************************************************
************************************************

Unfortunately, this site has restricted functionality as this browser does not support the HTML button formaction attribute.

Unfortunately, this site has restricted functionality as this browser has HTML web storage turned off.

1 of 2 files eddyhawk

    Download prosinfo_old.txt

    Size 130 kB

  • Browsers may flag this download as unwanted or malicious. If unsure, scan it with VirusTotal.
  • Last modified May 14, 2014 7:56:26 PM
     MD5 checksum 2aceb4a1d39472dda60cb8b9517ac01e
        Mime type Non-ISO extended-ASCII text, with CRLF line terminators

2001 March

  • Text / Computer tool
  • EddyHawk, writer credits
[+] Configuration Copy text
EddyHawk's Info List --- Executable Processor Review (ProsInfo) ---- Writer : EdH Date : ##-03-2001 Warranter : Alien Info Source : herinmi/FI V2.30/Fibex.Txt herinmi/FI V2.41B PHaX/GT V2.60 BenC/UNP411.DOC VeK/TYP-D32 15.04.2000 CyberRax/FeedBackReview programs DOC authors comment EXEList members comment unpacked program executable :) self experiment Program Source : http://www.suddendischarge.com Editor : Program Editor (PEDIT) Light V4.00 (c) Goldshell Digital Media (1995-1999) Shell : Volkov Commander (VC) V4.03 (c) Vsevolod V. Volkov (1991-1999) Volkov Commander (VC) V4.05 (c) Vsevolod V. Volkov (1991-2000) My Computer : i486DX4 (100Mhz), 8Mb FPM DRAM, QEMM V8.01, MS-DOS V6.22 CyR's Computer: AMD 486DX2/100MHz (overclocked), 8MB RAM, MS-DOS 6.22, HiRAM 1.9a ---- LEGEND --- ? = I'm not sure ###b = ### bytes #86 = (Intel/compatible) 80x86 microprocessor alloc = alloc(ation) ADT = Anti (Debug/trace/load/dump/unpack/disasm/patch) Trick AT = Advanced Technology cpu AV = AntiVirus(Scanner)/AuthenticVerification bkpt = breakpoint config = configuration CPU = Central Processing Unit crypt = encrypt(ion) (dis)adv = (dis)advantages DLL = Dynamic Loadable Library doc = documentation DPMI = DOS Protected Mode Interface emm = ex(ten/pan)ded memory manager ex: = example exec = execution FCB = File Control Block FPU = floating point unit gen = gener(ic/al) GPL = General Public License GUI = Graphical User Interface HD = (hard/fixed) disk heur = heuristic hi-mem = high memory (h/s)w = (hard/soft)ware IDT = Interrupt Description Table IVT = Interrupt Vector Table int(#) = int(#hex) lab = laboratory min = minimum max = maximum mbr = master boot record mem = memory mte = MuTation Engine orig = original ovl = overlay PIC = Programmable Interrupt Controllers PIQ = Prefetch Instruction Queue PM = protected mode popunpak = popular unpackers: TEU V1.82, CUP386 V3.4, ICEUNP V0.31 pro = professional prog = program prot = protect(ion) protor = protector proted = protected pres = compress(ion) presed = compressed, packed presor = compressor preslib = compression library PSP = Program Segment Prefix pub = public reg(ged) = register(ed) reloc = relocation (table/items/entries) or fixups RM = real mode scr = screen src = source (code) sig = signature SFX = SelF-eXtract (archive) spec. = speci(fic/al) temp = temporary thx = thanks TSR = Terminate & Stay Resident U = you V86 = virtual 86(real) mode V/Ver = version VCPI = Virtual Control Programming Interface VGA = Video Graphic Array VM = Virtual Memory vir = virus w/o = without x = executable (covers COM & EXE) XT = eXtended Technology cpu (X/E)MS = Ex(tend/pand)ed Memory Specification ---- ABBREVIATED NAME ---- BC = (Borland/Turbo) C BenC = Ben Castricum/The Netherlands BP = (Borland/Turbo) Pascal CG = Christopher Gabler/DTG/UG2000/Germany ChS = Christian Schwarz/Germany Cleric = ThE CLERiC! (Carl Elkhabbaz)/Lebanon CP/M = Control Processor for Microprocessor, by Digital Research CyR = CyberRax/Estonia DJGPP = DJ Delorie's DOS port of GNU C/C++ Compiler DOS = MS-DOS (microsoft disk operating system) & compatible EdH = (the one & only :) EddyHawk EIPL = Executable Instant Protector Laboratory (EdH's proposal) EuH = Euskal Herria, UiP volume contributor FaB = Fabrice Bellard/France FaM = Fauzan Mirza herinmi = Michael Hering/Germany Jibz = Joergen Ibsen/Denmark JMT = JauMing Tseng/Taiwan LZ = (Abraham) Lempel - (Jakob) Ziv compression algorithm MASM = Microsoft Macro Assembler MD5 = Message Digest V5 by Ronald Rivest/RSA Mor = Morgan/Poland MS-C = Microsoft C NU = Norton Utilities by Peter Norton/Symantec NT = (Win) New Technology OlegPro = Oleg Prokhorov/UG2000/Russia OS/2 = Operating System 2 for PS/2 cpu by Microsoft/IBM PaC = Pablo Carboni PCK = Protector Creation Kit (name is suggested by CyR) PHaX = Philip Helger/Austria PS/2 = Personal System 2 cpu by IBM QB = (MicroSoft) Quick Basic QEMM = Quarterdeck EMM realix = Martin Malix/Slovak ROSE = Ralph Roth/Germany StE = Stefan Esser/Germany STN = Stonehead/The Netherlands Szaszi = Szabo Laszlo/Hungary TASM = Turbo Assembler TBScan = ThunderByte (AV)Scanner TEA = Tiny Encryption Algorithm UiP = Universal Improved Patcher by dr.Lazy/lkcc VAG = Vladimir Gneushev/VAGSoft/UG2000/Russia VeK = Veit Kannegieser/Germany VP = Virtual Pascal WC = Watcom C WIN = MS-WIN (microsoft windows) Zenix = Zenix Yang/PCE/Taiwan ZC = Zortech C ---- (PROTECT/CRYPT/SCRAMBL)ER ---- Info Source : ROSE/RADFAQ/1998 ROSE/STN/HS/V1.19b217/DOC ROSE/UNTINY Zenix/FSE/Q&A CG/TRAP/INSIDER.FAQ http://www.egroups.com/list/ffse Protector Source : http://www.egroups.com/list/exelist http://aaron.bentium.net (?) http://www.cracking.home.ml.org {down?} herinmi :) ---- STANDARD ---- On-line executable protection usually have: -against passive attacks (direct view/disasm/patch) .crypt scramble code to unrecognizable form using random key .mte randomly insert junk code between orig code without affecting the orig code exec .code integrity check (checksum/CRC32/MD5) .nebelbombs (opcode crypt) to confuse disassembler (against IDA V3.80 or Sourcer 7) harmless instructions which jump to a location within another opcode -against active attacks (trace/unpack/debug/dump) .specific trap (against TEU/UPC/TR/Soft-ICE/etc) -quick & dirty .backdoor misuse (Soft-ICE worm/magic tunnel) .mem detection for "string" which is present in deprotor executable (ATEU V1.2) .detect the presence of deprotor tempfile (DS-CRP V1.31) .patch deprotor int handler (iLUCRYPT V4.019) .BFE (Blind Fury Engine) by: Morgan (Poland) bombs standard mem locations & ints of well-known hacktools w/o warning -clean .fake entrypoint/exit .generic trap -stack playing -invalid opcode -running line: self(trace/modify/decrypt) code only decode 1 instruction at 1 time not exposing a long fragment of code under analysis by: Serge Pachkovsky (?) -auto debug -fake entrypoint -passive protection against active attacks: .scr off some protectors use it 2 times .keyboard lock some protectors don't save & restore keyboard rate .passive antidumping against int21 based dumper? -reasonable compatibility with most of popular processor/OS/memory manager/dos extender --- -FSE or FFSE (Final Fantasy Security Envelope) By: Zenix Yang/pCE aka Yang Shiuh-Phong (Taiwan) Year: 1994, 1997-1999 Type: EXE protor, 386? V0.55S [Sep 1998] not disabling TP 7.0 EXEC is V0.6C removable adds 6,083-6,454b to proted x hang on RM of my cpu V0.6+ [Sep 1998] can't be run at all on my cpu (RM or V86) V0.76 [Jul 1999] is now run on V86 of 486 adds 7,905-8,030b to proted x slow proted x disable TP7 EXEC V0.77 is planned to be 486 RM compatible Adv: best prot -> kicks popunpak mte free ver available Disadv: adds logo + ovl to proted x (but can be removed) must be the last protor (mostly the only protor) since Zenix house was crashed by earthquake, he may not continue FSE again. please pray for his fortune OlegPro's xFSE V0.01b removable OlegPro: In xFSE I use other way to remove protor, called 'bkpt at fault' (BPF). FSE stores orig x inside FSEd (+header+reloc) Note: uses ZVCE II (mte) PSP Faker/Shifter? AdFlt2A gen ADT -UPStop (UnPackStop) By: Szaszi aka Szabo Laszlo (Hungary) Year: 199?-1999 Type: EXE protor (COM -> EXE), 386 V0.97 [1999] Adv: very good prot gen anti-dump kicks popunpak check file size (disable-able) multiple crypt layer mte free ver available Disadv: adds 5,465-5,588b or 5,945-6,043b (option /p) to proted x multiple prot is unallowed V0.95 hang on Pentium. But some tricks are removed on V0.96 may run on Pentium now? V0.96/0.97: slow proted x disables TP7 EXEC can't prot RAR Archiver V2.06 (doesn't run) Szaszi: it will be fixed VAG's DeUPS97 & BW V2.5 removable Note: CaS: its invalid opcode trick runs properly under QEMM EliCZ: Szaszi is the 2nd comes with autodebug (V0.95?) V0.97 has anti-EDUMP but crash on NT -JMCE (JauMing CryptExe) By: JauMing Tseng or Kevin Tseng (Taiwan) Year: 1994, 1997-2000 Type: EXE protor, 286 Adv: good prot fast proted x very compatible shows ASCII slime if one attempts to unpack proted x V0.7n [Jul 1998] adds 3,160-3,162b to proted x V0.7o [Sep 1999] anti TR V2.52 V0.7p [Nov 1999] anti UNJMCE V0.7q [Jan 2000] anti BW V2.5 V0.7r [Jan 2000] better anti TR V2.52 V0.7s [Apr 2000] restore int1 after decode adds 3,631-3,653b to proted x kicks popunpak anyware: U can send (any/no)thing (but coin) to the author :) Disadv: no mte multiple prot (remove 'Ex' & 'encr' sig 1st) causes hang V0.7o and below are CG's UNJMCE upackable V0.7p to 0.7r proted x crashes WDOS/X if exec-ed before WDOS/X JMT: anti-unjmce hooks but doesn't restore int1 TR 2.xx + herinmi's Script removable? V0.7s: BW V2.5 half removable Note: V0.7s no longer hangs WDOS/X JMT plans JMCE2 (strange method which works on Win2K) -AdFlt2A (Anti Debugging Filters V2A) By: EliCZ (Czech) Year: 1998 Type: COM protor, 386? Adv: very good prot PSP Shifter PM, VCPI, DPMI tricks? adds 1,488-1,489 byte (w/o reg key) to proted x proted x can show the owner [ option :o) ] free Disadv: some spec.unpackers available no mte src is released Note: EXE2COM-ed TP 7.0 prog is TEU V1.82 removable EliCZ introduces term "auto-debug" not "anti-debug" CyR: the protor itself is never used, only its code by other protors (?) EliCZ: most orig protor Zenix: best COM protor, ultra strong prot, no tool to debug it Cleric: marvelous & creative protor -PCG (PC Guard) for DOS By: Blagoje Ceklic (Yugoslavia) Year: 1994-2000 Type: EXE protor, 386? V3.20 PRO [2000] Adv: mte? 2 type of prot LOADER (crypt image,destroy header,clean mem) ENVELOPE (user-selectable crypt layers) 3 prot modes NOIC/AUTO/CODE check debugger/lock position 3 demo mode TIME/DATE/EXE GUI Disadv: adds at least 6Kb to proted x (1 layer) commercial proted x shows message, recipient name & delay only demo -> proted x can only run several times must specify recipient name proted x: sets keyboard to slowest rate is slow complicated proting procedure CG's UnPCG removable Note: OlegPro plans to release xPCG, but CG's UnPCG is out first -EXELock 666 By: ST!LLS0N Year: 1997-1998 Type: EXE protor, 386 Compiler: BP V7.0 V1.05 [1998] Adv: adds 2,471-2,476b to proted x free Disadv: no mte no crypt TEU V1.82 -! -m:4 removable Note: uses scr off & mem detection for TEU -ProtEXE By: Tom Torfs (Belgium) Year: 1995-1997, EXE: 4b - 60/62 kb Type: x protor Compiler: WC(++) 16 V3.11 [1997] Adv: fast proted x adds 3,106-3,109b (COM) or 3,174-3,196b (EXE) to proted x selfcheck (regged -> optionally on ovl) regged: tie option -> ties depresor & proted x together can prot TSR password (optional) DOS shell-like interface reports orig & proted x differences Disadv: complicated proting procedure sometimes generate buggy proted x TEU V1.82 -g -! half removable (even regged ver) shareware -$pirit By: Night $pirit (Russia) Year: 1995?-1996 Type: x protor, max <= 57000b V1.5 [1996] Adv: mte multiple prot is allowed if 'N$' sig is removed adds 558-950b (COM) 710-1,084b (EXE) to proted x Disadv: weak prot CUP386 V3.4 /3 removable, TEU V1.82 -! -g (EXE) removable uses $UPD mte, which are used by some virs, triggering some AVes's false-alarm (now I know :) Note: uses $UPD ($pirit Universal Polymorphic Device) V2.1 Snow Panther: strong mte -SS (SuckStop) By: ’narchistic Ka0t/N0PS (Germany) Year: 1996/1997 Type: EXE protor Adv: ROSE: impressive & short protor Disadv: older src code is released Win9x incompatible weak prot can't prot > 64 Kb proted x sets keyboard to slowest rate V1.00 has 3 sub vers V1.05 adds string "SuckStop V1.00 (c) DOSE" to proted x V1.07 rewritten V1.07.02r optional password (/p) proted x hangs my cpu V1.11r CUP386 V3.4 /7 removable ROSE: some ver have mte a ver has 386 ADT latest ver is V1.18 STN: V1.18 is a typo -ALEC V0.1 -ALEC By: rANDOM/UCF Year: 1996-1997 Type: EXE protor V1.6.386.pro [1997] Adv: password (/p, optional) adds 3,500+ b to proted x mte Disadv: weak prot proted x sets keyboard to slowest rate prog x hangs my cpu while proting certain x Note: uses scr off -iLUCRYPT By: iLUVATAR aka Christian Schwarz (Germany) Year: 1995-1999 Type: x protor, DOS V3.3, 486+fpu (386+fpu?) Compiler: BP V7.0 V4.019 [1999] Adv: 2,765b crypted ADT code presed reloc FPU operations for decrypt V4.018 can add one's own ADT (up to 3) modules to loader (/MOD: option) 2 samples is provided V4.014b kick debuggers/tracers which storing prog regs in the 1st meg V4.016 password 128bit key, 64 bit data of modified FaM's TEA (TinyIDEA?) block cipher Disadv: no mte min 486+fpu Win95/NT/ OS/2 /Linux incompatible (stopped under Win/ OS/2) PC-DOS/V7.0/IBMAV or similar AV blockers may interfere IluCrypt can't run on my cpu (orig package), but Aaron's unpacked protor x re-proted by itself CAN run on my cpu Weird, isn't it? (maybe Aaron disable some incompatible tricks?) Note: ADTs used: -running line -V4.015: NOTing complete int table mem hw bkpt invalid opcode -fake entrypoint -fake exit (optional), adds extra 100b to proted x -anti reload functions successor of CSCrypt Pro -CSCrypt (Christian Schwarz Crypt) Pro By: Christian Schwarz (Germany) Year: 1996 or 1997? Type: x protor? Compiler: BP V7.0? V3.30 [1997?] Adv: mte Disadv: no longer updated because it's easy to hack? hang on my cpu Note: predecessor of iLUCRYPT -C-Crypt By: De'FeinD/uCT Year: 1997-1998 Type: max 60kb COM protor (EXE -> COM), 386, FPU V1.02b1 [Aug 1998] Adv: adds 1,080b (COM) or 1,320b (EXE) to proted x adds string "Protected with C-Crypt" & "MsDos" in end of proted x fucks (?) all known debugger/unpacker/tracer kicks popunpak Disadv: TR + ConTRa R1 script removable prog x can't prot read-only x the only FPU instruction used is FNOP, no problem to step over it fixed crypt key (at least in this version) buggy decryptor (not restore the last byte) prog x hangs on (my & CyR's) cpu proted EXE hangs on my cpu -GA (Gardian Angel) By: Stefan Verkoyen (Belgium) Type: x protor, 8086 V1.0b [1995] Adv: GUI random ADBlock arrangement regged ver offers anti (load & TSR unpackers) 386 ADTs mte Disadv: shareware weak prot Win9x incompatible Note: the author skipped PIQ tricks to stay Pentium-compatible STN (?): it should be Guardian Angel, not Gardian Angel, but hey, he's a coder, not a writer :) -MESS By: Stonehead/TPiNC (The Netherlands) Year: 1996-1999 Type: EXE protor (COM -> EXE), 386 Compiler: MASM V6.13 V1.07 [1997] Compiler: TASM