EddyHawk's Info List --- Executable Processor Review (ProsInfo) by Independent (IND)
171 of 857 files
independent
- Browsers may flag this download as unwanted or malicious. If unsure, scan it with VirusTotal.
-
Last modified May 1, 2011 9:02:33 PM
MD5 checksum a3ae80aa7b7a1342b645749d3f65a2c3
Mime type Non-ISO extended-ASCII text, with CRLF line terminators
Download PROSINFO.TXT
Size 155 kB
2001 March
- Text / Computer tool
- EddyHawk, writer credits
EddyHawk's Info List
---
Executable Processor Review (ProsInfo)
---
DOS (PROTECT/CRYPT/SCRAMBL)ER
----
Info Source :
ROSE/RADFAQ/1998
ROSE/STN/HS/V1.19b217/DOC
ROSE/UNTINY
Zenix/FSE/Q&A
CG/TRAP/INSIDER.FAQ
JeL/PROTECT!/DOC
herinmi/TEC/BETA/TEC.F1
http://www.egroups.com/list/ffse
ProtectionID/v6.3.5 Public/CHM
EXEInfo PE/0.0.2.7/Readme.txt
Protector Source :
http://www.egroups.com/list/exelist
http://www.exetools.com
http://www.cracking.home.ml.org {down?}
http://suddendischarge.com {down}
herinmi :)
----
STANDARD
----
On-line executable protection usually has:
-against passive attacks (direct view/disasm/patch)
.crypt
scramble code to unrecognizable form using random key
.mte
randomly insert junk code between orig code
without affecting the orig code exec
.code integrity check (checksum/CRC32/MD5)
.nebelbombs (opcode crypt) to confuse disassembler
(against IDA V3.80 or Sourcer 7)
harmless instructions which jump to a location within another opcode
-against active attacks (trace/unpack/debug/dump)
.specific trap (against TEU/UPC/TR/Soft-ICE/etc)
-quick & dirty
.backdoor misuse (Soft-ICE worm/magic tunnel)
.mem detection for "string" which is present in
deprotor executable (ATEU V1.2)
.detect the presence of deprotor tempfile (DS-CRP V1.31)
.patch deprotor int handler (iLUCRYPT V4.019)
.BFE (Blind Fury Engine)
by: Morgan (Poland)
bombs standard mem locations & ints of well-known hacktools w/o warning
-clean
.fake entrypoint/exit
.386 debug regs to kill debuggers like Soft-ICE
incompatible with some systems (like OS/2)
.self-trace (int1)
doesn't work well with Win3/95/NT
.generic trap
-pre-fetch queue traps
try to writing mem location stored in a processor's instruction
pre-fetch area, which kills debuggers
-stack playing
.PUSHFP/POPFD
-invalid opcode
-running line: self(trace/modify/decrypt) code
by: Serge Pachkovsky (?)
only decode 1 instruction at 1 time
not exposing a long fragment of code under analysis
-auto debug
by: EliCZ
-fake entrypoint
-GS: or FS: segment override
-passive prot against active attacks:
.scr off
some protors use it 2 times
.keyboard lock
some protors don't save & restore orig keyboard rate
.passive antidumping against int21 based dumper?
by: EliCZ
-reasonable compatibility with most of popular
processor/OS/memory manager/dos extender
---
-FSE or FFSE (Final Fantasy Security Envelope)
By: Zenix Yang /pCE aka Yang Shiuh-Phong (Taiwan)
Year: 1994, 1997-1999
Type: EXE protor, 386?
V0.5
V0.55S [Sep 1998]
not disabling TP 7.0 EXEC
is V0.6C removable
adds 6,083-6,454b to proted x
hang on RM of my cpu
V0.6+ [Sep 1998]
can't be run at all on my cpu (RM or V86)
V0.76 [Jul 1999]
is now run on V86 of 486
adds 7,905-8,030b to proted x
slow proted x
disable TP7 EXEC
V0.77 is planned to be 486 RM compatible
Adv:
best prot -> kicks popunpak
mte
free ver available
Disadv:
adds logo + ovl to proted x (but can be removed)
must be the last protor (mostly the only protor)
since Zenix house was crashed by earthquake, he may not continue FSE
again. please pray for his fortune
OlegPro's xFSE V0.01b removable
OlegPro:
In xFSE I use other way to remove protor, called 'bkpt at fault' (BPF).
FSE stores orig x inside FSEd (+header+reloc)
Note:
uses
ZVCE II (mte)
PSP Faker/Shifter?
AdFlt2A
gen ADT
-UPStop (UnPackStop)
By: Szaszi aka Szabo Laszlo (Hungary)
Year: 1997-1999
Type: EXE protor (COM -> EXE), 386
V0.97 [1999]
Adv:
very good prot
gen anti-dump
kicks popunpak
check file size (disable-able)
multiple crypt layer
mte
free ver available
Disadv:
adds 5,465-5,588b or 5,945-6,043b (option /p) to proted x
multiple prot is unallowed
V0.95 [Jun 1998]
hang on Pentium. But some tricks are removed on V0.96
may run on Pentium now?
V0.96/0.97: slow proted x
disables TP7 EXEC
can't prot RAR Archiver V2.06 (doesn't run)
Szaszi: it will be fixed
VAG's DeUPS97 & BW V2.5 removable
CaS: its invalid opcode trick runs properly under QEMM
EliCZ:
Szaszi is the 2nd comes with autodebug (V0.95?)
V0.97 has anti-EDUMP but crash on NT
-JMCE (JauMing CryptExe)
By: JauMing Tseng or Kevin Tseng (Taiwan)
Year: 1994, 1997-2000
Type: EXE protor, 286
Adv:
good prot
fast proted x
very compatible
shows ASCII slime if one attempts to unpack proted x
V0.7n [Jul 1998] adds 3,160-3,162b to proted x
V0.7o [Sep 1999] anti TR V2.52
V0.7p [Nov 1999] anti UNJMCE
V0.7q [Jan 2000] anti BW V2.5
V0.7r [Jan 2000] better anti TR V2.52
V0.7s [Apr 2000]
restore int1 after decode
adds 3,631-3,653b to proted x
kicks popunpak
anyware: U can send (any/no)thing (but coin) to the author :)
Disadv:
no mte
multiple prot (remove 'Ex' & 'encr' sig 1st) causes hang
V0.7o and below are CG's UNJMCE upackable
V0.7p to 0.7r
proted x crashes WDOS/X if exec-ed before WDOS/X
JMT: anti-unjmce hooks but doesn't restore int1
TR 2.xx + herinmi's Script removable?
V0.7s: BW V2.5 half removable
Note:
V0.7s no longer hangs WDOS/X
JMT plans JMCE2 (strange method which works on Win2K)
-AdFlt2A (Anti Debugging Filters V2A)
By: EliCZ (Czech)
Date: Nov 1998
Type: COM protor, 386?
Adv:
very good prot
PSP Shifter
PM, VCPI, DPMI tricks?
adds 1,488-1,489 byte (w/o reg key) to proted x
proted x can show the owner [ option :o) ]
free
Disadv:
some spec.unpackers available
no mte
src is released
Note:
EXE2COM-ed TP 7.0 prog is TEU V1.82 removable
EliCZ introduces term "auto-debug" not "anti-debug"
CyR: prog x is never used, only its code by other protors (?)
EliCZ: most orig protor
Zenix: best COM protor, ultra strong prot, no tool to debug it
Cleric: marvelous & creative protor
-PCG (PC Guard) for DOS
By: Blagoje Ceklic (Yugoslavia)
Year: 1994-2000
Type: EXE protor, 386?
V3.20 PRO [2000]
Adv:
mte?
2 type of prot
LOADER (crypt image,destroy header,clean mem)
ENVELOPE (user-selectable crypt layers)
3 prot modes
NOIC/AUTO/CODE
check debugger/lock position
3 demo mode
TIME/DATE/EXE
GUI
Disadv:
adds at least 6Kb to proted x (1 layer)
commercial
proted x shows message, recipient name & delay
only demo -> proted x can only run several times
must specify recipient name
proted x:
sets keyboard to slowest rate
is slow
complicated proting procedure
CG's UnPCG removable
Note: OlegPro plans to release xPCG, but CG's UnPCG is out first
-EXELock 666
By: ST!LLS0N
Year: 1997-1998
Type: EXE protor, 386
Compiler: BP V7.0
V1.05 [1998]
Adv:
adds 2,471-2,476b to proted x
free
Disadv:
no mte
no crypt
TEU V1.82 -! -m:4 removable
Note: uses scr off & mem detection for TEU
-ProtEXE
By: Tom Torfs (Belgium)
Year: 1995-1997, EXE: 4b - 60/62 kb
Type: x protor
Compiler: WC(++) 16
V3.11 [1997]
Adv:
fast proted x
adds 3,106-3,109b (COM) or 3,174-3,196b (EXE) to proted x
selfcheck (regged -> optionally on ovl)
regged: tie option -> ties depresor & proted x together
can prot TSR
password (optional)
DOS shell-like interface
reports orig & proted x differences
Disadv:
complicated proting procedure
sometimes generate buggy proted x
TEU V1.82 -g -! half removable (even regged ver)
shareware
-$pirit
By: Night $pirit (Russia)
Year: 1995?-1996
Type: x protor, max <= 57000b
V1.5 [Apr 1996]
Adv:
mte
multiple prot is allowed if 'N$' sig is removed
adds 558-950b (COM) or 710-1,084b (EXE) to proted x
Disadv:
weak prot
CUP386 V3.4 /3 removable, TEU V1.82 -! -g (EXE) removable
uses $UPD mte, which are used by some virs, triggering some AVes's
false-alarm (now I know :)
Note:
uses $UPD ($pirit Universal Polymorphic Device) V2.1
Snow Panther: strong mte
-SS (SuckStop)
By: ’narchistic Ka0t/N0PS (Germany)
Year: 1997
Type: EXE protor
Adv: ROSE: impressive & short protor
Disadv:
older src code is released
Win9x incompatible
weak prot
can't prot > 64 Kb
proted x sets keyboard to slowest rate
V1.00 : has 3 sub vers
V1.05 : adds string "SuckStop V1.00 (c) DOSE" to proted x
V1.07 : rewritten
V1.07.02r
optional password (/p)
proted x hangs my cpu
V1.11r : CUP386 V3.4 /7 removable
ROSE:
some ver have mte
a ver has 386 ADT
latest ver is V1.18
STN: V1.18 is a typo
-ALEC
By: rANDOM/UCF
Year: 1996-1997
Type: EXE protor
V0.1
V1.6.386.pro [Aug 1997]
Adv:
password (/p, optional)
adds 3,500+ b to proted x
mte
Disadv:
weak prot
proted x sets keyboard to slowest rate
prog x hangs my cpu while proting certain x
V2.0 : herinmi: it's a virus!
Note: uses scr off
-iLUCRYPT
By: iLUVATAR aka Christian Schwarz (Germany)
Year: 1995-1999
Type: x protor, DOS V3.3, 486+fpu (386+fpu?)
Compiler: BP V7.0
V4.019 [1999]
Adv:
2,765b crypted ADT code
presed reloc
FPU operations for decrypt
V4.018 [Jul 1998]
can add one's own ADT (up to 3) modules to loader (/MOD: option)
2 samples is provided
V4.014b
kick debuggers/tracers which storing prog regs in the 1st meg
V4.016
password
128bit key, 64 bit data of modified FaM's TEA (TinyIDEA?) block cipher
Disadv:
no mte
min 486+fpu
Win95/NT/ OS/2 /Linux incompatible (stopped under Win/ OS/2)
PC-DOS/V7.0/IBMAV or similar AV blockers may interfere IluCrypt
can't run on my cpu (orig package), but
Aaron's unpacked protor x re-proted by itself CAN run on my cpu
Weird, isn't it? (maybe Aaron disable some incompatible tricks?)
Note:
ADTs used:
-running line
-V4.015:
NOTing complete int table
mem hw bkpt
invalid opcode
-fake entrypoint
-fake exit (optional), adds extra 100b to proted x
-anti reload functions
successor of CSCrypt Pro
-CSCrypt (Christian Schwarz Crypt) Pro
By: Christian Schwarz (Germany)
Year: 1996 or 1997?
Type: x protor?
Compiler: BP V7.0?
V3.30 [1997?]
