses other protor (Secure V0.19) as loader (?)
-CryEXE
By: Iosco Capitalino aka Valentino Tosatti (Italy)
V4.0: uses other protor (MESS V1.20) as loader (?)
Note:
write temp decrypted file to disk
STN: Iosco doesn't have time to code it better
-HackFuck
By: Iosco Capitalino aka Valentino Tosatti (Italy)
V1.0 [1997] non-pub, not distributable
Adv: mte?
Note:
write temp decrypted file to disk
predecessor? of CryEXE
-EFP (Executable File Protector)
By: Alexei Bulushev/aleXoft (Russia)
Year: 1991-1992
Compiler: BP V5.5
V1.23 [1992]
Adv: kicks popunpak
Disadv: add 29,684b! (8,442b loader + 21,242b ovl) to proted x
-EPW
By: Alan D. Jones/Farpoint Software
Type: x pass protor
V1.2
V1.30 [1992]
V4.2
hacked V1.2
-MSCC (Mad Scientist's COM Crypter)
By: Mad Scientist
Type: COM protor, 286?
Compiler: BP V7.0
V1.0b [1997]
Adv:
free registration
adds 110b to proted x
adds sig "∩∩$››1.0▀s" in end of proted x
regged ver can kill this sig
Disadv:
ROSE: easy to bypass
CUP V3.4 /3 removable
-CRYPACK
By: George Stark/Yakuza
Type: EXE protor
Compiler: BP V7.0
V3.0 [1995]
Disadv:
CUP386 V3.4 /3 removable
hang if proted x has reloc
-BITLOK
By: Lei Jun & Wang Quanguo /Yellow Rose Software Workgroup (China)
Year: 1989-1996
Type: EXE protor (COM -> EXE)
Compiler: BP V7.0
V3.0 [Jul 1996]
V3.1 [Oct 1996]
Adv:
(date & install) limit
prot support for FoxPro, Clipper & BP compiled x
can add user module
Disadv:
adds 8kb-9,823b (option /S) & 12kb (with key diskette) to proted x
loader = ovl added to crypted x (?)
SAC's BL31-RM V1.00 removable
Note:
use option /S to crypt w/o key diskette
used to prot Realix's HWInfo
EdH: non-English. more review, plz!
-BITLOK-7NT
-BITSHELL
By: Lei Jun & Wang Quanguo /Yellow Rose Software Workgroup (China)
V3.x
Note: mentioned in BITLOK, PACKWIN, BW doc
-HDKProtC (Mr.HDKiLLeR ProtectioN)
Type: COM protor
V1.1
by Mr.HDKiLLeR
V1.1a [1996]
by eMX!
adds 165b to proted x
changed start-up code
fixed crypt key
no input given for prog x -> hangs
adds string "tiTaNiC 1.2" in begin of proted x
ROSE: buggy cryptor, kills int 1 & 3
-EXECODE
By: Balazs Scheidler (Hungary)
Type: x protor, 8086, DOS V2
Compiler: BC++ V2.0 [1991]
V1.0 [1995]
Adv:
regged ver offers ADT
COM2EXE?
user defined crypt key
reloc crypt
Disadv:
shareware
proted EXE requires extra 1-64kb mem, depending on reloc
shareware: CUP V3.4 /1 removable
regged : CUP V3.4 /7 removable
Note: adds sig "XCOD" in begin of proted x
-X3
By: Dark Stalker/UCF
Year: 1997
Type: COM protor
Adv: adds 18b to proted x
Disadv: UNP V4.12b t removable
Note:
1 of smallest COM protors
part of DSCPP (Dark Stalker's COM Protector Pack)
-X3
By: MANtiC0RE aka Valery Shabaev (Russia)
Type: COM protor
V1.3 [1998]
Adv:
adds 336b to proted x
mte
kicks CUP V3.4
Disadv: CRKCOM V0.92 removable
Note:
independent successor? of Dark Stalker's X3
uses MnemoniX's MutaGen 2.0
adds logo to end of proted x
-SDW & SDW386 (ShaDoW Cryptor)
By: MANtiC0RE aka Valery Shabaev (Russia)
Year: ? - 2000
Type: COM protor (EXE -> COM), =< 63Kb
Compiler: TASM V5.0
V1.80 [2000]
Adv:
herinmi: very nice mte
adds 1-2Kb to proted x
can disable logo addition to proted x (/b option)
can generate random decryptor (/r option)
free
SDW386: has Jibz's TECC
Disadv:
simple ADT -> easy to unpack? / can't stop advanced debugger/dumper?
TR V2.52 + herinmi's script removable
SDW (& V1.78-1.79?) hangs on my cpu
SDW386:
is 1st SDW x which can run on my cpu (PIQ bug removed)
is Win98 explorer incompatible
x no longer set keyboard to slowest rate (suggested? by OlegPro)
proted x:
is no longer slow
sometimes hang
still set keyboard to slowest rate
Note:
based on Tailgunner's Shadow COM encryptor
uses
√iCE (mte)
RES (Random Encryption Synthezator) by SSR (1997)
unique registration: send to the author:
your favorite bottle of beer to get unique ver of regged SDW
20 bottles of beer to get fully commented last SDW src
-Crunch
By: Luck Martins/Skinhead
Type: COM protor, 286?
V1.0
prog name is Blitz
V1.4 [1995]
Adv:
several crypt engines
free
mte
regged ver can crypt EXE
Disadv:
prog x hangs my cpu
herinmi: too strong mte
-DEMO
By: Adlersparre & Associates
V2.0 [1993]
Type: EXE protor (?)
Disadv:
X-TRACT V1.51 removable
non-pub?
Note: found on DMC V3.5 prog x
-TCEC (ThE CLERiC! EXE Cryptor?)
By: ThE CLERiC! aka Carl Elkhabbaz (Lebanon)
Year: 199?-2000
Type: EXE protor, 386
Compiler: TASM V5.0
Disadv:
no reloc handler
proted x
is often hang
sets keyboard to slowest rate
Win incompatible
V3.55b: the copy on EXEList is infected with Guerilla.1996 vir
V3.58b:
src is released
last ver
EdH: cool ASCII art :)~
Note:
most ADTs used are from CG's Insider.Faq
based on MESS V1.07
Cleric: the src lost under hardisk crash
-NSP (N0PS Shit Protector)
By: ’narchistic Ka0t/N0PS (Germany) or Cyber Cop?, Ghostbuster?
Type: COM protor
Compiler: TASM V4.0
V0.001b
V0.002b [Jan 1995]
V1.00
Adv:
ROSE: good ADT
kicks TRON
Disadv:
Win32 incompatible
prog x does nothing on (my & CyR's) cpu
LCDump removable
-XcomOR or XCom/Or
By: madmax!/PC97
Type: COM protor
Adv: ROSE: prepending cryptor
V0.99f
170b
V0.99g
274b
V0.99i [1997]
add 550b to proted x
proted x hangs on my cpu
eGIS's XCR V0.99 removable
add string "MMX" in begin of & "XcomOR" in end of proted x
prog x has DETECTICE V1.0a inside (7 WinICE detection methods)
-LCCrypt (Lame COM enCryptor)
By: CyberRax (Estonia)
Year: 1999-2000
Type: 3 - 65,000b COM protor, DOS V2, 8086
Compiler: SPHINX C-- V0.203 (1994)
V1.2 [June 2000]
Adv:
SMALL model only adds 21b to proted x
LARGE model only adds 123b to proted x
HUGE model (/H), adds 891b to proted x,
can add name to proted x (undocumented)
Greet-Ware (Free)
Disadv:
no mte
TR V2.xx + herinmi's Script removable
SMALL model is ROSE's unCOM removable?
HUGE model
requires DOS V3+
is buggy if proting large COM
sometimes adds 20+ kb to proted COM (result > 64kb!)
CyR:
HUGE model + 65,000b proted x exceeds the FFFFh boundary
(and the 100h for PSP ain't even counted :()
FreeDOS beta 4 incompatible
CyR: because FreeDOS beta 4 not 100% MS-DOS compatible
(different regs value at prog start-up)
Note:
SMALL model = crypt only
LARGE model = crypt + old tricks + anti-TBScan
HUGE model =
better crypt + anti-TBScan + a gen debugger/unpacker trick +
a gen unpacker trick + some anti-dump code + some 90's old tricks
ADT is called REx-TRiCK (Re-Execution)
prog x is proted by CyR's I$p (Independent $pace wannabe) PR0TECTi0N 1.0
anti-TBScan = 2nd decryptor which decrypt 1st decryptor
CyR: anti-TBScan is actually fake-return to 100h at begin of decryptor
herinmi: HUGE model is nice
-ADC (Anti-Debug Coder)
By: Majorov Ruslan (Russia)
Type: COM protor, 11- ?b
Year: 1997-1998
V1.6 [1998]
Adv:
adds 202b to proted x
kicks CUP V3.4 /1
Disadv:
lame crypt
DUMPCOM V3.55 PRO removable
Note: adds string "[ADC V1.6]" near the end of proted x
-CRyPT
By: CyPoxl
Type: COM protor
V1.1 [1995?]
Adv:
adds 77b to proted x
good crypt
Disadv:
CUP V3.4 /1 removable
ROSE: no ADT
-EXE SHIELD 386+
by: MasterBall
V1.0
-E-PROT 386+
Year: 1999-2000
By: MasterBall
Type: TP x protor
V1.0.2b [2000]
Adv: free
Disadv:
ADTs are mainly for TP x prot
add 5Kb to proted x
last ver
weak crypt
proted x hangs my cpu
Note:
uses scr off 2x
based on
MaX/MovSD's ATEU V1.2 (ADT)
Stone's EXE Crypter (crypt)
Mnemonix's BWME (mte)
-CRYPTCOM
By: Grgic Arminio
Type: COM protor (?)
Compiler: BP 7.0
V1.0b [1995]
Adv: kicks CUP V3.4 /1
Disadv: weak crypt
Note: put string "CryptCOM (c)m&g GrGa" in proted x
-LOCKEXE
By: Grgic Arminio
Type: EXE protor (?)
Compiler: BP 7.0
V1.0b [1995]
Disadv: TEU V1.82 removable
Note: also used to prot author's TSRFACES
-MegaShield
By: P.S.A / t-REX (Russia)
Type: COM protor, 286, 1 - 64,000b
Compiler: BP V7.0
V1.01a [1996]
NU-like interface ( + mouse support)
adds 256b to proted x
no anti-dump
prog x is proted by itself; possibly a presor; EXE2COM & EXEMANAGER V3.3
proted x sometimes have problem with Win(3x/95)
-Super LAME! Crypt
By: P.S.A / t-REX (Russia)
Year: 1997
Type: COM protor
Adv:
adds 195b to proted x
kicks CUP V3.4 /1
quite good crypt
Note:
starting string on proted x is "DUKELISTXXX" then
"Anti-Lamer Cryptor (c) 1997 by P.S.A"
-LockMaster
By: Andrew Kacy
V9.0 [1995]
demo ver
predecessor of CodeLock
-CodeLock
By: Andrew Kacy
V4.0
successor of LockMaster
EdH: plz send me V4.0 (really curious)
-DSHIELD (Debug? SHIELD)
Type: EXE? protor
By: Ben Castricum (The Netherlands)
Year: 1995?
Adv: kicks popunpak except ICEUNP V0.31
Disadv:
non-pub
ROSE's AHCR V1.32 removable
Note: found on BenC's UNP prog x
-PMUTATE (PReDaToR Mutate)
By: PReDaToR 666 /iCS
V1.1 [1996?]
Adv: kicks popunpak
Disadv:
non-pub
ROSE's AHCR V1.32 removable
Note: found on PReDaToR 666's DCA prog x
-Misha Prot
By: Misha/UCF (Russia)
Type: COM? protor
Year: 1996?
Adv:
kicks popunpak
pres?
ROSE:
short but very interesting
anti-RM-debug because the bkpt is used to calculate crypt value
Disadv:
non-pub
fds0ft's PCU removable
Note:
adds string "Coded by Misha" to proted x
found on Misha's UX prog x
-JVP Prot or NoDebug?
By: JVP
Disadv:
non-pub
CUP V3.4 /7 removable
Note: found on JVP's TEU prog x
-SEN debug prot
By: SEN aka Eugene Suslikov (Russia)
Disadv: non-pub
Note:
prot is 512 byte of ovl attached to proted x
found on SEN's HIEW prog x
-hAWeD! prot
By: REALiX aka Martin Malix (Slovak)
Disadv: non-pub (?)
STN: disable int13, but slowdown exec
-Sage prot
By: Alex Petroukine aka Sage/Cyberware/UCF (Russia)
Note: found on Sage's CUP V3.# prog x
-TUSCON prot
By: Max/Tuscon aka Norman Rudolf (Germany) (?)
Type: COM? protor
Disadv:
non-pub
CUP V3.4 /1 removable
Note:
adds string "TUSCON" to proted x
found on T-PACK prog x
-FALinc prot
By: FALinc/NightMareCorporation
Year: 1997?
Type: EXE? protor
Disadv:
non-pub
UPC V1.11 removable
Note: found on UNEXE prog x
-USCC (UniquE's shitty COM Crypter)
By: UniquE aka Christian Scheurer (.ch)
Type: COM protor, 386
V1.31
by? Dark Destroyer
EdH: is this hacked ver or other protor with the same nick?
V1.4 [1998]
adds 179b (?) to proted x
32bit crypt + selfmutate key
?: isn't 32bit, more like 16bit + 16bit
3 crypt layers (8, 16, 32 bit)
free
(prog & proted) x hangs V86 of my cpu (once run on RM)
-USP (UniquE Software Protection)
By: UniquE aka Christian Scheurer (.ch)
V1.5 [1997]
non pub
TEU V1.82 removable
found on UniquE's EXUP prog x
-EXE Guardian
By: Christopher Drake/NetSafe (Australia)
Compiler: WC(++) 16 [1992]
Type: EXE protor
V4.2 [1997]
Adv:
DES crypt (?)
kicks popunpak but TEU V1.82
Disadv:
shareware
proted x prints copyright + advertisement to scr
is date-limited
adds 8,264b ovl to proted x
bad reloc handler
BW V2.5 half removable
multiple prot is unallowed
Note: part of NetSafe package
-NetSafe
By: Christopher Drake/NetSafe (Australia)
Compiler: WC(++) 16 [1992]
Type: EXE protor
V4.2 [1997]
Adv:
DES crypt (?)
net prot
kicks popunpak but TEU V1.82
Disadv:
shareware
proted x prints copyright + advertisement to scr
is date-limited (?)
adds 12,934b ovl to proted x
bad reloc handler
BW V2.5 half removable
multiple prot is unallowed
Note:
part of NetSafe package
NetSafe = EXE Guardian + net prot
-ZIP-Prot
By: Christopher Drake/NetSafe (Australia)
Year: 1996
Type: EXE protor
Compiler: WC(++) 16 [1992]
Disadv:
adds 5,760b to proted x
bad reloc handler
shareware
proted x prints copyright + advertisement to scr
UPC V1.11 half removable
Note:
proted x has string "NetSafe (tm) Ver 4.15" & "EXE Guardian Ver(tm) 4.15"
then ZIP-Prot is customized ver of NetSafe V4.15 (?)