V4.0 V1.31 [1999] Adv: Good prot mte (option /M for fully polymorphic for COM file -> produces COM) generates different decryptor proted x can show registration info (option //) can add ownername to proted x user-selectable number of crypt layer(s) (option /L<n>) anti-TEU trick (option /T) -> can't run on WinNT adds 2,484-2,717b (9 layers) to proted x free for non-commercial use run on Cyrix, Linux's DOSEMU Disadv: commercial use is prohibited disables TP7 EXEC src is released (V1.07 & V1.31) TEU V1.82 half removable ICEUNP V0.34 removable Note: MESS is branch of SCRAM! b5 is inspired by Gardian Angle prog x started with string "FUCKYOU" uses SHAME (mte) since V1.08 STN: I don't know why DeGlucker can't unpack MESS for some time -HS (HackStop) By: ROSE aka Ralph Roth (Germany) & Stonehead (The Netherlands) /ROSE SWE Year: 1994-2000 Type: x protor, 8086, 80386, COM: ~ < 61000b, EXE: 64b -?b, max 16,000 reloc Compiler: MASM V6.0 & V6.13 V1.00 [Apr 1995] V1.11 [Dec 1995] V1.13 [Jun 1996] ripped by Dark Destroyer/TiC and named DarkStop (No Lamer) V1.0 [1996] V1.16 [Apr 1997] with 386 PM ADT, only for TPiNC party & regged user V1.17cr [Sep 1997] SMT/SMF: doesn't run under Win V1.18 [Jan 1998] requires 386+ to prot build 70 adds 3,316b (COM) or 3,388b (EXE) to proted x V1.19 build 206 [May 1999] adds 3,426b (COM) or 3,743-3,757b (EXE) to proted x now crypts EXE (body & reloc) build 217 [July 1999] adds 3,456b (COM) or 3,838b (EXE) to proted x is ICEUNP V0.31 (& V0.32?) removable V1.20 build 227 beta [Apr 2000] adds ICEUNP & EDUMP (detect/protect)ion /86(s/d) is ICEUNP V0.34 removable Adv: Good prot running line heavily tested :) very compatible semi? mte several crypt layers adds owner name/message to proted x adds string "HS" & "MsDos" in end of proted x nebelbombs crc-check kicks popunpak, except ICEUNP Disadv: Too famous (hacked all the time) hacked/independently improved HS vers (ex: Rand0m's HS V1.11f, Dark Destroyer's DarkStop V1.0, ReDragon's IRoNtHoRN V1.0:2k) a bunch of HS unpackers (ex: Ka0t's unHS, MegaDevil's unpHS, Stefan Esser's HSR, rAND0M's KillHS, tHE riDDLER's xHS, CG's unHS) Shareware src is released [Jul 1998] (V1.11g, MASM V6.0) Note: also used to prot ROSE's progs (mainly AV products) WWPACK >= V3.02a is proted with HackStop V1.0? EuH: HackStop caused WWPACK can't be modified to crack the regkey WWPACK V3.04a & V3.05b5 is proted with HackStop V1.11a HS unpacked x contains string "HBOOT", "BEHBEO" :) -LSTOP (LamerSTOP) By: Stefan Esser (Germany) Type: EXE protor Compiler: BP V7.0 V1.0b Adv: adds 562-585b to proted x free can add owner name to proted x Disadv: no reloc handler (but RelPack is included) weak prot CUP V3.4 /3 removable Note: CrackStop predecessor -CS (CrackStop) By: Stefan Esser (Germany) Year: 1997-1998 Type: max 600kb EXE protor, 8086 Compiler: TASM V3.5 V1.03 [Jan 1998] Adv: adds regged name/message to proted x no PIQ trick Disadv: no mte adds 4,676b to proted x proted x turns off-on numlock if it's on weak prot can't: handle reloc (but RelPack is included) crypt image with reloc (TEU V1.82 or CG's CSRemover V1.2) removable shareware Note: LSTOP successor has HackStop-like interface uses mem detection for TEU CG: there's CS V1.03 updated -MASK By: Jose M. L. Lopes (Portugal) Year: 1994-2000 Type: COM protor (EXE -> COM) 8086/8088, DOS V2, 64Kb freemem, proted x: 6b-62Kb Adv: anti bkpt-set security envelope checksum multiple complex crypt multi-tracer/debugger/unpacker fucker hacked/modification warning Disadv: shareware multiple prot is unallowed incompatible with Game Wizard (Pro), even if it unloaded (hey, I only want to cheat, not debug!) Note: V2.3 Adv: adds only 700b to proted x Disadv: Cyrix + Win incompatible (SMI instruction or INT01/ICEBP trap) TR V2.52 + CG Script removable TEU V1.82 removable V2.4 [Sep 1995] released on end of 1999 to wait for V2.5 adds only 800b to proted x crypting method is buggy on some files has: more traps a spec.trick to detect debugger presence -> DESQview incompatible V2.5 [Jun 2000] 5 years after V2.4 (encouraged by The Archivist/SuddenDischarge and EXEList :) Its release is planned on Jan 2K, but actually released on Jun 2K CG: very difficult to write a MASK V2.5 unpacker because of -a few DRx tricks & trapflagging + int1(tf/hw) direct modification (might crashes on NT) to stop hw breaking -very good crc check to stop sw bkpts Adv: adds 1,300b to proted x removes INT01/ICEBP trap has much more traps crypt engine is completely rearranged proted x checks everything upon running regged ver has presed code + improved randomizer engine Disadv: CG: int1 & int3 called but not pointed to proper location within codesegment (after starting some files, they will point a corrupt area) Quarterdeck Office Systems DESQview V2.41 incompatible proted x sometimes hang on Win95/98 + active McAfee VShield shareware ver is CG's UnMask25 removable UnMask25 is released 3 days after MASK release. how unfriendly :) proted x: is rather slow prints MASK copyright before proceed contains MASK copyright -TinyXor (Tiny Xor) By: dR.No/ViP Software/DTG/UG2000 (Russia) Type: COM protor, 286 Compiler: BP V7.0 V0.1 [1998] adds 43b to proted x src is provided UNP V4.12b t removable -XoReR By: dR.No/ViP Software/DTG/UG2000 (Russia) Type: COM protor, <= 60Kb Compiler: BP V7.0 V2.1 [1998] Adv: anti-load herinmi: run on Win98 (+EMS) Disadv: shareware proted x sets keyboard to slowest rate removable by: TR + herinmi/CG's script? BW V2.5? Pentium incompatible? herinmi: destroy (& not restore) int1 & int3 badly coded, all XoReR ver have problem with size 4096 -TRAP By: Christopher Gabler (Germany) Year: 1997-2000 Type: x protor, 386 (COM: 4-65000b, EXE: 32b-0.5Mb) Compiler: batch? compiler V1.13 : PHaX: can't run on my 486er V1.24 is now compatible to 486DX4-S adds 3,946-4,120b to proted x V1.25 has reloc handler proted COM never run VAG's DeTrap V1.5 removable V1.26b anti VAG's DeTrap V1.5? COM -> EXE proted x is 486DX4-S incompatible V1.26! [2000] proted x is now 486DX4-S compatible herinmi called this ver V1.26b1 CG: under 486, the 1st byte of 1st internal decrypted layer is wrong proted x hangs under win311 non-pub? Adv: good prot tf & opcode runningline stack crypt kicks popunpak several crypt layers mte CRC used as decryption value fast proted x free Disadv: adds 4Kb to proted x Note: uses TME (mte) MMtE (Mini Mutation Engine) GDD (Generic Dumping Detection) SADD (Self Anti Debugged Decryption) Zenix: TRAP 1.2x claimed as EDUMP-resist, but EDUMP can unpack it easily -ICE (Intrusion Countermeasure Electronics) By: Keith P. Graham Type: COM protor V1.00 [1988] Adv: pres Disadv: lame prot UNP V4.12b removable Note: 1 of oldest protors -COP (Command Obfuscation Processor) By: Jack A. Orman (USA) Type: COM protor V1.3 [1988] Adv: adds 53b to proted x Disadv: lame prot (crypt only) CUP V3.4 /1 removable Note: part? of Armada Utilities 1 of oldest protors -CRYPTCOM By: Nowhere Man/[NuKE] Type: COM protor Compiler: BC++ V3.0 [1991], tiny model V2.0 [1992] Adv: adds 29b to proted x Disadv: crypt only UNP V4.12b removable Note: part of Nowhere Utilitiess -PROTECT! EXE/COM By: Jeremy Lilley (USA) Year: 1993-1996 Type: x protor, EXE < 600kb, max 16kb reloc V6.0 [1996] Adv: adds 1,835 to proted x very good mte serial check compatible (DOS/Win31/Win95/ OS/2) password (optional) CRC check pres Disadv: weak prot the prog x itself can't run on V86 on my cpu must be unpacked first CUP386 V3.4 /3 & ICEUNP V0.31 removable Note: V5.6: txt-hacked V5.5 by Marquis/UCF The most famous protor before HackStop. Many people use (CM), unpack (UX) and enhance (Ciphator) it. Because every ver of PROTECT! can be unpacked easily, no more update after PROTECT! V6.0 (give up?) The author skipped rather incompatible tricks to increase compatibility Found on CM (Cheat Machine) V2.11 -SECURE By: Piotr Warezak (Poland) Last known ver: 0.29 Year: 1995-1997? Type: EXE protor Compiler: BP V7.0 V0.19 Adv: adds 1,800-1,925b to proted x double crypt anti-gen-unpacker can add comment to proted x (max 1024b) proted x can check 286/386 processor and/or check DOS ver Disadv: no mte? multiple prot is unallowed experimental, non-pub shareware? TEU V1.82 slow removable EdH: plz! send me V0.29 (really curious) -EXEGUARD By: Ivanov Vadim (Russia) Year: 1996-1997 Type: EXE protor, 8086 Compiler: BP V7.0 + TASM V4.0 V1.3 [1997] Adv: adds 849-863b to proted x free option: /V -> enter vector number /C -> ? Disadv: no mte no crypt TEU 1.82 removable -PCRYPT (Program CRYPTor) By: Andry Kobilykov aka AVK aka MERLiN /DTG/UG2000 (Russia) Year: 1995-1997 Type: x protor, 386 V2.6 [1996] V3.43: com support? V3.51 [1997] Adv: mte 32bit code free keyfile clears proted x after its running proted x can show message before running adds message to proted x? Disadv: src is released can't run on V86 on my cpu, proted x does nothing on real mode EliCZ: can't run in DOS EdH: then what its target? DOS progs running on Win32? explanation,plz! Note: uses MPME (mte) -Protect By: Andry Kobilykov aka AVK aka MERLiN /DTG/UG2000 (Russia) V7.1 [1996] -Password By: Andry Kobilykov aka AVK aka MERLiN /DTG/UG2000 (Russia) V6.1 [1996] -DS-CRP (Dark Stalker's CRyPt) By: Dark Stalker/UCF Year: 1996-1997 Type: COM protor, 386 V1.31 [1997] Adv: adds 23##b-26##b to proted x (w/o & with regkey) 3/4 size of MD5 checksum kicks DUMPCOM V3.55 PRO Disadv: can add user name to proted x, but needs regkey, which isn't included :) proted x sometimes hang src is released Note: unpacked prog x contains string "HBOOT", "SOFTICE1", "$OFTPROB" proted x does cold-reboot if find ASAP.$1 (CUP temp file) & PASS1.DAT ADTs are for: Game (Tools/Buster/Wizard), CUP386, DumpEXE, RAND0M unpacker, MegaDevil COM dumper, (Soft/Win)ICE, SoftPROBE, UPC, EntPack, AutoHack, Intruder -fds-cp Type: COM protor, < 50,000b, 386? V0.4a [1997] by fds0ft (Hungary?) Adv: multiple crypt layer full RM ADT, DRx playing adds 1,192b to proted x semi-random crypt keys checksum check on crypted image Disadv: no mte ENTPACK 14-04-1998 (FOTO) removable? Note: adds string "(c) fds0ft" to proted x uses scr off 2x V0.5a [1997] by JauMing Tseng or Kevin Tseng (Taiwan) called jmt-cp fds-cp V0.4a's quick hack adds 1,192b to proted x adds string "(c)jauming" to proted x buggy? -Ciphator Pro By: mARQUIS de Soiree (aka Franzz? or Martino?) /UCF Year: 1996-1997 Type: EXE protor V4.60 [Feb 1997] should be non-pub Adv: Nebelbombs free for non-commercial use Disadv: no crypt TEU V1.82 removable proted x stops on 1 June 1998 Note: uses scr off the prog x uses ANSI esc-sequence hooked int 1 & 3 will be unhooked to an IRET -Inbuild Encryption By: Christopher Gabler (Germany) Type: Assembly COM protor V1.0 [1998] Adv: self-crypt (anti gen unpacker) Disadv: src is released use first 15 byte of proted x prog must be assembly & rewritten DUMPCOM V3.55 PRO removable -KShell (King Shell) By: The Double-Star Computer, Inc. Type: EXE protor V1.21 [1996] Adv: adds 1,968b to proted x password (optional) Disadv: adds ovl proted x with option /x hangs V86 of my cpu -RC1 (ROSE COM Crypt I) By: ROSE aka Ralph Roth/ROSE SWE (Germany) Type: COM protor ROSE: adds 33b to proted x non-pub (only released for TPiNC party in 1997) -RCRYPT (ROSE Crypt) By: ROSE aka Ralph Roth/ROSE SWE (Germany) V0.91 [1994?] V0.92 [1995] Type: COM protor? Adv: kicks CrkCOM V0.92 & DUMPCOM V3.55 pro Disadv: CUP386 V3.4 /1 removable -RCC II/286 (ROSE's COM Crypt II/286) By: ROSE aka Ralph Roth/ROSE SWE (Germany) Year: 1995-1999 Type: COM protor V1.17 [1999] Adv: Mild & Hard ver adds about 376b (mild) or 544b (hard) to proted x free ADTs: fake jump mutated decryptor double-crypted entry point anti debug & unpack tricks Note: V1.02: is experiment for HS-Muteng (mte) crypt is borrowed from Witch vir -RC386 or RC 386 (ROSE's COM Crypt 386) By: ROSE aka Ralph Roth/ROSE SWE (Germany) Type: COM protor V0.51 [1995] Disadv: always hang on V86 on my cpu -RSCC or RSCC II (ROSE's Super COM-Crypt/286) By: ROSE aka Ralph Roth/ROSE SWE (Germany) Type: COM protor, 286? Compiler: MASM V6.XX V1.04.02 [1999] Adv: adds 126b to proted x free mte (fully polymorphic) Disadv: buggy mte Note: based on RCC V1.14 mte is inspired by Uruguay vir family is experiment for HS-Muteng (mte) -REC (ROSE's EXE File Cryptor) V0.32 By: ROSE aka Ralph Roth/ROSE SWE (Germany) Year: 1994-1999 Last known ver: 0.40.06 (1999) Type: EXE protor V0.32 [1997] Adv: adds 1,001b to proted x Disadv: only for HackStop's regged user TEU V1.82 removable Note: used together with RCC to prot HackStop x (the prog itself) -REC/Small or RECSmall (ROSE's EXE Cryptor/Small) By: ROSE aka Ralph Roth/ROSE SWE (Germany) Year: 1997-2000 Type: EXE protor V1.05 [2000] Adv: adds 83b to proted x (smallest) free for personal use Disadv: can't prot EXE with reloc gen unpacker removable (ex: CUP386 V3.4 /3, TEU V1.82) -RECAV or REC/AV or REC/Small/AV (ROSE's EXE Cryptor + Anti Virus) By: ROSE aka Ralph Roth/ROSE SWE (Germany) Year: 1999-2000 Type: EXE protor V1.05 [2000] Adv: anti-vir adds 436b to proted x free Disadv: can't prot EXE with reloc multiple prot is unallowed unRECAV removable (included) TEU V1.82 removable -SECURE By: G.M. McKay (Australia) Type: x protor, 8088?, 1b-600Kb V2.1b [1995] Adv: adds 530-680b to proted x GUI checksum user-random crypt fail options (print own message/print user message/hang/reboot) filesize check (optional, adds extra 100b) multiple crypt is allowed kicks? popunpak, except TEU V1.82 Disadv: no mte shareware (proted x shows message) slow prot complicating proting procedure TEU V1.82 or UPC V1.11 removable -CRYPTEXE By: The DoP (Doors of Perception) aka Christian Bradiceanu (Romania) Type: EXE protor Compiler: BC(++) V3.0 [1991], small model V1.04 [1996] Adv: adds 536-607b to proted x kicks CUP V3.4 /1 free Disadv: multiple prot is unallowed no mte TEU V1.82 removable Note: adds string "DoP" in begin of proted x Its reloc handler is used? in FFSE -AEP (Addition Encode-Protective) By: Ke-Jiah Hann Type: x protor, 386? V1.00 [Aug 1996] Adv: adds 1,320b (COM) or 1,384b (EXE) to proted x Disadv: removable by: its own regged ver (option R) TEU V1.82 -! -G OlegPro's xAEP V0.01b weak crypt OlegPro: PIQ tricks -> Pentium incompatible no morph Note: adds string 'Written By Ke Jia-Hann' to proted COM uses scr off AEP.EXE from SuddenDischarge is processed by: -AINEXE V2.2 -Protect! V5.5 -TINYPROG V3.6 -Protect! V5.0 -AEP V1.00 2 times -SCRAM by: xadi V0.1 -SCRAM! By: bushwoelie/ACP Type: COM protor, 386?, DOS V2?, VGA card? V0.8a1 [May 1997] Adv: good? ADT mte adds 1,792-1,839b to proted x Disadv: proted x slows down keyboard rate CUP386 V3.4 /7 removable Note: earlier ver by bushwoelie & STN -SCRYPT By: darkgrey aka Vladimir Gorbunov /DTG/UG2000 (Russia) Type: COM protor, 286 V0.4 or 1.4 [1998] Adv: adds 238b to proted x kicks CUP386 V3.4 /1 and /3 -LP (LockProg) By: Myrlochar/Kryst/TPD/PDL Type: COM protor Compiler: BP V7.0 V0.5a [1998] Adv: adds 185-186b to proted x adds string "lopro" in end of proted x kicks TEU V1.82? Disadv: certain (normal) proted x hangs on my cpu CUP386 V3.4 /3 removable -CRYPT By: Eclipse/Light Show Type: EXE protor V1.21 [1994] Adv: add 1029b to proted x anti Soft-ICE? Disadv: no mte TEU V1.82 & AHCR V1.32 removable? -CRYPT By: DISMEMBER aka Alex Lemenkov (Russia) Type: x protor, 286 Compiler: BP V7.0 Disadv: weak prot no mte V1.7 [1995?] add 165b (COM) or 436b (EXE) to proted x COM is DUMPCOM V3.55 PRO removable EXE is CUP386 V3.4 /3 or TEU V1.82 removable V2.0 [1996] add 27b (COM) or 50b (SYS) or 342b (EXE) to proted x EXE is CUP386 V3.4 /1 removable -EXE-Manager By: Solar Designer/BPC (Russia) Type: EXE protor Last known ver: 4.0 Compiler: BP V3.3 [1995] Adv: GUI (+ help & sound) anti 27 unpackers intercept DOS calls (w/o calling previous handler) regged ver: dynamic code decrypt can only be exec-ed by EXEManager's int3 handler free registration password check the needed hardware Disadv: no crypt (?) prog x hangs real/V86 on my cpu but some proted x run! -Aluwain Type: EXE protor V8.03 by: Cracker X (?) V8.09 by: Tequila Adv: adds 817b to proted x checksum? Note: adds string "aLuWaIn!" to proted x protor x is full of 00h (50kb?). if it's unpacked & all 00h are removed, it can't prot properly. used as proted x image? -BinLock By: Hit-BBS Programmers Crew Type: COM protor V1.0 [1994] the only (?) version Adv: kicks popunpak + DUMPCOM V3.55 PRO Disadv: very incompatible ROSE's unCOM V1.21 removable Note: CG: uses dangerous trick STN: CG is right, it's useless -CeXeC (CrypteXeC) By: Gabor Keve/ByteWorx (Hungary) Type: EXE protor, 32kb freemem Year: 1997-1998 Compiler: BP V7.0 + TASM V1.01 [1998] Adv: 2 loader type: DOS & Win3x smaller & faster DOS loader than (DCREXE/CRYEXE)'s cardware Disadv: DOS loader can't run on multitask environment adds 8,312b (DOS loader) + 257b to proted x doesn't wipe temp decrypted file (but still crypted) DOS loader is TEU V1.82 removable Note: write temp decrypted file to disk DOS loader uses: Warezak's Secure V0.19 Gabor Keve's UET (anti TEU) prog x is proted with UET -DCREXE By: LuCe Type: EXE? protor V2.0 [1997] Disadv: doesn't wipe temp decrypted file Note: write temp decrypted file to disk -LUCESTOP By: LuCe Type: x protor Compiler: BP V7.0 V1.0b [May 1997] prog x hangs my cpu adds 23,004b (!) to proted x adds logo to proted x uses Protect! V6.0 to prot loader herinmi: badly coded Note: write temp decrypted file to disk predecessor? of DCREXE -Crypta (Cryža) By: Iosco Capitalino aka Valentino Tosatti (Italy) V2.0 II V2.0: uses other protor (JMCE V0.7j) as loader (?) II V3.0: uses other protor (Secure V0.19) as loader (?) -CryEXE By: Iosco Capitalino aka Valentino Tosatti (Italy) V4.0: uses other protor (MESS V1.20) as loader (?) Note: write temp decrypted file to disk STN: Iosco doesn't have time to code it better -HackFuck By: Iosco Capitalino aka Valentino Tosatti (Italy) V1.0 [1997] non-pub, not distributable Adv: mte? Note: write temp decrypted file to disk predecessor? of CryEXE -EFP (Executable File Protector) By: Alexei Bulushev/aleXoft (Russia) Year: 1991-1992 Compiler: BP V5.5 V1.23 [1992] Adv: kicks popunpak Disadv: add 29,684b! (8,442b loader + 21,242b ovl) to proted x -EPW By: Alan D. Jones/Farpoint Software Type: x pass protor V1.2 V1.30 [1992] V4.2 hacked V1.2 -MSCC (Mad Scientist's COM Crypter) By: Mad Scientist Type: COM protor, 286? Compiler: BP V7.0 V1.0b [1997] Adv: free registration adds 110b to proted x adds sig "∩∩$››1.0▀s" in end of proted x regged ver can kill this sig Disadv: ROSE: easy to bypass CUP V3.4 /3 removable -CRYPACK By: George Stark/Yakuza Type: EXE protor Compiler: BP V7.0 V3.0 [1995] Disadv: CUP386 V3.4 /3 removable hang if proted x has reloc -BITLOK By: Lei Jun & Wang Quanguo /Yellow Rose Software Workgroup (China) Year: 1989-1996 Type: EXE protor (COM -> EXE) Compiler: BP V7.0 V3.0 [Jul 1996] V3.1 [Oct 1996] Adv: (date & install) limit prot support for FoxPro, Clipper & BP compiled x can add user module Disadv: adds 8kb-9,823b (option /S) & 12kb (with key diskette) to proted x loader = ovl added to crypted x (?) SAC's BL31-RM V1.00 removable Note: use option /S to crypt w/o key diskette used to prot Realix's HWInfo EdH: non-English. more review, plz! -BITLOK-7NT -BITSHELL By: Lei Jun & Wang Quanguo /Yellow Rose Software Workgroup (China) V3.x Note: mentioned in BITLOK, PACKWIN, BW doc -HDKProtC (Mr.HDKiLLeR ProtectioN) Type: COM protor V1.1 by Mr.HDKiLLeR V1.1a [1996] by eMX! adds 165b to proted x changed start-up code fixed crypt key no input given for prog x -> hangs adds string "tiTaNiC 1.2" in begin of proted x ROSE: buggy cryptor, kills int 1 & 3 -EXECODE By: Balazs Scheidler (Hungary) Type: x protor, 8086, DOS V2 Compiler: BC++ V2.0 [1991] V1.0 [1995] Adv: regged ver offers ADT COM2EXE? user defined crypt key reloc crypt Disadv: shareware proted EXE requires extra 1-64kb mem, depending on reloc shareware: CUP V3.4 /1 removable regged : CUP V3.4 /7 removable Note: adds sig "XCOD" in begin of proted x -X3 By: Dark Stalker/UCF Year: 1997 Type: COM protor Adv: adds 18b to proted x Disadv: UNP V4.12b t removable Note: 1 of smallest COM protors part of DSCPP (Dark Stalker's COM Protector Pack) -X3 By: MANtiC0RE aka Valery Shabaev (Russia) Type: COM protor V1.3 [1998] Adv: adds 336b to proted x mte kicks CUP V3.4 Disadv: CRKCOM V0.92 removable Note: independent successor? of Dark Stalker's X3 uses MnemoniX's MutaGen 2.0 adds logo to end of proted x -SDW & SDW386 (ShaDoW Cryptor) By: MANtiC0RE aka Valery Shabaev (Russia) Year: ? - 2000 Type: COM protor (EXE -> COM), =< 63Kb Compiler: TASM V5.0 V1.80 [2000] Adv: herinmi: very nice mte adds 1-2Kb to proted x can disable logo addition to proted x (/b option) can generate random decryptor (/r option) free SDW386: has Jibz's TECC Disadv: simple ADT -> easy to unpack? / can't stop advanced debugger/dumper? TR V2.52 + herinmi's script removable SDW (& V1.78-1.79?) hangs on my cpu SDW386: is 1st SDW x which can run on my cpu (PIQ bug removed) is Win98 explorer incompatible x no longer set keyboard to slowest rate (suggested? by OlegPro) proted x: is no longer slow sometimes hang still set keyboard to slowest rate Note: based on Tailgunner's Shadow COM encryptor uses √iCE (mte) RES (Random Encryption Synthezator) by SSR (1997) unique registration: send to the author: your favorite bottle of beer to get unique ver of regged SDW 20 bottles of beer to get fully commented last SDW src -Crunch By: Luck Martins/Skinhead Type: COM protor, 286? V1.0 prog name is Blitz V1.4 [1995] Adv: several crypt engines free mte regged ver can crypt EXE Disadv: prog x hangs my cpu herinmi: too strong mte -DEMO By: Adlersparre & Associates V2.0 [1993] Type: EXE protor (?) Disadv: X-TRACT V1.51 removable non-pub? Note: found on DMC V3.5 prog x -TCEC (ThE CLERiC! EXE Cryptor?) By: ThE CLERiC! aka Carl Elkhabbaz (Lebanon) Year: 199?-2000 Type: EXE protor, 386 Compiler: TASM V5.0 Disadv: no reloc handler proted x is often hang sets keyboard to slowest rate Win incompatible V3.55b: the copy on EXEList is infected with Guerilla.1996 vir V3.58b: src is released last ver EdH: cool ASCII art :)~ Note: most ADTs used are from CG's Insider.Faq based on MESS V1.07 Cleric: the src lost under hardisk crash -NSP (N0PS Shit Protector) By: ’narchistic Ka0t/N0PS (Germany) or Cyber Cop?, Ghostbuster? Type: COM protor Compiler: TASM V4.0 V0.001b V0.002b [Jan 1995] V1.00 Adv: ROSE: good ADT kicks TRON Disadv: Win32 incompatible prog x does nothing on (my & CyR's) cpu LCDump removable -XcomOR or XCom/Or By: madmax!/PC97 Type: COM protor Adv: ROSE: prepending cryptor V0.99f 170b V0.99g 274b V0.99i [1997] add 550b to proted x proted x hangs on my cpu eGIS's XCR V0.99 removable add string "MMX" in begin of & "XcomOR" in end of proted x prog x has DETECTICE V1.0a inside (7 WinICE detection methods) -LCCrypt (Lame COM enCryptor) By: CyberRax (Estonia) Year: 1999-2000 Type: 3 - 65,000b COM protor, DOS V2, 8086 Compiler: SPHINX C-- V0.203 (1994) V1.2 [June 2000] Adv: SMALL model only adds 21b to proted x LARGE model only adds 123b to proted x HUGE model (/H), adds 891b to proted x, can add name to proted x (undocumented) Greet-Ware (Free) Disadv: no mte TR V2.xx + herinmi's Script removable SMALL model is ROSE's unCOM removable? HUGE model requires DOS V3+ is buggy if proting large COM sometimes adds 20+ kb to proted COM (result > 64kb!) CyR: HUGE model + 65,000b proted x exceeds the FFFFh boundary (and the 100h for PSP ain't even counted :() FreeDOS beta 4 incompatible CyR: because FreeDOS beta 4 not 100% MS-DOS compatible (different regs value at prog start-up) Note: SMALL model = crypt only LARGE model = crypt + old tricks + anti-TBScan HUGE model = better crypt + anti-TBScan + a gen debugger/unpacker trick + a gen unpacker trick + some anti-dump code + some 90's old tricks ADT is called REx-TRiCK (Re-Execution) prog x is proted by CyR's I$p (Independent $pace wannabe) PR0TECTi0N 1.0 anti-TBScan = 2nd decryptor which decrypt 1st decryptor CyR: anti-TBScan is actually fake-return to 100h at begin of decryptor herinmi: HUGE model is nice -ADC (Anti-Debug Coder) By: Majorov Ruslan (Russia) Type: COM protor, 11- ?b Year: 1997-1998 V1.6 [1998] Adv: adds 202b to proted x kicks CUP V3.4 /1 Disadv: lame crypt DUMPCOM V3.55 PRO removable Note: adds string "[ADC V1.6]" near the end of proted x -CRyPT By: CyPoxl Type: COM protor V1.1 [1995?] Adv: adds 77b to proted x good crypt Disadv: CUP V3.4 /1 removable ROSE: no ADT -EXE SHIELD 386+ by: MasterBall V1.0 -E-PROT 386+ Year: 1999-2000 By: MasterBall Type: TP x protor V1.0.2b [2000] Adv: free Disadv: ADTs are mainly for TP x prot add 5Kb to proted x last ver weak crypt proted x hangs my cpu Note: uses scr off 2x based on MaX/MovSD's ATEU V1.2 (ADT) Stone's EXE Crypter (crypt) Mnemonix's BWME (mte) -CRYPTCOM By: Grgic Arminio Type: COM protor (?) Compiler: BP 7.0 V1.0b [1995] Adv: kicks CUP V3.4 /1 Disadv: weak crypt Note: put string "CryptCOM (c)m&g GrGa" in proted x -LOCKEXE By: Grgic Arminio Type: EXE protor (?) Compiler: BP 7.0 V1.0b [1995] Disadv: TEU V1.82 removable Note: also used to prot author's TSRFACES -MegaShield By: P.S.A / t-REX (Russia) Type: COM protor, 286, 1 - 64,000b Compiler: BP V7.0 V1.01a [1996] NU-like interface ( + mouse support) adds 256b to proted x no anti-dump prog x is proted by itself; possibly a presor; EXE2COM & EXEMANAGER V3.3 proted x sometimes have problem with Win(3x/95) -Super LAME! Crypt By: P.S.A / t-REX (Russia) Year: 1997 Type: COM protor Adv: adds 195b to proted x kicks CUP V3.4 /1 quite good crypt Note: starting string on proted x is "DUKELISTXXX" then "Anti-Lamer Cryptor (c) 1997 by P.S.A" -LockMaster By: Andrew Kacy V9.0 [1995] demo ver predecessor of CodeLock -CodeLock By: Andrew Kacy V4.0 successor of LockMaster EdH: plz send me V4.0 (really curious) -DSHIELD (Debug? SHIELD) Type: EXE? protor By: Ben Castricum (The Netherlands) Year: 1995? Adv: kicks popunpak except ICEUNP V0.31 Disadv: non-pub ROSE's AHCR V1.32 removable Note: found on BenC's UNP prog x -PMUTATE (PReDaToR Mutate) By: PReDaToR 666 /iCS V1.1 [1996?] Adv: kicks popunpak Disadv: non-pub ROSE's AHCR V1.32 removable Note: found on PReDaToR 666's DCA prog x -Misha Prot By: Misha/UCF (Russia) Type: COM? protor Year: 1996? Adv: kicks popunpak pres? ROSE: short but very interesting anti-RM-debug because the bkpt is used to calculate crypt value Disadv: non-pub fds0ft's PCU removable Note: adds string "Coded by Misha" to proted x found on Misha's UX prog x -JVP Prot or NoDebug? By: JVP Disadv: non-pub CUP V3.4 /7 removable Note: found on JVP's TEU prog x -SEN debug prot By: SEN aka Eugene Suslikov (Russia) Disadv: non-pub Note: prot is 512 byte of ovl attached to proted x found on SEN's HIEW prog x -hAWeD! prot By: REALiX aka Martin Malix (Slovak) Disadv: non-pub (?) STN: disable int13, but slowdown exec -Sage prot By: Alex Petroukine aka Sage/Cyberware/UCF (Russia) Note: found on Sage's CUP V3.# prog x -TUSCON prot By: Max/Tuscon aka Norman Rudolf (Germany) (?) Type: COM? protor Disadv: non-pub CUP V3.4 /1 removable Note: adds string "TUSCON" to proted x found on T-PACK prog x -FALinc prot By: FALinc/NightMareCorporation Year: 1997? Type: EXE? protor Disadv: non-pub UPC V1.11 removable Note: found on UNEXE prog x -USCC (UniquE's shitty COM Crypter) By: UniquE aka Christian Scheurer (.ch) Type: COM protor, 386 V1.31 by? Dark Destroyer EdH: is this hacked ver or other protor with the same nick? V1.4 [1998] adds 179b (?) to proted x 32bit crypt + selfmutate key ?: isn't 32bit, more like 16bit + 16bit 3 crypt layers (8, 16, 32 bit) free (prog & proted) x hangs V86 of my cpu (once run on RM) -USP (UniquE Software Protection) By: UniquE aka Christian Scheurer (.ch) V1.5 [1997] non pub TEU V1.82 removable found on UniquE's EXUP prog x -EXE Guardian By: Christopher Drake/NetSafe (Australia) Compiler: WC(++) 16 [1992] Type: EXE protor V4.2 [1997] Adv: DES crypt (?) kicks popunpak but TEU V1.82 Disadv: shareware proted x prints copyright + advertisement to scr is date-limited adds 8,264b ovl to proted x bad reloc handler BW V2.5 half removable multiple prot is unallowed Note: part of NetSafe package -NetSafe By: Christopher Drake/NetSafe (Australia) Compiler: WC(++) 16 [1992] Type: EXE protor V4.2 [1997] Adv: DES crypt (?) net prot kicks popunpak but TEU V1.82 Disadv: shareware proted x prints copyright + advertisement to scr is date-limited (?) adds 12,934b ovl to proted x bad reloc handler BW V2.5 half removable multiple prot is unallowed Note: part of NetSafe package NetSafe = EXE Guardian + net prot -ZIP-Prot By: Christopher Drake/NetSafe (Australia) Year: 1996 Type: EXE protor Compiler: WC(++) 16 [1992] Disadv: adds 5,760b to proted x bad reloc handler shareware proted x prints copyright + advertisement to scr UPC V1.11 half removable Note: proted x has string "NetSafe (tm) Ver 4.15" & "EXE Guardian Ver(tm) 4.15" then ZIP-Prot is customized ver of NetSafe V4.15 (?) EdH: I can't figure out the meaning of "ZIP-Prot" :) -CryptCOM By: frank/riot aka Frank Baumgartner Year: 1996-1997 Type: COM protor, 286 Compiler: BP V7.0 V1.1 [1997] 37b decryptor adds 41b to proted x src is provided kicks CUP V3.4 /1 UN-PACK V1.8 -t removable -Shadow COM encryptor By: Tailgunner Type: COM protor V1.0b [1998] adds 29b to proted x src is provided no ADT CUP V3.4 /1 removable -Crypt.Trivial.173 By: SMT/SMF (Russia) Year: 1998 Type: COM protor Note: prog x does nothing on my cpu -Scrypt By: SMT/SMF (Russia) Type: COM protor V1.2 [1999] proted x is said to need emm or Win but it hangs completely on my cpu detects Soft-ICE adds string "(PolyScrypt 1.2 by SMT)" to proted x -SCC (Simple/Small COM Cryptor) By: ThE CLERiC!