Adv: mte
Disadv:
no longer updated because it's easy to hack?
hang on my cpu
Note: predecessor of iLUCRYPT
-C-Crypt
By: De'FeinD/uCT
Year: 1997-1998
Type: max 60kb COM protor (EXE -> COM), 386, FPU
V1.02b1 [Aug 1998]
Adv:
adds 1,080b (COM) or 1,320b (EXE) to proted x
adds string "Protected with C-Crypt" & "MsDos" in end of proted x
fucks (?) all known debugger/unpacker/tracer
kicks popunpak
Disadv:
TR + ConTRa R1 script removable
prog x can't prot read-only x
the only FPU instruction used is FNOP, no problem to step over it
fixed crypt key (at least in this version)
buggy decryptor (not restore the last byte)
prog x hangs on (my & CyR's) cpu
proted EXE hangs on my cpu
-GA (Gardian Angel)
By: Stefan Verkoyen (Belgium)
Type: x protor, 8086
V1.0b [Apr 1995]
Adv:
GUI
random ADBlock arrangement
regged ver offers
anti (load & TSR unpackers)
386 ADTs
mte
Disadv:
shareware
weak prot
Win9x incompatible
Note: the author skipped PIQ tricks to stay Pentium-compatible
STN (?): it should be Guardian Angel, not Gardian Angel, but hey,
he's a coder, not a writer :)
-MESS
By: Stonehead/TPiNC (The Netherlands)
Year: 1996-1999
Type: EXE protor (COM -> EXE), 386
Compiler: MASM V6.13
V1.07 [1997]
Compiler: TASM V4.0
v1.29: release for friends
V1.31 [1999]
Adv:
Good prot
mte (option /M for fully polymorphic for COM file -> produces COM)
generates different decryptor
proted x can show registration info (option //)
can add ownername to proted x
user-selectable number of crypt layer(s) (option /L<n>)
anti-TEU trick (option /T) -> can't run on WinNT
adds 2,484-2,717b (9 layers) to proted x
free for non-commercial use
run on Cyrix, Linux's DOSEMU
Disadv:
commercial use is prohibited
disables TP7 EXEC
src is released (V1.07 & V1.31)
TEU V1.82 half removable
ICEUNP V0.34 removable
Note:
MESS
is branch of SCRAM! b5
is inspired by Gardian Angle
prog x started with string "FUCKYOU"
uses SHAME (mte) since V1.08
STN: I don't know why DeGlucker can't deprot MESS for some time
-HS (HackStop)
By: ROSE aka Ralph Roth (Germany) & Stonehead (The Netherlands) /ROSE SWE
Year: 1994-2000
Type: x protor, 8086, 80386, COM: ~ < 61000b, EXE: 64b -?b,
max 16,000 reloc
Compiler: MASM V6.0 & V6.13
V1.00 [Apr 1995]
V1.11 [Dec 1995]
V1.12 [Mar 1996]
ripped by riddler/ucf
ripped by random/ucf
V1.13 [Jun 1996]
ripped by Dark Destroyer/TiC and named DarkStop (No Lamer) V1.0 [1996]
V1.16 [Apr 1997] with 386 PM ADT, only for TPiNC party & regged user
V1.17cr [Sep 1997] SMT/SMF: doesn't run under Win
V1.18 [Jan 1998]
requires 386+ to prot
build 70 adds 3,316b (COM) or 3,388b (EXE) to proted x
V1.19
build 206 [May 1999]
adds 3,426b (COM) or 3,743-3,757b (EXE) to proted x
now crypts EXE (body & reloc)
build 217 [July 1999]
adds 3,456b (COM) or 3,838b (EXE) to proted x
is ICEUNP V0.31 (& V0.32?) removable
V1.20
build 227 beta [Apr 2000]
adds ICEUNP & EDUMP (detect/protect)ion
/86(s/d) is ICEUNP V0.34 removable
build 230 beta
Adv:
Good prot
running line
heavily tested :)
very compatible
semi? mte
several crypt layers
adds owner name/message to proted x
adds string "HS" & "MsDos" in end of proted x
nebelbombs
crc-check
kicks popunpak, except ICEUNP
Disadv:
Too famous (hacked all the time)
hacked/independently improved HS vers (ex: Rand0m's HS V1.11f,
Dark Destroyer's DarkStop V1.0, ReDragon's IRoNtHoRN V1.0:2k)
a bunch of HS unpackers (ex: Ka0t's unHS, MegaDevil's unpHS,
Stefan Esser's HSR, rAND0M's KillHS, tHE riDDLER's xHS, CG's unHS)
Shareware
src is released [Jul 1998] (V1.11g, MASM V6.0)
Note:
also used to prot ROSE's progs (mainly AV products)
WWPACK >= V3.02a is proted with HackStop V1.0?
EuH: HackStop caused WWPACK can't be modified to crack the regkey
WWPACK V3.04a & V3.05b5 is proted with HackStop V1.11a
HS unpacked x contains string "HBOOT", "BEHBEO" :)
-LSTOP (LamerSTOP)
By: Stefan Esser (Germany)
Type: EXE protor
Compiler: BP V7.0
V1.0b
Adv:
adds 562-585b to proted x
free
can add owner name to proted x
Disadv:
no reloc handler (but RelPack is included)
weak prot
CUP V3.4 /3 removable
Note: CrackStop predecessor
-CS (CrackStop)
By: Stefan Esser aka ANAKiN (Germany)
Year: 1997-1998
Type: max 600kb EXE protor, 8086
Compiler: TASM V3.5
V1.03 [Jan 1998]
Adv:
adds regged name/message to proted x
no PIQ trick
Disadv:
no mte
adds 4,676b to proted x
proted x turns off-on numlock if it's on
weak prot
can't:
handle reloc (but RelPack is included)
crypt image contains reloc
DRx (hw bkpt) can remove it
(TEU V1.82 or CG's CSRemover V1.2) removable
shareware
Note:
LSTOP successor
has HackStop-like interface
uses mem detection for TEU
CG: there's CS V1.03 updated
-MASK
By: Jose M. L. Lopes (Portugal)
Year: 1994-2000
Type:
COM protor (EXE -> COM)
8086/8088, DOS V2, 64Kb freemem, proted x: 6b-62Kb
Adv:
anti bkpt-set
security envelope checksum
multiple complex crypt
multi-tracer/debugger/unpacker fucker
hacked/modification warning
Disadv:
shareware
multiple prot is unallowed
incompatible with Game Wizard (Pro), even if it unloaded
(hey, I only want to cheat, not debug!)
V2.3
Adv: adds only 700b to proted x
Disadv:
Cyrix + Win incompatible (SMI instruction or INT01/ICEBP trap)
TR V2.52 + CG Script removable
TEU V1.82 removable
V2.4 [Sep 1995]
released on end of 1999 to wait for V2.5
adds only 800b to proted x
crypting method is buggy on some files
has:
more traps
a spec.trick to detect debugger presence -> DESQview incompatible
V2.5 [Jun 2000]
5 years after V2.4 (encouraged by The Archivist/SuddenDischarge
and EXEList :)
Its release is planned on Jan 2K, but actually released on Jun 2K
CG: very difficult to write a MASK V2.5 unpacker because of
-a few DRx tricks & trapflagging + int1(tf/hw) direct modification
(might crashes on NT) to stop hw breaking
-very good crc check to stop sw bkpts
Adv:
adds 1,300b to proted x
removes INT01/ICEBP trap
has much more traps
crypt engine is completely rearranged
proted x checks everything upon running
regged ver has presed code + improved randomizer engine
Disadv:
CG: int1 & int3 called but not pointed to proper location within
codesegment (after starting some files, they will point a corrupt
area)
Quarterdeck Office Systems DESQview V2.41 incompatible
proted x sometimes hang on Win95/98 + active McAfee VShield
shareware ver is CG's UnMask25 removable
UnMask25 is released 3 days after MASK release. how unfriendly :)
proted x:
is rather slow
prints MASK copyright before proceed
contains MASK copyright
-TinyXor (Tiny Xor)
By: dR.No/ViP Software/DTG/UG2000 (Russia)
Type: COM protor, 286
Compiler: BP V7.0
V0.1 [1998]
adds 43b to proted x
src is provided
UNP V4.12b t removable
-XoReR
By: dR.No/ViP Software/DTG/UG2000 (Russia)
Type: COM protor, <= 60Kb
Compiler: BP V7.0
V2.1 [1998]
Adv:
anti-load
dumping & generic-tracing is impossible
herinmi: run on Win98 (+EMS)
Disadv:
shareware
proted x sets keyboard to slowest rate
removable by:
TR + herinmi/CG's script?
BW V2.5?
Pentium incompatible?
herinmi:
destroy (& not restore) int1 & int3
badly coded, all XoReR vers have problem with size 4,096
-TRAP
By: Christopher Gabler (Germany)
Year: 1997-2000
Type: x protor, 386 (COM: 4-65000b, EXE: 32b-0.5Mb)
Compiler: batch? compiler
V1.13 : PHaX: can't run on my 486er
V1.24
is now compatible to 486DX4-S
adds 3,946-4,120b to proted x
V1.25
has reloc handler
proted COM never run
VAG's DeTrap V1.5 removable
V1.26b
anti VAG's DeTrap V1.5?
COM -> EXE
proted x is 486DX4-S incompatible
V1.26! [2000]
proted x is now 486DX4-S compatible
herinmi called this ver V1.26b1
CG: under 486, the 1st byte of 1st internal decrypted layer is wrong
proted x hangs under win311
non-pub?
Adv:
good prot
tf & opcode runningline
stack crypt
kicks popunpak
several crypt layers
mte
CRC used as decryption value
fast proted x
free
Disadv: adds 4Kb to proted x
Note:
uses
TME (mte)
MMtE (Mini Mutation Engine)
GDD (Generic Dumping Detection)
SADD (Self Anti Debugged Decryption)
Zenix: TRAP 1.2x claimed as EDUMP-resist, but EDUMP can unpack it easily
-ICE (Intrusion Countermeasure Electronics)
By: Keith P. Graham
Type: COM protor
V1.00 [1988]
Adv: pres
Disadv:
lame prot
UNP V4.12b removable
Note: 1 of oldest protors
-COP (Command Obfuscation Processor)
By: Jack A. Orman (USA)
Type: COM protor
V1.3 [1988]
Adv: adds 53b to proted x
Disadv:
lame prot (crypt only)
CUP V3.4 /1 removable
Note:
part? of Armada Utilities
1 of oldest protors
-CRYPTCOM
By: Nowhere Man/[NuKE]
Type: COM protor
Compiler: BC++ V3.0 [1991], tiny model
V2.0 [1992]
Adv: adds 29b to proted x
Disadv:
crypt only
UNP V4.12b removable
Note: part of Nowhere Utilitiess
-PROTECT! EXE/COM
By: Jeremy Lilley (USA)
Year: 1993-1996
Type: x protor, EXE =< 600kb, max 16kb reloc
Compiler: A86
V3.x [1993]
V5.5
txt-hacked by Marquis/UCF -> called V5.6
V6.0 [Aug 1996]
Adv:
adds 1,835b to proted x
very good mte
crypt
large multiplication of numbers by changing key, not XOR
serial check
compatible (DOS/Win31/Win95/ OS/2)
password (optional)
very good CRC check
pres -> simple derivative of LZ
Disadv:
weak prot
crypt only 32bit key
the prog x itself can't run on V86 on my cpu
must be unpacked first
CUP386 V3.4 /3 & ICEUNP V0.31 removable
Note:
uses Jmute (mte)
The most famous protor before HackStop. Many people use (CM), unpack
(UX) and enhance (Ciphator) it. Because every ver of PROTECT! can be
unpacked easily, no more update after PROTECT! V6.0 (give up?)
The author skipped rather incompatible tricks to increase compatibility
Found on CM (Cheat Machine) V2.11
-SECURE
By: Piotr Warezak (Poland)
Year: 1996-1997?
Type: EXE protor
Compiler: BP V7.0
V0.19
Adv:
adds 1,800-1,925b to proted x
double crypt
anti-gen-unpacker
can add comment to proted x (max 1024b)
proted x can check 286/386 processor and/or check DOS ver
Disadv:
no mte?
multiple prot is unallowed
experimental, non-pub
shareware?
TEU V1.82 slow removable
v0.29
-EXEGUARD
By: Ivanov Vadim (Russia)
Year: 1996-1997
Type: EXE protor, 8086
Compiler: BP V7.0 + TASM V4.0
V1.3 [1997]
Adv:
adds 849-863b to proted x
free
option:
/V -> enter vector number
/C -> ?
Disadv:
no mte
no crypt
TEU 1.82 removable
-PCRYPT (Program CRYPTor)
By: Andry Kobilykov aka AVK aka MERLiN /DTG/UG2000 (Russia)
Year: 1995-1997
Type: x protor, 386
V2.6 [1996]
V3.43: com support?