EdH: I can't figure out the meaning of "ZIP-Prot" :)
-CryptCOM
By: frank/riot aka Frank Baumgartner
Year: 1996-1997
Type: COM protor, 286
Compiler: BP V7.0
V1.1 [1997]
37b decryptor
adds 41b to proted x
src is provided
kicks CUP V3.4 /1
UN-PACK V1.8 -t removable
-Shadow COM encryptor
By: Tailgunner
Type: COM protor
V1.0b [1998]
adds 29b to proted x
src is provided
no ADT
CUP V3.4 /1 removable
-Crypt.Trivial.173
By: SMT/SMF (Russia)
Year: 1998
Type: COM protor
Note: prog x does nothing on my cpu
-Scrypt
By: SMT/SMF (Russia)
Type: COM protor
V1.2 [1999]
proted x is said to need emm or Win but it hangs completely on my cpu
detects Soft-ICE
adds string "(PolyScrypt 1.2 by SMT)" to proted x
-SCC (Simple/Small COM Cryptor)
By: ThE CLERiC!/LineZer0 aka Carl Elkhabbaz (Lebanon)
Year: 1997
Type: COM protor, 386
Adv:
adds 88b to proted x
emailware
Disadv:
Win incompatible
won't be updated
Note: some ideas taken from AdFlt2A
-Simple COM Cryptor
By: EliCZ (Czech)
Year: 1998
Type: COM protor
Adv: adds 47b to proted x
Disadv: UNP V4.12b t removable
-CryptC (CryptCOM)
By: EliCZ (Czech)
Year: 1998
Type: COM protor, 386
Adv: adds 72b to proted x
Disadv:
source code is provided
TEU V1.82 -g half removable
Note: detected as Cleric's SCC or ELiCZ's fDEMO
-Ryptor (ShadE's COM encRYPTOR)
By: ShadE
Type: COM protor
V1.0 [1999]
adds 50b to proted x
UNP V4.12b t removable
-NTShell
By: ZhouHui/Keenvim Software Workgroup (China?)
Type: x (?) protor
Year: 1992, 1993, 1995
Compiler: BP V7.0
V4.0 [1995]
adds 8,200-8,239b to proted x
spec.prot for FoxPro files
proted x hangs on V86 of my cpu
-mCrypt for COM
By: Ufo Crew '98
Type: COM protor
V0.1b [1998]
adds 197b to proted x
adds string "UFO CREW 98 mCRYPT" in end of proted x
kicks CUP V3.4 /1
TEU V1.82 -g half removable
-Khrome Crypt
By: Teraphy
Type: COM protor
V0.3 [1997]
Adv:
adds 1,156b to proted x
Disadv:
UN-PACK V1.8 removable
U are prohibited to prot shareware/commercial progs
Note: not (detect/crash) WinICE
-EXELOCK
By: JON Software
Type: EXE protor
Compiler: BP V7.0
V1.00 [1993]
Adv:
adds 524-538b to proted x
bios lock (mode /B)
Disadv:
no crypt
copy from SuddenDischarge can't operate mode /B
message: "EXELOCK is damaged"
-CSV or COM Sccrambler
By: Moshe
Type: COM protor
Compiler: BP V7.0
V0.1 [1995]
adds 56b to proted x
CUP V3.4 /1 removable
-ENCODER (COM FILE ENCRIPTER)
By: Frenzy/SparC
Type: COM protor
Year: 1999?
Adv: adds 25b to proted x
Disadv: CUP V3.4 /1 removable
-CRYPTEXE
By: Dmitriy Borisov (Russia)
Type: x pass protor, DOS V2
V1.00 [1994]
adds 872b (COM) & 1,052b (EXE) to proted x
certain EXE w/o ovl is looked to have 1 -> result in buggy proted x
proted EXE hangs if > 64kb (?) or reloc not packed (?)
-ComCrypt (ComCryptor) BTS
By: Hidi aka Jozsef Hidasi/Big Tree Software (Hungary)
Year: 1996-1998
Type: COM protor
Compiler: BP V7.0
V9.12 [1998]
shareware
code in mem? selfcheck
adv: ignores other prot after it
multiple prot is unallowed
adds 1,195b to proted x
adds string " ComCrypt '98.1 XX" in begin & BTSPK advertisement +
logo in end of proted x
proted x prints logo on exec
kicks CUP V3.4
TEU V1.82 -g -! half removable
-COMCrypt
By: unknown (HPA?)
Year: 1997?
Adv: adds 40b to proted x
Disadv: CUP V3.4 /1 removable
Note: found on Lukundoo/HPA's HPAC2T V0.6 (com2txt)
-Com.crypt
by: W. Kaniewski
V0.68
note: mentioned in herinmi/Fibex
-ComCrypt
V1.41
note: mentioned in herinmi/Fibex
-COMLOCK
By: BoRZoM/Trouble Makers
Compiler: BP V7.0
V0.10 [1994]
Adv:
adds 80b to proted x
adds string "COMLOCK" in end of proted x
Disadv:
deprotor (COMULOCK) is provided
UNP V4.12b removable
-ET or EXETOOLS (Executable Files Tools) /E
By: DISMEMBER aka Alex Lemenkov (Russia)
Type: x protor
Year: 1992-1995
V2.1 [1995]
adds 48b (COM) or 295b (EXE) to proted x
adds string "ET21" in end of proted EXE
proted EXE hangs my cpu
proted COM is CUP V3.4 /1 removable
Note: spec.switch on ET
-COM file protect
By: B!Z0n/[BzZ]
Type: COM pass protor
V1.0b [1998 (?)]
adds 293b to proted x
if U only give [enter] as password while prot, the proted x won't run with
[enter]. If U ctrl+break it, the proted x will hang/reboot
-The WiZ Cryptor
By: SP0T/UCL (Russia)
Type: COM protor
V1.00a [1998]
adds 171b to proted x
adds string "[The WiZ Cryptor v1.00a by SP0T/UCL]" to proted x
kicks CUP V3.4 /1
DUMPCOM V3.55 PRO removable
-ENCOM (ENcryptCOM)
By: Stewart Moss (South Africa)
Type: COM protor, 286
Compiler: BP V7.0
V3.06 [1998]
Adv:
adds 435-929b to proted x
avoid heuristic AV false-alarm
max 75 iterative checks for int21 or int26 opcode in proted x
free
Disadv:
no 386 ADT (can't kick PM/emu debugger)
proted x hangs my cpu
adds string "ENc(major_ver_byte)(minor_ver_byte)" in end of proted x
Note:
uses
Eclipse's FOG (Funky Opcode Generator) as crypt engine
int8 traps, modified int3 pointer, jmp back to entrypoint (anti-dump)
V4.0 or V5.0 is promised very hard to unpack & to write unpacker for
-LOCKTITE PLUS
By: Michael Wegner/ANSOFT
Year: 1989-1990
Type: x pass protor
Adv:
can prot batch (?) file
password can be given in proted x command line (not only prompt)
Disadv:
adds 14,619b to proted x
write decrypted tempfile to disk (but wipe it)
shareware
-UCOMCRY (UniquE's COM CRYpter)
By: UniquE aka Christian Scheurer (.ch)
Year: 1997
Type: COM protor, 286
Adv: adds 140b to proted x
Disadv: CUP V3.4 /1 removable
Note:
COMFILE.COM (to-be-proted x) & CRYPTED.COM (proted x)
ADTs used: write code to keyboard buffer
written for an article in PAiN disk magazine
-ARMOUR II
By: ? (Russia)
Type: EXE protor, 386?
V2.51 [1991?]
copy prot
pres
can add copyright to proted x
EdH:
prog not working, refuse to prot ("can't exec main armour module")
non-English. review, plz!
-Copy-Protector
By: Andrew V. Basharimoff aka Nice aka Psychomancer /SPS06
Type: x copy.protor
V1.02 [Apr 1996]
adds 267b (COM) or 271b (EXE) to proted x
deletes & wipes copied proted x, but not moved proted x :)
prog x is reported as infected by new unknown virus, by
McAfee VirusScan for DOS/PM V4.7.0, scan engine V4.0.70, vir dat v4095
-CPT
by: A. Vodyanik
V2.0 [1989]
covers COM & SYS (?)
herinmi: same as Copy-Protector
-SESAME
by: Goreinov S.A.
type: x.copy.protor
V1.1 [1990]
-STNCC (SToNe's ComCrypt)
By: Stone/Klan (Danish)
Type: COM protor
Year: 1996
Compiler: BP V7.0 + TASM V3.2
Adv:
adds 39b to proted x
beerware: if U (like/use) it & U meet the author, U have to give him a beer
Disadv:
no ADT
INPUT.COM (to-be-proted x), OUTPUT.COM (proted x)
lame crypt (inc by 1)
slow prot
tech stuff + src are provided
Note: for educational purpose
-ComCrypt
By: BlackLight
Type: COM protor
Compiler: QB V4.x
V0.01a [1998]
STNCC written in Basic
modified & compiled by MANtiC0RE
adds 39b to proted x
proted x is recognized as STNCC's
-STNCRP (SToNe's ExeEnCrypter)
By: Stone/Masque/Klan (Danish)
Type: EXE protor
Year: 1996? or 1997?
Compiler: TASM V3.2
Adv:
adds 93b to proted x
beerware: if U (like/use) it & U meet the author, U have to give him a beer
Disadv:
no ADT
INPUT.EXE (to-be-proted x), OUTPUT.EXE (proted x)
lame crypt (inc by 1)
slow prot
tech stuff + src are provided
Note: for educational purpose
-ComProtector
By: Marco Ruhmann
Type: COM protor
V1.1 [1998]
adds 340b to proted x
adds string "[ComProtector 1.1 - 1998]" to proted x
uses CG's:
[CRMK] (Christoph's Random Mutating Killer) engine for:
-generating random decryptor
-stack crypt
-anti hw bkpt
-anti dump
-fake decryptor
inbuild AD
debug detection
detects some unpacker tempfile (MEM1.DAT, ^ENTPACK.{1}, BCFO1.IFD)
unpacked prog x contains string "[TRAP V1.20]"
BW V2.5 removable
-CKS (Chang Kiang Sandbag)
By: Cansing Leung or Liang Jian Sheng (China)
Type: x? protor
Compiler: MASM V6.11
V1.1 [1998]
Adv:
adds 2,648b to proted x
cardware
anti?-BW V2.00
Disadv:
proted x hangs my cpu
to-be-proted x must not be (prot/pres)ed before
Note: prog name meaning: to remind the victims of China's "Long River" flood
in 1998
-PROTON
By: S. Mursalov/MurSoft (Russia)
Type: x protor
Compiler: BC V2.0 [1988]
V2.0 [1992]
Adv:
crypt code: adds 449b (COM) & 485b (EXE) to proted x
virus vaccine (doesn't work)
fixation by diskette/computer (only the last 1 works)
needs a floppy disk?
pass(word/date) prot
all prot enabled: adds 691b (COM) or 7,665b (EXE) to proted x
Disadv:
removable by the prog x itself (even all options)
CUP V3.4 /1 removable
-NOCLIP
By: barmak(?)/Tecnologia Digital (Brazil)
Year: 1995-1997
Type: EXE protor, 286, DOS V5
Compiler: BP V7.0
V4.1 [1997]
Adv:
anti-decompile for Clipper RM/PM DOS prog
anti-disasm + vir detector
Disadv:
adds 4,798b ovl to proted x
shareware
proted x exec shows annoying :) advertisement
slow proted x (too long delay after printing owner name to scr)
TEU V1.82 removable
-deeP-CRyPTeR
By: PLaSMoiD/deeP
Type: COM protor, 386?
V.01b [1995]
adds 96b to proted x
UNP V4.12b t removable
-RTD_ENC (Encryption Program)
By: MR WiCKED/RTD (Belgium?)
Year: 1996
Type: COM protor
Compiler: BP
V1
BP src
adds 36b to proted x
UNP V4.12b t removable
V2
BP src
adds 25b to proted x
UNP V4.12b t removable
V3
BP src + ASM src
random crypt
adds 70b to proted x
CUP V3.4 /3 removable
-CC286x▓
By: Dark Stalker/UCF
Type: COM protor, 286
V2.1 [1997]
kicks CUP V3.4
ICEUNP V0.34 removable
can't prot on my cpu ("file open error!")
part of DSCPP (Dark Stalker's COM Protector Pack)
-BUNNY
By: Manfred Bunjes (Germany?)
Type: x protor?, DOS V3
Compiler: BC V2.0 [1988]
V4.1 [1993]
GUI (+ mouse support)
(manipulate/password/install) prot
manipulate: adds 29,539b (!) to proted x
password : adds 28,500b (!) to proted x
no crypt & ADT
shareware
prog x is CUP V3.4 /1 removable
proted x is UPC V1.11 removable
EdH: non-English. more review, plz!
-USERNAME
By: Jordi Mas Hernandez [Spain?]
Type: x pass protor
V3.0 [1992?]
-CHECKPRG
By: Jordi Mas Hernandez [Spain?]
V2.00
-SnoopStop
By: Trills
V1.16
Disadv: never run on any cpu? :)
-PirateStop
By: Trills
V1.09b [1998]
Note: EdH: I only heard of it. Review, plz?
-MCLOCK
Type: COM protor
By: Noam (Herzenshtein/Herzenstien)
V1.2 [1989]
V1.3 [1989]
adds 108b to proted x
UNP V4.12b removable
ADT: replace int1 & 3
recoded by Dark Stalker/UCF & included in his DSCPP [1997]
he copies the decryptor found in some proted x
-TPC-SCR or T.P.C.'s COM File Scrambler
Type: COM protor
By: Oren Maurice (or? Asher Alon/T.P.C. (Israel))
V1.00
adds 119b to proted x
X-TRACT V1.51 removable
recoded by Dark Stalker/UCF & included in his DSCPP [1997]
he copies the decryptor found in some proted x
-IBM-CRP (IBM COM file Encryptor)
By: ? /IBM (cracking group)
Type: COM protor
V1.00
adds 122b to proted x
adds string "- Wh� ’Rε �0U St’Ri∩G ’t Mε? -" to proted x
recoded by Dark Stalker/UCF & included in his DSCPP [1997]
he copies the decryptor found in some proted x
Disadv: fixed crypt key
-Encriptor (for COM files)
By: GaStOn B.