/LineZer0 aka Carl Elkhabbaz (Lebanon) Year: 1997 Type: COM protor, 386 Adv: adds 88b to proted x emailware Disadv: Win incompatible won't be updated Note: some ideas taken from AdFlt2A -Simple COM Cryptor By: EliCZ (Czech) Year: 1998 Type: COM protor Adv: adds 47b to proted x Disadv: UNP V4.12b t removable -CryptC (CryptCOM) By: EliCZ (Czech) Year: 1998 Type: COM protor, 386 Adv: adds 72b to proted x Disadv: source code is provided TEU V1.82 -g half removable Note: detected as Cleric's SCC or ELiCZ's fDEMO -Ryptor (ShadE's COM encRYPTOR) By: ShadE Type: COM protor V1.0 [1999] adds 50b to proted x UNP V4.12b t removable -NTShell By: ZhouHui/Keenvim Software Workgroup (China?) Type: x (?) protor Year: 1992, 1993, 1995 Compiler: BP V7.0 V4.0 [1995] adds 8,200-8,239b to proted x spec.prot for FoxPro files proted x hangs on V86 of my cpu -mCrypt for COM By: Ufo Crew '98 Type: COM protor V0.1b [1998] adds 197b to proted x adds string "UFO CREW 98 mCRYPT" in end of proted x kicks CUP V3.4 /1 TEU V1.82 -g half removable -Khrome Crypt By: Teraphy Type: COM protor V0.3 [1997] Adv: adds 1,156b to proted x Disadv: UN-PACK V1.8 removable U are prohibited to prot shareware/commercial progs Note: not (detect/crash) WinICE -EXELOCK By: JON Software Type: EXE protor Compiler: BP V7.0 V1.00 [1993] Adv: adds 524-538b to proted x bios lock (mode /B) Disadv: no crypt copy from SuddenDischarge can't operate mode /B message: "EXELOCK is damaged" -CSV or COM Sccrambler By: Moshe Type: COM protor Compiler: BP V7.0 V0.1 [1995] adds 56b to proted x CUP V3.4 /1 removable -ENCODER (COM FILE ENCRIPTER) By: Frenzy/SparC Type: COM protor Year: 1999? Adv: adds 25b to proted x Disadv: CUP V3.4 /1 removable -CRYPTEXE By: Dmitriy Borisov (Russia) Type: x pass protor, DOS V2 V1.00 [1994] adds 872b (COM) & 1,052b (EXE) to proted x certain EXE w/o ovl is looked to have 1 -> result in buggy proted x proted EXE hangs if > 64kb (?) or reloc not packed (?) -ComCrypt (ComCryptor) BTS By: Hidi aka Jozsef Hidasi/Big Tree Software (Hungary) Year: 1996-1998 Type: COM protor Compiler: BP V7.0 V9.12 [1998] shareware code in mem? selfcheck adv: ignores other prot after it multiple prot is unallowed adds 1,195b to proted x adds string " ComCrypt '98.1 XX" in begin & BTSPK advertisement + logo in end of proted x proted x prints logo on exec kicks CUP V3.4 TEU V1.82 -g -! half removable -COMCrypt By: unknown (HPA?) Year: 1997? Adv: adds 40b to proted x Disadv: CUP V3.4 /1 removable Note: found on Lukundoo/HPA's HPAC2T V0.6 (com2txt) -Com.crypt by: W. Kaniewski V0.68 note: mentioned in herinmi/Fibex -ComCrypt V1.41 note: mentioned in herinmi/Fibex -COMLOCK By: BoRZoM/Trouble Makers Compiler: BP V7.0 V0.10 [1994] Adv: adds 80b to proted x adds string "COMLOCK" in end of proted x Disadv: deprotor (COMULOCK) is provided UNP V4.12b removable -ET or EXETOOLS (Executable Files Tools) /E By: DISMEMBER aka Alex Lemenkov (Russia) Type: x protor Year: 1992-1995 V2.1 [1995] adds 48b (COM) or 295b (EXE) to proted x adds string "ET21" in end of proted EXE proted EXE hangs my cpu proted COM is CUP V3.4 /1 removable Note: spec.switch on ET -COM file protect By: B!Z0n/[BzZ] Type: COM pass protor V1.0b [1998 (?)] adds 293b to proted x if U only give [enter] as password while prot, the proted x won't run with [enter]. If U ctrl+break it, the proted x will hang/reboot -The WiZ Cryptor By: SP0T/UCL (Russia) Type: COM protor V1.00a [1998] adds 171b to proted x adds string "[The WiZ Cryptor v1.00a by SP0T/UCL]" to proted x kicks CUP V3.4 /1 DUMPCOM V3.55 PRO removable -ENCOM (ENcryptCOM) By: Stewart Moss (South Africa) Type: COM protor, 286 Compiler: BP V7.0 V3.06 [1998] Adv: adds 435-929b to proted x avoid heuristic AV false-alarm max 75 iterative checks for int21 or int26 opcode in proted x free Disadv: no 386 ADT (can't kick PM/emu debugger) proted x hangs my cpu adds string "ENc(major_ver_byte)(minor_ver_byte)" in end of proted x Note: uses Eclipse's FOG (Funky Opcode Generator) as crypt engine int8 traps, modified int3 pointer, jmp back to entrypoint (anti-dump) V4.0 or V5.0 is promised very hard to unpack & to write unpacker for -LOCKTITE PLUS By: Michael Wegner/ANSOFT Year: 1989-1990 Type: x pass protor Adv: can prot batch (?) file password can be given in proted x command line (not only prompt) Disadv: adds 14,619b to proted x write decrypted tempfile to disk (but wipe it) shareware -UCOMCRY (UniquE's COM CRYpter) By: UniquE aka Christian Scheurer (.ch) Year: 1997 Type: COM protor, 286 Adv: adds 140b to proted x Disadv: CUP V3.4 /1 removable Note: COMFILE.COM (to-be-proted x) & CRYPTED.COM (proted x) ADTs used: write code to keyboard buffer written for an article in PAiN disk magazine -ARMOUR II By: ? (Russia) Type: EXE protor, 386? V2.51 [1991?] copy prot pres can add copyright to proted x EdH: prog not working, refuse to prot ("can't exec main armour module") non-English. review, plz! -Copy-Protector By: Andrew V. Basharimoff aka Nice aka Psychomancer /SPS06 Type: x copy.protor V1.02 [Apr 1996] adds 267b (COM) or 271b (EXE) to proted x deletes & wipes copied proted x, but not moved proted x :) prog x is reported as infected by new unknown virus, by McAfee VirusScan for DOS/PM V4.7.0, scan engine V4.0.70, vir dat v4095 -CPT by: A. Vodyanik V2.0 [1989] covers COM & SYS (?) herinmi: same as Copy-Protector -SESAME by: Goreinov S.A. type: x.copy.protor V1.1 [1990] -STNCC (SToNe's ComCrypt) By: Stone/Klan (Danish) Type: COM protor Year: 1996 Compiler: BP V7.0 + TASM V3.2 Adv: adds 39b to proted x beerware: if U (like/use) it & U meet the author, U have to give him a beer Disadv: no ADT INPUT.COM (to-be-proted x), OUTPUT.COM (proted x) lame crypt (inc by 1) slow prot tech stuff + src are provided Note: for educational purpose -ComCrypt By: BlackLight Type: COM protor Compiler: QB V4.x V0.01a [1998] STNCC written in Basic modified & compiled by MANtiC0RE adds 39b to proted x proted x is recognized as STNCC's -STNCRP (SToNe's ExeEnCrypter) By: Stone/Masque/Klan (Danish) Type: EXE protor Year: 1996? or 1997? Compiler: TASM V3.2 Adv: adds 93b to proted x beerware: if U (like/use) it & U meet the author, U have to give him a beer Disadv: no ADT INPUT.EXE (to-be-proted x), OUTPUT.EXE (proted x) lame crypt (inc by 1) slow prot tech stuff + src are provided Note: for educational purpose -ComProtector By: Marco Ruhmann Type: COM protor V1.1 [1998] adds 340b to proted x adds string "[ComProtector 1.1 - 1998]" to proted x uses CG's: [CRMK] (Christoph's Random Mutating Killer) engine for: -generating random decryptor -stack crypt -anti hw bkpt -anti dump -fake decryptor inbuild AD debug detection detects some unpacker tempfile (MEM1.DAT, ^ENTPACK.{1}, BCFO1.IFD) unpacked prog x contains string "[TRAP V1.20]" BW V2.5 removable -CKS (Chang Kiang Sandbag) By: Cansing Leung or Liang Jian Sheng (China) Type: x? protor Compiler: MASM V6.11 V1.1 [1998] Adv: adds 2,648b to proted x cardware anti?-BW V2.00 Disadv: proted x hangs my cpu to-be-proted x must not be (prot/pres)ed before Note: prog name meaning: to remind the victims of China's "Long River" flood in 1998 -PROTON By: S. Mursalov/MurSoft (Russia) Type: x protor Compiler: BC V2.0 [1988] V2.0 [1992] Adv: crypt code: adds 449b (COM) & 485b (EXE) to proted x virus vaccine (doesn't work) fixation by diskette/computer (only the last 1 works) needs a floppy disk? pass(word/date) prot all prot enabled: adds 691b (COM) or 7,665b (EXE) to proted x Disadv: removable by the prog x itself (even all options) CUP V3.4 /1 removable -NOCLIP By: barmak(?)/Tecnologia Digital (Brazil) Year: 1995-1997 Type: EXE protor, 286, DOS V5 Compiler: BP V7.0 V4.1 [1997] Adv: anti-decompile for Clipper RM/PM DOS prog anti-disasm + vir detector Disadv: adds 4,798b ovl to proted x shareware proted x exec shows annoying :) advertisement slow proted x (too long delay after printing owner name to scr) TEU V1.82 removable -deeP-CRyPTeR By: PLaSMoiD/deeP Type: COM protor, 386? V.01b [1995] adds 96b to proted x UNP V4.12b t removable -RTD_ENC (Encryption Program) By: MR WiCKED/RTD (Belgium?) Year: 1996 Type: COM protor Compiler: BP V1 BP src adds 36b to proted x UNP V4.12b t removable V2 BP src adds 25b to proted x UNP V4.12b t removable V3 BP src + ASM src random crypt adds 70b to proted x CUP V3.4 /3 removable -CC286x▓ By: Dark Stalker/UCF Type: COM protor, 286 V2.1 [1997] kicks CUP V3.4 ICEUNP V0.34 removable can't prot on my cpu ("file open error!") part of DSCPP (Dark Stalker's COM Protector Pack) -BUNNY By: Manfred Bunjes (Germany?) Type: x protor?, DOS V3 Compiler: BC V2.0 [1988] V4.1 [1993] GUI (+ mouse support) (manipulate/password/install) prot manipulate: adds 29,539b (!) to proted x password : adds 28,500b (!) to proted x no crypt & ADT shareware prog x is CUP V3.4 /1 removable proted x is UPC V1.11 removable EdH: non-English. more review, plz! -USERNAME By: Jordi Mas Hernandez [Spain?] Type: x pass protor V3.0 [1992?] -CHECKPRG By: Jordi Mas Hernandez [Spain?] V2.00 -SnoopStop By: Trills V1.16 Disadv: never run on any cpu? :) -PirateStop By: Trills V1.09b [1998] Note: EdH: I only heard of it. Review, plz? -MCLOCK Type: COM protor By: Noam (Herzenshtein/Herzenstien) V1.2 [1989] V1.3 [1989] adds 108b to proted x UNP V4.12b removable ADT: replace int1 & 3 recoded by Dark Stalker/UCF & included in his DSCPP [1997] he copies the decryptor found in some proted x -TPC-SCR or T.P.C.'s COM File Scrambler Type: COM protor By: Oren Maurice (or? Asher Alon/T.P.C. (Israel)) V1.00 adds 119b to proted x X-TRACT V1.51 removable recoded by Dark Stalker/UCF & included in his DSCPP [1997] he copies the decryptor found in some proted x -IBM-CRP (IBM COM file Encryptor) By: ? /IBM (cracking group) Type: COM protor V1.00 adds 122b to proted x adds string "- Wh� ’Rε �0U St’Ri∩G ’t Mε? -" to proted x recoded by Dark Stalker/UCF & included in his DSCPP [1997] he copies the decryptor found in some proted x Disadv: fixed crypt key -Encriptor (for COM files) By: GaStOn B. Type: COM protor V1.00b [1994] adds 150b to proted x adds string "Please, do not modify this COM-file! - Scrambler by Gaston B." in begin & ".GaStOn 1994." in end of proted x recoded by Dark Stalker/UCF & included in his DSCPP [1997] he copies the decryptor found in some proted x X-TRACT V1.51 removable -ABK COM file Scrambler (ABKprot/ABK-Scrambler) By: fds0ft (Hungary?) V1.00 non-pub adds 81b to proted x recoded by Dark Stalker/UCF & included in his DSCPP [1997] he copies the decryptor found in some proted x fixed crypt key UNP V4.12b t removable -MiCRoXoR By: Jibz aka Joergen Ibsen (Denmark) Year: 2000 Type: COM protor, 386? Adv: adds 16b or 17b to proted x 16b ver assumes SI=0100h not always the case if proted run under Win2K 17b ver removes this uncertainty but is 1b larger Disadv: CUP V3.4 /1 removable Note: 1 of smallest COM protors -invisible cryptor By: VAG aka Vladimir Gneushev (Russia) Type: COM protor, 386? V0.77 [1999] adds 17b to proted x rather incompatible? CUP V3.4 /1 removable Note: 1 of smallest COM protors -XorCopy By: Deimos/Trioptimum Type: COM protor V1.0 [1995] adds 41b to proted x output file is alphabet randomly named UNP V4.12b t removable Note: the purpose is to avoid deletion by BBS-Ad-Killing upload processors -CCE (ComCryptEngine) By: Valmii Killegaard/tKD /KAOZ LABS aka Soeren Pretzel (Germany) Type: COM.protor.lab (?), 386 Compiler: BP V7.0 V1.00 beta Adv: VBPE (mte) Disadv: all ADT enabled -> CUP V3.4 removable V1.06 [July 2000] Adv: cryptic GUI :) (almost) undetected protor Disadv: prog x hangs (my & CyR's) cpu orig scr font isn't restored herinmi/FileInfo V2.41b: proted x = F-LOCK V0.3? EdH: CCE = protor creator, EIPL = proted x creator Note: output is ASM src prog x: won't run on > 200 mhz cpu (start-up delay bug on CRT unit isn't patched) are reported as infected by PS-MPC.based vir, by AVP 3.0 b134 + AVP00005.AVC or Uni.Grv vir, by McAfee VirusScan for DOS/PM V4.0.50 + v4069 dat -EEXE By: Fernando Papa Budzyn (.uy) Type: EXE? protor, 386, DOS V3 V1.13 [1996] non-pub kicks? popunpak BW V2.5 removable Note: found on author's FZC (Fast Zip Cracker) prog x -EliaShim's CodeTrack By: EliaShim MicroComputers Year: <= 1993 Type: EXE protor -Rand0m/Tulpe By: Rand0m V0.01 V0.02a ROSE: good ADT Note: non-pub -ProCrypt By: Lukas Fabian Moser (Germany) V1.0 adds 1,072b to proted x ADT = stack tricks -Crush Type: COM protor ROSE: adds 50b to proted x ADT is for Soft-ICE, very lame -Immune or Immun By: Jens Bleuel Type: x protor V1.0 [1992] no ADT V1.2 [1993] -Xenia Type: EXE protor V1.00 [1991] -ANTI-TRACE By: Oren Maurice V1.0 uses? PIQ ADT UPC V1.11 removable found on TPCX prog x -Lockit By: Guy Shattah Type: EXE protor V0.10b V0.11a -EXE_Protector By: FAG/DTG (Russia) Type: EXE protor (?) Compiler: BP V7.0 V2.0 [1997] V4.7 [1997] V5.0 [1997] V6.0 [1997] last known ver non-pub contains AINEXE V2.22 (to pre-pres proted x) COM2TXT EXE2COM, COM2EXE removable by itself (?) NortonAV 2000: proted x is infected by Bloodhunt.File.String vir EdH: non-English. more review,plz! -Mess By: max! V1.20 Note: non-pub -aNTI-TEU by: max! v0.9: herinmi: buggy v1.2 -F-LOCK By: Valmii/tKD aka Soeren Pretzel (Germany) V0.3? [2000] V0.35 herinmi: tighter than banzai v1.2x Note: mentioned by herinmi's FileInfo V2.41b -PCC by: Mark DeSmet V1.2 -PPC By: ROSE aka Ralph Roth/ROSE SWE (Germany) Type: pass protor V1.0 -PaSsCom By: JauMing Tseng or Kevin Tseng (Taiwan) V1.19c -PassCOM By: Black Wolf Enterprises Type: COM pass protor V2.0 Note: PassEXE pair -PassEXE By: Black Wolf Enterprises Type: EXE pass protor V2.0 Note: PassCOM pair -BlackWolf prot Note: mentioned in herinmi's TR script -TBAV Prot By: Thunderbyte B.V. (Australia) Note: non-pub found on TBAV progs runtime? crypt -SCRAMB By: B.U.G. V1.20 [1993] -SCRAMBLE By: Alexander Alferowich/Tiny Spaceman Software (Russia) Type: COM protor, 286? V0.2b3/286 [Aug 1996] adds 48b to proted x TEU V1.82 -g -! half removable -Phrozen Crew Prot Note: non-pub -DemoMaker V2.1 -TheEgis By: Egis?