V3.51 [Dec 1997]
Adv:
mte
32bit code
free keyfile
clears proted x after its running
proted x can show message before running
adds message to proted x?
Disadv:
src is released
can't run on V86 on my cpu, proted x does nothing on real mode
EliCZ: can't run in DOS
EdH: then what its target? DOS progs running on Win32? explanation,plz!
Note: uses MPME (mte)
-Protect
By: Andry Kobilykov aka AVK aka MERLiN /DTG/UG2000 (Russia)
V7.1 [1996]
-Password
By: Andry Kobilykov aka AVK aka MERLiN /DTG/UG2000 (Russia)
V6.1 [1996]
-DS-CRP (Dark Stalker's CRyPt)
By: Dark Stalker/UCF
Year: 1996-1997
Type: COM protor, 386
V1.31 [Dec 1997]
Adv:
adds 23##b-26##b to proted x (w/o & with regkey)
3/4 size of MD5 checksum
kicks DUMPCOM V3.55 PRO
Disadv:
can add user name to proted x, but needs regkey, which isn't included :)
proted x sometimes hang
src is released
Note:
unpacked prog x contains string "HBOOT", "SOFTICE1", "$OFTPROB"
proted x does cold-reboot if find ASAP.$1 (CUP temp file) & PASS1.DAT
ADTs are for:
Game (Tools/Buster/Wizard), CUP386, DumpEXE, RAND0M unpacker,
MegaDevil COM dumper, (Soft/Win)ICE, SoftPROBE, UPC, EntPack, AutoHack,
Intruder
-fds-cp
Type: COM protor, < 50,000b, 386?
V0.4a [1997]
by fds0ft (Hungary?)
Adv:
multiple crypt layer
full RM ADT, DRx playing
adds 1,192b to proted x
semi-random crypt keys
checksum check on crypted image
Disadv:
no mte
ENTPACK 14-04-1998 (FOTO) removable?
Note:
adds string "(c) fds0ft" to proted x
uses scr off 2x
V0.5a [1997]
by JauMing Tseng or Kevin Tseng (Taiwan)
called jmt-cp
fds-cp V0.4a's quick hack
adds 1,192b to proted x
adds string "(c)jauming" to proted x
buggy?
-Ciphator Pro
By: mARQUIS de Soiree (aka Franzz? or Martino?) /UCF
Year: 1995-1997
Type: EXE protor
V4.60 [Feb 1997]
should be non-pub
Adv:
Nebelbombs
free for non-commercial use
Disadv:
no crypt
TEU V1.82 removable
proted x stops on 1 June 1998
Note:
uses scr off
the prog x uses ANSI esc-sequence
hooked int 1 & 3 will be unhooked to an IRET
-Inbuild Encryption
By: Christopher Gabler (Germany)
Type: Assembly COM protor
V1.0 [1998]
Adv: self-crypt (anti gen unpacker)
Disadv:
src is released
use first 15 byte of proted x
prog must be assembly & rewritten
DUMPCOM V3.55 PRO removable
-KShell (King Shell)
By: The Double-Star Computer, Inc.
Type: EXE protor
v1.20
V1.21 [1996]
Adv:
adds 1,968b to proted x
password (optional)
Disadv:
adds ovl
proted x with option /x hangs V86 of my cpu
-RCRYPT (ROSE Crypt)
By: ROSE aka Ralph Roth /ROSE SWE (Germany)
Type: COM protor?
RC1
type: 286+
ROSE:
adds 33b to proted x
non-pub (only released for TPiNC party in 1997)
V0.91 [1994?]
Adv: kicks CrkCOM V0.92 & DUMPCOM V3.55 pro
Disadv: CUP386 V3.4 /1 removable
V0.92 [1995]
V0.93 [11 Apr 2001]
V0.95 [14 May 2002]
prog is PE exe
-RCC II/286 (ROSE's COM Crypt II/286)
By: ROSE aka Ralph Roth /ROSE SWE (Germany)
Year: 1995-1999
Type: COM protor
V1.02
experiment for HS-Muteng (mte)
crypt is borrowed from Witch vir
src
V1.08
2 ver: mild & hard
V1.17 [1999]
V1.19 [8 Jul 2002]
Adv:
adds about 376b (mild) or 544b (hard) to proted x
free
ADTs:
fake jump
mutated decryptor
double-crypted entry point
anti debug & unpack tricks
-RC386 or RC 386 (ROSE's COM Crypt 386)
By: ROSE aka Ralph Roth /ROSE SWE (Germany)
Type: COM protor
V0.51 [1995]
Disadv: always hang on V86 on my cpu
V0.61 [8 Jul 2002]
disadv: prog closes DOSBox on my 3rd cpu if executed
-RSCC or RSCC II (ROSE's Super COM-Crypt/286)
By: ROSE aka Ralph Roth /ROSE SWE (Germany)
Type: COM protor, 286?
Compiler: MASM V6.XX
V1.04.02 [1999]
Adv:
adds 126b to proted x
free
mte (fully polymorphic)
src
Disadv: buggy mte
V1.05 [8 Jul 2002]
V1.20 [6 Nov 2002]
type: COM > 300/400 b, < 55kb
add ~177-250b to proted x
fix AVP/KAV false positive as TPE.DOS
by adding another layer crypted using HS-Muteng v2.0
Note:
based on RC/286 V1.11
full mutation is inspired from Uruguay vir family
is experiment for HS-Muteng (mte)
-REC (ROSE's EXE File Cryptor)
By: ROSE aka Ralph Roth /ROSE SWE (Germany)
Year: 1995-1999
Type: EXE protor
V0.32 [1997]
Adv: adds 1,001b to proted x
TEU V1.82 removable
Disadv: only for HackStop's regged user
V0.40.06 [1999]
V0.42 [17 Mar 2002]
Note: used together with RCC to prot HackStop x (the prog itself)
-REC/Small or RECSmall (ROSE's EXE Cryptor/Small)
By: ROSE aka Ralph Roth /ROSE SWE (Germany)
Year: 1997-2000
Type: EXE protor
Adv: free for personal use
Disadv: can't prot EXE with reloc
V1.05 [25 Jun 1999]
Adv: adds 83b to proted x
Disadv: gen unpacker removable (ex: CUP386 V3.4 /3, TEU V1.82)
V1.07 [22 May 2002]
adds 87b to proted x (smallest)
has BIOSCrypt ver: uses BIOS code as key to crypt EXE image (?)
-RECAV or REC/AV or REC/Small/AV (ROSE's EXE Cryptor + Anti Virus)
By: ROSE aka Ralph Roth /ROSE SWE (Germany)
Year: 1999-2000
Type: EXE protor
Adv:
anti-vir
free
V1.05 [2000]
Adv: adds 436b to proted x
V1.07 [22 May 2002]
adds 442b to proted x
Disadv:
can't prot EXE with reloc
multiple prot is unallowed
unRECAV removable (included), at least for V1.04
TEU V1.82 removable
-SECURE
By: G.M. McKay (Australia)
Type: x protor, 8088?, 1b-600Kb
V2.1b [Jan 1995]
Adv:
adds 530-680b to proted x
GUI
checksum
user-random crypt
fail options (print own message/print user message/hang/reboot)
filesize check (optional, adds extra 100b)
multiple crypt is allowed
kicks? popunpak, except TEU V1.82
Disadv:
no mte
shareware (proted x shows message)
slow prot
complicating proting procedure
TEU V1.82 or UPC V1.11 removable
-CRYPTEXE
By: The DoP (Doors of Perception) aka Christian Bradiceanu (Romania)
Type: EXE protor
Compiler: BC(++) V3.0 [1991], small model
V1.04 [1996]
Adv:
adds 536-607b to proted x
kicks CUP V3.4 /1
free
Disadv:
multiple prot is unallowed
no mte
TEU V1.82 removable
Note:
adds string "DoP" in begin of proted x
Its reloc handler is used? in FFSE
-AEP (Addition Encode-Protective)
By: Ke-Jiah Hann
Type: x protor, 386?
V1.00 [Aug 1996]
Adv: adds 1,320b (COM) or 1,384b (EXE) to proted x
Disadv:
removable by:
its own regged ver (option R)
TEU V1.82 -! -G
OlegPro's xAEP V0.01b
weak crypt
OlegPro:
PIQ tricks -> Pentium incompatible
no morph
Note:
adds string 'Written By Ke Jia-Hann' to proted COM
uses scr off
AEP.EXE from SuddenDischarge is processed by:
-AINEXE V2.2
-Protect! V5.5
-TINYPROG V3.6
-Protect! V5.0
-AEP V1.00 2 times
-SCRAM
by: xadi
V0.1
-SCRAM!
By: bushwoelie/ACP
Type: COM protor, 386?, DOS V2?, VGA card?
V0.8a1 [May 1997]
Adv:
good? ADT
mte
adds 1,792-1,839b to proted x
Disadv:
proted x slows down keyboard rate
CUP386 V3.4 /7 removable
Note: earlier ver by bushwoelie & STN
-SCRYPT
By: darkgrey aka Vladimir Gorbunov /DTG/UG2000 (Russia)
Type: COM protor, 286
V0.4 or 1.4 [1998]
Adv:
adds 238b to proted x
kicks CUP386 V3.4 /1 and /3
-LP (LockProg)
By: Myrlochar/Kryst/TPD/PDL
Type: COM protor
Compiler: BP V7.0
V0.5a [1998]
Adv:
adds 185-186b to proted x
adds string "lopro" in end of proted x
kicks TEU V1.82?
Disadv:
certain (normal) proted x hangs on my cpu
CUP386 V3.4 /3 removable
-CRYPT
By: Eclipse /Light Show
Type: EXE protor
V1.21 [Jul 1994]
Adv:
add 1029b to proted x
anti Soft-ICE?
Disadv:
no mte
TEU V1.82 & AHCR V1.32 removable?
-CRYPT
By: DISMEMBER aka Alex Lemenkov (Russia)
Type: x & sys protor, 286
Compiler: BP V7.0
Disadv:
weak prot
no mte
V1.7 [1995?]
add 165b (COM) or 436b (EXE) to proted x
COM is DUMPCOM V3.55 PRO removable
EXE is CUP386 V3.4 /3 or TEU V1.82 removable
V2.0 [1996]
add 27b (COM) or 50b (SYS) or 342b (EXE) to proted x
EXE is CUP386 V3.4 /1 removable
-EXE-Manager
By: Solar Designer /BPC (Russia)
Type: EXE protor
Last known ver: 4.0
Compiler: BP
V3.3 [Sep 1995]
Adv:
GUI (+ help & sound)
anti 27 unpackers
intercept DOS calls (w/o calling previous handler)
regged ver:
dynamic code decrypt
can only be exec-ed by EXEManager's int3 handler
free registration
password
check the needed hardware
Disadv:
no crypt (?)
prog x hangs real/V86 on my cpu
but some proted x run!
-Aluwain
Type: EXE protor
V8.03
by: Cracker X (?)
V8.09
by: Tequila
Adv:
adds 817b to proted x
checksum?
Note:
adds string "aLuWaIn!" to proted x
protor x is full of 00h (50kb?). if it's unpacked & all 00h are removed, it
can't prot properly. used as proted x image?
-BinLock
By: Hit-BBS Programmers Crew
Type: COM protor
V1.0 [1994] the only (?) version
Adv: kicks popunpak + DUMPCOM V3.55 PRO
Disadv:
very incompatible
ROSE's unCOM V1.21 removable
CG: uses dangerous trick (use abnormal codesegment address)
STN: CG is right, it's useless
-CeXeC (CrypteXeC)
By: Gabor Keve /ByteWorx (Hungary)
Type: EXE protor, 32kb freemem
Year: 1997-1998
Compiler: BP V7.0 + TASM
V1.01 [1998]
Adv:
2 loader type: DOS & Win3x
smaller & faster DOS loader than (DCREXE/CRYEXE)'s
cardware
Disadv:
DOS loader can't run on multitask environment
adds 8,312b (DOS loader) + 257b to proted x
doesn't wipe temp decrypted file (but still crypted)
DOS loader is TEU V1.82 removable
Note:
write temp decrypted file to disk
DOS loader uses:
Warezak's Secure V0.19
Gabor Keve's UET (anti TEU)
prog x is proted with UET
-DCREXE
By: LuCe
Type: EXE? protor
V2.0 [1997]
Disadv: doesn't wipe temp decrypted file
Note: write temp decrypted file to disk
-LUCESTOP
By: LuCe
Type: x protor
Compiler: BP V7.0
V1.0b [May 1997]
prog x hangs my cpu
adds 23,004b (!) to proted x
adds logo to proted x
uses Protect! V6.0 to prot loader
herinmi: badly coded
Note:
write temp decrypted file to disk
predecessor? of DCREXE
-Crypta (Cryža)
By: Iosco Capitalino aka Valentino Tosatti (Italy)
V2.0
II V2.0: uses other protor (JMCE V0.7j) as loader (?)