Type: COM protor
V1.00b [1994]
adds 150b to proted x
adds string
"Please, do not modify this COM-file! - Scrambler by Gaston B."
in begin & ".GaStOn 1994." in end of proted x
recoded by Dark Stalker/UCF & included in his DSCPP [1997]
he copies the decryptor found in some proted x
X-TRACT V1.51 removable
-ABK COM file Scrambler (ABKprot/ABK-Scrambler)
By: fds0ft (Hungary?)
V1.00
non-pub
adds 81b to proted x
recoded by Dark Stalker/UCF & included in his DSCPP [1997]
he copies the decryptor found in some proted x
fixed crypt key
UNP V4.12b t removable
-MiCRoXoR
By: Jibz aka Joergen Ibsen (Denmark)
Year: 2000
Type: COM protor, 386?
Adv:
adds 16b or 17b to proted x
16b ver assumes SI=0100h
not always the case if proted run under Win2K
17b ver removes this uncertainty but is 1b larger
Disadv: CUP V3.4 /1 removable
Note: 1 of smallest COM protors
-invisible cryptor
By: VAG aka Vladimir Gneushev (Russia)
Type: COM protor, 386?
V0.77 [1999]
adds 17b to proted x
rather incompatible?
CUP V3.4 /1 removable
Note: 1 of smallest COM protors
-XorCopy
By: Deimos/Trioptimum
Type: COM protor
V1.0 [1995]
adds 41b to proted x
output file is alphabet randomly named
UNP V4.12b t removable
Note: the purpose is to avoid deletion by BBS-Ad-Killing upload processors
-CCE (ComCryptEngine)
By: Valmii Killegaard/tKD /KAOZ LABS aka Soeren Pretzel (Germany)
Type: COM.protor.lab (?), 386
Compiler: BP V7.0
V1.00 beta
Adv: VBPE (mte)
Disadv: all ADT enabled -> CUP V3.4 removable
V1.06 [July 2000]
Adv:
cryptic GUI :)
(almost) undetected protor
Disadv:
prog x hangs (my & CyR's) cpu
orig scr font isn't restored
herinmi/FileInfo V2.41b: proted x = F-LOCK V0.3?
EdH: CCE = protor creator, EIPL = proted x creator
Note:
output is ASM src
prog x:
won't run on > 200 mhz cpu (start-up delay bug on CRT unit isn't patched)
are reported as infected by
PS-MPC.based vir, by AVP 3.0 b134 + AVP00005.AVC
or
Uni.Grv vir, by McAfee VirusScan for DOS/PM V4.0.50 + v4069 dat
-EEXE
By: Fernando Papa Budzyn (.uy)
Type: EXE? protor, 386, DOS V3
V1.13 [1996]
non-pub
kicks? popunpak
BW V2.5 removable
Note: found on author's FZC (Fast Zip Cracker) prog x
-EliaShim's CodeTrack
By: EliaShim MicroComputers
Year: <= 1993
Type: EXE protor
-Rand0m/Tulpe
By: Rand0m
V0.01
V0.02a
ROSE: good ADT
Note: non-pub
-ProCrypt
By: Lukas Fabian Moser (Germany)
V1.0
adds 1,072b to proted x
ADT = stack tricks
-Crush
Type: COM protor
ROSE:
adds 50b to proted x
ADT is for Soft-ICE, very lame
-Immune or Immun
By: Jens Bleuel
Type: x protor
V1.0 [1992]
no ADT
V1.2 [1993]
-Xenia
Type: EXE protor
V1.00 [1991]
-ANTI-TRACE
By: Oren Maurice
V1.0
uses? PIQ ADT
UPC V1.11 removable
found on TPCX prog x
-Lockit
By: Guy Shattah
Type: EXE protor
V0.10b
V0.11a
-EXE_Protector
By: FAG/DTG (Russia)
Type: EXE protor (?)
Compiler: BP V7.0
V2.0 [1997]
V4.7 [1997]
V5.0 [1997]
V6.0 [1997]
last known ver
non-pub
contains AINEXE V2.22 (to pre-pres proted x)
COM2TXT
EXE2COM, COM2EXE
removable by itself (?)
NortonAV 2000: proted x is infected by Bloodhunt.File.String vir
EdH: non-English. more review,plz!
-Mess
By: max!
V1.20
Note: non-pub
-aNTI-TEU
by: max!
v0.9: herinmi: buggy
v1.2
-F-LOCK
By: Valmii/tKD aka Soeren Pretzel (Germany)
V0.3? [2000]
V0.35
herinmi: tighter than banzai v1.2x
Note: mentioned by herinmi's FileInfo V2.41b
-PCC
by: Mark DeSmet
V1.2
-PPC
By: ROSE aka Ralph Roth/ROSE SWE (Germany)
Type: pass protor
V1.0
-PaSsCom
By: JauMing Tseng or Kevin Tseng (Taiwan)
V1.19c
-PassCOM
By: Black Wolf Enterprises
Type: COM pass protor
V2.0
Note: PassEXE pair
-PassEXE
By: Black Wolf Enterprises
Type: EXE pass protor
V2.0
Note: PassCOM pair
-BlackWolf prot
Note: mentioned in herinmi's TR script
-TBAV Prot
By: Thunderbyte B.V. (Australia)
Note:
non-pub
found on TBAV progs
runtime? crypt
-SCRAMB
By: B.U.G.
V1.20 [1993]
-SCRAMBLE
By: Alexander Alferowich/Tiny Spaceman Software (Russia)
Type: COM protor, 286?
V0.2b3/286 [Aug 1996]
adds 48b to proted x
TEU V1.82 -g -! half removable
-Phrozen Crew Prot
Note: non-pub
-DemoMaker
V2.1
-TheEgis
By: Egis?/PCE
-CrapStop
-HASP
-TREKLOCK
By: Trills
V1.12
-TraceLock
V0.9
-XorCOM
V1.00
-File_PROTECTION
By: Bumerang aka S.Gruzdew (Russia)
Type: x protor?
V2.20 [1990]
but proted x's logo claims itself as V2.14
EdH: non-English. review, plz!
-SECURELOCK
By: tecPIG aka Valmii Killegaard/tKD aka Soeren Pretzel (Germany)
V0.3 [1999]
V0.34 sub ver 5
TR + CONTRA R1 script removable
Note:
some vers kick TR
predecessor of bANZAi cRYPT
-CC (COM Crypt (?))
By: Basil V. Vorontsov aka TiGGER/IHG (Russia)
Type: COM protor
Compiler: BP V7.0
V1.01 [1996]
can insert file in begin of proted x (as message)
crypt only
adds 38b to proted x
UNP V4.12b t removable
Note: EXE2BIN V9.50 bonus pack
-CC2 (COM Crypt 2 (?))
By: Basil V. Vorontsov aka TiGGER/IHG (Russia)
Compiler: BP V7.0
V1.5 [1996]
can insert file in begin of proted x (as message)
ADT
adds 713b to proted x
great crypt
proted x hangs on RM of my cpu after exec-ed a few times
Note:
EXE2COM V9.50 bonus pack
crypt is called [Code Garble V2.01/DOS]
-C0M-C0DEr
By: SkullC0DEr
V0.04 [1996]
-Lock 95
Note: mentioned in Blast Wave doc
-bANZAi cRYPT
By: Valmii Killegaard/tKD aka Soeren Pretzel (Germany)
V1.2 [2000]
mte
adv: kicks TR
disadv: TR + CyR's script removable
Note:
uses BMWE (mte)
successor of SECURELOCK
CyR: actually only renamed because "lock.exe" name has problems under Win
-SelfEncrypt
By: dR.No aka Daniel Arndt?
V1.0 [1998]
mte
-A.C.E. Scrambler
Year: 1996
mte
-CONtRiVER-Cryptor
Year: 1998
-Util Coded
V0.21
-Ady's COM Scrambler
year: 1993
note: PIQ
-MINI
by: Albert SEN
V1.01
-PW
by: Udo Kemle & Klaus Oberpichler
V1.0
-HardLock
by: Aladdin
V4.14 [1997]
-PG-Prot
-Cerberus
V2.0
-Overlay
V3.0
-Tscrunch
by: Clarion
V3.01
-UnitA 3
by: Sanitary
-SUN-Prot
by: M.Dahl
v1.01 [1995]
note: password?
-LAB (Lame Armor Builder)
by: Morgan (Poland)
adv:
EIPL-compliant :)
mte (MutaMorph)
BFE (Blind Fury Engine)
disadv:
very Win incompatible -> even cause data loss
emm incompatible
add 17+ kb to proted x
mem.erase sometimes erase IVT
non-pub
note: private project
AddCode v1.0 (UniquE) [1997]
PCVault-Protect (Johnson) [1993]
Msep v0.9b (M.Sayles) [1996]
EXELock v1.00a (Solid Oak) [1994]
ExeLocker v1.1 (hUilaM) [1999] {pwd}
TiGGER Protection
REC v0.40.5 (R.Roth)
XLoader v2.00 (Cyberman/STiLLS0N)
Keymaker v3.0 (TimeSoft) [1998]
SP-Crypt v1.2 (Snow Panther)
H+BEDV Protection
Triplex Packer (cOm) [1994]
Overlay v3.0
ComCrypt (LostParadise)
ComCrypt (M.Chirkov) [1995]
SelfEncrypt (MaD'z/UCL) [1996]
J0B Cryptor [1996]
LKJ Protection
Com4Mail v1.0 (J.Krasilnikov) [1993]
FalCoN'AleX Protection
Crackboard II Protection
Anti-Lamer Crypter v1.0 [1999]
XOPEN+ Protection [1994]
PhRoZeN Crew Protection [1997]
PFCrew Protection [1998]
VenusSoft-Cryptor [1996]
SelfEncrypt {MtE} (dR.No) [1998]
GPatch v1.2b (jes) [1997]
SelfEnc 386 (SWW/DF) [2000]
VSF&K Protection [1992]
FIO Packer {Diet100} (I.K.) [1996]
WildRover Cryptor [1996]
EM-Phaser Cryptor [1996]
rEBELS Protection [1994]
IdleSoft Protection (Prince) [1996]
IdleSoft Packer (Prince) [1996]
HaSPeX-Protect [1996]
CC#3 Cryptor (ZC/XG) [2000]
eXtreme Group Protection [1999]
CCC-Protect (ZC/XG) [2000]
COM-Cryptor 386 (nh/XG) [2000]
x4-Cryptor 386 (nog/XG) [2000]
TBNLock v1.3 (A.Fiedler) [1996]
AVAST-Protect (P.Baudis) [1999]
AVAST CRC-CHECK v7.70 (eXe) [1999]
AliS S0fT com file encryptor
Crack Soft com file encryptor
Evil Genius com file encryptor
hijaq com file encryptor
Maverick's C0DER v.1.00a
[nh] com file encryptor
PC0R$AiR com file encryptor (1)
PC0R$AiR com file encryptor (2)
MACHiNE GUNgsTeR/BANG! com file encryptor
Wumpus Soft Lab (?) com file encryptor
----
WIN (PROTECT/CRYPT/SCRAMBL)ER
----
-Lock98
V1.00.28
-Phantasm
V1.5b3
-Alloy
by: Prakash Gautam
1.04.14.2000
-AppLok 95
by: Prakash Gautam
V2.0
-Armadillo
by: Chad Nelson
V1.83
herinmi: another way to protect
-ASProtect
by: Alexey Solodovnikov
herinmi: ASPACK V1.084 registration bonus?
-CodeCrypt
by: defiler
v0.164b
-BJFNT
by: Marquis de Soire /UCF
V1.3
EdH: is this protor or presor?
-CodeSafe
By: Zhang De Hua (China)
V3.0
EliCZ: 1st to use SEH
-EXE Protector
by: Eyhab Hillail
V1.37a
V2.01
note: passwords
-Harlequin Dylan
by: Harlequin Group
V1.2
EdH: dunno what the hell is this
-FileLocker 32
note: passwords
-LameCrypt
by: Lazarus
V1.0
-Gleam
by: Zhang De Hua (China)
V1.0
EdH: is this a presor or protor?
-PE password encryptor
by: SMT
-PEBundle
by: Jeremy Collake
V0.15wtd
-NFO
by: bart
V1.0
-PC Guard
by: Blagoje Ceklic (Yugoslavia)
V1.50 is NE
V3.03
-PCPEC [alpha]
by: The+Q, Plushmm & MrNop/Phrozen Crew
EdH: is this a presor or protor?
-PECRYPT32
by: random & acpizer/UCF
V1.2
herinmi: v1.13 doesn't exist
-PE-Encryptor or VGCrypt
by: virogen
V0.75▀
-Ding Boys PE-lock
by: Ding Boy
V0.07
-PELOCKnt
by: Marquis de Soire/UCF
V2.04
-PE-Prot
by: Christopher Gabler (Germany)
V0.9
-PeX
by: bart/CrackPl
V0.99
-PE-SHiELD
by: ANAKiN aka Stefan Esser (Germany)
V0.25
note: share about the same code with PE-PACK
-PrivateEXE
by: MidStream
V2.2: password (?)
-SPEC
by: hayras
▀3
note: simple crypter
-Stone's PE Encryptor
by: Stone (Danish)
V1.13
v2.0 is a packer
-WinKripT
by: MrCrimson
V1.0
-ShareLock
-SoftLock
by: BitArts
V4.0
-UnHack32
by: Black Panther
V1.2
-tELock
by: tHE EGOiSTE
V0.51
-SecuPack
by: SC - Soft
V1.5
-Crunch
by: BitArts
V1.0: herinmi: packrate (down under)
-Fusion
by: BitArts
V1.0: herinmi: patcher and recompiler!?
-PEdiminisher
V0.10
-Pepsi (xOANINO)
V0.10
herinmi: how is it?
-PE-Sentry
V0.05a
-SoftSentry
-VBOX
--------------------
DEDICATED TO herinmi
--------------------
---
VIRUS SHIELD
---
-File Shield
By: Uzi Apple & Yuval Tal / McAfee (USA)
Type: AV.shield
V1.5 [1990]
Adv:
covers x
store exe header
can
remove vir from mem on x exec
restore x to fshield-ed state, whether presed/proted/vir-infected
won't propagate vir spreading
Disadv:
shareware
add 1600 - 6000b (average: 2000b) to x
can't
shield exe+ovl
stop overwriting vir
annoying exit prompt on prog exit
Note:
double prot is unallowed
shield is removable by the prog itself & X-TRACT V1.51
advanced shield over CPAV?