/PCE -CrapStop -HASP -TREKLOCK By: Trills V1.12 -TraceLock V0.9 -XorCOM V1.00 -File_PROTECTION By: Bumerang aka S.Gruzdew (Russia) Type: x protor? V2.20 [1990] but proted x's logo claims itself as V2.14 EdH: non-English. review, plz! -SECURELOCK By: tecPIG aka Valmii Killegaard/tKD aka Soeren Pretzel (Germany) V0.3 [1999] V0.34 sub ver 5 TR + CONTRA R1 script removable Note: some vers kick TR predecessor of bANZAi cRYPT -CC (COM Crypt (?)) By: Basil V. Vorontsov aka TiGGER/IHG (Russia) Type: COM protor Compiler: BP V7.0 V1.01 [1996] can insert file in begin of proted x (as message) crypt only adds 38b to proted x UNP V4.12b t removable Note: EXE2BIN V9.50 bonus pack -CC2 (COM Crypt 2 (?)) By: Basil V. Vorontsov aka TiGGER/IHG (Russia) Compiler: BP V7.0 V1.5 [1996] can insert file in begin of proted x (as message) ADT adds 713b to proted x great crypt proted x hangs on RM of my cpu after exec-ed a few times Note: EXE2COM V9.50 bonus pack crypt is called [Code Garble V2.01/DOS] -C0M-C0DEr By: SkullC0DEr V0.04 [1996] -Lock 95 Note: mentioned in Blast Wave doc -bANZAi cRYPT By: Valmii Killegaard/tKD aka Soeren Pretzel (Germany) V1.2 [2000] mte adv: kicks TR disadv: TR + CyR's script removable Note: uses BMWE (mte) successor of SECURELOCK CyR: actually only renamed because "lock.exe" name has problems under Win -SelfEncrypt By: dR.No aka Daniel Arndt? V1.0 [1998] mte -A.C.E. Scrambler Year: 1996 mte -CONtRiVER-Cryptor Year: 1998 -Util Coded V0.21 -Ady's COM Scrambler year: 1993 note: PIQ -MINI by: Albert SEN V1.01 -PW by: Udo Kemle & Klaus Oberpichler V1.0 -HardLock by: Aladdin V4.14 [1997] -PG-Prot -Cerberus V2.0 -Overlay V3.0 -Tscrunch by: Clarion V3.01 -UnitA 3 by: Sanitary -SUN-Prot by: M.Dahl v1.01 [1995] note: password? -LAB (Lame Armor Builder) by: Morgan (Poland) adv: EIPL-compliant :) mte (MutaMorph) BFE (Blind Fury Engine) disadv: very Win incompatible -> even cause data loss emm incompatible add 17+ kb to proted x mem.erase sometimes erase IVT non-pub note: private project AddCode v1.0 (UniquE) [1997] PCVault-Protect (Johnson) [1993] Msep v0.9b (M.Sayles) [1996] EXELock v1.00a (Solid Oak) [1994] ExeLocker v1.1 (hUilaM) [1999] {pwd} TiGGER Protection REC v0.40.5 (R.Roth) XLoader v2.00 (Cyberman/STiLLS0N) Keymaker v3.0 (TimeSoft) [1998] SP-Crypt v1.2 (Snow Panther) H+BEDV Protection Triplex Packer (cOm) [1994] Overlay v3.0 ComCrypt (LostParadise) ComCrypt (M.Chirkov) [1995] SelfEncrypt (MaD'z/UCL) [1996] J0B Cryptor [1996] LKJ Protection Com4Mail v1.0 (J.Krasilnikov) [1993] FalCoN'AleX Protection Crackboard II Protection Anti-Lamer Crypter v1.0 [1999] XOPEN+ Protection [1994] PhRoZeN Crew Protection [1997] PFCrew Protection [1998] VenusSoft-Cryptor [1996] SelfEncrypt {MtE} (dR.No) [1998] GPatch v1.2b (jes) [1997] SelfEnc 386 (SWW/DF) [2000] VSF&K Protection [1992] FIO Packer {Diet100} (I.K.) [1996] WildRover Cryptor [1996] EM-Phaser Cryptor [1996] rEBELS Protection [1994] IdleSoft Protection (Prince) [1996] IdleSoft Packer (Prince) [1996] HaSPeX-Protect [1996] CC#3 Cryptor (ZC/XG) [2000] eXtreme Group Protection [1999] CCC-Protect (ZC/XG) [2000] COM-Cryptor 386 (nh/XG) [2000] x4-Cryptor 386 (nog/XG) [2000] TBNLock v1.3 (A.Fiedler) [1996] AVAST-Protect (P.Baudis) [1999] AVAST CRC-CHECK v7.70 (eXe) [1999] AliS S0fT com file encryptor Crack Soft com file encryptor Evil Genius com file encryptor hijaq com file encryptor Maverick's C0DER v.1.00a [nh] com file encryptor PC0R$AiR com file encryptor (1) PC0R$AiR com file encryptor (2) MACHiNE GUNgsTeR/BANG! com file encryptor Wumpus Soft Lab (?) com file encryptor ---- WIN (PROTECT/CRYPT/SCRAMBL)ER ---- -Lock98 V1.00.28 -Phantasm V1.5b3 -Alloy by: Prakash Gautam 1.04.14.2000 -AppLok 95 by: Prakash Gautam V2.0 -Armadillo by: Chad Nelson V1.83 herinmi: another way to protect -ASProtect by: Alexey Solodovnikov herinmi: ASPACK V1.084 registration bonus? -CodeCrypt by: defiler v0.164b -BJFNT by: Marquis de Soire /UCF V1.3 EdH: is this protor or presor? -CodeSafe By: Zhang De Hua (China) V3.0 EliCZ: 1st to use SEH -EXE Protector by: Eyhab Hillail V1.37a V2.01 note: passwords -Harlequin Dylan by: Harlequin Group V1.2 EdH: dunno what the hell is this -FileLocker 32 note: passwords -LameCrypt by: Lazarus V1.0 -Gleam by: Zhang De Hua (China) V1.0 EdH: is this a presor or protor? -PE password encryptor by: SMT -PEBundle by: Jeremy Collake V0.15wtd -NFO by: bart V1.0 -PC Guard by: Blagoje Ceklic (Yugoslavia) V1.50 is NE V3.03 -PCPEC [alpha] by: The+Q, Plushmm & MrNop/Phrozen Crew EdH: is this a presor or protor? -PECRYPT32 by: random & acpizer/UCF V1.2 herinmi: v1.13 doesn't exist -PE-Encryptor or VGCrypt by: virogen V0.75▀ -Ding Boys PE-lock by: Ding Boy V0.07 -PELOCKnt by: Marquis de Soire/UCF V2.04 -PE-Prot by: Christopher Gabler (Germany) V0.9 -PeX by: bart/CrackPl V0.99 -PE-SHiELD by: ANAKiN aka Stefan Esser (Germany) V0.25 note: share about the same code with PE-PACK -PrivateEXE by: MidStream V2.2: password (?) -SPEC by: hayras ▀3 note: simple crypter -Stone's PE Encryptor by: Stone (Danish) V1.13 v2.0 is a packer -WinKripT by: MrCrimson V1.0 -ShareLock -SoftLock by: BitArts V4.0 -UnHack32 by: Black Panther V1.2 -tELock by: tHE EGOiSTE V0.51 -SecuPack by: SC - Soft V1.5 -Crunch by: BitArts V1.0: herinmi: packrate (down under) -Fusion by: BitArts V1.0: herinmi: patcher and recompiler!? -PEdiminisher V0.10 -Pepsi (xOANINO) V0.10 herinmi: how is it? -PE-Sentry V0.05a -SoftSentry -VBOX -------------------- DEDICATED TO herinmi -------------------- --- VIRUS SHIELD --- -File Shield By: Uzi Apple & Yuval Tal / McAfee (USA) Type: AV.shield V1.5 [1990] Adv: covers x store exe header can remove vir from mem on x exec restore x to fshield-ed state, whether presed/proted/vir-infected won't propagate vir spreading Disadv: shareware add 1600 - 6000b (average: 2000b) to x can't shield exe+ovl stop overwriting vir annoying exit prompt on prog exit Note: double prot is unallowed shield is removable by the prog itself & X-TRACT V1.51 advanced shield over CPAV? -F-Xlock (Frisk's eXe Lock) By: Fridrik Skulason, Vesselin Bontchev/Frisk Software (Iceland) Type: EXE?.AV.shield V1.16 -VSS (Viren Schutz Schild) By: ROSE aka Ralph Roth/ROSE SWE (Germany) Year: 1990-1993 Type: COM.AV.shield Note: non-pub PCU removable -VSD (Virus Self Destructor) by: Wojciech Wysznacki V2.00 [1996] -Vaccine by: Rustam M. Abdrakhimov V1.03 V1.10 [1995] -VACCINE Sphinks-2 by: RedArc year: 1997 type: AV.detect.shield -Shield 386 by: V Communication & Steel Rat V1.70 -Health by: Muslim P. Polyak type: immunizer V5.1 -Scan /AV by: McAfee -CPAV (Central Point Anti Virus) By: CPS (USA) Type: AV.shield Note: based on TNT/AV -TNT/AV By: Carmel Software Engineering Type: AV.shield -NAV (Norton Anti Virus) by: Peter Norton/Symantec (USA) -NoAV (No Anti Virus) By: VAG aka Vladimir Gneushev (Russia) Type: COM.AV.false-detect.avoider? V1.0c [1999] non-pub removable by proted x itself (option @@) Note: found on some VAG progs McAfee's ScanPM V4.70 + DAT V4095 detect it as new virus :) --- COMPRESSOR --- -SYSPACK by: Vadim V. Vlasov (Russia) type: dos.sys.presor compiler: msc(++) [1990/1992] V0.1 [1992] note: UPX has better pres -LZCOM By: JauMing Tseng V1.4 -XPACK Year: 1995?-1999 By: JauMing Tseng or Kevin Tseng (Taiwan) V1.31 [1996] V1.60-: freeware V1.60+: shareware 1.67l [Jul 1997] free? V1.67.r2 Adv: can add comment on presed x anti-vir TSR online depres (RAM resident transparent expander) needs 4Kb of upper mem & 32Kb EMS mem can create XDI (XPACK [presed] Disk-Image) supports MS-DMF/FDFORMAT/2M format sfx XDI (XDI2EXE -> regged) archiver lib.unpacker (-UX option) guard codes against some lib.unpackers self check Disadv: slow pres EXE depres not available (regged?) EdH: it try to follow DIET Note: kernel code optimized by Harald Feldmann -XE (X-pack for Executable) By: JauMing Tseng or Kevin Tseng (Taiwan) Year: 1998-2000 Adv: supports watcom/le, tmt/adam, dos/exe, dos/com, dos/sys free Disadv: slow pres change orig 32bit format to XE format needs spec.loader (XELoader) no depres no 16bit segment reloc handler V1.4.5 b0119 [Jan 2000] Note: uses Sergey Belyakov's ZRDX dosx & Jibz's aPLib preslib XE divides file into blocks when pres (unlike aPLib) EdH: To JMT I suggested XPE as new name instead of XE -DIET By: Teddy Matsumoto (Japan) Type: EXE presor (COM -> EXE) but can force real COM (option -xc) Compiler: BC++ [1990] V1.00 [1990] V1.20 NC 4.0 Russia is packed with this V1.45f [Jun 1992] last known ver fix halted depres on 486 Adv: TSR online depres Stacker-like dos/sys 100b depresor -g: fast depres (+100b) free Disadv: bad pres ratio no depres deletes pressed x (even if its size is smaller) if it requires same cluster as orig x VeK: very stable x presor ROSE: DIET-ed x expects BX reg = 0 Note: add string "diet" to presed x -WWP or WWPACK ((Wierzbicki & Warezak's / World Wide) PACKer) By: Rafal Wierzbicki & Piotr Warezak (Poland) Year: 1993-1997 Type: EXE presor (COM -> EXE), max 15000 reloc Compiler: BP 7.0 Variant: WWPACK32 (for Win32/PE) V1.20b2 V3.04a [Jan 1996] V3.05b5 [Jan 1997] higher pres ratio for big file Adv: a lot of features: data pack password anti vir unextractable soft: can't be depres by WWPACK hard: light ADT (+ user ADT module) No_Hacks package contains user ADT module samples date/time limit Disadv: slow pres shareware Note: uses EXE header to store its config. no external config & still presible WWPACKed header also left $1A-$1F untouched tightest x presor at its time some foolers modify WWPACKed x start-up code with mte-ed code (WWPMutator) started from V3.02a, WWPACK is proted by HackStop V1.0? WWPACK V3.04a & V3.05b5 is proted by HackStop V1.11a -aPACK By: Jibz aka Joergen Ibsen (Denmark) Year: 1997-2000 Compiler: WC 32 Type: x presor, 286 V0.91b [Aug 1998] V0.98b [1999] V0.99b [2000] Adv the tightest small/average DOS x presor smallest depresor (133-340b) 3 more different encoding (-1/-2/-3) no reloc (-h) tiny EXE depacker (-t) XT-compatible depacker (-x) very fast depres no mem overhead Free for Non-Commercial Use Disadv slow pres no depres no self check no check for already presed x Note: better pres than WWPACK uses author own LZ, 56-60kb lookback + lazy match + Gamma encoding -> aPLib EdH: aPACK's history is fun to read :) -32LiTE Year: 1998-2000 By: Oleg Prokhorov /UG2000 (Russia) Type: multi format x presor Compiler: WC 32, PE compiler? V0.02d aPLib V0.22 V0.03a aPLib V0.26 the prog x format is PE V0.03b APLib V0.26 [SE] more options prog x must be patched to run under DOS: offset 50h: B0h -> 6Dh 51h: 19h -> 1Ah Adv: multi-format x packer supports some ancient formats capable to pres x with multi-in-one format restricted capability to pres to different format calls & jump optimization (-8 & -9) Disadv: slow pres no depres but sometimes no depres is an adv :) Note: uses Jibz's aPLib preslib -UPX (Ultimate Packer for eXecutables) Year: 1998-2001 By: Markus Franz Xaver Johannes Oberhumer (Austria) & Laszlo Molnar (Hungary) Type: multi format x presor, max 24,000 reloc, 286 Compiler: DJGPP V2 Adv: extendable (portable endian-neutral C++) self check the tightest big x presor pres better than zip/gzip fast depres: 10Mb/sec on Pentium-133 multi x formats are supported no mem overhead overlapping (depresor place in mem is reused by depresed code) free 8086-compatible depacker Disadv best pres-level (-9,--best) is slow only partial support for WDOS/X + LE no 16bit segment reloc handler V0.30 [Jul 1998] V0.40- x formats supported: dos/exe, dos/com, dos/sys, djgpp2/coff, watcom/le V0.40 NRV V0.32 added dos/exeh method (386+) V0.50 added win32/pe, rtm32/pe & tmt/adam format V0.60 NRV V0.54 added atari/tos format V0.70 [Mar 1999] NRV V0.61 added linux/i386 format added best pres-level (--best) V0.90 added win32/pe depres V0.99 src release under GPL V1.02 [2000] NRV 0.73 somewhat slightly faster pres prog x is now can depres itself (& few older ver) EdH: apparently nouser but me aware of this, because nobody else uses UPX secret switches for their progs V1.03 [30 Nov 2000] NRV 0.81 little more pres faster pres, also for best pres & big x added atari/tos/FreeMiNT binded with CWSDPMI r5 by CWSDSTUB V1.04 [19 Dec 2000] V1.11: beta ver Note: uses Markus Oberhumer's NRV (Not Really Vanished) preslib successor of DJP secret switches: --fileinfo, --all-filters, --small UPX gives better pres ratio on JMT's XDOC-ed text than aPACK -AXE (SEA-AXE) By: SEA (System Enhancement Associates) Type: x presor Year: 1987-1989 Compiler: MSQC [1988/1989] V2.0 V2.2 [Jan 1989] 1,510b depresor Disadv: presed code stored as ovl after depresor lame pres ratio shareware Note: oldest? EXE presor -EXEPACK By: MicroSoft Type: EXE presor V4.06 [Feb 1986] V4.06 = V4.05 V4.07 Adv: free Disadv: lame pres ratio uses RLE old ver's presed x prints "packed file is corrupt" & halt under EMM & lots of base mem -EXEPACK by: TurboPower V7.0 -MS-LINK /EXEPACK V3.69 V5.31.009 -SPACEMAKER Type: reloc presor By: Realia V1.03 V1.07 exe2com? -PACK By: Kim Kokkonen/TurboPower Software Type: reloc presor V1.0 [1987] -RELOC By: Piotr Warezak (Poland) Type: reloc presor V1.00 [1997] =? Kim Kokkonen's PACK V1.0 -RERP By: Ralph Roth aka ROSE/ROSE SWE (Germany) V0.02 [1996] -RP/386 By: Michael Hering/Germany Type: reloc presor V1.20 [1999] V1.21 -ReloPack By: Stefan Esser type: reloc presor V1.0 [1996] herinmi: improved Kim's PACK V1.0 -COMPACT By: Klaus Peichl (Germany) Year: 1994, 1998 Type: COM presor, max 15,000b V1.05 [1998] presed x needs 33kb freemem or quit 82b depresor (no huffman decoder) 20 to 50 passes pres (very very slow) but (suspend & continu)able no need to depres & re-pres if we want further pres more passes = longer exec time uses RLE-2 pres (pres pointer is the least frequent byte in inputfile) bad pres ratio -OPTLINK By: Symantec or SLR? Note: non-pub, only for Symantec progs (ex: MS-DOS Defrag) pass1: pres reloc, pass2: pres code -LZEXE By: Fabrice Bellard (France) Type: EXE presor Year: 1989/1990? Compiler: BP V5.5 V0.90 V0.91 V1.00a [Sep 1991] Adv: self check free Disadv: bad pres ratio no depres Note: the 1st real? EXE presor used to pres ARJ-SFX, RAR-SFX & some others EdH: I remembered reading English LZEXE but why V1.00a doc is in France? -PACKWIN By: Lei Jun & Wang Quanguo /Yellow Rose Workgroup (China) Year: 1993-1995 Type: EXE presor V1.0a [Jun 1994] V2.02 [1995] add string "YRZLITE (C) 1993 WYellow Rose" to presed x can press dos/exe & win/ne faster but lower than PKLITE V2.01? -624 (Six-To-Four) By: Kimmy/Pulp aka Kim Holviala TomCat/Abaddon Boogie/ESP aka Andras Barthazi Type: COM presor, < 25000b Adv: option -s: better pres free? Disadv: option -s is very slow aPACK/UPX gives better result V1.0 adds string "PULP" to presed x + C src by: Kimmy/Pulp aka Kim Holviala V1.1 [1997] compiler: BAP by: Boogie/ESP aka Andras Barthazi rewritten to get 4x speed & 1/10 x size adds string "[ESP]" in begin of presed x -PKLITE By: PKWARE (USA) Year: 1990-1992, 1995, 1996 Type: x presor, DOS V2.1 V1.00b BenC: for certain x, the last 512b image is moved to ovl V1.10: hacked ver V1.14 [1992] add crypt to presed x V1.15 BenC: not detect Win / OS/2 x & pres it as dos/exe -> no longer runnable V1.20: a lot of hacked ver declared as V1.20 before its release different crypt V1.50 [1995] optional image checksum V2.01 [Mar 1996] can pres Win3.