II V3.0: uses other protor (Secure V0.19) as loader (?)
-CryEXE
By: Iosco Capitalino aka Valentino Tosatti (Italy)
V4.0: uses other protor (MESS V1.20) as loader (?)
Note:
write temp decrypted file to disk
STN: Iosco doesn't have time to code it better
-HackFuck
By: Iosco Capitalino aka Valentino Tosatti (Italy)
V1.0 [1997] non-pub, not distributable
Adv: mte?
Note:
write temp decrypted file to disk
predecessor? of CryEXE
-EFP (Executable File Protector)
By: Alexei Bulushev/aleXoft (Russia)
Year: 1991-1992
Compiler: BP V5.5
V1.23 [1992]
Adv: kicks popunpak
Disadv: add 29,684b! (8,442b loader + 21,242b ovl) to proted x
-EPW
By: Alan D. Jones/Farpoint Software
Type: x pass protor
V1.2
V1.30 [1992]
V4.2
hacked V1.2
-MSCC (Mad Scientist's COM Crypter)
By: Mad Scientist
Type: COM protor, 286?
Compiler: BP V7.0
V1.0b [1997]
Adv:
free registration
adds 110b to proted x
adds sig "∩∩$››1.0▀s" in end of proted x
regged ver can kill this sig
Disadv:
ROSE: easy to bypass
CUP V3.4 /3 removable
-CRYPACK
By: George Stark/Yakuza
Type: EXE protor
Compiler: BP V7.0
V3.0 [1995]
Disadv:
CUP386 V3.4 /3 removable
hang if proted x has reloc
-BITLOK
By: Lei Jun & Wang Quanguo /Yellow Rose Software Workgroup (China)
Year: 1989-1996
Type: EXE protor (COM -> EXE)
Compiler: BP V7.0
V3.0 [Jul 1996]
V3.1 [Oct 1996]
Adv:
(date & install) limit
prot support for FoxPro, Clipper & BP compiled x
can add user module
Disadv:
adds 8kb-9,823b (option /S) & 12kb (with key diskette) to proted x
loader = ovl added to crypted x (?)
SAC's BL31-RM V1.00 removable
Note:
use option /S to crypt w/o key diskette
used to prot Realix's HWInfo
EdH: non-English. more review, plz!
-BITLOK-7NT
date: 12 May 1993
-BITSHELL
By: Lei Jun & Wang Quanguo /Yellow Rose Software Workgroup (China)
V3.x
Note: mentioned in BITLOK, PACKWIN, BW doc
-HDKProtC (Mr.HDKiLLeR ProtectioN)
Type: COM protor
V1.1
by Mr.HDKiLLeR
V1.1a [1996]
by eMX!
adds 165b to proted x
changed start-up code
fixed crypt key
no input given for prog x -> hangs
adds string "tiTaNiC 1.2" in begin of proted x
ROSE: buggy cryptor, kills int 1 & 3
-EXECODE
By: Balazs Scheidler (Hungary)
Type: x protor, 8086, DOS V2
Compiler: BC++ V2.0 [1991]
V1.0 [1995]
Adv:
regged ver offers ADT
COM2EXE?
user defined crypt key
reloc crypt
Disadv:
shareware
proted EXE requires extra 1-64kb mem, depending on reloc
shareware: CUP V3.4 /1 removable
regged : CUP V3.4 /7 removable
Note: adds sig "XCOD" in begin of proted x
-X3
By: Dark Stalker/UCF
Year: 1997
Type: COM protor
Adv: adds 18b to proted x
Disadv: UNP V4.12b t removable
Note:
1 of smallest COM protors
part of DSCPP (Dark Stalker's COM Protector Pack)
-X3
By: MANtiC0RE aka Valery Shabaev (Russia)
Type: COM protor
V1.3 [1998]
Adv:
adds 336b to proted x
mte
kicks CUP V3.4
Disadv: CRKCOM V0.92 removable
Note:
independent successor? of Dark Stalker's X3
uses MnemoniX's MutaGen 2.0
adds logo to end of proted x
-SDW & SDW386 (ShaDoW Cryptor)
By: MANtiC0RE aka Valery Shabaev (Russia)
Year: ? - 2000
Type: COM protor (EXE -> COM), =< 63Kb
Compiler: TASM V5.0
V1.80 [2000]
Adv:
herinmi: very nice mte
adds 1-2Kb to proted x
can disable logo addition to proted x (/b option)
can generate random decryptor (/r option)
kicks CUP386
free
SDW386: has Jibz's TECC
Disadv:
simple ADT -> easy to unpack? / can't stop advanced debugger/dumper?
TR V2.52 + herinmi's script removable
SDW (& V1.78-1.79?) hangs on my cpu
SDW386:
is 1st SDW x which can run on my cpu (PIQ bug removed)
is Win98 explorer incompatible
x no longer set keyboard to slowest rate (suggested? by OlegPro)
proted x:
is no longer slow
sometimes hang
still set keyboard to slowest rate
Note:
based on Tailgunner's Shadow COM encryptor
uses
√iCE (mte)
RES (Random Encryption Synthezator) by SSR (1997)
unique registration: send to the author:
your favorite bottle of beer to get unique ver of regged SDW
20 bottles of beer to get fully commented last SDW src
-Crunch
By: Luck Martins/Skinhead
Type: COM protor, 286?
V1.0 : prog name is Blitz
V1.4 [1995]
Adv:
several crypt engines
free
mte
regged ver can crypt EXE
Disadv:
prog x hangs my cpu
herinmi: too strong mte
-DEMO
By: Adlersparre & Associates
V2.0 [1993]
Type: EXE protor (?)
Disadv:
X-TRACT V1.51 removable
non-pub?
Note: found on DMC V3.5 prog x
-TCEC (ThE CLERiC! EXE Cryptor?)
By: ThE CLERiC! aka Carl Elkhabbaz (Lebanon)
Year: 199?-2000
Type: EXE protor, 386
Compiler: TASM V5.0
Disadv:
no reloc handler
proted x
is often hang
sets keyboard to slowest rate
Win incompatible
V3.55b: the copy on EXEList is infected with Guerilla.1996 vir
V3.58b:
src is released
last ver
EdH: cool ASCII art :)~
Note:
most ADTs used are from CG's Insider.Faq
based on MESS V1.07
Cleric: the src lost under hardisk crash
-NSP (N0PS Shit Protector)
By: ’narchistic Ka0t/N0PS (Germany) or Cyber Cop?, Ghostbuster?
Type: COM protor
Compiler: TASM V4.0
V0.001b
V0.002b [Jan 1995]
V1.00
Adv:
ROSE: good ADT
kicks TRON
Disadv:
Win32 incompatible
prog x does nothing on (my & CyR's) cpu
LCDump removable
-XcomOR or XCom/Or
By: madmax!/PC97
Type: COM protor
Adv: ROSE: prepending cryptor
V0.99f
170b
V0.99g
274b
V0.99i [1997]
add 550b to proted x
proted x hangs on my cpu
eGIS's XCR V0.99 removable
add string "MMX" in begin of & "XcomOR" in end of proted x
prog x has DETECTICE V1.0a inside (7 WinICE detection methods)
note: crypt uses XOR
-LCCrypt (Lame COM enCryptor)
By: CyberRax (Estonia)
Year: 1999-2000
Type: 3 - 65,000b COM protor, DOS V2, 8086
Compiler: SPHINX C-- V0.203 (1994)
V1.2 [June 2000]
Adv:
SMALL model only adds 21b to proted x
LARGE model only adds 123b to proted x
HUGE model (/H), adds 891b to proted x,
can add name to proted x (undocumented)
Greet-Ware (Free)
Disadv:
no mte
TR V2.xx + herinmi's Script removable
SMALL model is ROSE's unCOM removable?
HUGE model
requires DOS V3+
is buggy if proting large COM
sometimes adds 20+ kb to proted COM (result > 64kb!)
CyR:
HUGE model + 65,000b proted x exceeds the FFFFh boundary
(and the 100h for PSP ain't even counted :()
FreeDOS beta 4 incompatible
CyR: because FreeDOS beta 4 not 100% MS-DOS compatible
(different regs value at prog start-up)
Note:
SMALL model = crypt only
LARGE model = crypt + old tricks + anti-TBScan
HUGE model =
better crypt + anti-TBScan + a gen debugger/unpacker trick +
a gen unpacker trick + some anti-dump code + some 90's old tricks
ADT is called REx-TRiCK (Re-Execution)
prog x is proted by CyR's I$p (Independent $pace wannabe) PR0TECTi0N 1.0
anti-TBScan = 2nd decryptor which decrypt 1st decryptor
CyR: anti-TBScan is actually fake-return to 100h at begin of decryptor
herinmi: HUGE model is nice
-ADC (Anti-Debug Coder)
By: Majorov Ruslan (Russia)
Type: COM protor, 11- ?b
Year: 1997-1998
V1.6 [1998]
Adv:
adds 202b to proted x
kicks CUP V3.4 /1
Disadv:
lame crypt
DUMPCOM V3.55 PRO removable
Note: adds string "[ADC V1.6]" near the end of proted x
-CRyPT
By: CyPoxl
Type: COM protor
V1.1 [1995]
Adv:
adds 77b to proted x
good crypt
Disadv:
CUP V3.4 /1 removable
ROSE: no ADT
-EXE SHIELD 386+
by: MasterBall
type: x.?
V1.0 [2000]
-E-PROT 386+
Year: 1999-2000
By: MasterBall
Type: TP x protor
V1.0.2b [2000]
Adv: free
Disadv:
ADTs are mainly for TP x prot
add 5Kb to proted x
last ver
weak crypt
proted x hangs my cpu
Note:
uses scr off 2x
based on
MaX/MovSD's ATEU V1.2 (ADT)
Stone's EXE Crypter (crypt)
Mnemonix's BWME (mte)
-CRYPTCOM
By: Grgic Arminio
Type: COM protor (?)
Compiler: BP 7.0
V1.0b [1995]
Adv: kicks CUP V3.4 /1
Disadv: weak crypt
Note: put string "CryptCOM (c)m&g GrGa" in proted x
-LOCKEXE
By: Grgic Arminio
Type: EXE protor (?)
Compiler: BP 7.0
V1.0b [1995]
Disadv: TEU V1.82 removable
Note: also used to prot author's TSRFACES
-MegaShield
By: P.S.A / t-REX (Russia)
Type: COM protor, 286, 1 - 64,000b
Compiler: BP V7.0
V1.01a [1996]
NU-like interface ( + mouse support)
adds 256b to proted x
no anti-dump
prog x is proted by itself; possibly a presor; EXE2COM & EXEMANAGER V3.3
proted x sometimes have problem with Win(3x/95)
-Super LAME! Crypt
By: P.S.A / t-REX (Russia)
Year: 1997
Type: COM protor
Adv:
adds 195b to proted x
kicks CUP V3.4 /1
quite good crypt
Note:
starting string on proted x is "DUKELISTXXX" then
"Anti-Lamer Cryptor (c) 1997 by P.S.A"
-Anti-Lamer Crypter
v1.0 [1999]
-LockMaster
By: Andrew Kacy
type: x protor
V9.0 [Sep 1994]
demo ver
predecessor of CodeLock
-CodeLock
By: Andrew Kacy
type: com?
V4.0
successor of LockMaster
-DSHIELD (Debug? SHIELD)
Type: EXE? protor
By: Ben Castricum (The Netherlands)
Year: 1995?
Adv: kicks popunpak except ICEUNP V0.31
Disadv:
non-pub
ROSE's AHCR V1.32 removable
Note: found on BenC's UNP prog x
-PMUTATE (PReDaToR Mutate)
By: PReDaToR 666 /iCS
V1.1 [1996?]
Adv: kicks popunpak
Disadv:
non-pub
ROSE's AHCR V1.32 removable
Note: found on PReDaToR 666's DCA prog x
-Misha Prot
By: Misha/UCF (Russia)
Type: COM? protor
Year: 1996?
Adv:
kicks popunpak
pres?
ROSE:
short but very interesting
anti-RM-debug because the bkpt is used to calculate crypt value
Disadv:
non-pub
fds0ft's PCU removable
Note:
adds string "Coded by Misha" to proted x
found on Misha's UX prog x
-JVP Prot or NoDebug?