-F-Xlock (Frisk's eXe Lock)
By: Fridrik Skulason, Vesselin Bontchev/Frisk Software (Iceland)
Type: EXE?.AV.shield
V1.16
-VSS (Viren Schutz Schild)
By: ROSE aka Ralph Roth/ROSE SWE (Germany)
Year: 1990-1993
Type: COM.AV.shield
Note:
non-pub
PCU removable
-VSD (Virus Self Destructor)
by: Wojciech Wysznacki
V2.00 [1996]
-Vaccine
by: Rustam M. Abdrakhimov
V1.03
V1.10 [1995]
-VACCINE Sphinks-2
by: RedArc
year: 1997
type: AV.detect.shield
-Shield 386
by: V Communication & Steel Rat
V1.70
-Health
by: Muslim P. Polyak
type: immunizer
V5.1
-Scan /AV
by: McAfee
-CPAV (Central Point Anti Virus)
By: CPS (USA)
Type: AV.shield
Note: based on TNT/AV
-TNT/AV
By: Carmel Software Engineering
Type: AV.shield
-NAV (Norton Anti Virus)
by: Peter Norton/Symantec (USA)
-NoAV (No Anti Virus)
By: VAG aka Vladimir Gneushev (Russia)
Type: COM.AV.false-detect.avoider?
V1.0c [1999]
non-pub
removable by proted x itself (option @@)
Note:
found on some VAG progs
McAfee's ScanPM V4.70 + DAT V4095 detect it as new virus :)
---
COMPRESSOR
---
-SYSPACK
by: Vadim V. Vlasov (Russia)
type: dos.sys.presor
compiler: msc(++) [1990/1992]
V0.1 [1992]
note: UPX has better pres
-LZCOM
By: JauMing Tseng
V1.4
-XPACK
Year: 1995?-1999
By: JauMing Tseng or Kevin Tseng (Taiwan)
V1.31 [1996]
V1.60-: freeware
V1.60+: shareware
1.67l [Jul 1997]
free?
V1.67.r2
Adv:
can add comment on presed x
anti-vir
TSR online depres (RAM resident transparent expander)
needs 4Kb of upper mem & 32Kb EMS mem
can create
XDI (XPACK [presed] Disk-Image)
supports MS-DMF/FDFORMAT/2M format
sfx XDI (XDI2EXE -> regged)
archiver
lib.unpacker (-UX option)
guard codes against some lib.unpackers
self check
Disadv:
slow pres
EXE depres not available (regged?)
EdH: it try to follow DIET
Note: kernel code optimized by Harald Feldmann
-XE (X-pack for Executable)
By: JauMing Tseng or Kevin Tseng (Taiwan)
Year: 1998-2000
Adv:
supports watcom/le, tmt/adam, dos/exe, dos/com, dos/sys
free
Disadv:
slow pres
change orig 32bit format to XE format
needs spec.loader (XELoader)
no depres
no 16bit segment reloc handler
V1.4.5 b0119 [Jan 2000]
Note:
uses Sergey Belyakov's ZRDX dosx & Jibz's aPLib preslib
XE divides file into blocks when pres (unlike aPLib)
EdH: To JMT I suggested XPE as new name instead of XE
-DIET
By: Teddy Matsumoto (Japan)
Type: EXE presor (COM -> EXE) but can force real COM (option -xc)
Compiler: BC++ [1990]
V1.00 [1990]
V1.20
NC 4.0 Russia is packed with this
V1.45f [Jun 1992] last known ver
fix halted depres on 486
Adv:
TSR online depres
Stacker-like
dos/sys
100b depresor
-g: fast depres (+100b)
free
Disadv:
bad pres ratio
no depres
deletes pressed x (even if its size is smaller) if it requires same
cluster as orig x
VeK: very stable x presor
ROSE: DIET-ed x expects BX reg = 0
Note: add string "diet" to presed x
-WWP or WWPACK ((Wierzbicki & Warezak's / World Wide) PACKer)
By: Rafal Wierzbicki & Piotr Warezak (Poland)
Year: 1993-1997
Type: EXE presor (COM -> EXE), max 15000 reloc
Compiler: BP 7.0
Variant: WWPACK32 (for Win32/PE) V1.20b2
V3.04a [Jan 1996]
V3.05b5 [Jan 1997] higher pres ratio for big file
Adv:
a lot of features:
data pack
password
anti vir
unextractable
soft: can't be depres by WWPACK
hard: light ADT (+ user ADT module)
No_Hacks package contains user ADT module samples
date/time limit
Disadv:
slow pres
shareware
Note:
uses EXE header to store its config. no external config & still presible
WWPACKed header also left $1A-$1F untouched
tightest x presor at its time
some foolers modify WWPACKed x start-up code with mte-ed code (WWPMutator)
started from V3.02a, WWPACK is proted by HackStop V1.0?
WWPACK V3.04a & V3.05b5 is proted by HackStop V1.11a
-aPACK
By: Jibz aka Joergen Ibsen (Denmark)
Year: 1997-2000
Compiler: WC 32
Type: x presor, 286
V0.91b [Aug 1998]
V0.98b [1999]
V0.99b [2000]
Adv
the tightest small/average DOS x presor
smallest depresor (133-340b)
3 more different encoding (-1/-2/-3)
no reloc (-h)
tiny EXE depacker (-t)
XT-compatible depacker (-x)
very fast depres
no mem overhead
Free for Non-Commercial Use
Disadv
slow pres
no depres
no self check
no check for already presed x
Note:
better pres than WWPACK
uses author own LZ, 56-60kb lookback + lazy match + Gamma encoding -> aPLib
EdH: aPACK's history is fun to read :)
-32LiTE
Year: 1998-2000
By: Oleg Prokhorov /UG2000 (Russia)
Type: multi format x presor
Compiler: WC 32, PE compiler?
V0.02d
aPLib V0.22
V0.03a
aPLib V0.26
the prog x format is PE
V0.03b
APLib V0.26 [SE]
more options
prog x must be patched to run under DOS:
offset
50h: B0h -> 6Dh
51h: 19h -> 1Ah
Adv:
multi-format x packer
supports some ancient formats
capable to pres x with multi-in-one format
restricted capability to pres to different format
calls & jump optimization (-8 & -9)
Disadv:
slow pres
no depres
but sometimes no depres is an adv :)
Note: uses Jibz's aPLib preslib
-UPX (Ultimate Packer for eXecutables)
Year: 1998-2001
By: Markus Franz Xaver Johannes Oberhumer (Austria) & Laszlo Molnar (Hungary)
Type: multi format x presor, max 24,000 reloc, 286
Compiler: DJGPP V2
Adv:
extendable (portable endian-neutral C++)
self check
the tightest big x presor
pres better than zip/gzip
fast depres: 10Mb/sec on Pentium-133
multi x formats are supported
no mem overhead
overlapping (depresor place in mem is reused by depresed code)
free
8086-compatible depacker
Disadv
best pres-level (-9,--best) is slow
only partial support for WDOS/X + LE
no 16bit segment reloc handler
V0.30 [Jul 1998]
V0.40-
x formats supported:
dos/exe, dos/com, dos/sys, djgpp2/coff, watcom/le
V0.40
NRV V0.32
added dos/exeh method (386+)
V0.50
added win32/pe, rtm32/pe & tmt/adam format
V0.60
NRV V0.54
added atari/tos format
V0.70 [Mar 1999]
NRV V0.61
added linux/i386 format
added best pres-level (--best)
V0.90
added win32/pe depres
V0.99
src release under GPL
V1.02 [2000]
NRV 0.73
somewhat slightly faster pres
prog x is now can depres itself (& few older ver)
EdH: apparently nouser but me aware of this, because nobody else
uses UPX secret switches for their progs
V1.03 [30 Nov 2000]
NRV 0.81
little more pres
faster pres, also for best pres & big x
added atari/tos/FreeMiNT
binded with CWSDPMI r5 by CWSDSTUB
V1.04 [19 Dec 2000]
V1.11: beta ver
Note:
uses Markus Oberhumer's NRV (Not Really Vanished) preslib
successor of DJP
secret switches: --fileinfo, --all-filters, --small
UPX gives better pres ratio on JMT's XDOC-ed text than aPACK
-AXE (SEA-AXE)
By: SEA (System Enhancement Associates)
Type: x presor
Year: 1987-1989
Compiler: MSQC [1988/1989]
V2.0
V2.2 [Jan 1989]
1,510b depresor
Disadv:
presed code stored as ovl after depresor
lame pres ratio
shareware
Note: oldest? EXE presor
-EXEPACK
By: MicroSoft
Type: EXE presor
V4.06 [Feb 1986]
V4.06 = V4.05
V4.07
Adv: free
Disadv:
lame pres ratio
uses RLE
old ver's presed x prints "packed file is corrupt" & halt
under EMM & lots of base mem
-EXEPACK
by: TurboPower
V7.0
-MS-LINK /EXEPACK
V3.69
V5.31.009
-SPACEMAKER
Type: reloc presor
By: Realia
V1.03
V1.07
exe2com?
-PACK
By: Kim Kokkonen/TurboPower Software
Type: reloc presor
V1.0 [1987]
-RELOC
By: Piotr Warezak (Poland)
Type: reloc presor
V1.00 [1997]
=? Kim Kokkonen's PACK V1.0
-RERP
By: Ralph Roth aka ROSE/ROSE SWE (Germany)
V0.02 [1996]
-RP/386
By: Michael Hering/Germany
Type: reloc presor
V1.20 [1999]
V1.21
-ReloPack
By: Stefan Esser
type: reloc presor
V1.0 [1996]
herinmi: improved Kim's PACK V1.0
-COMPACT
By: Klaus Peichl (Germany)
Year: 1994, 1998
Type: COM presor, max 15,000b
V1.05 [1998]
presed x needs 33kb freemem or quit
82b depresor (no huffman decoder)
20 to 50 passes pres (very very slow) but (suspend & continu)able
no need to depres & re-pres if we want further pres
more passes = longer exec time
uses RLE-2 pres (pres pointer is the least frequent byte in inputfile)
bad pres ratio
-OPTLINK
By: Symantec or SLR?
Note:
non-pub, only for Symantec progs (ex: MS-DOS Defrag)
pass1: pres reloc, pass2: pres code
-LZEXE
By: Fabrice Bellard (France)
Type: EXE presor
Year: 1989/1990?
Compiler: BP V5.5
V0.90
V0.91
V1.00a [Sep 1991]
Adv:
self check
free
Disadv:
bad pres ratio
no depres
Note:
the 1st real? EXE presor
used to pres ARJ-SFX, RAR-SFX & some others
EdH: I remembered reading English LZEXE but why V1.00a doc is in France?
-PACKWIN
By: Lei Jun & Wang Quanguo /Yellow Rose Workgroup (China)
Year: 1993-1995
Type: EXE presor
V1.0a [Jun 1994]
V2.02 [1995]
add string "YRZLITE (C) 1993 WYellow Rose" to presed x
can press dos/exe & win/ne
faster but lower than PKLITE V2.01?
-624 (Six-To-Four)
By:
Kimmy/Pulp aka Kim Holviala
TomCat/Abaddon
Boogie/ESP aka Andras Barthazi
Type: COM presor, < 25000b
Adv:
option -s: better pres
free?
Disadv:
option -s is very slow
aPACK/UPX gives better result
V1.0
adds string "PULP" to presed x
+ C src
by: Kimmy/Pulp aka Kim Holviala
V1.1 [1997]
compiler: BAP
by: Boogie/ESP aka Andras Barthazi
rewritten to get 4x speed & 1/10 x size
adds string "[ESP]" in begin of presed x
-PKLITE
By: PKWARE (USA)
Year: 1990-1992, 1995, 1996
Type: x presor, DOS V2.1
V1.00b
BenC: for certain x, the last 512b image is moved to ovl
V1.10: hacked ver
V1.14 [1992] add crypt to presed x
V1.15
BenC: not detect Win / OS/2 x & pres it as dos/exe -> no longer runnable
V1.20:
a lot of hacked ver declared as V1.20 before its release
different crypt
V1.50 [1995] optional image checksum
V2.01 [Mar 1996] can pres Win3.(0/1) NE & DLL files
Adv:
very fast pres
regged ver. offers option:
-e
crypt
extra pres
put string "PK" or "pk" in 1st fcb (offset 5C) of PSP
presed x checks for such sig & aborts exec if can't find it
UNP & X-TRACT fakes this sig on unpacked x to make it run?
-e-
extra pres w/o PSP sig
check? for enough mem
Disadv:
shareware
up to 84kb mem overhead
rather bad pres ratio
Note:
the most famous x presor at its time
there are a lot of hacked or *independently improved* PKLITE vers
-AVPACK (Andrei Volkov PACK)
By: Andrei Volkov (Russia)
Type: x presor
V1.20
BenC: if to-be-presed EXE size = multiple of 512 byte:
it's regarded as ovl-ed EXE
only stores the first 20h bytes of EXE header, thus
prevents complete restore
V1.22 [Apr 1993]
Adv:
very fast pres
can
crypt (not removable by prog itself)
crypt so presed x only run on one's PC
free for non-commercial use
Disadv: rather bad pres ratio
BenC: similar to PKLITE
-TINYPROG
By: Tranzoa, Co (USA)
Type: EXE presor (COM -> EXE), DOS V2
Year: 1990-1994
V3.6 [1992]
V3.9 [Mar 1994]
Adv:
basically no extra mem
about 1.8kb, usually already claimed by presed x
password
user error message
user message
misused by foolers (ROSETiny, PKTiny, TinyProt, TinyHack)
ex: by fill it with PKLITE header
crc-check
regged ver offers /D -> unextractable pres
many ADTs
quite fast pres
Disadv:
shareware
each session plays time-consuming 'happy talk' before exit
bad pres ratio
V4.0: ROSE: same as V3.9, but rearranged code & slightly longer depresor
ROSE: some fake/modified ver exists (Dezet, Fischer)
-COMPACK
By: W. J. Collis/Prominence Computer Services Ltd (Italy)
Type: x presor, COM: =< 65000b, EXE: =< 12000 reloc, DOS V2
Year: 1990-1993
Compiler: BC V2.0 [1998]
V4.4
BenC:
end of depresor contains a far jmp to depresed prog. This jmp points
to 0:0 but is adjusted not much earlier before the exec of this
instruction. On 386- the PIQ is small enough to allow this
self-modification. But on 486+, the read-ahead buffer is much larger so
the jmp 0:0 has been read & exec-ed when the adjustment takes place,
most likely cause a system crash.
V4.5 [Nov 1991]
optimize EXE header (option -h)
V5.1 [1993]
Adv:
adds 193b (?) to presed COM
1 of fastest x presors
no OS dependencies (runnable on future OS?) like:
DOS calls
int latency
DOS/BIOS mem access
can add message to presed x
sfx
can pres system/driver
Disadv:
shareware
can't pres prog:
loading on hi-mem
with ovl/debug info
limited sfx (max is 640Kb?)