(0/1) NE & DLL files Adv: very fast pres regged ver. offers option: -e crypt extra pres put string "PK" or "pk" in 1st fcb (offset 5C) of PSP presed x checks for such sig & aborts exec if can't find it UNP & X-TRACT fakes this sig on unpacked x to make it run? -e- extra pres w/o PSP sig check? for enough mem Disadv: shareware up to 84kb mem overhead rather bad pres ratio Note: the most famous x presor at its time there are a lot of hacked or *independently improved* PKLITE vers -AVPACK (Andrei Volkov PACK) By: Andrei Volkov (Russia) Type: x presor V1.20 BenC: if to-be-presed EXE size = multiple of 512 byte: it's regarded as ovl-ed EXE only stores the first 20h bytes of EXE header, thus prevents complete restore V1.22 [Apr 1993] Adv: very fast pres can crypt (not removable by prog itself) crypt so presed x only run on one's PC free for non-commercial use Disadv: rather bad pres ratio BenC: similar to PKLITE -TINYPROG By: Tranzoa, Co (USA) Type: EXE presor (COM -> EXE), DOS V2 Year: 1990-1994 V3.6 [1992] V3.9 [Mar 1994] Adv: basically no extra mem about 1.8kb, usually already claimed by presed x password user error message user message misused by foolers (ROSETiny, PKTiny, TinyProt, TinyHack) ex: by fill it with PKLITE header crc-check regged ver offers /D -> unextractable pres many ADTs quite fast pres Disadv: shareware each session plays time-consuming 'happy talk' before exit bad pres ratio V4.0: ROSE: same as V3.9, but rearranged code & slightly longer depresor ROSE: some fake/modified ver exists (Dezet, Fischer) -COMPACK By: W. J. Collis/Prominence Computer Services Ltd (Italy) Type: x presor, COM: =< 65000b, EXE: =< 12000 reloc, DOS V2 Year: 1990-1993 Compiler: BC V2.0 [1998] V4.4 BenC: end of depresor contains a far jmp to depresed prog. This jmp points to 0:0 but is adjusted not much earlier before the exec of this instruction. On 386- the PIQ is small enough to allow this self-modification. But on 486+, the read-ahead buffer is much larger so the jmp 0:0 has been read & exec-ed when the adjustment takes place, most likely cause a system crash. V4.5 [Nov 1991] optimize EXE header (option -h) V5.1 [1993] Adv: adds 193b (?) to presed COM 1 of fastest x presors no OS dependencies (runnable on future OS?) like: DOS calls int latency DOS/BIOS mem access can add message to presed x sfx can pres system/driver Disadv: shareware can't pres prog: loading on hi-mem with ovl/debug info limited sfx (max is 640Kb?) -PROPACK By: Rob Northen Computing (England) Type: (data & x) presor, archiver Year: 1991-1993 Compiler: BC++ [1991] V2.08 V2.14 [1992] V2.19 [1993] Adv: support for Amiga, Lynx, ST, 68000 x ? free for non-commercial use registration & update is free for sw developers Disadv: bad pres ratio Note: adds string "RNC" to presed x use p -fp as x presor -UCEXE By: Andrew Cadach/AIP-NL (The Netherlands) Type: x presor (COM -> EXE) V2.4 [Apr 1996] Adv: 1 of fastest x presors better pres ratio than PKLITE V2.01 & COMPACK V5.1 self check Disadv: shareware not preserved date/time stamp Note: part of UC2 archiver -PKSMART V1.0 By: PSV (Puchkov Sergey) & Alex(ander Ryumshin) (Russia) compiler: bc++ v3+ [1991] V1.0 [Jun 1998] Adv: very good pres ratio (sometimes better than WWPACK 3.05) Disadv: shareware? slow pres not properly coded? (often hangs) not very compatible? Note: no other ver -PGMPAK (ProGraM (?) PAcK) By: Todor Todorov Type: x presor (COM -> EXE) Compiler: BC V2.0 [1988] V0.15 [May 1991] Adv: free Disadv: same pres ratio but slower than PKLITE V2.01 add 12b ovl 00h+"PGMPAK 0.15" to presed x most presed x hangs not giving full mem Note: prog x contains PKZIP [1990] EdH: maybe it's used this way: call PKZIP inside prog x to pres to-be-presed x attach (mini) ZIP-Sfx then depresor to presed x if exec-ed, depresor execs (mini) ZIP-Sfx to depres (in mem?) & execs depresed x STN: PGMPAK is buggy -PAKEXE By: Sergio Artic V1.0b [1996] Adv: free Disadv: requires PK(UN)ZIP to (de)pres EdH: I'm not sure how it works but maybe like this: x is presed with PKZIP -> file A File A is stubbed with $pakexe (depresor) -> file B if file B is exec-ed, depresor run PKUNZIP to depres ZIP -> file C exec file C -SHRINK Type: COM presor V1.0 [1988] by Thomas G. Hanlin III max to-be-proted x is 30,000b average pres ratio = 7% 82b depresor uses RLE2 pres method (uses least frequent byte inside file as pres flag) free BenC: if all 256 bytes appear at 1 time in to-be-presed x, triggers 2 bugs: -if a RLE byte followed by 00h, 00h is written to prog instead -last byte of presed x isn't written V2.0 [1995] by JauMing Tseng or Kevin Tseng (Taiwan) uses SHRINK2 pres method 104b depresor max to-be-proted x is 65,536b - 104b (?) removes 3 fatal bugs from V1.0 -> lost (rlekey/dupchar/lastbyte) src is provided free -T-PACK By: Max/Tuscon aka Norman Rudolph (Germany) Year: 1996? Compiler: BP V7.0 V0.5b Adv: -m1: 69b depresor (matching length = 32b) -m2: 122b depresor + more pres (matching length = 2,048b) Disadv: very slow bad pres ratio Note: uses LZ77 + 2kb sliding dictionary -ELITE (EXELITE or Exe-LITE) By: (Patryk E. Glowacz & Adam Augustyn)/Code Blasters (Poland) year: 1994-1996 Compiler: BC++ V3.0 [1991], large model V1.00b : password V2.00S beta [Jan 1996] Adv: new exe header format reduce presed x size very little mem to depres presed x regged ver offers prot crypt + ADTs (against CUP, TRON, Soft-ICE, TD, CodeView, etc) no orig EXE header can add message to presed x create sfx-dat to be used in application pres data file add anti-vir heuristic repair of damaged presed x (tested with 37 virs) Disadv: shareware -> $15 faster but worse pres ratio than PKLITE V2.01? Note: uses dynamic Lempel-Ziv (DLV) for x pres EdH: it should be DLZ, not DLV :) LZSS + Huffman for data file pres EdH: repair & anti-vir addition are silent when I modify presed x -MEGALITE By: ThE KiLLeR of MEGATEAM 'n CTF Type: EXE presor Compiler: MS-C [1990/1992] V1.20a+ [Nov 1994] better pres new sig 8086 runnable Note: prog x is processed by: -Megalite V1.20a -modified CPAV to confirm license agreement on each exec -ICE V1.00 -EXE2COM (regular) -TINYPROG V3.9 -ICE V1.00 -MCLOCK V1.2 or V1.3 -COM2EXE -PKLITE V1.15 -EXE2COM (regular) -TINYPROG V3.9 -MEGALITE V1.20a prog x contains PKLITE V1.14 (?) presed x "MZ" sig is swapped to "ZM" V1.5 BenC: PKLITE-like pres it changes 1 byte of depresor -> screw up code Disadv: up to 4kb mem overhead -AINEXE By: Alexander Kulpin/Transas Marine (Russia) Year: 1993-1996 Type: EXE presor V2.23 [1995] 1 of fastest EXE presor -> uses? (X/E)MS better pres than PKLITE V2.01 Note: part of AIN archiver -Synopsis's COM Packer by: Synopsis (The Netherlands) ROSE: overwrite int0-4 w/o restore COMPACK rip (?) Note: non-pub found on Synopsis's UPC prog x (?) -JAM By: Eugen N. Vasilchenko (Russia) Type: x presor Year: 1990-1991 Compiler: BP V6.0 V2.21 [1991] shareware slower pres than PKLITE V2.01 VeK's TYP: caution on 486! presed x hangs my cpu (if generated under 486, presed x is buggy?) -CC By: Anry Hacker/UniHackers Group (Russia) Year: 1991-1994 Type: x presor (EXE -> COM), 286 Compiler: BC++ V3.0 [1990] V2.61b fast x unpack header LZ pres worse & slower than PKLITE V2.01 small EXE2COM prot simple ADT (based on PIQ) crypt SME (Startup Mutation Elusiver) AIDS (Anti Intruder/AutoHack Daemon System) V86 CUP V3.4 /3 removable shareware? MANtiC0RE [1999] fixed presed x locks keyboard on Pentium+ -CRUNCHER By: Ori Berger (Israel) Type: x presor (COM -> EXE), DOS V3 V1.0 [Aug 1989] shareware stores presed code as x ovl slow depres (proted x exec shows depres progress) 2,151b depresor lame pres ratio uses dynamic LZ 9-12 bits with Table Clearing -PACK By: M. Sotoodeh (?) Type: x presor V4.04? -PACK By: NoddegamrA (Poland) Compiler: BC V1.0 [1987] V2.01 [Oct 1995] shareware data pack bad pres ratio slower than PKLITE V2.01 herinmi: DIET V1.00 rip, only 4b is different -EXEHIGH By: NoddegamrA (Poland) Year: 1995 Compiler: BC V2.0 [1988] V1.01 [Oct 1995] shareware free lower & slower than PKLITE V2.01 -LGLZ (Lyapko George LZ) By: Y. George Lyapko (Ukraine) Year: 1996-1999 Compiler: BP V7.0 V1.04b [Dec 1997] V1.04e [1999] V1.03 = V1.04a-e fast self extract module uses modified LZ77 + 8,192b sliding window dictionary + lazy matching better & faster than PKLITE V2.01 free -MS-LITE (Mercury Soft LITE) By: Andy Cheng/Mercury Soft Technology (Hong Kong) Year: 1997 (?) - 1998 (?) V2.3 [1998] -SCRNCH (SCRuNCH) By: Graeme W. McRae Year: 1987-1988 Type: COM presor, 8086, DOS V2 V1.02 [Apr 1988] shareware customized exit routine same pres ratio but much slower than PKLITE V2.01 author: EXEPACK + SCRNCH give more pres ratio EdH: my test shows the contrary -VACUUM By: Dark Fiber/[NuKE] Type: COM presor V0.01c [1996] lower & much slower than PKLITE V2.01 no check for already presed x prog x is Adam's DOS32 V3.40b prog -COMPREXE (COMPRess EXEcutable) By: Tom Torfs (Belgium) Type: x presor V1.0 [Sep 1997] lower & slower than PKLITE V2.01 reports orig & presed x differences free Note: part of ProtEXE -RJCRUSH (Roland J. CRUSH) By: Roland J. Skinner/RJS Software (South Africa) Year: 1994, 1996 Type: EXE presor Compiler: BP V7.0 V1.10 [May 1996] shareware prog x exec sometimes show beg scr can pres BP V5.55-V7.0 prog ovl (if src available) 1 of fastest EXE presor slightly better pres than PKLITE V2.01 reloc sort 2pass reloc pres no depres -KVETCH By: Tal Nevo Year: 1993? Type: x presor -A.C.E. Packer year: 1996 note: can pres COM -SANCTION Packer By: Pinker aka Dirk Kueppers / SANCTION (Germany) Type: COM? presor Year: 1996-1997 (?) V1 uses dynamic LZSS77_ari + 8bit fixed pointer unpack header = 250b V2 uses LZSS77 + dynamic multi-precision arithmetic pres ratio = RAR/ARJ (?) worse pres ratio than 624 complete depresor size = 133b (+30b for copying, etc) Note: non-pub? found on SANCTION's 4k Intros --- WIN COMPRESSOR --- -PKLITE32 by: PKWARE V1.1 -WWPack32 by: Rafal Wierzbicki & Piotr Warezak (Poland) V1.20d -PC-Shrinker by: virogen/Phrozen Crew V0.71 -PEcompact by: Jeremy Collake V0.977: time trials V1.41 -ShrinkWrap by: Jeremy Collake V1.22 herinmi: it`s totally the same as pecompact -CEXE by: Tinyware Inc. V1.0a note: presor only under winNT -ASPack by: Alexey Solodovnikov V1.03: time trials V2.100 note: worthy presor beside UPX? -PE-PACK by: ANAKiN aka Stefan Esser (Germany) V1.00 note: uses Jibz's aPLib preslib -PETITE by: Ian Luck type: PE presor V2.2 note: pres uses ZIP algo -NEOLITE by: Neoworx V2.00 -NEOSPACE by: Neoworx -SHRINKER by: A.S.M. Inc. V3.2: NE V3.4: PE -WINLITE type: NE presor by: Rosenthal V1.0 -LXLITE by: Friends Software type: OS/2 x presor --- ARCHIVER SFX --- -UCSEA (Ultra Compressor Self Extracting Archive) By: AIP-NL (Ad Infinitum Programs-NetherLands) V2.37b [1996] Adv: need < 270 kb mem UltraFast pres engine Disadv: distribution needs registration different format than UC Note: UltraFast may be used in portable UC3 ? part of UC2 archiver -ARJ-SFX By: Robert K. Jung/ARJ Software (USA) V2.10+: presed by FaB's LZEXE V2.70 [1999] 3 sfx modules: 6,204b (ARJSFXJR/junior), unpresed: 8,162b 16kb (standard) 18kb (mentioned on ARJ/v2.70/TECHNOTE.TXT) -> supports ARJ-SECURITY 27kb (ARJSFXV/multi-volume) -> supports ARJ-SECURITY V2.75a [2000] Disadv: distribution needs registration Note: has string 'RJSX' part of ARJ archiver -RAR-SFX By: Eugene Roshal (Russia) Compiler: BC++ [1991] V2.70b2 [2000], unpresed size: 13,823b Note: has string 'RSFX' part of RAR archiver presed by FaB's LZEXE -ZIP-SFX (PKSFX) By: PKWARE V2.04g [1993] unpresed size: 18,912b/3,002b (mini) V2.50 [1999] unpresed size: 20,640b/3,150b (mini) Note: part of PKZIP archiver presed by PKLITE -ACE-SFX By: Marcel Lemke (Germany) V1.2b [1998] presed by Jibz's aPACK V0.82b? uses 1Mb EMS (dos/exe) size: 24kb (senior) 3,802b (junior) V2.0b1 [2000] UNACE is rewritten to be SFX x = PMODE/W V1.33 + watcom/le presed by UPX V0.99.3 V2.0b4 [2001] Note: part of ACE archiver -PROPACK SFX By: Rob Northen Computing (England) V2.18 [1993] 1,913b sfx hangs my cpu while depres part of PROPACK -AIN-SFX (AINEXT) By: Alexander Kulpin/Transas Marine (Russia) V2.31 sfx = separate (freeware) extractor x + AIN archive (as ovl) 27,770b Note: part of AIN archiver -LHA-SFX By: Haruyazu Yoshizaki (Japan) compiler: LSI-C86 V3.20 V2.13 [July 1991] size=1,942/1,945b (large); 1633b (small) free Note: part of LHA archiver -LHARK-SFX By: Kerwin F. Medina V0.4 Note: part of LHARK archiver -BSN-SFX By: PTS (Russia) V2.0 [1994] presed size = 3,884b Note: part of BSA archiver --- DEDICATED TO EXEList: DEBUGGER/EMULATOR/TRACER/DUMPER/UNPACKER/DISASM --- Info Source: Jose M. L. Lopes/MASK V2.5/DOC CyberRax/LCCrypt V1.2/unpack.txt --- -Sourcer By: V Communications Type: disasm CyR: commenting disassembler, elitest of the elites, now is forgotten, but still excellent prog -UNComBat By: ROSE aka Ralph Roth/ROSE SWE (Germany) Year: 1993-1999 Type: spec.deprot.COM Note: a DOS DEBUG script written in batch file part of ROSE's UnTiny package -UPCOM By: Hanno Bock/SAVE (Germany) Year: 1997 Type: unpack.COM Note: a DOS DEBUG script written in batch file part of HUNP (Hanno's UNPacker) V1.01 package -DEBUG By: MicroSoft Year: 19?? Type: RM.debug Note: part of MS-DOS package like other MSDOS prog, it refuses to run on other MSDOS ver still useful for small/fast work -SYMDEB (SYMbolic DEBug) By: MicroSoft V4.00 [1985] -386 MiniBug By: Phar Lap Software V2.2d [1989] -ACT N82538872 By: Victor M.Gamayunov Year: 1993 -D(ALF) By: Obraztzow S. (Russia) V1.0b [1992] -EDB By: Serge Pachkovsky (Russia) V0.15 [1991] -MegaDebugger -VIM (Virtual Machine) By: DDI Type: RM.debug V1.01PD -DEBUG By: PhysTechSoft, Ltd. (Russia) V1.30 [1999] Type: RM.debug Note: part of PTS-DOS 2000 package more complete & user-friendly than (MS)debug -CV (CODEVIEW) By: Microsoft Type: RM?.debug -SSD (Serville's Software Debugger) By: Mathew Probert Type: interpret.? Year: 1996 V6.0 Note: designed to analyze (crypt/mte)d virs -DCA (Deep Code Analyzer) By: PReDaToR 666 Type: few.spec.unpack V1.4 [1996] dedicated to Oren Maurice unpackers are put as external x -ABKDEPRO beta 3 By: fds0ft (Hungary?) Year: 1996 Type: few.spec.unpack.COM, 286, DOS V3.3, 200kb freemem Adv: GUI free -INTRUDER By: CREAT0R/CreaSoft/FBI aka Alex Taylor or Alexey A. Novojilov (Russia) Type: lib.unpack V1.30 [1994] supports BP, BC(++), MS-C, Clipper V1.31 [1998] by dR.No/ViP Software/DTG/UG2000 enhanced MS-C & Clipper support Note: 1st lib.unpacker -UPC (Universal Program Cracker) By: Synopsis (The Netherlands) Type: lib.unpack year: 1996-1997 V1.11 [Aug 1997] Adv: supports BP V6.0 & V7.0 BC(++) MS-C(++) / QB ZC (only tested on V3.0) WC++ 16 Note: based on Intruder -ENTPACK By: Veit Kannegieser (Germany) Year: 1995-1998 Type: lib.unpack 19.09.1996 : WC, LSI C 05.10.1996 (Fitted & TopSpeed) M2, (Turbo & Quick) Basic, (Zortech/Symantec) C, HackStop V1.13 11.10.1996 : RCC 1.10 08.05.1997 HARDLOCK (HLVXD.EXE) Bat2Exec 31.12.1997 ANTIUPC, WWPACK V3.05▀5, PCRYPT V3.45, Parameter t for HARDLOCK and DOG212, XPACK Guard, PROTEXE 16.01.1998 : ProtEXE V3.11 31.03.1998 : Selfenc/Bat2Exec(Trap) 08.04.1998 : ILUCRYPT V4.0 24.04.1998 : Upstop 28.05.1998 : TRAP 1.17 14.06.1998 : aTEU 1.1 15.06.1998 -TEU (The Executable Unpacker) By: JVP Year: 1996-1998 Type: lib.unpack, 386 Compiler: TASM V3.20, small model V1.82 (1998) Adv: recognizes much more compilers than UPC V1.11 -g : gen unpack -! : save on termination -M(n): PassiveX(n), n=1..4 mutate itself in mem to avoid mem detection unpacks so easily many (unsuccessful) effort are done to stop TEU: UET, ATEU, EXELOCK666, etc Disadv: uses (rather) incompatible prots for TEU x, sometimes hang unpacked x produced is always EXE Note: prog x is proted by many nebelbombs -XPACK -UX By: JauMing Tseng or Kevin Tseng (Taiwan) Type: lib.unpack Note: a spec.unpack switch in XPACK JMT: -UX is hacked UPC code -PCU (pGA! cOm unpacker) By: fds0ft (Hungary?) Type: few.spec.unpack.COM Year: 1997 Adv: GUI can remove some COM processors UNP & X-TRACT can't -Khrome Decrypter By: Teraphy Type: few.spec.unpack.COM V0.1 [1997] -UN-PACK By: Snow Panther/DTG/UG2000 (Russia) Type: many.spec.unpack Compiler: BP V7.0 V1.0 [1998] can find 5 of 9 Lost Soul/UCF 's anti-CUP386 /7 tricks V1.1 COM2EXE COM tracer (-t) V1.2 reloc handler (-r) V1.4 EXE2COM V1.5 truncates & separates file (-f) portions from ST!LLS0N's EXESCAN V3.25 some sigs gen detection (-g) TEU support (-u) V1.666 [2000] free portions are from Hypn0tizeR's File Analyzer (extension detector) Juergen Peter's IDArc (archive detector) V1.7 [2000] free ver available sometimes suggest you to unpack certain x yourself with: CUP V3.4, X-TRACT V1.51 & ProcDump V1.6 extension detector file is now presed with TTCOMP COM dumper V1.8 [2000] add Code Master's Disasm V1.9 [Oct 2000] V2.0 Note: commercial use is prohibited contains unpackers written by other people author also include his non-pub spec.unpackers -UNP By: Ben Castricum (The Netherlands) Type: many.spec.unpack V3.00 option -a (self-repeat to remove deeper layer on unpacked x) V4.10 command t: trace x (4 COM = gen unpacker) V4.11 [1995] prog x is DIET V1.45f-presed & DShield-proted reconfigurable options, saved in the x can't scan unpacked x with TBScanX (but mentioned on DOC!) cardware or $1 for commercial use V4.12b can scan unpacked x with TBScanX Adv: lot of options to manipulate x COM2EXE, EXE2COM copy/remove/merge ovl optimizes reloc remove not-relevant header data align header data Note: 1st known prog capable to remove many x processors -X-TRACT By: Pablo Carboni Type: many.spec.unpack V1.51 [1995] last known ver Adv: self-repeat to remove deeper layer on unpacked x unpacks some more x processor UNP can't remove Note: another old unpacker -UX By: Misha/UCF Year: 1992-1996 Type: many.spec.EXE.unpack V0.55 last ver src is released free for non-commercial use -TRON Year: 1994-1996 By: Michael Bauder aka Avenger/Smile Soft (Germany) Type: gen.trace.unpack? V1.30 [1996] Adv: -p or -u: universal PM expander (regged) Note: ROSE,herinmi: tricky to stop -TD, TD286 & TD386 (Turbo Debugger) Year: 1988-1993 Type: debug By: Chris & Rich Williams/Borland V3.1 [1992] V4.0 [1993] PM debugger Note: TD & TD286 is easy to kick (RM debugger, int1/int3) CyR: simple HLT will crash TD TD386 uses 386 spec. hw bkpts -Soft-ICE (Soft-ICE Win, WinICE, NTice) By: Nu-Mega Tech. Type: TSR.debug V2.64 [1993] V2.80 Note: the first? 