By: JVP
year: 1998
Disadv:
non-pub
CUP V3.4 /7 removable
Note: found on JVP's TEU prog x
-SEN debug prot
By: SEN aka Eugene Suslikov (Russia)
Disadv: non-pub
Note:
prot is 512 byte of ovl attached to proted x
found on SEN's HIEW prog x
-hAWeD! prot
By: REALiX aka Martin Malix (Slovak)
Disadv: non-pub (?)
STN: disable int13, but slowdown exec
-Sage prot
By: Alex Petroukine aka Sage/Cyberware/UCF (Russia)
Note: found on Sage's CUP V3.# prog x
-TUSCON prot
By: Max/Tuscon aka Norman Rudolf (Germany) (?)
Type: COM? protor
Disadv:
non-pub
CUP V3.4 /1 removable
Note:
adds string "TUSCON" to proted x
found on T-PACK prog x
-FALinc prot
By: FALinc/NightMareCorporation
Year: 1997?
Type: EXE? protor
Disadv:
non-pub
UPC V1.11 removable
Note: found on UNEXE prog x
-USCC (UniquE's shitty COM Crypter)
By: UniquE aka Christian Scheurer (.ch)
Type: COM protor, 386
V1.31
by? Dark Destroyer
EdH: is this hacked ver or other protor with the same nick?
V1.4 [1998]
adds 179b (?) to proted x
32bit crypt + selfmutate key
?: isn't 32bit, more like 16bit + 16bit
3 crypt layers (8, 16, 32 bit)
free
(prog & proted) x hangs V86 of my cpu (once run on RM)
-USP (UniquE Software Protection)
By: UniquE aka Christian Scheurer (.ch)
V1.5 [1997]
non pub
TEU V1.82 removable
found on UniquE's EXUP prog x
-Rowdy's Strong Protection
adv: mte
-GameWizard prot
note: found on GameWizard prog x
-EXE Guardian
By: Christopher Drake/NetSafe (Australia)
Compiler: WC(++) 16 [1992]
Type: EXE protor
V4.2 [1997]
Adv:
DES crypt (?)
kicks popunpak but TEU V1.82
Disadv:
shareware
proted x prints copyright + advertisement to scr
is date-limited
adds 8,264b ovl to proted x
bad reloc handler
BW V2.5 half removable
multiple prot is unallowed
Note: part of NetSafe package
-NetSafe
By: Christopher Drake/NetSafe (Australia)
Compiler: WC(++) 16 [1992]
Type: EXE protor
V4.2 [1997]
Adv:
DES crypt (?)
net prot
kicks popunpak but TEU V1.82
Disadv:
shareware
proted x prints copyright + advertisement to scr
is date-limited (?)
adds 12,934b ovl to proted x
bad reloc handler
BW V2.5 half removable
multiple prot is unallowed
Note:
part of NetSafe package
NetSafe = EXE Guardian + net prot
-ZIP-Prot
By: Christopher Drake/NetSafe (Australia)
Year: 1996
Type: EXE protor
Compiler: WC(++) 16 [1992]
Disadv:
adds 5,760b to proted x
bad reloc handler
shareware
proted x prints copyright + advertisement to scr
UPC V1.11 half removable
Note:
proted x has string "NetSafe (tm) Ver 4.15" & "EXE Guardian Ver(tm) 4.15"
then ZIP-Prot = customized ver of NetSafe V4.15 (?)
EdH: I can't figure out the meaning of "ZIP-Prot" :)
-CryptCOM
By: frank/riot aka Frank Baumgartner
Year: 1996-1997
Type: COM protor, 286
Compiler: BP V7.0
V1.1 [1997]
37b decryptor
adds 41b to proted x
src is provided
kicks CUP V3.4 /1
UN-PACK V1.8 -t removable
-Shadow COM encryptor
By: Tailgunner
Type: COM protor
V1.0b [1998]
adds 29b to proted x
src is provided
no ADT
CUP V3.4 /1 removable
-Crypt.Trivial.173
By: SMT/SMF (Russia)
Year: 1998
Type: COM protor
Note: prog x does nothing on my cpu
-Scrypt
By: SMT/SMF (Russia)
Type: COM protor
V1.2 [1999]
proted x is said to need emm or Win but it hangs completely on my cpu
detects Soft-ICE
adds string "(PolyScrypt 1.2 by SMT)" to proted x
-SCC (Simple/Small COM Cryptor)
By: ThE CLERiC!/LineZer0 aka Carl Elkhabbaz (Lebanon)
Year: 1997
Type: COM protor, 386
Adv:
adds 88b to proted x
emailware
Disadv:
Win incompatible
won't be updated
Note: some ideas taken from AdFlt2A
-Simple COM Cryptor
By: EliCZ (Czech)
Year: 1998
Type: COM protor
Adv: adds 47b to proted x
Disadv: UNP V4.12b t removable
-CryptC (CryptCOM)
By: EliCZ (Czech)
Year: 1998
Type: COM protor, 386
Adv: adds 72b to proted x
Disadv:
source code is provided
TEU V1.82 -g half removable
Note: detected as Cleric's SCC or ELiCZ's fDEMO
-Ryptor (ShadE's COM encRYPTOR)
By: ShadE
Type: COM protor
V1.0 [1999]
adds 50b to proted x
UNP V4.12b t removable
-NTShell
By: ZhouHui/Keenvim Software Workgroup (China?)
Type: x (?) protor
Year: 1992, 1993, 1995
Compiler: BP V7.0
V4.0 [1995]
adds 8,200-8,239b to proted x
spec.prot for FoxPro files
proted x hangs on V86 of my cpu
-mCrypt for COM
By: Ufo Crew '98
Type: COM protor
V0.1b [1998]
adds 197b to proted x
adds string "UFO CREW 98 mCRYPT" in end of proted x
kicks CUP V3.4 /1
TEU V1.82 -g half removable
-Khrome Crypt
By: Teraphy
Type: COM protor
V0.3 [1997]
Adv:
adds 1,156b to proted x
Disadv:
UN-PACK V1.8 removable
U are prohibited to prot shareware/commercial progs
Note: not (detect/crash) WinICE
-EXELOCK
By: JON Software
Type: EXE protor
Compiler: BP V7.0
V1.00 [1993]
Adv:
adds 524-538b to proted x
bios lock (mode /B)
Disadv:
no crypt
copy from SuddenDischarge can't operate mode /B
message: "EXELOCK is damaged"
-CSV or COM Sccrambler
By: Moshe
Type: COM protor
Compiler: BP V7.0
V0.1 [1995]
adds 56b to proted x
CUP V3.4 /1 removable
-ENCODER (COM FILE ENCRIPTER)
By: Frenzy/SparC
Type: COM protor
Year: 1999?
Adv: adds 25b to proted x
Disadv: CUP V3.4 /1 removable
-CRYPTEXE
By: Dmitriy Borisov (Russia)
Type: x pass protor, DOS V2
V1.00 [1994]
adds 872b (COM) & 1,052b (EXE) to proted x
certain EXE w/o ovl is looked to have 1 -> result in buggy proted x
proted EXE hangs if > 64kb (?) or reloc not packed (?)
-ComCrypt (ComCryptor) BTS
By: Hidi aka Jozsef Hidasi/Big Tree Software (Hungary)
Year: 1996-1998
Type: COM protor
Compiler: BP V7.0
V9.12 [1998]
shareware
code in mem? selfcheck
adv: ignores other prot after it
multiple prot is unallowed
adds 1,195b to proted x
adds string " ComCrypt '98.1 XX" in begin & BTSPK advertisement +
logo in end of proted x
proted x prints logo on exec
kicks CUP V3.4
TEU V1.82 -g -! half removable
-COMCrypt
By: unknown (HPA?)
Year: 1997?
Adv: adds 40b to proted x
Disadv: CUP V3.4 /1 removable
Note: found on Lukundoo/HPA's HPAC2T V0.6 (com2txt)
-Com.crypt
by: W. Kaniewski
V0.68
note: mentioned in herinmi/Fibex
-ComCrypt
V1.41
note: mentioned in herinmi/Fibex
-ComCrypt
by: S. N.
V1.58
note: mentioned in herinmi/TEC/Beta/Tec.F1
-COMLOCK
By: BoRZoM/Trouble Makers
Compiler: BP V7.0
V0.10 [1994]
Adv:
adds 80b to proted x
adds string "COMLOCK" in end of proted x
Disadv:
deprotor (COMULOCK) is provided
UNP V4.12b removable
-ET or EXETOOLS (Executable Files Tools) /E
By: DISMEMBER aka Alex Lemenkov (Russia)
Type: x protor
Year: 1992-1995
V2.1 [1995]
adds 48b (COM) or 295b (EXE) to proted x
adds string "ET21" in end of proted EXE
proted EXE hangs my cpu
proted COM is CUP V3.4 /1 removable
Note: spec.switch on ET
-COM file protect
By: B!Z0n/[BzZ]
Type: COM pass protor
V1.0b [1998 (?)]
adds 293b to proted x
if U only give [enter] as password while prot, the proted x won't run with
[enter]. If U ctrl+break it, the proted x will hang/reboot
-The WiZ Cryptor
By: SP0T/UCL (Russia)
Type: COM protor
V1.00a [1998]
adds 171b to proted x
adds string "[The WiZ Cryptor v1.00a by SP0T/UCL]" to proted x
kicks CUP V3.4 /1
DUMPCOM V3.55 PRO removable
-ENCOM (ENcryptCOM)
By: Stewart Moss (South Africa)
Year: 1995-1998
Type: COM protor, 286
Compiler: BP V7.0
V3.06 [Nov 1998]
Adv:
adds 435-929b to proted x
avoid heuristic AV false-alarm
max 75 iterative checks for int21 or int26 opcode in proted x
free
Disadv:
no 386 ADT (can't kick PM/emu debugger)
proted x hangs my cpu
adds string "ENc(major_ver_byte)(minor_ver_byte)" in end of proted x
Note:
uses
Eclipse's FOG (Funky Opcode Generator) as crypt engine
int8 traps, modified int3 pointer, jmp back to entrypoint (anti-dump)
V4.0 or V5.0 is promised very hard to unpack & to write unpacker for
-LOCKTITE PLUS
By: Michael Wegner/ANSOFT
Year: 1989-1990
Type: x pass protor
Adv:
can prot batch (?) file
password can be given in proted x command line (not only prompt)
Disadv:
adds 14,619b to proted x
write decrypted tempfile to disk (but wipe it)
shareware
-UCOMCRY (UniquE's COM CRYpter)
By: UniquE aka Christian Scheurer (.ch)
Year: 1997
Type: COM protor, 286
Adv: adds 140b to proted x
Disadv: CUP V3.4 /1 removable
Note:
COMFILE.COM (to-be-proted x) & CRYPTED.COM (proted x)
ADTs used: write code to keyboard buffer
written for an article in PAiN disk magazine
-ARMOUR II
By: ? (Russia)
Type: EXE protor, 386?
V2.51 [1991?]
copy prot
pres
can add copyright to proted x
EdH:
prog not working, refuse to prot ("can't exec main armour module")
non-English. review, plz!
-Copy-Protector
By: Andrew V. Basharimoff aka Nice aka Psychomancer /SPS06
Type: x.copy.protor
V1.02 [Apr 1996]
adds 267b (COM) or 271b (EXE) to proted x
deletes & wipes copied proted x, but not moved proted x :)
prog x is reported as infected by new unknown virus, by
McAfee VirusScan for DOS/PM V4.7.0, scan engine V4.0.70, vir dat v4095
-CPT (Copy ProTector)
by: A. Vodyanik
type: x & sys.copy.prot (?)
V2.0 [1989]
herinmi: same as Copy-Protector
-SESAME
by: Goreinov S.A.
type: x.copy.protor
V1.1 [1990]
-ExeLocker
by: hUilaM
type: pass
v1.1[1999]
-BinCoder
type: pass
V2.01
-STNCC (SToNe's ComCrypt)
By: Stone/Klan (Denmark)
Type: COM protor
Year: 1996
Compiler: BP V7.0 + TASM V3.2
Adv:
adds 39b to proted x
beerware: if U (like/use) it & U meet the author, U have to give him a beer
Disadv:
no ADT
INPUT.COM (to-be-proted x), OUTPUT.COM (proted x)
lame crypt (inc by 1)
slow prot
tech stuff + src are provided
Note: for educational purpose
-ComCrypt
By: BlackLight
Type: COM protor
Compiler: QB V4.x
V0.01a [1998]
STNCC written in Basic
modified & compiled by MANtiC0RE
adds 39b to proted x
proted x is recognized as STNCC's
-STNCRP (SToNe's ExeEnCrypter)
By: Stone/Masque/Klan (Denmark)
Type: EXE protor
Year: 1996? or 1997?