-PROPACK
By: Rob Northen Computing (England)
Type: (data & x) presor, archiver
Year: 1991-1993
Compiler: BC++ [1991]
V2.08
V2.14 [1992]
V2.19 [1993]
Adv:
support for Amiga, Lynx, ST, 68000 x ?
free for non-commercial use
registration & update is free for sw developers
Disadv: bad pres ratio
Note:
adds string "RNC" to presed x
use p -fp as x presor
-UCEXE
By: Andrew Cadach/AIP-NL (The Netherlands)
Type: x presor (COM -> EXE)
V2.4 [Apr 1996]
Adv:
1 of fastest x presors
better pres ratio than PKLITE V2.01 & COMPACK V5.1
self check
Disadv:
shareware
not preserved date/time stamp
Note: part of UC2 archiver
-PKSMART V1.0
By: PSV (Puchkov Sergey) & Alex(ander Ryumshin) (Russia)
compiler: bc++ v3+ [1991]
V1.0 [Jun 1998]
Adv: very good pres ratio (sometimes better than WWPACK 3.05)
Disadv:
shareware?
slow pres
not properly coded? (often hangs)
not very compatible?
Note: no other ver
-PGMPAK (ProGraM (?) PAcK)
By: Todor Todorov
Type: x presor (COM -> EXE)
Compiler: BC V2.0 [1988]
V0.15 [May 1991]
Adv: free
Disadv:
same pres ratio but slower than PKLITE V2.01
add 12b ovl 00h+"PGMPAK 0.15" to presed x
most presed x hangs
not giving full mem
Note:
prog x contains PKZIP [1990]
EdH: maybe it's used this way:
call PKZIP inside prog x to pres to-be-presed x
attach (mini) ZIP-Sfx then depresor to presed x
if exec-ed, depresor execs (mini) ZIP-Sfx to depres (in mem?) & execs
depresed x
STN: PGMPAK is buggy
-PAKEXE
By: Sergio Artic
V1.0b [1996]
Adv: free
Disadv: requires PK(UN)ZIP to (de)pres
EdH: I'm not sure how it works but maybe like this:
x is presed with PKZIP -> file A
File A is stubbed with $pakexe (depresor) -> file B
if file B is exec-ed, depresor run PKUNZIP to depres ZIP -> file C
exec file C
-SHRINK
Type: COM presor
V1.0 [1988]
by Thomas G. Hanlin III
max to-be-proted x is 30,000b
average pres ratio = 7%
82b depresor
uses RLE2 pres method (uses least frequent byte inside file as pres flag)
free
BenC:
if all 256 bytes appear at 1 time in to-be-presed x, triggers 2 bugs:
-if a RLE byte followed by 00h, 00h is written to prog instead
-last byte of presed x isn't written
V2.0 [1995]
by JauMing Tseng or Kevin Tseng (Taiwan)
uses SHRINK2 pres method
104b depresor
max to-be-proted x is 65,536b - 104b (?)
removes 3 fatal bugs from V1.0 -> lost (rlekey/dupchar/lastbyte)
src is provided
free
-T-PACK
By: Max/Tuscon aka Norman Rudolph (Germany)
Year: 1996?
Compiler: BP V7.0
V0.5b
Adv:
-m1: 69b depresor (matching length = 32b)
-m2: 122b depresor + more pres (matching length = 2,048b)
Disadv:
very
slow
bad pres ratio
Note: uses LZ77 + 2kb sliding dictionary
-ELITE (EXELITE or Exe-LITE)
By: (Patryk E. Glowacz & Adam Augustyn)/Code Blasters (Poland)
year: 1994-1996
Compiler: BC++ V3.0 [1991], large model
V1.00b : password
V2.00S beta [Jan 1996]
Adv:
new exe header format
reduce presed x size
very little mem to depres presed x
regged ver offers
prot
crypt + ADTs (against CUP, TRON, Soft-ICE, TD, CodeView, etc)
no orig EXE header
can
add message to presed x
create sfx-dat to be used in application
pres data file
add anti-vir
heuristic repair of damaged presed x (tested with 37 virs)
Disadv:
shareware -> $15
faster but worse pres ratio than PKLITE V2.01?
Note:
uses
dynamic Lempel-Ziv (DLV) for x pres
EdH: it should be DLZ, not DLV :)
LZSS + Huffman for data file pres
EdH: repair & anti-vir addition are silent when I modify presed x
-MEGALITE
By: ThE KiLLeR of MEGATEAM 'n CTF
Type: EXE presor
Compiler: MS-C [1990/1992]
V1.20a+ [Nov 1994]
better pres
new sig
8086 runnable
Note:
prog x is processed by:
-Megalite V1.20a
-modified CPAV to confirm license agreement on each exec
-ICE V1.00
-EXE2COM (regular)
-TINYPROG V3.9
-ICE V1.00
-MCLOCK V1.2 or V1.3
-COM2EXE
-PKLITE V1.15
-EXE2COM (regular)
-TINYPROG V3.9
-MEGALITE V1.20a
prog x contains PKLITE V1.14 (?)
presed x "MZ" sig is swapped to "ZM"
V1.5
BenC:
PKLITE-like pres
it changes 1 byte of depresor -> screw up code
Disadv:
up to 4kb mem overhead
-AINEXE
By: Alexander Kulpin/Transas Marine (Russia)
Year: 1993-1996
Type: EXE presor
V2.23 [1995]
1 of fastest EXE presor -> uses? (X/E)MS
better pres than PKLITE V2.01
Note: part of AIN archiver
-Synopsis's COM Packer
by: Synopsis (The Netherlands)
ROSE:
overwrite int0-4 w/o restore
COMPACK rip (?)
Note:
non-pub
found on Synopsis's UPC prog x (?)
-JAM
By: Eugen N. Vasilchenko (Russia)
Type: x presor
Year: 1990-1991
Compiler: BP V6.0
V2.21 [1991]
shareware
slower pres than PKLITE V2.01
VeK's TYP: caution on 486!
presed x hangs my cpu (if generated under 486, presed x is buggy?)
-CC
By: Anry Hacker/UniHackers Group (Russia)
Year: 1991-1994
Type: x presor (EXE -> COM), 286
Compiler: BC++ V3.0 [1990]
V2.61b
fast x unpack header
LZ pres
worse & slower than PKLITE V2.01
small EXE2COM
prot
simple ADT (based on PIQ)
crypt
SME (Startup Mutation Elusiver)
AIDS (Anti Intruder/AutoHack Daemon System) V86
CUP V3.4 /3 removable
shareware?
MANtiC0RE [1999] fixed presed x locks keyboard on Pentium+
-CRUNCHER
By: Ori Berger (Israel)
Type: x presor (COM -> EXE), DOS V3
V1.0 [Aug 1989]
shareware
stores presed code as x ovl
slow depres (proted x exec shows depres progress)
2,151b depresor
lame pres ratio
uses dynamic LZ 9-12 bits with Table Clearing
-PACK
By: M. Sotoodeh (?)
Type: x presor
V4.04?
-PACK
By: NoddegamrA (Poland)
Compiler: BC V1.0 [1987]
V2.01 [Oct 1995]
shareware
data pack
bad pres ratio
slower than PKLITE V2.01
herinmi: DIET V1.00 rip, only 4b is different
-EXEHIGH
By: NoddegamrA (Poland)
Year: 1995
Compiler: BC V2.0 [1988]
V1.01 [Oct 1995]
shareware
free
lower & slower than PKLITE V2.01
-LGLZ (Lyapko George LZ)
By: Y. George Lyapko (Ukraine)
Year: 1996-1999
Compiler: BP V7.0
V1.04b [Dec 1997]
V1.04e [1999]
V1.03 = V1.04a-e
fast self extract module
uses modified LZ77 + 8,192b sliding window dictionary + lazy matching
better & faster than PKLITE V2.01
free
-MS-LITE (Mercury Soft LITE)
By: Andy Cheng/Mercury Soft Technology (Hong Kong)
Year: 1997 (?) - 1998 (?)
V2.3 [1998]
-SCRNCH (SCRuNCH)
By: Graeme W. McRae
Year: 1987-1988
Type: COM presor, 8086, DOS V2
V1.02 [Apr 1988]
shareware
customized exit routine
same pres ratio but much slower than PKLITE V2.01
author: EXEPACK + SCRNCH give more pres ratio
EdH: my test shows the contrary
-VACUUM
By: Dark Fiber/[NuKE]
Type: COM presor
V0.01c [1996]
lower & much slower than PKLITE V2.01
no check for already presed x
prog x is Adam's DOS32 V3.40b prog
-COMPREXE (COMPRess EXEcutable)
By: Tom Torfs (Belgium)
Type: x presor
V1.0 [Sep 1997]
lower & slower than PKLITE V2.01
reports orig & presed x differences
free
Note: part of ProtEXE
-RJCRUSH (Roland J. CRUSH)
By: Roland J. Skinner/RJS Software (South Africa)
Year: 1994, 1996
Type: EXE presor
Compiler: BP V7.0
V1.10 [May 1996]
shareware
prog x exec sometimes show beg scr
can pres BP V5.55-V7.0 prog ovl (if src available)
1 of fastest EXE presor
slightly better pres than PKLITE V2.01
reloc sort
2pass reloc pres
no depres
-KVETCH
By: Tal Nevo
Year: 1993?
Type: x presor
-A.C.E. Packer
year: 1996
note: can pres COM
-SANCTION Packer
By: Pinker aka Dirk Kueppers / SANCTION (Germany)
Type: COM? presor
Year: 1996-1997 (?)
V1
uses dynamic LZSS77_ari + 8bit fixed pointer
unpack header = 250b
V2
uses LZSS77 + dynamic multi-precision arithmetic
pres ratio = RAR/ARJ (?)
worse pres ratio than 624
complete depresor size = 133b (+30b for copying, etc)
Note:
non-pub?
found on SANCTION's 4k Intros
---
WIN COMPRESSOR
---
-PKLITE32
by: PKWARE
V1.1
-WWPack32
by: Rafal Wierzbicki & Piotr Warezak (Poland)
V1.20d
-PC-Shrinker
by: virogen/Phrozen Crew
V0.71
-PEcompact
by: Jeremy Collake
V0.977: time trials
V1.41
-ShrinkWrap
by: Jeremy Collake
V1.22
herinmi: it`s totally the same as pecompact
-CEXE
by: Tinyware Inc.
V1.0a
note: presor only under winNT
-ASPack
by: Alexey Solodovnikov
V1.03: time trials
V2.100
note: worthy presor beside UPX?
-PE-PACK
by: ANAKiN aka Stefan Esser (Germany)
V1.00
note: uses Jibz's aPLib preslib
-PETITE
by: Ian Luck
type: PE presor
V2.2
note: pres uses ZIP algo
-NEOLITE
by: Neoworx
V2.00
-NEOSPACE
by: Neoworx
-SHRINKER
by: A.S.M. Inc.
V3.2: NE
V3.4: PE
-WINLITE
type: NE presor
by: Rosenthal
V1.0
-LXLITE
by: Friends Software
type: OS/2 x presor
---
ARCHIVER SFX
---
-UCSEA (Ultra Compressor Self Extracting Archive)
By: AIP-NL (Ad Infinitum Programs-NetherLands)
V2.37b [1996]
Adv:
need < 270 kb mem
UltraFast pres engine
Disadv:
distribution needs registration
different format than UC
Note:
UltraFast may be used in portable UC3 ?
part of UC2 archiver
-ARJ-SFX
By: Robert K. Jung/ARJ Software (USA)
V2.10+: presed by FaB's LZEXE
V2.70 [1999]
3 sfx modules:
6,204b (ARJSFXJR/junior), unpresed: 8,162b
16kb (standard)
18kb (mentioned on ARJ/v2.70/TECHNOTE.TXT) -> supports ARJ-SECURITY
27kb (ARJSFXV/multi-volume) -> supports ARJ-SECURITY
V2.75a [2000]
Disadv: distribution needs registration
Note:
has string 'RJSX'
part of ARJ archiver
-RAR-SFX
By: Eugene Roshal (Russia)
Compiler: BC++ [1991]
V2.70b2 [2000], unpresed size: 13,823b
Note:
has string 'RSFX'
part of RAR archiver
presed by FaB's LZEXE
-ZIP-SFX (PKSFX)
By: PKWARE
V2.04g [1993] unpresed size: 18,912b/3,002b (mini)
V2.50 [1999] unpresed size: 20,640b/3,150b (mini)
Note:
part of PKZIP archiver
presed by PKLITE
-ACE-SFX
By: Marcel Lemke (Germany)
V1.2b [1998]
presed by Jibz's aPACK V0.82b?
uses 1Mb EMS (dos/exe)
size: 24kb (senior) 3,802b (junior)
V2.0b1 [2000]
UNACE is rewritten to be SFX
x = PMODE/W V1.33 + watcom/le
presed by UPX V0.99.3
V2.0b4 [2001]
Note:
part of ACE archiver
-PROPACK SFX
By: Rob Northen Computing (England)
V2.18 [1993]
1,913b sfx
hangs my cpu while depres
part of PROPACK
-AIN-SFX (AINEXT)
By: Alexander Kulpin/Transas Marine (Russia)
V2.31
sfx = separate (freeware) extractor x + AIN archive (as ovl)
27,770b
Note: part of AIN archiver
-LHA-SFX
By: Haruyazu Yoshizaki (Japan)
compiler: LSI-C86 V3.20
V2.13 [July 1991]
size=1,942/1,945b (large); 1633b (small)
free
Note: part of LHA archiver
-LHARK-SFX
By: Kerwin F. Medina
V0.4
Note: part of LHARK archiver
-BSN-SFX
By: PTS (Russia)
V2.0 [1994]
presed size = 3,884b
Note: part of BSA archiver
---
DEDICATED TO EXEList: DEBUGGER/EMULATOR/TRACER/DUMPER/UNPACKER/DISASM
---
Info Source:
Jose M. L. Lopes/MASK V2.5/DOC
CyberRax/LCCrypt V1.2/unpack.txt
---
-Sourcer
By: V Communications
Type: disasm
CyR: commenting disassembler, elitest of the elites, now is forgotten,
but still excellent prog
-UNComBat
By: ROSE aka Ralph Roth/ROSE SWE (Germany)
Year: 1993-1999
Type: spec.deprot.COM
Note:
a DOS DEBUG script written in batch file
part of ROSE's UnTiny package
-UPCOM
By: Hanno Bock/SAVE (Germany)
Year: 1997
Type: unpack.COM
Note:
a DOS DEBUG script written in batch file
part of HUNP (Hanno's UNPacker) V1.01 package
-DEBUG
By: MicroSoft
Year: 19??
