unSuckStop/386 1.00 for SS by Independent (IND)
13558 of 13,869 files
dos
-
This download is an executable MS-DOS program that will not run on a modern computer.
It needs a DOS emulator such as DOSBox-X, Staging;
or a virtualized MS-DOS or FreeDOS system.
Browsers may flag this download as unwanted or malicious. If unsure, scan it with VirusTotal. -
Last modified Dec 3, 2017 7:32:42 PM
MD5 checksum 5755a9e37ec2fce48a396cc8393b2a5c
Mime type Zip archive data
Download unss.10-rose.zip
Size 7 kB
2000 August
- Zip - DOS / Computer tool
4 items in the archive
- SUCKSTOP.DOC
- UNSS.COM
- USS.BAT
- _UNSSOLD.BAT
SuckStop
~~~~~~~~
An impressive and short protector from KA0T. There are more than
five versions availiable: Most of them have the ASCII remark
"SuckStop 1.00 by DOSE" ... Unprot can detect and patch in this
version only the first versions (499/618/???).
The third version is a little bit polymorph encrypted. If I have
the time I'll code an unpacker too. :-)
My virus scanner finds the first two polymorph versions, saying
the file is infected by a BWME/RME virus! This has been fixed in
later versions!
Meantime CUP 386/3.0b with the option /7 can unpack SuckStop
version 1-4. Due to this fact Ka0t as released a new version with
386 anti-debugger code.
Due to the fact SuckStop disables the keyboard and the inline code
for enableing the keyboard under TP doesn't work, it's recommended
to use the supplied batch file _UNSSOLD.BAT which automaticly calls
KEYB_ON.COM. The protector is only unencrypted and the antidebugging
code overNOPed. So afterwards you can unpack the file with an
generic (tracing) unpacker. This is done 'cause I'm a lazy bone!
Here I have discovered an interesting bug in allmost all generic
unpackers: None of them is unable to unpack the patched file
except TRON! Why: SuckStop doesn't use a jmp far xxxx:yyyy to
return control back to the host. Instead push seg, push offset,
retf instructions are used. It seams that
unp t (4.12▀)
tsup (1.6)
uup (1.4)
cup (1.2 + 386/3.0b)
are waiting to reach the jmp far instruction thus running the
program or stoping with the first interrupt call... so you must
use tron...
From SuckStop I have meanwhile about 10 different versions, the
latest are CUP 3.2 aware!
To unpack some of the registered version of SuckStop use unSS now!