Compiler: TASM V3.2
Adv:
adds 93b to proted x
beerware: if U (like/use) it & U meet the author, U have to give him a beer
Disadv:
no ADT
INPUT.EXE (to-be-proted x), OUTPUT.EXE (proted x)
lame crypt (inc by 1)
slow prot
tech stuff + src are provided
Note: for educational purpose
-ComProtector
By: Marco Ruhmann
Type: COM protor
V1.1 [1998]
adds 340b to proted x
adds string "[ComProtector 1.1 - 1998]" to proted x
uses CG's:
[CRMK] (Christoph's Random Mutating Killer) engine for:
-generating random decryptor
-stack crypt
-anti hw bkpt
-anti dump
-fake decryptor
inbuild AD
debug detection
detects some unpacker tempfile (MEM1.DAT, ^ENTPACK.{1}, BCFO1.IFD)
unpacked prog x contains string "[TRAP V1.20]"
BW V2.5 removable
-CKS (Chang Kiang Sandbag)
By: Cansing Leung or Liang Jian Sheng (China)
Type: x? protor
Compiler: MASM V6.11
V1.1 [1998]
Adv:
adds 2,648b to proted x
cardware
anti?-BW V2.00
Disadv:
proted x hangs my cpu
to-be-proted x must not be (prot/pres)ed before
Note: prog name meaning: to remind the victims of China's "Long River" flood
in 1998
-PROTON
By: S. Mursalov/MurSoft (Russia)
Type: x protor
Compiler: BC V2.0 [1988]
V2.0 [1992]
Adv:
crypt code: adds 449b (COM) & 485b (EXE) to proted x
virus vaccine (doesn't work)
fixation by diskette/computer (only the last 1 works)
needs a floppy disk?
pass(word/date) prot
all prot enabled: adds 691b (COM) or 7,665b (EXE) to proted x
Disadv:
removable by the prog x itself (even all options)
CUP V3.4 /1 removable
-NOCLIP
By: barmak(?)/Tecnologia Digital (Brazil)
Year: 1995-1997
Type: EXE protor, 286, DOS V5
Compiler: BP V7.0
V4.1 [1997]
Adv:
anti-decompile for Clipper RM/PM DOS prog
anti-disasm + vir detector
Disadv:
adds 4,798b ovl to proted x
shareware
proted x exec shows annoying :) advertisement
slow proted x (too long delay after printing owner name to scr)
TEU V1.82 removable
-deeP-CRyPTeR
By: PLaSMoiD/deeP
Type: COM protor, 386?
V.01b [1995]
adds 96b to proted x
UNP V4.12b t removable
-RTD_ENC (Encryption Program)
By: MR WiCKED/RTD (Belgium?)
Year: 1996
Type: COM protor
Compiler: BP
V1
BP src
adds 36b to proted x
UNP V4.12b t removable
V2
BP src
adds 25b to proted x
UNP V4.12b t removable
V3
BP src + ASM src
random crypt
adds 70b to proted x
CUP V3.4 /3 removable
-CC286x▓
By: Dark Stalker/UCF
Type: COM protor, 286
V2.1 [1997]
kicks CUP V3.4
ICEUNP V0.34 removable
can't prot on my cpu ("file open error!")
part of DSCPP (Dark Stalker's COM Protector Pack)
-BUNNY
By: Manfred Bunjes (Germany?)
Type: x protor?, DOS V3
Compiler: BC V2.0 [1988]
V4.1 [1993]
GUI (+ mouse support)
(manipulate/password/install) prot
manipulate: adds 29,539b (!) to proted x
password : adds 28,500b (!) to proted x
no crypt & ADT
shareware
prog x is CUP V3.4 /1 removable
proted x is UPC V1.11 removable
EdH: non-English. more review, plz!
-USERNAME
By: Jordi Mas Hernandez [Spain?]
Type: x pass protor
V3.0 [1992?]
-CHECKPRG
By: Jordi Mas Hernandez [Spain?]
V2.00
-SnoopStop
By: Trills
type: com? protor
V1.16
Disadv: never run on any cpu? :)
-TREKLOCK
By: Trills
V1.12
note: equal? to SnoopStop
-PirateStop
By: Trills
V1.09b [1998]
EdH: I only heard of it. Review, plz?
-MCLOCK
Type: COM protor
By: Noam (Herzenshtein/Herzenstien)
V1.2 [1989]
V1.3 [1989]
adds 108b to proted x
UNP V4.12b removable
ADT: replace int1 & 3
recoded by Dark Stalker/UCF & included in his DSCPP [1997]
he copies the decryptor found in some proted x
-TPC-SCR or T.P.C.'s COM File Scrambler
Type: COM protor
By: Oren Maurice (or? Asher Alon/T.P.C. (Israel))
V1.00
adds 119b to proted x
X-TRACT V1.51 removable
recoded by Dark Stalker/UCF & included in his DSCPP [1997]
he copies the decryptor found in some proted x
-IBM-CRP (IBM COM file Encryptor)
By: ? /IBM (cracking group)
Type: COM protor
V1.00
adds 122b to proted x
adds string "- Wh� ’Rε �0U St’Ri∩G ’t Mε? -" to proted x
recoded by Dark Stalker/UCF & included in his DSCPP [1997]
he copies the decryptor found in some proted x
Disadv: fixed crypt key
-Encriptor (for COM files)
By: GaStOn B.
Type: COM protor
V1.00b [1994]
adds 150b to proted x
adds string
"Please, do not modify this COM-file! - Scrambler by Gaston B."
in begin & ".GaStOn 1994." in end of proted x
recoded by Dark Stalker/UCF & included in his DSCPP [1997]
he copies the decryptor found in some proted x
X-TRACT V1.51 removable
-ABK COM file Scrambler (ABKprot/ABK-Scrambler)
By: fds0ft (Hungary?)
V1.00
non-pub
adds 81b to proted x
recoded by Dark Stalker/UCF & included in his DSCPP [1997]
he copies the decryptor found in some proted x
fixed crypt key
UNP V4.12b t removable
-MiCRoXoR
By: Jibz aka Joergen Ibsen (Denmark)
Year: 2000
Type: COM protor, 386?
Adv:
adds 16b or 17b to proted x
16b ver assumes SI=0100h
not always the case if proted run under Win2K
17b ver removes this uncertainty but is 1b larger
Disadv: CUP V3.4 /1 removable
Note: 1 of smallest COM protors
-invisible cryptor
By: VAG aka Vladimir Gneushev (Russia)
Type: COM protor, 386?
V0.77 [1999]
adds 17b to proted x
rather incompatible?
CUP V3.4 /1 removable
Note: 1 of smallest COM protors
-XorCopy
By: Deimos/Trioptimum
Type: COM protor
V1.0 [1995]
adds 41b to proted x
output file is alphabet randomly named
UNP V4.12b t removable
Note: the purpose is to avoid deletion by BBS-Ad-Killing upload processors
-CCE (ComCryptEngine)
By: Valmii Killegaard/tKD /KAOZ LABS aka Soeren Pretzel (Germany)
Type: COM.protor.lab (?), 386
Compiler: BP V7.0
V1.00 beta
Adv: VBPE (mte)
Disadv: all ADT enabled -> CUP V3.4 removable
V1.06 [July 2000]
Adv:
cryptic GUI :)
(almost) undetected protor
Disadv:
prog x hangs (my & CyR's) cpu
orig scr font isn't restored
herinmi/FileInfo V2.41b: proted x = F-LOCK V0.3?
EdH: CCE = protor creator, EIPL = proted x creator
Note:
output is ASM src
prog x:
won't run on > 200 mhz cpu (start-up delay bug on CRT unit isn't patched)
are reported as infected by
PS-MPC.based vir, by AVP 3.0 b134 + AVP00005.AVC
or
Uni.Grv vir, by McAfee VirusScan for DOS/PM V4.0.50 + v4069 dat
-EEXE
By: Fernando Papa Budzyn (Uruguay)
Type: EXE? protor, 386, DOS V3
V1.13 [1996]
non-pub
kicks? popunpak
multitasking-friendly
BW V2.5 removable
Note: found on author's FZC (Fast Zip Cracker) prog x
-EliaShim's CodeTrack
By: EliaShim MicroComputers
Year: <= 1993
Type: EXE protor
-Rand0m/Tulpe
By: Rand0m
V0.01
V0.02a
ROSE: good ADT
Note: non-pub
-ProCrypt
By: Lukas Fabian Moser (Germany)
V1.0
adds 1,072b to proted x
ADT = stack tricks
-Crush
Type: COM protor
ROSE:
adds 50b to proted x
ADT is for Soft-ICE, very lame
-Immune or Immun
By: Jens Bleuel
Type: x protor
V1.0 [1992]
no ADT
V1.2 [1993]
-Xenia
Type: EXE protor
V1.00 [1991]
-ANTI-TRACE
By: Oren Maurice
V1.0
uses? PIQ ADT
UPC V1.11 removable
found on TPCX prog x
-Lockit
By: Guy Shattah
Type: EXE protor
V0.10b
V0.11a
-EXE_Protector
By: FAG/DTG (Russia)
Type: EXE protor (?)
Compiler: BP V7.0
V2.0 [1997]
V4.7 [1997]
V5.0 [1997]
V6.0 [1997]
last known ver
non-pub
contains AINEXE V2.22 (to pre-pres proted x)
COM2TXT
EXE2COM, COM2EXE
removable by itself (?)
NortonAV 2000: proted x is infected by Bloodhunt.File.String vir (false)
EdH: non-English. more review,plz!
-Mess
By: max!
V1.20
Note: non-pub
-aNTI-TEU
by: max!
v0.9: herinmi: buggy
v1.2
-F-LOCK
By: Valmii/tKD aka Soeren Pretzel (Germany)
V0.3? [2000]
V0.35
herinmi: tighter than banzai v1.2x
Note: mentioned by herinmi's FileInfo V2.41b
-PCC
by: Mark DeSmet
V1.2
-PPC
By: ROSE aka Ralph Roth/ROSE SWE (Germany)
year: 1994-1995
Type: com?.pass protor
V1.00 [1995]
-PaSsCom
By: JauMing Tseng or Kevin Tseng (Taiwan)
V1.19c
-PassCOM
By: Black Wolf Enterprises
Type: COM pass protor
V2.0
Note: PassEXE pair
-PassEXE
By: Black Wolf Enterprises
Type: EXE pass protor
V2.0
Note: PassCOM pair
-BlackWolf prot
Note: mentioned in herinmi's TR script
-TBAV Prot
By: Thunderbyte B.V. (Australia)
Note:
non-pub
found on TBAV progs
runtime? crypt
-SCRAMB
By: B.U.G.
type: com.prot (?)
V1.20 [1993]
-SCRAMBLE
By: Alexander Alferowich/Tiny Spaceman Software (Russia)
Type: COM protor, 286?
V0.2b3/286 [Aug 1996]
adds 48b to proted x
TEU V1.82 -g -! half removable
-Phrozen Crew Prot
year: 1997
Note: non-pub
-DemoMaker
V2.1
-TheEgis
By: Egis?/PCE
-CrapStop
-HASP
-TraceLock
V0.9
-XorCOM
by: tFF
V1.00 [1996]
-File_PROTECTION
By: Bumerang aka S.Gruzdew (Russia)
Type: x protor?
V2.20 [1990]
but proted x's logo claims itself as V2.14
EdH: non-English. review, plz!
-SECURELOCK
By: tecPIG aka Valmii Killegaard/tKD aka Soeren Pretzel (Germany)
V0.3 [1999]
V0.34 sub ver 5
TR + CONTRA R1 script removable
Note:
some vers kick TR
predecessor of bANZAi cRYPT
-CC (COM Crypt (?))
By: Basil V. Vorontsov aka TiGGER/IHG (Russia)
Type: COM protor
Compiler: BP V7.0
V1.01 [1996]
can insert file in begin of proted x (as message)
crypt only
adds 38b to proted x
UNP V4.12b t removable
Note: EXE2BIN V9.50 bonus pack
-CC2 (COM Crypt 2 (?))