386 debugger uses 386 spec. hw bkpts acts as EMM most older ADT is created to kick Soft-ICE :) -CUP & CUP386 (CyberWare Universal unPacker) By: Alex Petroukine aka Sage/Cyberware/UCF (Russia) Type: gen.trace.unpack, 386, DOS V5 Year: 1995?-1997 V1.2: 3pass V3.2: 386 anti runningline V3.3a StE: full of bugs V3.4: 386 Adv: has CyberWare Code Digger (debugger) inside -> option /d cup /1: RM tracer cup /3: 386 spec. hw bkpts -> only run on RM cup /7: pretender (emulator) -> only run on RM Note: the most fearsome unpacker at its time LostSoul/UCF worked to find 9 anti-CUP tricks unused space in unpacked x sometimes contains repeated strings of "!reve4erawrebyc`" -> flipped "`cyberware4ever!" EliCZ: based on LIDT -TR (Super TRacer) By: Liu Tao Tao (China) Type: RM/v86?.interpret.debug Variant: TRW V1.22, TRW2000 V2.03: CG: V2.03 is better than V2.52 (large model instead of small model?) V2.52 [Nov 1998] last know ver Adv: run on V86 user interface script supports 'function keys' & 'debug like' usage kicks 'check if last key was [ENTER]' ADT Disadv: shareware, but U can suspend the payment until you're rich :) Note: the best debugger most newer ADT is created to kick TR :) -LTR (LADO's TRacer) By: LADO aka Attila Ladomerszky (Hungary) Type: RM?.interpret.debug Disadv: only run on RM V1.0 [1999] CG: slow & mighty interpreter, full DRx hw bkpt possibility CG, ChS: very strong EliCZ: based on LIDT starts PM or sets IDT back to 0:3ff (like AdFlt2A) will kick it V1.01 (?) -EDUMP or EZDump (EliCZ's DUMPer) By: EliCZ/pCE (Czech) Type: WIN mem dumper for DOS x Ver I Ver II: runnable under Win31 Adv: unpacks any unrunnable protor runtime crypt modified ver is able to kick FSE V0.76 Note: the unstoppable unpacker? EliCZ: truly & fully gen unpacker, bypass polymorph & mte CG: using WIN DPMI functions to gain access of hw bkpts very strong STN: the ultimate unpacker no EDUMP detection better than (the lame) mem detection EDUMP run at ring-0 while proted x at ring-3. EDUMP can't be removed without harming Win -GTR (General TRacer) By: Hendr!x/UCF aka Patrick Enoch Type: trace.unpack?, 386 RM Year: 1998?-1999? V1.Df/Dt [1999?] Adv: STN: the best tracer CG: clever hw bkpt tracing method in PM ChS: it now reflects hw bkpts to V86 mode Disadv: hard to use Note: ver numbering is numeric then alphabet (8,9,A,B) -DG (DeGlucker) Type: rm?.debug V0.0? : by ALI aka A. Ilyushin & MASTER aka S. Gorokhov (Russia) V0.04rc: by CrazyMax aka Max Martynov (Russia) V0.05 : [2000] by OlegPro aka Oleg Prokhorov & VAG aka Vladimir Gneushev (Russia) herinmi, manticore, cyr: very good OlegPro: it can trace FSEd x Disadv: src is released can't run with EMM -ICEUNP (Intel Complex Emulator UNPacker) By: JauMing Tseng or Kevin Tseng, Christopher Gabler Year: 1996?-2000 Type: emu-trace.unpack JMT: based on IUP-frame-work/interface & TEU-exe-rebuilder up to V0.31: by JMT open src CG: using TF, own stack, DRx tracing, int1/3 emulation V0.32-V0.33: by CG add HS & MESS tracing EdH: slow but working :) V0.34 by JMT regs are set like DOS before run -IUP (Intelligent UNPacker) By: Frank Zago (France) Type: 1-step-trace.unpack, 386 RM V0.67 [1996] Adv: immune to int1/3 & IN/OUT trick 1pass Disadv: strange result & slower on QEMM than real mode? kickable by stack playing trick src is released Note: JMT independently improved IUP as ICEUNP -AutoHack By: Y. Tolsky/BCP (Russia) Type: gen?.unpack Compiler: BP V7.0 V4.1 [1994] ][ V1.0b [1994] semi GUI EdH: non-English. review, plz! -SnapShot Pro By: DaLe. Co (Russia) Year: 1992-1994 Type: dump? V3.0 [1994] can do lib.unpack EdH: review, plz! -GETEXE By: Tzer (Russia?) Type: TSR.trace? V2.0b [1993] -HaSP-Extractor By: Lord of Gifts Type: many.spec.depres V1.00 [1996?] SBUST clone -> supports similar progs (?) -BW (BlastWave) By: Ding Boy (Taiwan?/China?) Year: 1998(?)-1999 Type: dump/lib.unpack, DOS V6, 386 Compiler: QB V4.5, MASM V6.11 Variant: BW2000 V2.5b2 [1999?] CG: interesting dumping method STN: latest fine breed of lib.unpacker EdH: good, but non-English. more review, plz! -ERP (Executable Recovery Program) By: Richie Year: 1996-1997 V0.97b Type: append.remover Adv: may remove appending (vir/protor) from known packer/compiler Note: the only append.remover unpacker -RIPPER/32 By: Werong Ho (Taiwan?/China?) Type: ? Year: 1995 V2.01 Easy Version src is included V3.00 Zenix: I like the src very much -AUP (AUP386) (Acheron Universal unPacker) By: Sirius aka lopenpet(?) (Slovakia?) Type: unpack V1.0b [1997] unfinished prog no help not properly tested (often hangs?) prog x can't run with emm or disk cacher no handler for PIQ tricks CG: unstable hw bkpt Note: the only ver can't unpack anything? :) -Game Tools By: Wong Win Kin (Hong Kong) Type: ? V3.23 [1993] Note: to cheat games, but also used for cracking :) -GW (Game Wizard) 32 Pro By: Ray Hsu & Gerald Ryckman /Enhanced Software Design (Canada) V3.0 [1995] Note: game cheater, not debugger/unpacker but since it goes TSR & may help x unpack, some protors (ex: MASK) disables it -Game Buster -CRKCOM By: ST!LLS0N Type: dump.COM V0.92 [1997] option /1: RM.trace free no doc -DUMPCOM By: ST!LLS0N Year: 1997-1998 Type: dump.COM Compiler: BP V7.0 V3.55 PRO [1998] free no doc -tHE DUMPER By: LazyC0DEr/BotH Type: dump/lib.unpack, 386pm V1.00 [1999] lib.unpack.detection is based from INTRUDER V1.30 -LCDump (LaMe CoM DuMPeR) By: CyberRax (Estonia) Type: dump.COM, 286, DOS V3 V1.0 [1 Jan 2000] V1.01 build 7 [3 Jan 2000] now supports COM presors sets DOS mem alloc strategy to 1st fit dumps after target prog is terminated can be kicked with mem cleaning or anti-load -UNSHELL By: Feng-Zhihong/JWL Co. & New Bible Workgroup (China?) Type: unpack.EXE Compiler: BP V7.0 V1.1 PRO [1995] shareware (to unpack, must wait 60 sec 1st) adds string saying that unpacked x is unpacked by UNSHELL V1.0 -TBCLEAN By: ThunderByte B.V. (Australia) Type: trace.clean V7.00 [1996] V8.09 Note: to clean vir, but... CyR: decryptor part awfully resembles a virus, so... part of TBAV -RVK/386 (ROSE's Virus Killer) Type: heur.clean.COM Adv: bypass more ADT than TBClean Disadv: TBClean's UI is nicer Note: to clean vir, but... -CUNP (ROSE's Generic COM file unpacker) By: ROSE aka Ralph Roth/ROSE SWE (Germany) Type: gen.unpack.COM Year: 1996-1997 V0.17b [1997] CyR: all vers crash on my PC -UCOMUX (Vandals's COM Expander) By: MegaDevil/Vandals (Portugal) Type: dump.COM Year: 1996 Note: goes TSR until next COM exec & dump the COM before exit always dump 64kb part of Vandals's UNPCOM -COMDump By: MegaDevil/Vandals (Portugal) Type: dump.COM V1.0 [1996] goes TSR, while run proted-COM press F12 to dump always dump 64kb part of Vandals's UNPCOM -Simple COM dumper By: Christopher Gabler/UG2000 (Germany) Type: dump.COM, 386 Year: Mar 2000 Disadv: can't unpack COM exiting with int20 Note: part of UNPKIT (asm src) -HACKTOOLS By: Oleg N. Kolesnikov (Russia) V3.0 [1994] -Cheat Compiler By: Steel Rat V1.0 [1993] -Player's Tool By: Dmitry Yakunin & Andy Robinson /UHC (Russia) V3.996b [1994] -Action Replay -AFD (Advanced Fullscreen Debug) PRO By: Puttkammer?/AdTec GmbH Type: RM.debug V1.00 [1985] -bXd (brandX SYMBOLIC DEBUGGER) By: Sonam G. Gyato Type: debug V1.0 V2.6 [Aug 1987] adv: regged offers bXd3: bXd2 + src debug + dual monitor support disadv: shareware -R86 Reassembler by: Stefan Bion type: disasm v1.00 [1992] note: generates A86-compatible asm -X-C0M (X-C0M386) By: rAND0M/xADI & ROSE aka Ralph Ropth/ROSE SWE (Germany) Year: 1996 Type: gen.unpack.COM, 386 -SuperCX (Super COM-eXtractor) By: Lost Soul/UCF Type: unpack.COM, 8086 V2.00 [1994] no ADT handler src is provided [1996] for learn & knowledge purposes -ICEberg By: Jos‚ M. L. Lopes -DIS86 (Interactive Disassembler) By: James R. Van Zandt -IDA (Interactive DisAssembler) By: Ilfak Guilfanov (Russia) Year: 1991-1995 Type: disasm V3.80 (?) -Intercept/Interpret By: Ned Konz Type: used-int.recorder -Periscope By: The Periscope Company, Inc. -DXDEBUG By: PharLap Software -QA (Quaid Analyzer) By: Robert T. McQuaid -Ultimate Unpacker By: Andry Kobilykov aka AVK aka MERLiN /DTG/UG2000 (Russia) V0.3 [1998] non-pub -SID (Symbolic Instruction Debugger) By: Digital Research Note: part? of DR-DOS -COMUNP By: Bushwoelie/MSH Type: gen.unpack.COM V1.0f [1997?] only run in RM dump mode -Decay/386 By: Bushwoelie/MSH & Stonehead/TPiNC Type: gen.unpack.COM Compiler: TASM V4.0 V0.05 [1997] only run in RM successor of COMUNP can't unpack 386 prot -DumpExe By: Bugsy/OBSESSiON aka Benjamin Petersen Type: dump.helper V2.4? Note: plug-in for debugger -UUP (Universal EXE UnPacker) By: Nicolai Logvinov & Ilfak Guilfanov /Unibest (Russia) Year: 1991-1993 Type: gen.depres.EXE Compiler: BC++ [1991] V1.4 [1993] free -TSUP (TSEP Universal unPacker) By: Orion aka Levan Natroshvili & Zlorfik aka George Datuashvili /TSEP Type: gen.depres Compiler: MS-C [1992] V1.60 [1993] -UP (UnPack) By: Wong Wing Kin (Hong Kong) Year: 1990-1993 Type: few.spec.depres Compiler: BP V6.0 V3.1 [1992] V3.2 [1993] -UNPACKER By: VSF&K (Russia) Type: few.spec.depres Year: 1991-1992 V0.9b [May 1992] Note: very old unpacker for very old presors -XO or XOE (X-OPEN) By: Ady E. aka Guy Shattah Type: many.spec.unpack, 8086, DOS V3, min 40kb freemem V3.30 [1993] shareware regged ver: option -c: gen.unpack.COM no ADT handler Note: very old unpacker EdH: is Ady E. = Guy Shattah ? -SBUST (Stick-Buster) By: Lior Cohen/Exculiber Type: many.spec.unpack V1.10 [1993] V2.40 [1993] V2.40r cracked by Damage,Inc. Note: very old unpacker -COMHack By: Prince/IdleSoft Type: unpack.COM, DOS V5 V1.02 [1996] prog x is processed by an unknown presor & 2 unknown protors EdH: non-English. review, plz! -TPCX (T.P.C.'s X-tractor) By: Asher Alon?/T.P.C. (Israel) Type: many.spec.unpack, DOS V3.3, 64kb freemem Compiler: BP V6.0 V1.0 [1994] -XRay By: Tom Kihlen -Mark's Multidebugger Type: RM.debug V1.00 [1995?] -AC (Anti-Crypt) By: SMT/SMF (Russia) Year: 1998-1999 Type: few.spec.unpack, 386, max 64kb proted x V0.30.0 [Dec 1998] prog x is proted by do-nothing-on-my-cpu protor (SMT's PolyScrypt) V0.32.0 [1999] src is provided -MOW (Lame macronopper) By: StoneHead/TPiNC (The Netherlands) Year: 1997-1998 Type: macro.patch Compiler: BP V7.0 V1.8 [1998] 439 macros slow processing -AHCR (ANTi-HACKiNG C0DE REM0VER) By: ROSE aka Ralph Roth/ROSE SWE (Germany) Type: macro.patch V1.36 [2000] -UNCOM (General Com-Unprotector) By: ’narchistic Ka0t/N0PS Year: 1996 Type: gen.unpack.COM, 386 Note: uses 386 hw bkpt -unCOM By: ROSE aka Ralph Roth/ROSE SWE (Germany) Type: many.spec.deprot.COM Compiler: BP V1.25 [2000] part of ROSE's UnTiny package CyR: has some generic code -UNEXE (UNiversal EXE/COM unpacker) By: FALinc/NightMareCorporation (Russia) Type: gen.unpack Compiler: BC++ V1.0 [1997] option -c: lib.unpack for BC(++), MS-C(++), WC(++), BP prog x is proted by FALinc prot --- VIRUS --- Info Source: Frisk/F-PROT/2.??/VirDesc --- -DIR, DIR-II (Creeping Death) Type: file vir, infects x Length: 691b, 1024b Procedure: when resident, it change dir structure data so certain x are linked to itself if you exec a file linked to it, it's also exec-ed & infect other files on read/write Damage: when all x is infected, no x can be exec-ed Detect: chkdsk: some files are cross-linked to the same position Note: not hook int24 when infect (omit i/o error) -Flip Type: boot vir, infects x Length: 2672b adds 2153b to infected x uses smart anti-AV-detect rotates scr display 180 degrees -Monkey (Stoned.Empire.Monkey.B, Monkey 2) Type: boot vir, infects boot sectors Detect: chkdsk: -1024b of freemem 1 of few virs that can infect floppies under Win crypts partition table of mbr if you boot from clean floppy, disk can't be accessed if resident & you check mbr, it will display orig, uninfected ver -Mummy Type: file vir, infects EXE resident sometimes hang while resident adds 1,300b-1,503b to infected x crypted string in vir code: "Mummy Version x.xxx", "Kaohsiung Senior School", "Tzeng Jau Ming presents", "Series Number=[xxxxx]." JMT: I wrote it for experiment & my friends spread it -GOLD-BUG Type: (color video & xtended HMA mem) resident, requires 80186, DOS V5/6 + Himem.Sys multipartite, polymorphic, EXE created only has 2 bytes that remain constant 512 front-end decryptors * 128 decrypt pattern double crypt + int3 (ADT) stealth, infected self-check x won't detect any change (boot & master)-sector infector, spawning, anti-AV: if resident: (delete / stop exec) of any EXE which: > 64kb last 2 letters of filename are "AN" to "AZ" (SCAN/CLEAN/CPAV/MSAV/etc) delete files (CPAV/MSAV)'s chklist.