Type: RM.debug
Note:
part of MS-DOS package
like other MSDOS prog, it refuses to run on other MSDOS ver
still useful for small/fast work
-SYMDEB (SYMbolic DEBug)
By: MicroSoft
V4.00 [1985]
-386 MiniBug
By: Phar Lap Software
V2.2d [1989]
-ACT N82538872
By: Victor M.Gamayunov
Year: 1993
-D(ALF)
By: Obraztzow S. (Russia)
V1.0b [1992]
-EDB
By: Serge Pachkovsky (Russia)
V0.15 [1991]
-MegaDebugger
-VIM (Virtual Machine)
By: DDI
Type: RM.debug
V1.01PD
-DEBUG
By: PhysTechSoft, Ltd. (Russia)
V1.30 [1999]
Type: RM.debug
Note:
part of PTS-DOS 2000 package
more complete & user-friendly than (MS)debug
-CV (CODEVIEW)
By: Microsoft
Type: RM?.debug
-SSD (Serville's Software Debugger)
By: Mathew Probert
Type: interpret.?
Year: 1996
V6.0
Note: designed to analyze (crypt/mte)d virs
-DCA (Deep Code Analyzer)
By: PReDaToR 666
Type: few.spec.unpack
V1.4 [1996]
dedicated to Oren Maurice
unpackers are put as external x
-ABKDEPRO beta 3
By: fds0ft (Hungary?)
Year: 1996
Type: few.spec.unpack.COM, 286, DOS V3.3, 200kb freemem
Adv:
GUI
free
-INTRUDER
By: CREAT0R/CreaSoft/FBI aka Alex Taylor or Alexey A. Novojilov (Russia)
Type: lib.unpack
V1.30 [1994]
supports BP, BC(++), MS-C, Clipper
V1.31 [1998]
by dR.No/ViP Software/DTG/UG2000
enhanced MS-C & Clipper support
Note: 1st lib.unpacker
-UPC (Universal Program Cracker)
By: Synopsis (The Netherlands)
Type: lib.unpack
year: 1996-1997
V1.11 [Aug 1997]
Adv:
supports
BP V6.0 & V7.0
BC(++)
MS-C(++) / QB
ZC (only tested on V3.0)
WC++ 16
Note: based on Intruder
-ENTPACK
By: Veit Kannegieser (Germany)
Year: 1995-1998
Type: lib.unpack
19.09.1996 : WC, LSI C
05.10.1996
(Fitted & TopSpeed) M2, (Turbo & Quick) Basic,
(Zortech/Symantec) C, HackStop V1.13
11.10.1996 : RCC 1.10
08.05.1997
HARDLOCK (HLVXD.EXE)
Bat2Exec
31.12.1997
ANTIUPC, WWPACK V3.05▀5, PCRYPT V3.45, Parameter t for HARDLOCK and DOG212,
XPACK Guard, PROTEXE
16.01.1998 : ProtEXE V3.11
31.03.1998 : Selfenc/Bat2Exec(Trap)
08.04.1998 : ILUCRYPT V4.0
24.04.1998 : Upstop
28.05.1998 : TRAP 1.17
14.06.1998 : aTEU 1.1
15.06.1998
-TEU (The Executable Unpacker)
By: JVP
Year: 1996-1998
Type: lib.unpack, 386
Compiler: TASM V3.20, small model
V1.82 (1998)
Adv:
recognizes much more compilers than UPC V1.11
-g : gen unpack
-! : save on termination
-M(n): PassiveX(n), n=1..4
mutate itself in mem to avoid mem detection
unpacks so easily
many (unsuccessful) effort are done to stop TEU:
UET, ATEU, EXELOCK666, etc
Disadv:
uses (rather) incompatible prots for TEU x, sometimes hang
unpacked x produced is always EXE
Note: prog x is proted by many nebelbombs
-XPACK -UX
By: JauMing Tseng or Kevin Tseng (Taiwan)
Type: lib.unpack
Note:
a spec.unpack switch in XPACK
JMT: -UX is hacked UPC code
-PCU (pGA! cOm unpacker)
By: fds0ft (Hungary?)
Type: few.spec.unpack.COM
Year: 1997
Adv:
GUI
can remove some COM processors UNP & X-TRACT can't
-Khrome Decrypter
By: Teraphy
Type: few.spec.unpack.COM
V0.1 [1997]
-UN-PACK
By: Snow Panther/DTG/UG2000 (Russia)
Type: many.spec.unpack
Compiler: BP V7.0
V1.0 [1998]
can find 5 of 9 Lost Soul/UCF 's anti-CUP386 /7 tricks
V1.1
COM2EXE
COM tracer (-t)
V1.2
reloc handler (-r)
V1.4
EXE2COM
V1.5
truncates & separates file (-f)
portions from ST!LLS0N's EXESCAN V3.25
some sigs
gen detection (-g)
TEU support (-u)
V1.666 [2000]
free
portions are from
Hypn0tizeR's File Analyzer (extension detector)
Juergen Peter's IDArc (archive detector)
V1.7 [2000]
free ver available
sometimes suggest you to unpack certain x yourself with:
CUP V3.4, X-TRACT V1.51 & ProcDump V1.6
extension detector file is now presed with TTCOMP
COM dumper
V1.8 [2000]
add Code Master's Disasm
V1.9 [Oct 2000]
V2.0
Note:
commercial use is prohibited
contains unpackers written by other people
author also include his non-pub spec.unpackers
-UNP
By: Ben Castricum (The Netherlands)
Type: many.spec.unpack
V3.00
option -a (self-repeat to remove deeper layer on unpacked x)
V4.10
command t: trace x (4 COM = gen unpacker)
V4.11 [1995]
prog x is DIET V1.45f-presed & DShield-proted
reconfigurable options, saved in the x
can't scan unpacked x with TBScanX (but mentioned on DOC!)
cardware or $1 for commercial use
V4.12b
can scan unpacked x with TBScanX
Adv:
lot of options to manipulate x
COM2EXE, EXE2COM
copy/remove/merge ovl
optimizes reloc
remove not-relevant header data
align header data
Note: 1st known prog capable to remove many x processors
-X-TRACT
By: Pablo Carboni
Type: many.spec.unpack
V1.51 [1995] last known ver
Adv:
self-repeat to remove deeper layer on unpacked x
unpacks some more x processor UNP can't remove
Note: another old unpacker
-UX
By: Misha/UCF
Year: 1992-1996
Type: many.spec.EXE.unpack
V0.55
last ver
src is released
free for non-commercial use
-TRON
Year: 1994-1996
By: Michael Bauder aka Avenger/Smile Soft (Germany)
Type: gen.trace.unpack?
V1.30 [1996]
Adv: -p or -u: universal PM expander (regged)
Note: ROSE,herinmi: tricky to stop
-TD, TD286 & TD386 (Turbo Debugger)
Year: 1988-1993
Type: debug
By: Chris & Rich Williams/Borland
V3.1 [1992]
V4.0 [1993] PM debugger
Note:
TD & TD286 is easy to kick (RM debugger, int1/int3)
CyR: simple HLT will crash TD
TD386 uses 386 spec. hw bkpts
-Soft-ICE (Soft-ICE Win, WinICE, NTice)
By: Nu-Mega Tech.
Type: TSR.debug
V2.64 [1993]
V2.80
Note:
the first? 386 debugger
uses 386 spec. hw bkpts
acts as EMM
most older ADT is created to kick Soft-ICE :)
-CUP & CUP386 (CyberWare Universal unPacker)
By: Alex Petroukine aka Sage/Cyberware/UCF (Russia)
Type: gen.trace.unpack, 386, DOS V5
Year: 1995?-1997
V1.2: 3pass
V3.2: 386
anti runningline
V3.3a
StE: full of bugs
V3.4: 386
Adv:
has CyberWare Code Digger (debugger) inside -> option /d
cup /1: RM tracer
cup /3: 386 spec. hw bkpts -> only run on RM
cup /7: pretender (emulator) -> only run on RM
Note:
the most fearsome unpacker at its time
LostSoul/UCF worked to find 9 anti-CUP tricks
unused space in unpacked x sometimes contains repeated strings of
"!reve4erawrebyc`" -> flipped "`cyberware4ever!"
EliCZ: based on LIDT
-TR (Super TRacer)
By: Liu Tao Tao (China)
Type: RM/v86?.interpret.debug
Variant: TRW V1.22, TRW2000
V2.03: CG: V2.03 is better than V2.52 (large model instead of small model?)
V2.52 [Nov 1998] last know ver
Adv:
run on V86
user interface
script
supports 'function keys' & 'debug like' usage
kicks 'check if last key was [ENTER]' ADT
Disadv: shareware, but U can suspend the payment until you're rich :)
Note:
the best debugger
most newer ADT is created to kick TR :)
-LTR (LADO's TRacer)
By: LADO aka Attila Ladomerszky (Hungary)
Type: RM?.interpret.debug
Disadv:
only run on RM
V1.0 [1999]
CG: slow & mighty interpreter, full DRx hw bkpt possibility
CG, ChS: very strong
EliCZ:
based on LIDT
starts PM or sets IDT back to 0:3ff (like AdFlt2A) will kick it
V1.01 (?)
-EDUMP or EZDump (EliCZ's DUMPer)
By: EliCZ/pCE (Czech)
Type: WIN mem dumper for DOS x
Ver I
Ver II: runnable under Win31
Adv:
unpacks any
unrunnable protor
runtime crypt
modified ver is able to kick FSE V0.76
Note:
the unstoppable unpacker?
EliCZ: truly & fully gen unpacker, bypass polymorph & mte
CG:
using WIN DPMI functions to gain access of hw bkpts
very strong
STN:
the ultimate unpacker
no EDUMP detection better than (the lame) mem detection
EDUMP run at ring-0 while proted x at ring-3. EDUMP can't be removed
without harming Win
-GTR (General TRacer)
By: Hendr!x/UCF aka Patrick Enoch
Type: trace.unpack?, 386 RM
Year: 1998?-1999?
V1.Df/Dt [1999?]
Adv:
STN: the best tracer
CG: clever hw bkpt tracing method in PM
ChS: it now reflects hw bkpts to V86 mode
Disadv: hard to use
Note: ver numbering is numeric then alphabet (8,9,A,B)
-DG (DeGlucker)
Type: rm?.debug
V0.0? : by ALI aka A. Ilyushin & MASTER aka S. Gorokhov (Russia)
V0.04rc: by CrazyMax aka Max Martynov (Russia)
V0.05 : [2000]
by OlegPro aka Oleg Prokhorov & VAG aka Vladimir Gneushev (Russia)
herinmi, manticore, cyr: very good
OlegPro: it can trace FSEd x
Disadv:
src is released
can't run with EMM
-ICEUNP (Intel Complex Emulator UNPacker)
By: JauMing Tseng or Kevin Tseng, Christopher Gabler
Year: 1996?-2000
Type: emu-trace.unpack
JMT: based on IUP-frame-work/interface & TEU-exe-rebuilder
up to V0.31:
by JMT
open src
CG: using TF, own stack, DRx tracing, int1/3 emulation
V0.32-V0.33:
by CG
add HS & MESS tracing
EdH: slow but working :)
V0.34
by JMT
regs are set like DOS before run
-IUP (Intelligent UNPacker)
By: Frank Zago (France)
Type: 1-step-trace.unpack, 386 RM
V0.67 [1996]
Adv:
immune to int1/3 & IN/OUT trick
1pass
Disadv:
strange result & slower on QEMM than real mode?
kickable by stack playing trick
src is released
Note: JMT independently improved IUP as ICEUNP
-AutoHack
By: Y. Tolsky/BCP (Russia)
Type: gen?.unpack
Compiler: BP V7.0
V4.1 [1994]
][ V1.0b [1994]
semi GUI
EdH: non-English. review, plz!
-SnapShot Pro
By: DaLe. Co (Russia)
Year: 1992-1994
Type: dump?
V3.0 [1994]
can do lib.unpack
EdH: review, plz!
-GETEXE
By: Tzer (Russia?)
Type: TSR.trace?
V2.0b [1993]
-HaSP-Extractor
By: Lord of Gifts
Type: many.spec.depres
V1.00 [1996?]
SBUST clone -> supports similar progs (?)
-BW (BlastWave)
By: Ding Boy (Taiwan?/China?)
Year: 1998(?)-1999
Type: dump/lib.unpack, DOS V6, 386
Compiler: QB V4.5, MASM V6.11
Variant: BW2000
V2.5b2 [1999?]
CG: interesting dumping method
STN: latest fine breed of lib.unpacker
EdH: good, but non-English. more review, plz!
-ERP (Executable Recovery Program)
By: Richie
Year: 1996-1997
V0.97b
Type: append.remover
Adv:
may remove appending (vir/protor) from known packer/compiler
Note:
the only append.remover unpacker
-RIPPER/32
By: Werong Ho (Taiwan?/China?)
Type: ?
Year: 1995
V2.01
Easy Version src is included
V3.00
Zenix: I like the src very much
-AUP (AUP386) (Acheron Universal unPacker)
By: Sirius aka lopenpet(?) (Slovakia?)
Type: unpack
V1.0b [1997]
unfinished prog
no help
not properly tested (often hangs?)
prog x can't run with emm or disk cacher
no handler for PIQ tricks
CG: unstable hw bkpt
Note:
the only ver
can't unpack anything? :)
-Game Tools
By: Wong Win Kin (Hong Kong)
Type: ?
V3.23 [1993]
Note: to cheat games, but also used for cracking :)
-GW (Game Wizard) 32 Pro
By: Ray Hsu & Gerald Ryckman /Enhanced Software Design (Canada)
V3.0 [1995]
Note:
game cheater, not debugger/unpacker
but since it goes TSR & may help x unpack, some protors (ex: MASK)
disables it
-Game Buster
-CRKCOM
By: ST!LLS0N
Type: dump.COM
V0.92 [1997]
option /1: RM.trace
free
no doc
-DUMPCOM
By: ST!LLS0N
Year: 1997-1998
Type: dump.COM
Compiler: BP V7.0
V3.55 PRO [1998]
free
no doc
-tHE DUMPER
By: LazyC0DEr/BotH
Type: dump/lib.unpack, 386pm
V1.00 [1999]
lib.unpack.detection is based from INTRUDER V1.30
-LCDump (LaMe CoM DuMPeR)
By: CyberRax (Estonia)
Type: dump.COM, 286, DOS V3
V1.0 [1 Jan 2000]
V1.01 build 7 [3 Jan 2000]
now supports COM presors
sets DOS mem alloc strategy to 1st fit
dumps after target prog is terminated
can be kicked with mem cleaning or anti-load
-UNSHELL
By: Feng-Zhihong/JWL Co. & New Bible Workgroup (China?)