By: Basil V. Vorontsov aka TiGGER/IHG (Russia)
Compiler: BP V7.0
V1.5 [1996]
can insert file in begin of proted x (as message)
ADT
adds 713b to proted x
great crypt
proted x hangs on RM of my cpu after exec-ed a few times
Note:
EXE2COM V9.50 bonus pack
crypt is called [Code Garble V2.01/DOS]
-C0M-C0DEr
By: SkullC0DEr
V0.04 [1996]
-Lock King
v2.0a
note: mentioned in Ding Boy's Blast Wave doc
-Lock 95
Note: mentioned in Ding Boy's Blast Wave doc
-bANZAi cRYPT
By: Valmii Killegaard/tKD aka Soeren Pretzel (Germany)
V1.2 [2000]
mte
adv: kicks TR
disadv: TR + CyR's script removable
Note:
uses BMWE (mte)
successor of SECURELOCK
CyR: actually only renamed because "lock.exe" name has problems under Win
-SelfEncrypt
By: dR.No aka Daniel Arndt?
V1.0 [1998]
mte
-A.C.E. Scrambler
Year: 1996
adv: mte
-CONtRiVER-Cryptor
Year: 1998
-Util Coded
V0.21
-Ady's COM Scrambler
year: 1993
note: PIQ
-MINI
by: Albert SEN
V1.01
-PW
by: Udo Kemle & Klaus Oberpichler
V1.0
-HardLock
by: Aladdin
V4.14 [1997]
-PG-Prot
-Cerberus
V2.0
-Overlay
V3.0
-Tscrunch
by: Clarion
V3.01
-UnitA 3
by: Sanitary
-SUN-Prot
by: M.Dahl
type: com?.pass.prot
v1.01 [1995]
-LAB (Lame Armor Builder)
by: Morgan (Poland)
adv:
EIPL-compliant :)
mte (MutaMorph)
BFE (Blind Fury Engine)
disadv:
very Win incompatible -> even cause data loss
emm incompatible
add 17+ kb to proted x
mem.erase sometimes erase IVT
non-pub
note: private project
-ExOM
By: Aziz B (Algeria)
Type: COM/EXE protector
V0.03 [2001]
Adv:
free
mte (ABPE)
kicks TR
Disadv: uses 386-code
Note: adds strings "ExOM" and "Aziz B" in the beginning of file and "MsDos"
in the end
-CyberShadow Cryptor
year: 2000
type: COM.?
adv: mte
-exe-crypt
V1.08
-Dn.COM Cruncher
V1.2
-MegaCrypt
type: com
V0.01
-RHC
type: exe
V1.99
-Cryptlite
type: x.protor?
V4.50
-Nuke Prot
type: COM.protor?
-AddCode
by: UniquE
v1.0 [1997]
-File Defender
type: x
adv: password
-ATAC
type: exe?
V2
V3
-COMER
by: bart/PL
V1.1 [1999]
-Com xor Coder
by: KP
V1.0 [1997]
-Crypto-King
V1.08 [1994]
-NSOS/PM (Navratil Software Operating System/Protected Mode)
by: Tom?? Navratil/Navratil Software (Czech)
year: 1998-2000
type: 286?, exe?
V1.00 [2000]
adv: kicks popunpak
disadv: non-pub
note: found on NSSI V0.50 (sysinfo prog)
PCVault-Protect (Johnson) [1993]
Msep v0.9b (M.Sayles) [1996]
EXELock v1.00a (Solid Oak) [1994]
TiGGER Protection
XLoader v2.00 (Cyberman/STiLLS0N)
Keymaker v3.0 (TimeSoft) [1998]
SP-Crypt v1.2 (Snow Panther)
H+BEDV Protection
Triplex Packer (cOm) [1994]
Overlay v3.0
ComCrypt (LostParadise)
ComCrypt (M.Chirkov) [1995]
SelfEncrypt (MaD'z/UCL) [1996]
J0B Cryptor [1996]
LKJ Protection
Com4Mail v1.0 (J.Krasilnikov) [1993]
FalCoN'AleX Protection
Crackboard II Protection
XOPEN+ Protection [1994]
PFCrew Protection [1998]
VenusSoft-Cryptor [1996]
GPatch v1.2b (jes) [1997]
SelfEnc 386 (SWW/DF) [2000]
VSF&K Protection [1992]
FIO Packer {Diet100} (I.K.) [1996]
WildRover Cryptor [1996]
EM-Phaser Cryptor [1996]
rEBELS Protection [1994]
IdleSoft Protection (Prince) [1996]
IdleSoft Packer (Prince) [1996]
HaSPeX-Protect [1996]
CC#3 Cryptor (ZC/XG) [2000]
eXtreme Group Protection [1999]
CCC-Protect (ZC/XG) [2000]
COM-Cryptor 386 (nh/XG) [2000]
x4-Cryptor 386 (nog/XG) [2000]
TBNLock v1.3 (A.Fiedler) [1996]
AVAST-Protect (P.Baudis) [1999]
AVAST CRC-CHECK v7.70 (eXe) [1999]
-AliS S0fT com file encryptor
non-pub
taken, rewritten & collected by Manticore
Crack Soft com file encryptor
Evil Genius com file encryptor
hijaq com file encryptor
Maverick's C0DER v.1.00a
[nh] com file encryptor
PC0R$AiR com file encryptor (1)
PC0R$AiR com file encryptor (2)
MACHiNE GUNgsTeR/BANG! com file encryptor
-Wumpus Soft Lab (?) com file encryptor
adds 18b
non-pub
taken, rewritten & collected by Manticore
----
WIN (PROTECT/CRYPT/SCRAMBL)ER
----
-1way
-ShareLock
-inPEct
V1.0
-PE Mangle
-PEMangler
V1.0
-PE-Sentry
V0.05a
-Protector
type: pass
-Visual Protect
V2.5.3
-PEdiminisher
by: Teraphy /Phrozen Crew
V0.1 [1999]
packed x can't run on my 6th cpu
EdH: is it a protor or a packer (?)
-PE password encryptor
by: SMT
-Softlocx
V3.0
note: ovl
-Lock98
V1.00.28
-SecuPack
by: J. Staeter ? or SC - Soft
V1.5
-ACProtect
by: Risc0 Software Inc.
V2.0
v2.1.2
non-free
-Air EXE Lock
non-free
-Akala EXE Lock
non-free
-Armadillo
by: Chad Nelson, Nicolas Brulez /Silicon Realms Toolworks
year: 1998-2002
V1.84
v2.52 Public Build 1164 [2002]
v4
v7
herinmi: another way to protect
non-free
-ASProtect
by: Alexey Solodovnikov
V1.1
herinmi: ASPACK V1.084 registration bonus?
v2.1
non-free
-AVLock
non-free
-CopyMinder
non-free
-Cryptolock
non-free
-Crunch
by: BitArts
V1.0: herinmi: packrate (down under)
v5.0
non-free
-Fusion
by: BitArts
V1.0: herinmi: patcher and recompiler!?
non-free(?)
-DotFix NiceProtect
v3.6
non-free
-DotFix FakeSigner
v3.4
non-free (?)
-The Enigma Protector
by: Vladimir Sukhov (Russia)
year: 2004-2009
v1.1x [2006]
v1.5 [2008]
v1.7.6 [2009]
non-free
-EXE Cryptor
by: strongbit.com
V2.3.6
v2.4.0
non-free
-EXE Guard
v1.3
non-free
-EXE Guarder
by: exeicon.com
v1.8 [2006]
v2.1 [2008]
non-free
-EXE Password 2004 v1.114
non-free
-EXE Password Lock v1.01
non-free
-EXE Prot v1.x
non-free
-EXE Protector v2.x
non-free
-EXE Safe v2.0
non-free
-EXE Shield v3.7
non-free
-EXEStealth
by: Hanseter Imp /WebtoolMaster
v2.73 [13 Oct 2003]
shareware: 30 days trial
prog x triggers avir (Avira Personal 9)
v2.75a
v2.76
-ExeWrapper
by: 533soft.com
v2.5
v3.0
non-free
-ExPressor v1.6.1
non-free
-eXpressor PE Packer
by: cgsoftlabs (Romania)
v1.4.5.1
=? ExPressor v1.6.1
-Fly Sky Software Custom Protector
non-free
-ID Application Protector v1.2
non-free
-Ionworx Identifier SDK
non-free
-Ionworx SerialShield
non-free
-Ion Ice EXE Lock v1.0
non-free
-MazePath EXELockout v3.0
non-free
-MegaFortress
non-free
-MoleBox
by: Teggo
v2.5.7
v2.6.4
non-free
-MoleBox Ultra v4.x
non-free
-NoobyProtect
by: Nooby /Safengine
v1.4.x.x
v1.6.5 [2010?]
unprotable so far (?)
non-free
-Obsidium
by: Obsidium (Germany)
v1.3.6.1
non-free
-ORiEN
by: Vladimir Kazapjan /Fisun A.V. (Russia)
year: 1994-2003
v2.11
v2.12 [2003]
in Russian
non-free
-PCG (PC Guard) for Win32
by: Blagoje Ceklic (Yugoslavia)
V1.50 is NE
V3.00 [1999]
V3.03
V4
found on CPUCool v9
v5.04
demo
-PE Lock
by: Bartosz Wojcik (Poland)
v1.0x
v1.x
non-free
-PEGASYS Custom Layer
dunno free/not
-Private EXE Protector
by: setisoft.com
year: 2003-2006
v1.7 [2006]
v1.9x
v3.0
non-free
-Punisher
v1.5 (DEMO)
-SD Protector v1.12, v1.16
non-free
-sevLock
non-free
-Special EXE Password Protector
non-free
-Shegerd EXE Protector & Anti-Debugger
non-free
-Softdefender v1.1
non-free
-Soft Sentry v3
non-free
-SoftWrap
non-free
-Stardock Product Activation Module
non-free
-SVKP (SVK-Protector)
by: Pavol Cerven (.sk)
v1.32 demo
v1.4x
non-free
-Xtreme-Protector
by: Oreans
v1.08 [2003]
v1.08f
non-free
-Themida
by: Oreans Technology
year: 2004-2005
v1.0
v1.3 [2005]
v2.1.0.0
non-free
-Trial Master v2.x
non-free
-VBO Watch v3
non-free
-Visual Protect
non-free
-Vcasm-Protector v1.0
non-free
-VM Protect
by: PolyTech (Russia)
year: 2003-2006
v1.2x demo (2006) only EP (Entry Point) prot
v2.03
non-free
-WinLicense v1.8.2.0
non-free
-WinUtilities EXE Protector v2.1
non-free
-ZProtect v1.4.3
non-free
-SDProtector Pro Edition
v1.12 [2003]
v1.16
non-free
-EXE password protector
v1.0.5.100
dunno free/not
-Shareguard Loader
by: Zapper Software
V3.6
dunno free/not
-[G!X]'s Protector
v1.2
dunno free/not
-APES (Active PE Scrambler)
by: Team - X (Russia)
v1.0 [2005]
dunno free/not
-Hide&Protect
v1.0x [2005]
dunno free/not
-Lock Express
by: Sciensoft Research Inc.
year: 1997-2006
v2.0 b9.2
dunno free/not
-EXEStealth
by: Spirit
v2.7x [2007]
prog x triggers an avir (Avast v4.8 Home)
dunno free/not
-RLProtect (ReversingLabs Protector)
v0.7.4b [2006?]
prog x triggers an avir (Avira Personal 9)
dunno free/not
-Alex Protector
by: Alex (Russia)
v1.0b2
prog x triggers an avir (Avast 4.8 Home)
-AntiDote
v1.4 SE
-ARM Protector (ARMenian Protector)
by: SMoKE (Armenia)
v0.2 [2004]
GUI
runs fine on my 5th & 6th cpu
refuse to prot some files ('no room to add new section')
adds ~5kb to proted x
doc says proted x can't run on win2k
proted x triggers an avir (Avira Personal 9)
v0.3 [2004]
-AT4RE Protector
v1.0
-Aver Cryptor
v1.02b
-Beria
v0.0.7
-C.I. Crypt
by: FearlesS
v0.2 [2007]
based on Morphine
in Chinese
-CDS SS
v1.0b1
-Celsius Crypter
v2.1
prog x triggers an avir (Avast v4.8 Home)
-COOLcryptor
v0.9
-CRYPToCRACk's PE Protector
by: Lukas Fleischer aka CRYPToCRACk (Germany)
v0.9.3 [2007]
no doc
runs fine on my 6th cpu
refuses to prot some files, saying 'may be not enough space for new section'
adds ~2kb to proted x
prog exe (which is unproted, btw) & proted x triggers avir (Avast 4.8 Home)
-RPolyCrypt
by: Vaska (Russia)
v1.7.2 [2007]
English & Russian built-in interfaces
proted x triggers an avir (Avira Personal 9)
-DalKrypt
v1.0
-Daemon Protect
v0.6.7
-DCrypt Private
v0.9b
-DEF
by: bart (Poland)
v1.0
in Poland
-DotFix FakeSigner
-DragonArmor
v0.0.4.1
-Dual┤s EXE Encryptor
v1.1b
-Encrypt PE
by: Chinese Cracking Group (China)
v2.2007.4.11
v2.2008.?.?