* Length: 1,024b Symptoms: CMOS chksum failure creates file w/o extension modem answer on 7th ring -TREMOR -Shifting Object Author: Stormbringer / Phalcon/SKISM Type: vir V3.0 Note: 1st vir to infect OBJ format -3APA3A Type: BS infector Note: 1st (only?) kernel infector. Infects 1st file on HD (usually IO.SYS or IBMBIO.COM) -VCL (Virus Creation Laboratory) Type: vir.lab By: NoWhere Man/[NuKE] V1.00 [199#] Note: its ZIP package is crypted, the passphrase is "Chiba City" CyR: most user-friendly DOS vir.lab -BW (Biological Warfare) By: MnemoniX (USA) Type: vir.lab V1.00 [1994] COM/EXE/x infector (non) resident anti-trace int24 handler dir stealth none/crypt/mte (BWME) Note: the prog is password proted -CIH (CIHorChernoble) Type: Win95.vir CyR: 1st vir to destroy hardware 1 of the most widely spread virs ever caused havoc around the world attacks 1998 (or 1999?) --- (POLYMORPHIC/MUTATION) ENGINE --- -MtE (MuTation Engine) By: Dark Avenger or Mad Maniac /CrazySoft, Inc./Destroyers, Inc. (Bulgaria) Type: vir.mte V1.00b [1992] TASM V2.5 no src 2kb engine CyR: legendary -NED ([NuKE] Encryption Device) By: Nowhere Man/[NuKE] Type: vir.mte V0.90b [1992] TASM V3.0 1,355b engine 15+b decryptor uses Cryptex(C) polymorphic mutation algorithm CyR: should be non-pub, but a person who get it from a [NuKE] member distribute it -TPE (TridenT Polymorphic Engine) By: Masud Khafir/TridenT virus research group Type: vir.mte V1.4 [1993] inspired by Dark Avenger's MtE no src 1,6kb code -VME (Visible Mutation Engine) By: American Eagle Publications, Inc. Year: 1993 Type: vir.mte Disadv: no src Note: only for research & educational purposes -DSME (Dark Slayer Mutation Engine) By: Dark Slayer (Taiwan) Type: vir.mte V1.0 Note: predecessor of DSCE -DSCE (Dark Slayer Confusion Engine) By: Dark Slayer (Taiwan) Type: vir.mte V1.0 [1994] 1,024b decryptor no src TASM/MASM successor of DSME -SMEG (Simulated Metamorphic Encryption Generator) By: The Black Baron (England?) Type: vir.mte V0.1 used in PATHOGEN vir V0.2 used in QUEEG vir V0.3 [1994] no src TASM 2.51 -BWME (Biological Warfare Mutation Engine) By: MnemoniX (USA) Type: vir.mte V1.00 [1994] companion for Biological Warfare Virus Creation Kit -MutaGen By: Mnemonix (USA) Type: vir.mte V2.0 [1994] no src -GPE (GUN N' ROSES Polymorphic Engine) By: Slash Wu (Taiwan) Type: vir.mte V1.00 [1994] -RTFM (Rajaat's Tiny Flexible Mutator) By: Rajaat Type: vir.mte V1.1 [1994] 650b engine? no src -SPe (Simple Polymorphic Engine) By: LoRD Zer0 Year: 1994-1995 Type: vir.mte V1.21 [1995] 419b engine -Small Polymorphic Engine By: Wild W0rker -TCE (The Chaos Engine) By: Sepultura (Australia) Type: vir.mte V0.4 [1995] anti-heuristic? -PME (Phantasie Mutation Engine) By: Burglar (Taiwan) Type: vir.mte V1.0 [1995] TASM V1.0 no src free use except for injuring anything -√ICE (√irogen Irregular Code Engine) By: √irogen/[NuKE] Type: vir.mte V0.5 [1995] TASM V2.0 1,995b engine code 13 - 850b decryptor CyR: the most used mte in protor -Red Team Polymorphy Engine type: vir.mte (?) note: mentioned by Morgan :) -MutaMorph (Memory Mutation Engine) by: Morgan type: protor.mte disadv: sometimes hang non-pub note: mentioned by Morgan based on Red Team mte -SimpMut By: ANAKiN aka Stefan Esser (Germany) Type: protor?.mte -VBPE (Valmii's Basic Polymorphic Engine) By: Valmii/tKD aka Soeren Pretzel (Germany) V0.4 [2000?] included on Valmii's CCE (x protor) beta -TME (TRAP's Mutation Engine) By: Christopher Gabler (Germany) Type: protor.mte V1.02 [Jan 2000] Note: used in CG's TRAP (x protor) based on √irogen's √ICE V0.5 non-pub -MPME (MERLiN's Polymorphic Mutation Engine) By: Andry Kobilykov aka AVK aka MERLiN /DTG/UG2000 (Russia) Type: protor.mte Note: used in MERLiN's PCrypt (x protor) non-pub (?) -HS-Muteng (HackStop Mutation Engine) By: ROSE aka Ralph Roth/ROSE SWE (Germany) Type: protor.mte Note: used in ROSE's HackStop (x protor) non-pub -SHAME (StoneHead Adjusted Mutation Engine) By: StoneHead (The Netherlands) Type: protor.mte Note: based on Darkman/VLAD disasm of Wild W0rker's Small Polymorphic Engine used in STN's MESS (x protor) non-pub but STN plans (?) to release the src STN: next plan for SHAME (][) should be a MMX-mte jumps anonymously to ring 0, debug bkpts to lock up debuggers using Pentium II/III errata, shovel off enough unpackers, BUT I don't have the spirit & time Zenix: SHAME is a masterpiece EdH: maybe next SHAME can be renamed as SHAMESS or MESHAMIAS -ZVCE (Zenix V-Code Engine) By: Zenix Yang aka Yang Shiuh-Phong (Taiwan) Type: protor.mte II used in Zenix's FFSE (EXE protor) non-pub manual trace is boring --- FILE IDENTIFIER --- -FI (FileInfo) By: Michael Hering aka herinmi (Germany) Last known Ver: 2.41j Year: 1997-2000 Type: file.identify, 386, ~340kb (as shell = 28kb) mem, XMS, VGA, DOS V5 Compiler: BP V7.0 V2.06 part of ROSE's UnTiny package CyR: prog x contains nice ASCII picture V2.40 [2000] free-regged to a few people (including me :) V2.41b V2.43 Adv: free (but unregged) most up-to-date identifier still updated GUI crypt/encoding 'opinion' Win LFN support external batches Disadv: requires VGA prog x prot often changes note: focusing on x processor -TYP (TYPD32) By: Veit Kannegieser (Germany) Type: file.identify Year: ? - 2000 Compiler: BP V7.0 or VP V2.00 15.04.2000 Adv: most (accurate & wide-range of) detection cpu emulate (to bypass protor mutation) free Disadv: not frequently updated Note: the prog spent 1000+ hours of author time -GT (GETTYP) By: PhaX aka Philip Helger (Austria) Type: file.identify, 286, 250 kb basemem, XMS (optional) Year: 1997-2000 Compiler: BP V6.0 adv: free still updated V2.52 V2.60 [Dec 2000] EdH: very long history (I DID read it!) -FA (File Analyzer) by: Vadim Torosov (Latvia) type: file.identify -File Analyzer by: Hypn0tizeR V1.8 -AINFO (Amon's file INFOrmation) by: Amon Soft (Russia) compiler: BP V7.0 V4.2 [Sep 1999] beerware -EXESCAN By: ST!LLS0N Year: 1997-1999 Compiler: BP V7.0 (?) V3.21 [1998?] last pub ver V3.25 [1999] used in Snow Panter's UN-PACK -ChkEXE By: Hanno Bock/SAVE (Germany) V1.17? [1997?] --- DOS EXTENDER --- Info Source: OlegPro/32LiTE/V0.02d/DOC -- -DOS4GW or DOS/4GW (DOS (up to) 4 Gigabytes for Watcom c/c++) Protected Mode Run-time By: Rational System Year: 1990-1996 Type: LE extender, 386, AT or PS/2, DOS V3, 64kb XMS V1.97 [May 1994] bindable inpresible size = 265,396b V2.01a [Apr 1996] by Tenberry Software (formerly Rational System) bindable inpresible found on McAfee VirusScan for DOS/PM V4.xx can't run under OS/2 Note: Professional (licensed) ver can only be binded contains DOS/4G & DOS/16M = modified DOS/4G to support LE the official dos-extender (or licensed) for WC(++) its big size causes people to write alternative LE dos extenders -DOS4G or DOS/4G (DOS (up to) 4 Gigabytes) Protected Mode Run-time By: Rational System or Tenberry Software Year: 1987-1997 Type: 386, AT or PS/2, DOS V3 V2.60 [1997] size = 350kb (?) Note: Professional (licensed) ver can only be binded found? on IDSoftware's DOOM II x (game) -DOS16M or DOS/16M (DOS (up to) 16 Megabytes) Protected Mode Run-time By: Tenberry Software Year: 1987-1995 Type: 286, DOS V3 V6.01 [1995] internal (only bindable) ? Note: found on NU for Win4x/DOS/(NDD, DiskEdit, UnErase) prog x -PMW or PMODE/W (Protected Mode for Watcom c/c++) By: Daredevil aka Charles Scheffold & Tran aka Thomas Pytel Year: 1994-1997 Type: LE extender V1.33 [1997] size = 12kb (presed), ~16kb (unpacked) internal (only bindable) own code pres (by PMWLITE) free for non-commercial use commercial use: 500 USD student: 100 USD Note: famous, common replacer for DOS4GW -PMODE By: Tran aka Thomas Pytel V2.51 V3.08 free Note: used by many softwares asm src -PMODEDJ By: Tran aka Thomas Pytel & DJ Delorie (?) Note: for DJGPP x -DOS32A or DOS/32A (DOS/32 Advanced) By: Narech Koumar (Naresh Kumar)/SUNSYS or Supersnar Systems (Sweden/Russia) Year: 1996-1998 Type: LE & LX extender, DOS V4+ Last know ver: V7.00 [1998] V4.30 mode switching is optimized for any CPU with multiple execution units supporting RISC86 (ex: Pentium MMX/II & AMD K6) official format = LX, but LE is still supported V5.00 [1998] last know free :) ver size = 26Kb (16bit presable) bindable various options commercial use: 499 USD VESA VBE V2.0 & mouse support can alloc up to 64Mb (max possible 2Gb) RAM supports up to 32 objects per application no (VM & pres & non-zero based flat model) support Note: most compatible, flexible & fastest? -ZRDX (ZuRenava Dos Extender) By: Sergey Belyakov (Russia) year: 1998-1999 Type: LE extender V0.49 [1999] Size = 12Kb Internal (only bindable) Free with src -CW (CauseWay) By: Michael Devore Type: 386, DOS V3.1 Year: 1992-1999 V3.49- commercial V3.49 [1999] size = 47,088b (presed) supports Clipper V5.1 & Clarion V2.1 presable (CWC) internal (only bindable) auto log if error pub domain src is released author gives up on DOS :) Note: has spec.x.format called 3P famous, found on F-Prot V3.x (AV), PGP V5.0bi -PharLap TNT By: PharLap (?) Note: Commercial Found on some Microsoft products (MASM) -DOS32 By: Adam Seychell (Australia) Year: 1993-1996 Type: Adam extender, 386 V3.0 V3.3 [Nov 1995] size = 8.5kb free for non-commercial use commercial: typically $150 own code pres (by linker) OMF linker DLL support V3.4b rev 9 [1995] found on Dark Fiber/[NuKE]'s VACUUM prog x V3.5b rev 6 [Aug 1996] size = 9,008b shareware 1/2 sec delay undisable logo max 4mb mem Note: has spec.x.format called Adam depresable (OlegPro's DOS32Unp) -Prospero Disadv: Commercial Note: supports Pascal & ? -FlashTek X-32 Note: mentioned in Ralf Brown's Interrupt List -WDX or WDOS/X (Wuschel DOS eXtender) By: Michael Tippach aka Wuschel (England) Year: 1996-2000 Type: multi.extended.x.extender, 386 V0.94 [1997] V0.96b1 [May 2000] supports LE, COFF, PE Size = 11,094b (LE) Free presable (Jibz's WDOSX-PACK) bindable simplest binding Win32-like API Note: used by TMT Pascal -E.O.S (Eclipse Operating System) By: Eclipse Type: LE extender, 386, DOS V3 V3.05 [1997] Free? Note: found on RAO's ERI32 -BLINKER (BLX286) By: ASM (Assembler Software Manufacturers) Type: Clipper NE extender, 286, DOS V3 Year: 1992-1998 V5.10 [1998] Size = 42kb -CWSDPMI (Charles W. Sandmann DPMI) By: Charles W. Sandmann Year: 1995-2000 Type: 32bit DPMI server (esp. for DJGPP V2), 386, DOS V3 Adv: few DPMI V1.0 extensions also run (DJGPP V1.x & RSX) x 1-time service or goes TSR Disadv: no support for 16bit DPMI V0.90+ r1 [1995] Compiler: BC V3.0 [1990] V0.90+ r4 [1997] IDSoftware's Quake V1.06 [1996] refuses to run under V0.90+ r4 maybe because of merely different setup r5 [2000] bindable? found on UPX V1.04 Note: based on DJ Delorie's GO32 -EMX (Eberhard Mattes's eXtender (?)) By: Eberhard Mattes Year: 1991-1995,2000 Type: EMX C extender/loader V0.9d (rev 60) [1995] V0.9d (rev 61) [2000] Note: part of EMX C Compiler found on RAR V2.6+ for DOS32 or OS/2 -RSX (Rainer Schnitker's eXtender (?)) By: Rainer Schnitker Year: 1993-1998 Type: DPMI extender for EMX & RSXNT x V5.21 [1998] free requires DPMI server -PRO32 by: Dieter Pawelczak (Germany) year: 1996-1999 v1.7 [Jan 1999] size=9,984b (presed? by Pack V1.0) note: part of Pass32 assembler package -DOS extender by: Doug Huffman year: 1991-1994 size: 1,536b (loader) note: loader has string 'B23X' found on SciTech/UniVBE/5.1/VBETest.EXE -PowerPack by: Borland note: to support BC V5+ (?) -RTM by: Borland year: 1990-1993 type: 16bit NE extender V1.1 [1993] note: to support 16bit PM Borland stuff (BP V7.0 TPX.EXE, TLINK V6.00) paired with DPMI16BI.OVL -32RTM by: Borland year: 1992-1994 type: 32bit PE extender V1.5 [1994] ~60kb resident note: to support 32bit PM Borland stuff (TASM32 V4.0) paired with DPMI32VM.OVL --- PERSON IDENTIFIER :) -DaRKMaN/TPiNC : Rob van den Nieuwelaar/The Netherlands author of DIF author? of ScanEXE & ProtUPC disassembling? the Wild Worker's Small Polymorphic Engine 1 of greatest vir.author (?) -dr.Lazy: Thomas Mann/Germany -dr. No: Stefan P.?/Germany? there is two (?) dr.No: 1 from Germany & 1 from Russia (?) EdH: one of two must change his nick into dr. Yes :) -Zenix Yang/pCE: a mte maniac :) -Ugly Duckling: South Africa -MF: Gamumba/Russia -EddyHawk: Robert Louis Stevenson :) --- *FAMOUS* QUOTATIONS: EliCZ: compare the number of protors with the number of proted x PaC: if a prot system is safe, it will be broken (Murphy's Law) X (de)prot = hi-tech cat & mouse game / holy war EdH: "CRYPT", "SCRAM*" & "CC*" are considered as very creative names for some protors :) No LE/LX protector? Oh, I know, it's not DOS which is dead, but the protection scheme itself :) --- MISC --- ?: disadv of Win32/PE pres: increase mem requirement if user starts several instances of the (big) prog. ANAKiN: using win32/pe presor wasted a lot of mem, but that's Microsoft's fault because Memory decommit functions simply don't work. X Loading may take longer, but after it's unpacked the pages get swapped out if there're no more accesses on them. And btw: code sharing is easily possible. CG: hw bkpt isn't possible under Win CyR: Estonia isn't part of Russia, but a small independent country right next to Russia ("Russia's window to the west" :) EdH: This is the 5th release, made possible by a few good men :) Warning: Reading this too long can be dangerous to your health How if I change the name of ProsInfo to Computer Arts Review: it will review any (hard/soft)ware, any file format, any cracking group, any ascii art & any computer person in the whole planet? Are you ready for it?! <shiver> Thinking about the immensely endless gigantic work I should do if it really happens...Naah! Do you know that writing this info is mega boring & painful? It's = writing semi File Identifier But maybe it can be integrated in File Identifier: after such prog detects a certain software processor, user can press certain key to get relevant info from ProsInfo. Since File Identifier & ProsInfo usually share same info (like prog name, author, year, ver, etc) their combination can saving some space No, don't look at me! Don't ask me to combine them :) Since materials reviewed here are mainly from SuddenDischarge, I can't help to think that this info = SuddenDischarge documentation :) Hanno Bock's is called EXEList, mine should be called ListEXE :) Germany & Russia have mass of coders & (crack/hack)ers :) what country is ".uy" ? Thx U for reading this crap (ProsInfo) :) --- A FEW GOOD MEN --- StoneHead as 1st person who reply about ProtInfo (R1) for giving some feedback JauMing Tseng, for: handing some software giving some feedback Michael Hering, for: handing MANY softwares his FileInfo (helps to make ProsInfo this large :) Veit Kannegieser, for his TYP (helps to make ProsInfo this large :) CyberRax, for: reply about ProsInfo (R3) rising up my morale :) by saying: "Pro?Info is (excellent/ROCKS!/nice 'fresh breed' in EXELIST/fun to read)" "Keep on the fine work" Thx U so much, pal! giving LARGE feedback contributes a review EdH: but to my sense one shouldn't review his own progs, NOT because it will give unfair opinion, but because it's just the same as writing the prog doc :) Morgan, for: reply about ProtInfo (R2) giving some feedback Gamumba, for identifying Russian authors on ProsInfo (R4) actually I am not quite agree if (for ex) MERLiN must be written as MERLiN/.../UG2000 on PCRYPT section because PCRYPT is released under DTG group at that time, not UG2000. But who cares... :) David, The Archivist, Preacher /SuddenDischarge for "handing" IMMENSE of softwares Hanno Bock /EXEList, for: keep me informed :) "handing" MANY softwares --- UPDATE history --- 1999: Apr-Jun,Nov 2000: Feb,Apr-Dec 2001: Jan-Mar
80x5598 Font
80