Type: unpack.EXE
Compiler: BP V7.0
V1.1 PRO [1995]
shareware (to unpack, must wait 60 sec 1st)
adds string saying that unpacked x is unpacked by UNSHELL V1.0
-TBCLEAN
By: ThunderByte B.V. (Australia)
Type: trace.clean
V7.00 [1996]
V8.09
Note:
to clean vir, but...
CyR: decryptor part awfully resembles a virus, so...
part of TBAV
-RVK/386 (ROSE's Virus Killer)
Type: heur.clean.COM
Adv: bypass more ADT than TBClean
Disadv: TBClean's UI is nicer
Note: to clean vir, but...
-CUNP (ROSE's Generic COM file unpacker)
By: ROSE aka Ralph Roth/ROSE SWE (Germany)
Type: gen.unpack.COM
Year: 1996-1997
V0.17b [1997]
CyR: all vers crash on my PC
-UCOMUX (Vandals's COM Expander)
By: MegaDevil/Vandals (Portugal)
Type: dump.COM
Year: 1996
Note:
goes TSR until next COM exec & dump the COM before exit
always dump 64kb
part of Vandals's UNPCOM
-COMDump
By: MegaDevil/Vandals (Portugal)
Type: dump.COM
V1.0 [1996]
goes TSR, while run proted-COM press F12 to dump
always dump 64kb
part of Vandals's UNPCOM
-Simple COM dumper
By: Christopher Gabler/UG2000 (Germany)
Type: dump.COM, 386
Year: Mar 2000
Disadv: can't unpack COM exiting with int20
Note: part of UNPKIT (asm src)
-HACKTOOLS
By: Oleg N. Kolesnikov (Russia)
V3.0 [1994]
-Cheat Compiler
By: Steel Rat
V1.0 [1993]
-Player's Tool
By: Dmitry Yakunin & Andy Robinson /UHC (Russia)
V3.996b [1994]
-Action Replay
-AFD (Advanced Fullscreen Debug) PRO
By: Puttkammer?/AdTec GmbH
Type: RM.debug
V1.00 [1985]
-bXd (brandX SYMBOLIC DEBUGGER)
By: Sonam G. Gyato
Type: debug
V1.0
V2.6 [Aug 1987]
adv: regged offers bXd3: bXd2 + src debug + dual monitor support
disadv: shareware
-R86 Reassembler
by: Stefan Bion
type: disasm
v1.00 [1992]
note: generates A86-compatible asm
-X-C0M (X-C0M386)
By: rAND0M/xADI & ROSE aka Ralph Ropth/ROSE SWE (Germany)
Year: 1996
Type: gen.unpack.COM, 386
-SuperCX (Super COM-eXtractor)
By: Lost Soul/UCF
Type: unpack.COM, 8086
V2.00 [1994]
no ADT handler
src is provided [1996]
for learn & knowledge purposes
-ICEberg
By: Jos‚ M. L. Lopes
-DIS86 (Interactive Disassembler)
By: James R. Van Zandt
-IDA (Interactive DisAssembler)
By: Ilfak Guilfanov (Russia)
Year: 1991-1995
Type: disasm
V3.80 (?)
-Intercept/Interpret
By: Ned Konz
Type: used-int.recorder
-Periscope
By: The Periscope Company, Inc.
-DXDEBUG
By: PharLap Software
-QA (Quaid Analyzer)
By: Robert T. McQuaid
-Ultimate Unpacker
By: Andry Kobilykov aka AVK aka MERLiN /DTG/UG2000 (Russia)
V0.3 [1998]
non-pub
-SID (Symbolic Instruction Debugger)
By: Digital Research
Note: part? of DR-DOS
-COMUNP
By: Bushwoelie/MSH
Type: gen.unpack.COM
V1.0f [1997?]
only run in RM
dump mode
-Decay/386
By: Bushwoelie/MSH & Stonehead/TPiNC
Type: gen.unpack.COM
Compiler: TASM V4.0
V0.05 [1997]
only run in RM
successor of COMUNP
can't unpack 386 prot
-DumpExe
By: Bugsy/OBSESSiON aka Benjamin Petersen
Type: dump.helper
V2.4?
Note: plug-in for debugger
-UUP (Universal EXE UnPacker)
By: Nicolai Logvinov & Ilfak Guilfanov /Unibest (Russia)
Year: 1991-1993
Type: gen.depres.EXE
Compiler: BC++ [1991]
V1.4 [1993]
free
-TSUP (TSEP Universal unPacker)
By: Orion aka Levan Natroshvili & Zlorfik aka George Datuashvili /TSEP
Type: gen.depres
Compiler: MS-C [1992]
V1.60 [1993]
-UP (UnPack)
By: Wong Wing Kin (Hong Kong)
Year: 1990-1993
Type: few.spec.depres
Compiler: BP V6.0
V3.1 [1992]
V3.2 [1993]
-UNPACKER
By: VSF&K (Russia)
Type: few.spec.depres
Year: 1991-1992
V0.9b [May 1992]
Note: very old unpacker for very old presors
-XO or XOE (X-OPEN)
By: Ady E. aka Guy Shattah
Type: many.spec.unpack, 8086, DOS V3, min 40kb freemem
V3.30 [1993]
shareware
regged ver: option -c: gen.unpack.COM
no ADT handler
Note: very old unpacker
EdH: is Ady E. = Guy Shattah ?
-SBUST (Stick-Buster)
By: Lior Cohen/Exculiber
Type: many.spec.unpack
V1.10 [1993]
V2.40 [1993]
V2.40r
cracked by Damage,Inc.
Note: very old unpacker
-COMHack
By: Prince/IdleSoft
Type: unpack.COM, DOS V5
V1.02 [1996]
prog x is processed by an unknown presor & 2 unknown protors
EdH: non-English. review, plz!
-TPCX (T.P.C.'s X-tractor)
By: Asher Alon?/T.P.C. (Israel)
Type: many.spec.unpack, DOS V3.3, 64kb freemem
Compiler: BP V6.0
V1.0 [1994]
-XRay
By: Tom Kihlen
-Mark's Multidebugger
Type: RM.debug
V1.00 [1995?]
-AC (Anti-Crypt)
By: SMT/SMF (Russia)
Year: 1998-1999
Type: few.spec.unpack, 386, max 64kb proted x
V0.30.0 [Dec 1998]
prog x is proted by do-nothing-on-my-cpu protor (SMT's PolyScrypt)
V0.32.0 [1999]
src is provided
-MOW (Lame macronopper)
By: StoneHead/TPiNC (The Netherlands)
Year: 1997-1998
Type: macro.patch
Compiler: BP V7.0
V1.8 [1998]
439 macros
slow processing
-AHCR (ANTi-HACKiNG C0DE REM0VER)
By: ROSE aka Ralph Roth/ROSE SWE (Germany)
Type: macro.patch
V1.36 [2000]
-UNCOM (General Com-Unprotector)
By: ’narchistic Ka0t/N0PS
Year: 1996
Type: gen.unpack.COM, 386
Note: uses 386 hw bkpt
-unCOM
By: ROSE aka Ralph Roth/ROSE SWE (Germany)
Type: many.spec.deprot.COM
Compiler: BP
V1.25 [2000]
part of ROSE's UnTiny package
CyR: has some generic code
-UNEXE (UNiversal EXE/COM unpacker)
By: FALinc/NightMareCorporation (Russia)
Type: gen.unpack
Compiler: BC++
V1.0 [1997]
option -c: lib.unpack for BC(++), MS-C(++), WC(++), BP
prog x is proted by FALinc prot
---
VIRUS
---
Info Source: Frisk/F-PROT/2.??/VirDesc
---
-DIR, DIR-II (Creeping Death)
Type: file vir, infects x
Length: 691b, 1024b
Procedure:
when resident, it change dir structure data so certain x are linked to
itself
if you exec a file linked to it, it's also exec-ed & infect other files
on read/write
Damage: when all x is infected, no x can be exec-ed
Detect: chkdsk: some files are cross-linked to the same position
Note: not hook int24 when infect (omit i/o error)
-Flip
Type: boot vir, infects x
Length: 2672b
adds 2153b to infected x
uses smart anti-AV-detect
rotates scr display 180 degrees
-Monkey (Stoned.Empire.Monkey.B, Monkey 2)
Type: boot vir, infects boot sectors
Detect: chkdsk: -1024b of freemem
1 of few virs that can infect floppies under Win
crypts partition table of mbr
if you boot from clean floppy, disk can't be accessed
if resident & you check mbr, it will display orig, uninfected ver
-Mummy
Type: file vir, infects EXE
resident
sometimes hang while resident
adds 1,300b-1,503b to infected x
crypted string in vir code:
"Mummy Version x.xxx",
"Kaohsiung Senior School",
"Tzeng Jau Ming presents",
"Series Number=[xxxxx]."
JMT: I wrote it for experiment & my friends spread it
-GOLD-BUG
Type:
(color video & xtended HMA mem) resident,
requires 80186, DOS V5/6 + Himem.Sys
multipartite,
polymorphic,
EXE created only has 2 bytes that remain constant
512 front-end decryptors * 128 decrypt pattern
double crypt + int3 (ADT)
stealth,
infected self-check x won't detect any change
(boot & master)-sector infector,
spawning,
anti-AV: if resident:
(delete / stop exec) of any EXE which:
> 64kb
last 2 letters of filename are "AN" to "AZ" (SCAN/CLEAN/CPAV/MSAV/etc)
delete files (CPAV/MSAV)'s chklist.*
Length: 1,024b
Symptoms:
CMOS chksum failure
creates file w/o extension
modem answer on 7th ring
-TREMOR
-Shifting Object
Author: Stormbringer / Phalcon/SKISM
Type: vir
V3.0
Note: 1st vir to infect OBJ format
-3APA3A
Type: BS infector
Note: 1st (only?) kernel infector. Infects 1st file on HD
(usually IO.SYS or IBMBIO.COM)
-VCL (Virus Creation Laboratory)
Type: vir.lab
By: NoWhere Man/[NuKE]
V1.00 [199#]
Note: its ZIP package is crypted, the passphrase is "Chiba City"
CyR: most user-friendly DOS vir.lab
-BW (Biological Warfare)
By: MnemoniX (USA)
Type: vir.lab
V1.00 [1994]
COM/EXE/x infector
(non) resident
anti-trace
int24 handler
dir stealth
none/crypt/mte (BWME)
Note: the prog is password proted
-CIH (CIHorChernoble)
Type: Win95.vir
CyR:
1st vir to destroy hardware
1 of the most widely spread virs ever
caused havoc around the world
attacks 1998 (or 1999?)
---
(POLYMORPHIC/MUTATION) ENGINE
---
-MtE (MuTation Engine)
By: Dark Avenger or Mad Maniac /CrazySoft, Inc./Destroyers, Inc. (Bulgaria)
Type: vir.mte
V1.00b [1992]
TASM V2.5
no src
2kb engine
CyR: legendary
-NED ([NuKE] Encryption Device)
By: Nowhere Man/[NuKE]
Type: vir.mte
V0.90b [1992]
TASM V3.0
1,355b engine
15+b decryptor
uses Cryptex(C) polymorphic mutation algorithm
CyR: should be non-pub, but a person who get it from a [NuKE] member
distribute it
-TPE (TridenT Polymorphic Engine)
By: Masud Khafir/TridenT virus research group
Type: vir.mte
V1.4 [1993]
inspired by Dark Avenger's MtE
no src
1,6kb code
-VME (Visible Mutation Engine)
By: American Eagle Publications, Inc.
Year: 1993
Type: vir.mte
Disadv: no src
Note: only for research & educational purposes
-DSME (Dark Slayer Mutation Engine)
By: Dark Slayer (Taiwan)
Type: vir.mte
V1.0
Note: predecessor of DSCE
-DSCE (Dark Slayer Confusion Engine)
By: Dark Slayer (Taiwan)
Type: vir.mte
V1.0 [1994]
1,024b decryptor
no src
TASM/MASM
successor of DSME
-SMEG (Simulated Metamorphic Encryption Generator)
By: The Black Baron (England?)
Type: vir.mte
V0.1
used in PATHOGEN vir
V0.2
used in QUEEG vir
V0.3 [1994]
no src
TASM 2.51
-BWME (Biological Warfare Mutation Engine)
By: MnemoniX (USA)
Type: vir.mte
V1.00 [1994]
companion for Biological Warfare Virus Creation Kit
-MutaGen
By: Mnemonix (USA)
Type: vir.mte
V2.0 [1994]
no src
-GPE (GUN N' ROSES Polymorphic Engine)
By: Slash Wu (Taiwan)
Type: vir.mte
V1.00 [1994]
-RTFM (Rajaat's Tiny Flexible Mutator)
By: Rajaat
Type: vir.mte
V1.1 [1994]
650b engine?
no src
-SPe (Simple Polymorphic Engine)
By: LoRD Zer0
Year: 1994-1995
Type: vir.mte
V1.21 [1995]
419b engine
-Small Polymorphic Engine
By: Wild W0rker
-TCE (The Chaos Engine)
By: Sepultura (Australia)
Type: vir.mte
V0.4 [1995]
anti-heuristic?
-PME (Phantasie Mutation Engine)
By: Burglar (Taiwan)
Type: vir.mte
V1.0 [1995]
TASM V1.0
no src
free use except for injuring anything
-√ICE (√irogen Irregular Code Engine)
By: √irogen/[NuKE]
Type: vir.mte
V0.5 [1995]
TASM V2.0
1,995b engine code
13 - 850b decryptor
CyR: the most used mte in protor
-Red Team Polymorphy Engine
type: vir.mte (?)
note: mentioned by Morgan :)
-MutaMorph (Memory Mutation Engine)
by: Morgan
type: protor.mte
disadv:
sometimes hang
non-pub
note:
mentioned by Morgan
based on Red Team mte
-SimpMut
By: ANAKiN aka Stefan Esser (Germany)
Type: protor?.mte
-VBPE (Valmii's Basic Polymorphic Engine)
By: Valmii/tKD aka Soeren Pretzel (Germany)
V0.4 [2000?]
included on Valmii's CCE (x protor) beta
-TME (TRAP's Mutation Engine)
By: Christopher Gabler (Germany)
Type: protor.mte
V1.02 [Jan 2000]
Note:
used in CG's TRAP (x protor)
based on √irogen's √ICE V0.5
non-pub
-MPME (MERLiN's Polymorphic Mutation Engine)
By: Andry Kobilykov aka AVK aka MERLiN /DTG/UG2000 (Russia)
Type: protor.mte
Note:
used in MERLiN's PCrypt (x protor)
non-pub (?)
-HS-Muteng (HackStop Mutation Engine)
By: ROSE aka Ralph Roth/ROSE SWE (Germany)
Type: protor.mte
Note:
used in ROSE's HackStop (x protor)
non-pub
-SHAME (StoneHead Adjusted Mutation Engine)
By: StoneHead (The Netherlands)
Type: protor.mte
Note:
based on Darkman/VLAD disasm of Wild W0rker's Small Polymorphic Engine
used in STN's MESS (x protor)
non-pub
but STN plans (?) to release the src
STN: next plan for SHAME (][) should be a MMX-mte jumps anonymously to
ring 0, debug bkpts to lock up debuggers using Pentium II/III
errata, shovel off enough unpackers, BUT I don't have the spirit & time
Zenix: SHAME is a masterpiece
EdH: maybe next SHAME can be renamed as SHAMESS or MESHAMIAS
-ZVCE (Zenix V-Code Engine)
By: Zenix Yang aka Yang Shiuh-Phong (Taiwan)
Type: protor.mte
II
used in Zenix's FFSE (EXE protor)
non-pub
manual trace is boring
---
FILE IDENTIFIER
---
-FI (FileInfo)
By: Michael Hering aka herinmi (Germany)
Last known Ver: 2.41j
Year: 1997-2000
Type: file.identify, 386, ~340kb (as shell = 28kb) mem, XMS, VGA, DOS V5
Compiler: BP V7.0
V2.06
part of ROSE's UnTiny package
CyR: prog x contains nice ASCII picture
V2.40 [2000] free-regged to a few people (including me :)
V2.41b
V2.43
Adv:
free (but unregged)
most up-to-date identifier
still updated
GUI
crypt/encoding 'opinion'
Win LFN support
external batches
Disadv:
requires VGA
prog x prot often changes
note: focusing on x processor
-TYP (TYPD32)
By: Veit Kannegieser (Germany)
Type: file.identify
Year: ? - 2000
Compiler: BP V7.0 or VP V2.00
15.04.2000
Adv:
most (accurate & wide-range of) detection
cpu emulate (to bypass protor mutation)
free
Disadv: not frequently updated
Note: the prog spent 1000+ hours of author time
-GT (GETTYP)
By: PhaX aka Philip Helger (Austria)
Type: file.identify, 286, 250 kb basemem, XMS (optional)
Year: 1997-2000
Compiler: BP V6.0
adv:
free
still updated
V2.52
V2.60 [Dec 2000]
EdH: very long history (I DID read it!)
-FA (File Analyzer)
by: Vadim Torosov (Latvia)
type: file.identify
-File Analyzer
by: Hypn0tizeR
V1.8
-AINFO (Amon's file INFOrmation)
by: Amon Soft (Russia)
compiler: BP V7.0
V4.2 [Sep 1999]
beerware
-EXESCAN
By: ST!LLS0N
Year: 1997-1999
Compiler: BP V7.0 (?)
V3.21 [1998?]
last pub ver
V3.25 [1999]
used in Snow Panter's UN-PACK
-ChkEXE
By: Hanno Bock/SAVE (Germany)
V1.17? [1997?]
---
DOS EXTENDER
---
Info Source: OlegPro/32LiTE/V0.02d/DOC
--
-DOS4GW or DOS/4GW (DOS (up to) 4 Gigabytes for Watcom c/c++)
Protected Mode Run-time
By: Rational System
Year: 1990-1996
Type: LE extender, 386, AT or PS/2, DOS V3, 64kb XMS
V1.97 [May 1994]
bindable
inpresible
size = 265,396b
V2.01a [Apr 1996]
by Tenberry Software (formerly Rational System)
bindable
inpresible
found on McAfee VirusScan for DOS/PM V4.xx
can't run under OS/2
Note:
Professional (licensed) ver can only be binded
contains DOS/4G & DOS/16M
= modified DOS/4G to support LE
the official dos-extender (or licensed) for WC(++)
its big size causes people to write alternative LE dos extenders
-DOS4G or DOS/4G (DOS (up to) 4 Gigabytes) Protected Mode Run-time
By: Rational System or Tenberry Software
Year: 1987-1997
Type: 386, AT or PS/2, DOS V3
V2.60 [1997]
size = 350kb (?)
Note:
Professional (licensed) ver can only be binded
found? on IDSoftware's DOOM II x (game)
-DOS16M or DOS/16M (DOS (up to) 16 Megabytes) Protected Mode Run-time
By: Tenberry Software
Year: 1987-1995
Type: 286, DOS V3
V6.01 [1995]
internal (only bindable) ?
Note: found on NU for Win4x/DOS/(NDD, DiskEdit, UnErase) prog x
-PMW or PMODE/W (Protected Mode for Watcom c/c++)
By: Daredevil aka Charles Scheffold & Tran aka Thomas Pytel
Year: 1994-1997
Type: LE extender
V1.33 [1997]
size = 12kb (presed), ~16kb (unpacked)
internal (only bindable)
own code pres (by PMWLITE)
free for non-commercial use
commercial use: 500 USD
student: 100 USD
Note: famous, common replacer for DOS4GW
-PMODE
By: Tran aka Thomas Pytel
V2.51
V3.08
free
Note:
used by many softwares
asm src
-PMODEDJ
By: Tran aka Thomas Pytel & DJ Delorie (?)
Note: for DJGPP x
-DOS32A or DOS/32A (DOS/32 Advanced)
By: Narech Koumar (Naresh Kumar)/SUNSYS or Supersnar Systems (Sweden/Russia)
Year: 1996-1998
Type: LE & LX extender, DOS V4+
Last know ver: V7.00 [1998]
V4.30
mode switching is optimized for any CPU with multiple execution units
supporting RISC86 (ex: Pentium MMX/II & AMD K6)
official format = LX, but LE is still supported
V5.00 [1998]
last know free :) ver
size = 26Kb (16bit presable)
bindable
various options
commercial use: 499 USD
VESA VBE V2.0 & mouse support
can alloc up to 64Mb (max possible 2Gb) RAM
supports up to 32 objects per application
no (VM & pres & non-zero based flat model) support
Note:
most compatible, flexible & fastest?
-ZRDX (ZuRenava Dos Extender)
By: Sergey Belyakov (Russia)
year: 1998-1999
Type: LE extender
V0.49 [1999]
Size = 12Kb
Internal (only bindable)
Free
with src
-CW (CauseWay)
By: Michael Devore
Type: 386, DOS V3.1
Year: 1992-1999
V3.49-
commercial
V3.49 [1999]
size = 47,088b (presed)
supports Clipper V5.1 & Clarion V2.1
presable (CWC)
internal (only bindable)
auto log if error
pub domain
src is released
author gives up on DOS :)
Note:
has spec.x.format called 3P
famous, found on F-Prot V3.x (AV), PGP V5.0bi
-PharLap TNT
By: PharLap (?)
Note:
Commercial
Found on some Microsoft products (MASM)
-DOS32
By: Adam Seychell (Australia)
Year: 1993-1996
Type: Adam extender, 386
V3.0
V3.3 [Nov 1995]
size = 8.5kb
free for non-commercial use
commercial: typically $150
own code pres (by linker)
OMF linker
DLL support
V3.4b rev 9 [1995]
found on Dark Fiber/[NuKE]'s VACUUM prog x
V3.5b rev 6 [Aug 1996]
size = 9,008b
shareware
1/2 sec delay
undisable logo
max 4mb mem
Note:
has spec.x.format called Adam
depresable (OlegPro's DOS32Unp)
-Prospero
Disadv: Commercial
Note: supports Pascal & ?
-FlashTek X-32
Note: mentioned in Ralf Brown's Interrupt List
-WDX or WDOS/X (Wuschel DOS eXtender)
By: Michael Tippach aka Wuschel (England)
Year: 1996-2000
Type: multi.extended.x.extender, 386
V0.94 [1997]
V0.96b1 [May 2000]
supports LE, COFF, PE
Size = 11,094b (LE)
Free
presable (Jibz's WDOSX-PACK)
bindable
simplest binding
Win32-like API
Note: used by TMT Pascal
-E.O.S (Eclipse Operating System)
By: Eclipse
Type: LE extender, 386, DOS V3
V3.05 [1997]
Free?
Note: found on RAO's ERI32
-BLINKER (BLX286)
By: ASM (Assembler Software Manufacturers)
Type: Clipper NE extender, 286, DOS V3
Year: 1992-1998
V5.10 [1998]
Size = 42kb
-CWSDPMI (Charles W. Sandmann DPMI)
By: Charles W. Sandmann
Year: 1995-2000
Type: 32bit DPMI server (esp. for DJGPP V2), 386, DOS V3
Adv:
few DPMI V1.0 extensions
also run (DJGPP V1.x & RSX) x
1-time service or goes TSR
Disadv: no support for 16bit DPMI
V0.90+ r1 [1995]
Compiler: BC V3.0 [1990]
V0.90+ r4 [1997]
IDSoftware's Quake V1.06 [1996] refuses to run under V0.90+ r4
maybe because of merely different setup
r5 [2000]
bindable?
found on UPX V1.04
Note: based on DJ Delorie's GO32
-EMX (Eberhard Mattes's eXtender (?))
By: Eberhard Mattes
Year: 1991-1995,2000
Type: EMX C extender/loader
V0.9d (rev 60) [1995]
V0.9d (rev 61) [2000]
Note:
part of EMX C Compiler
found on RAR V2.6+ for DOS32 or OS/2
-RSX (Rainer Schnitker's eXtender (?))
By: Rainer Schnitker
Year: 1993-1998
Type: DPMI extender for EMX & RSXNT x
V5.21 [1998]
free
requires DPMI server
-PRO32
by: Dieter Pawelczak (Germany)
year: 1996-1999
v1.7 [Jan 1999]
size=9,984b (presed? by Pack V1.0)
note: part of Pass32 assembler package
-DOS extender
by: Doug Huffman
year: 1991-1994
size: 1,536b (loader)
note:
loader has string 'B23X'
found on SciTech/UniVBE/5.1/VBETest.EXE
-PowerPack
by: Borland
note: to support BC V5+ (?)
-RTM
by: Borland
year: 1990-1993
type: 16bit NE extender
V1.1 [1993]
note:
to support 16bit PM Borland stuff (BP V7.0 TPX.EXE, TLINK V6.00)
paired with DPMI16BI.OVL
-32RTM
by: Borland
year: 1992-1994
type: 32bit PE extender
V1.5 [1994]
~60kb resident
note:
to support 32bit PM Borland stuff (TASM32 V4.0)
paired with DPMI32VM.OVL
---
PERSON IDENTIFIER :)
-DaRKMaN/TPiNC : Rob van den Nieuwelaar/The Netherlands
author of DIF
author? of ScanEXE & ProtUPC
disassembling? the Wild Worker's Small Polymorphic Engine
1 of greatest vir.author (?)
-dr.Lazy: Thomas Mann/Germany
-dr. No: Stefan P.?/Germany?
there is two (?) dr.No: 1 from Germany & 1 from Russia (?)
EdH: one of two must change his nick into dr. Yes :)
-Zenix Yang/pCE: a mte maniac :)
-Ugly Duckling: South Africa
-MF: Gamumba/Russia
-EddyHawk: Robert Louis Stevenson :)
---
*FAMOUS* QUOTATIONS:
EliCZ: compare the number of protors with the number of proted x
PaC: if a prot system is safe, it will be broken (Murphy's Law)
X (de)prot = hi-tech cat & mouse game / holy war
EdH:
"CRYPT", "SCRAM*" & "CC*" are considered as very creative names for some
protors :)
No LE/LX protector? Oh, I know, it's not DOS which is dead, but the
protection scheme itself :)
---
MISC
---
?: disadv of Win32/PE pres: increase mem requirement if user starts
several instances of the (big) prog.
ANAKiN: using win32/pe presor wasted a lot of mem, but that's Microsoft's
fault because Memory decommit functions simply don't work.
X Loading may take longer, but after it's unpacked the pages get swapped
out if there're no more accesses on them. And btw: code sharing is easily
possible.
CG: hw bkpt isn't possible under Win
CyR: Estonia isn't part of Russia, but a small independent country right next
to Russia ("Russia's window to the west" :)
EdH:
This is the 5th release, made possible by a few good men :)
Warning: Reading this too long can be dangerous to your health
How if I change the name of ProsInfo to Computer Arts Review: it will
review any (hard/soft)ware, any file format, any cracking group, any ascii
art & any computer person in the whole planet? Are you ready for it?!
<shiver> Thinking about the immensely endless gigantic work I should do if
it really happens...Naah!
Do you know that writing this info is mega boring & painful?
It's = writing semi File Identifier
But maybe it can be integrated in File Identifier: after such prog detects
a certain software processor, user can press certain key to get relevant
info from ProsInfo. Since File Identifier & ProsInfo usually share same
info (like prog name, author, year, ver, etc) their combination can saving
some space
No, don't look at me! Don't ask me to combine them :)
Since materials reviewed here are mainly from SuddenDischarge, I can't
help to think that this info = SuddenDischarge documentation :)
Hanno Bock's is called EXEList, mine should be called ListEXE :)
Germany & Russia have mass of coders & (crack/hack)ers :)
what country is ".uy" ?
Thx U for reading this crap (ProsInfo) :)
---
A FEW GOOD MEN
---
StoneHead
as 1st person who reply about ProtInfo (R1)
for giving some feedback
JauMing Tseng, for:
handing some software
giving some feedback
Michael Hering, for:
handing MANY softwares
his FileInfo (helps to make ProsInfo this large :)
Veit Kannegieser, for his TYP (helps to make ProsInfo this large :)
CyberRax, for:
reply about ProsInfo (R3)
rising up my morale :) by saying:
"Pro?Info is (excellent/ROCKS!/nice 'fresh breed' in EXELIST/fun to read)"
"Keep on the fine work"
Thx U so much, pal!
giving LARGE feedback
contributes a review
EdH: but to my sense one shouldn't review his own progs, NOT because it
will give unfair opinion, but because it's just the same as writing
the prog doc :)
Morgan, for:
reply about ProtInfo (R2)
giving some feedback
Gamumba, for identifying Russian authors on ProsInfo (R4)
actually I am not quite agree if (for ex) MERLiN must be written as
MERLiN/.../UG2000 on PCRYPT section because PCRYPT is released under
DTG group at that time, not UG2000. But who cares... :)
David, The Archivist, Preacher /SuddenDischarge
for "handing" IMMENSE of softwares
Hanno Bock /EXEList, for:
keep me informed :)
"handing" MANY softwares
---
UPDATE history
---
1999: Apr-Jun,Nov
2000: Feb,Apr-Dec
2001: Jan-Mar