~3Mb ZIP, in Chinese
-EP Protector
by: AHTeam
v0.3
prog x triggers an avir (Avast 4.8 Home)
-Excalibur
by: forgot/DFCG (China)
v1.03r
-ExeCRyPT
by: ReBirth
v1.0 [2007]
in Chinese (but not that hard to understand :)
based on Yoda's Cryptor src
unpacker available
triggers an avir (Avira Personal 9)
-EXEFog
by: ? (Russia)
v1.1
v1.1.x [2005]
packed x won't run on my 5th cpu
-EXE ReFactor
v0.2
-fEaRz Crypter
v2.2.0
prog x triggers an avir (Avast 4.8 Home)
-FishPe Shield
v2.0.1
-Flashback Protector
by: Flashback Soft
v1.0 b08.05 b1 [2008]
only adds fake sign & anti-ProcDump
prog x triggers an avir (Avira Personal 9)
-Key Crypter
by: loop
2008
prog x triggers 2 avirs (Avast 4.8 Home & Avira Personal 9)
-MSLHR
by: emedicius
v0.32a [2007]
in Spain & Chinese
-Noodle Crypt
2 [2000]
-Forgot
v1.0
-Frensh Layor
v1.81
-Gie Protector
by: malcode
v0.2 [2007]
in Chinese
-Goat┤s PE Mutilator
v1.6
-Hide PE
uses ASProtect 1.2 [New Strain] method, or VBOX 4.3 MTE method
-KaOs PE eXecutable Undetecter
-MarjinZ ScramblerSE
a file in package triggers an avir (Avast 4.8 Home)
-Morphine
by: Holy_Father & Ratter/29A
v2.7b
v3.5 [2005]
by: Silent Software & Silent Shield (Dayvo)
also pres
runs fine on my 5th cpu
proted x triggers an avir (Avira Personal 9)
-Morphna
b2
-MSLRH
by: (Mexico?/Spain?)
v0.32a
-MZ Crypt
v1.0
-NME Executable Crypter
v1.1
-Passlock 2000
-PE 123
v2006.4.4
-PE-Armot (Hying)
v0.x
-PE Nguincrypt
v1.0
-PE Nightmare
-Perplex PE Protector
v1.0
-PolyCrypt PE
by: jlabsoftware
year: 2004-2005
v2.1.x [2005]
-Program Protector
by: blumentals.net
v2.1
non-free (?)
-Protect
v0.1.3
-Protect EXE
v0.4a Beta
-RCryptor
v1.6d
-Russian Cryptor
v1.0
-SecurePE
v1.5
-Simple PE Crypter
-SLVc0deProtector (SCP)
by: SLV/ICU
v0.61 [2005]
GUI
on my 5th cpu, when opening file, prog x says 'unknown error' & quit
runs fine on my 6th cpu
refuses to prot some files, says 'unknown error'
prog x should be restarted after each proting
proted x can be made to refuse running if its name is changed
adds ~13kb to proted x, regardless options used
leaves section names intact, not removing/hiding the calls to OS
v1.11
v1.12 [2008?]
-Smokes EXE Shield
v0.5
-Ste@lth PE
v2.x
-Thunderbolt
v0.0.2
-UnoPiX
v0.94
v1.10f
-USSR
v0.31
-VCrypt
v0.9b
-ZCode
by: Giuliano Bertoletti (Italy)
year: 1999-2000
v1.01b [2000]
freeware
lamest ever!: prog x isn't PE, crypt takes several mins and needs
~20Mb temp space, proted x load takes 10 sec or more, proted x may become
1Mb in size, proted x only for win9x, no src
don't think somebody will be willing to test this lousy protor
-PEpsi
by: xOANINO
V0.10
herinmi: how is it?
-VBOX
by: Weijun Li
V4.20
mte
-EXESmasher
V1.0
note: ovl
-Phantasm
by: Ding Boy (?)
V1.5b3
-AppLok 95
by: Prakash Gautam
V2.0
-FileLocker 32
type: pass
V2.0
-PrivateEXE
by: MidStream
V2.2: password (?)
V3.0
-SPEC (Simple PE-Cryptor)
by: hayras
▀3
note: simple crypter
-SoftLock
by: BitArts
V4.0
-UnHack32
by: Black Panther
V1.2
note: password?
-Gleam
by: Zhang De Hua (China)
V1.0
EdH: is this a presor or protor?
-CodeSafe
By: Zhang De Hua (China)
V3.0
EliCZ: 1st to use SEH (Structured Exception Handling)
-EXE Protector
by: Eyhab Hillail
V1.37a
V2.01
note: passwords
-NFO
by: bart/CrackPl (Poland)
V1.0 [1997]
console
DLL isn't supported
prog exe keeps saying 'invalid command line' eventhough it's not,
on my 6th cpu
-Stone's PE Encryptor
by: Stone/UCF (Denmark)
V1.13 [Jan 1998]
w/ src
weak crypt only (no ADT)
run on my 5th cpu
can't crypt some files
v2.0 is a packer
-.BJFnt (Boeses Junges Fleisch nt)
by: Marquis de Soire /UCF
V1.3 [26 May 1998]
type: win95, win98, nt4/5, console
works fine on my 5th & 6th cpus
only for non-commercial use
claims that -C option is the most secure eventhough that skips crypt other
PE sections
multiple prots are allowed
but double crypt triggers avir (Avira Personal 9)
has prot vs softice
spec.unprotor available
annoyingly added string 'registered to= unregistered' to proted x :)
adds 4,096b to proted exe
-PELOCKnt
by: Marquis de Soire /UCF
type: win95, win98, nt4/5, console
only for non-commercial use
V2.04 [04 Jul 1998]
type: win95, win98, nt4/5, console
works fine on my 5th & 6th cpu
can add
32bit CRC virus check
prot vs winice & gen.win9x.tracer
multiple prots are allowed (as long as virus check is the last proting)
adds 10,752b to proted exe (single prot)
spec.unprotor available
annoyingly added string 'registered to= unregistered' to proted x :)
EdH:
why author creates 2 PE crypters in a row?
it seems that PELOCKnt is meant to be stronger prot than .BJFnt
-PE-CRYPT32
by: random, killa, acpizer /UCF
year: 1997-1998
V1.0
V1.01 [22 Jan 1998]
V1.02 [28 Sep 1998]
GUI
pres uses Jibz's aPLib v0.10b
ADT: mainly to kick Soft-ice
prog x immediately exits after proting
on my 6th cpu:
ADT doesn't work (proted x does nothing)
API hooks don't work (select all), proted x does nothing
API breakpoints don't work (select all), proted x causes GPF
everything else works
multiple prots are allowed (virus/crc32 check must be off, except the last)
add ~20kb to proted x
no specific unpacker available (?)
V1.2
herinmi: v1.13 doesn't exist
-VGCrypt PE Encryptor
by: virogen
V0.75▀
V0.75b [19 Dec 1998]
w/ src (but not the (de)crypt code)
sort of GUI help
works fine on my 6th cpu
can use 'caves': adds little or no increased size to the to-be-proted x
processes UPX-packed exe w/o problem
spec.unprotor available (?)
prog exe triggers avir as suspicious (Avast! FreeAV 5.1)
-PE-PROTECT
by: Christopher Gabler (Germany)
v0.9b [17 Dec 1998]
can't handle reloc (as usual :)
no spec.unprotor available
can't run on my 5th cpu (nothing) & 6th cpu (causing GPF)
-PCPEC (Phrozen Crew PE header enCryptor) [alpha]
by: The+Q, Plushmm & MrNop/Phrozen Crew
date: 1998
only for non-commercial use
won't run on my 5th cpu
EdH: is The+Q = therapy (?)
-tELock
by: tE! (tHE EGOiSTE) /TMG
year: 2000-2001
compiler: TASM v5 (Win32ASM)
V0.61
v0.98 [25 Oct 2001]
freeware
pres uses Jibz's aPLib v0.26b
on my 6th cpu:
some proted exes say '(proted x) failed to initialize properly'
other proted exes show a win dialog 'CRC error! ...'
proted x doesn't run on my 5th cpu
v0.99: prog exe occupies mem but no window shown after its .ini reminder, must
be shut down from taskman
v1.00
-LameCrypt
by: Lazarus
V1.0a [1999]
only crypt 1st sect of PE header with XOR 90
comes with src
doc says it crashes under winnt
-WinKripT
by: MrCrimson/[WkT!99]
V1.0 [1999]
GUI
complains that 'section header can't be added' for some files
weak crypt, seems no ADT
-PE-SHiELD
by: ANAKiN aka Stefan Esser (Germany)
year: 1998-2000
V0.25 [2000]
console
for non-commercial use
no DLL support
allows multiple prots (if option -h- is always set, except for the last)
unpacker available
runs on my 5th & 6th cpu
add string 'Registered to: NON-COMMERCIAL!!'
note: share about the same code with PE-PACK
EliCZ: has beautiful NTice detection
-PE Ninja
by: +DzA kRAker /TNT (Romania)
v1.0 [2000] GUI
prog x runs on my 6th cpu, but quit w/o any processing nor message for some
files, proted exe triggers avir (Avira Personal 9)
-DBPE (Ding Boy's PE-lock)
by: Ding Boy
year: 1998-2000
V0.07
V1.5b3 [10 May 2000]
v2.33: non-free?
in Chinese
-CodeCrypt for Win9x
by: defiler (Germany)
v0.164b [2000]
DLL isn't supported
-PE-PROTECTOR for Win9x/ME
by: Rafael Ahucha (Spain)
v1.0 [2000]
its doc says it can't run on non-win9x
prog exe triggers avir (Avira Personal 9)
-PeX
by: bart/CrackPl (Poland)
V0.99 [10 Aug 2000]
GUI
w/ src
also pres
packed/proted exe doesn't run on my 6th cpu, regardless options used
-yOda's Crypter
by: yOda aka Danilo Bzdok
year: 2000-2004
v1.00 [13 Dec 2000]
v1.20 [14 Jan 2001] last ver by yOda
v1.30 [20 Jul 2004] converts to C++
v1.31 [06 Aug 2004] pres added
-PolyEnE (Polymorphic Encryptor for Executables)
by: Lennart Hedlund
type: GUI
v0.01
v0.01+ [2001]
also pres
processes PEncrypt 4 Phi's proted exe w/o problem
src is released [2006]
spec.unprot isn't? available
-Krypton
by: Yado/Lockless
type: win98 to win2k, GUI
v0.3 [2001]
not fully compatible to win95
only L1 (Normal) Krypt available
adds 112kb (!) to proted x
author =? defiler (who write CodeCrypt for Win9x)
because the doc is written in the similar style
yet prog exe logo has Chinese characters (strange)
v0.5
-XcR
by: X-Lock/Lockless
type: win95, win98
v0.11 [2001]
prog x triggers 2 avirs (Avast! Home 4.8 & Avira Personal 9)
v0.13
-PEncrypt
by: JunkCode (India)
type: GUI
v4.0 (Phi) Public [03 Aug 2002]
works fine on my 5th & 6th cpu
'destroy PE header' option works too, but all 'anti- (9x/me only)' don't
adds only 2kb to proted x (single crypt layer)
max crypt layers is 5 (more causes win to complain 'invalid application')
but proted exe w/ > 1 layer triggers Avira Personal 9
leaves section names intact, not removing/hiding the calls to OS
unprotor available
EdH: I got the unproted ver (<>? original)
-yoda's Protector (yP)
by: Ashkbiz Danehkar (.it)
year: 2004-2005
v1.00 [09 Aug 2004]
v1.03.3 [18 Dec 2005]
also pres: uses aPLib & LZO
says some files are invalid PE (already proted/packed) while they're not
doesn't actually crypt/pack some sections (why?)
run on my 5th cpu
unpacker available
note: successor of yOda's Crypter
-PE Crypt
by: BitShape
v1.5 [2006]
website not accessible
-PESpin
by: cyberbob (Poland)
date: 2003-2010
compiler: MASM (Win32ASM)
type: win98-Vista, GUI
v1.32 [09 Mar 2008]
freeware
has
pres (uses Jibz's aPLib)
selfintegrity checks & several crypted layers
polymorph decrypt routines
advanced import table prot
anti-(debug/trace) tricks
checksum prot
offers
debug-detect
close prog after n minutes
api redirect
section renaming: custom, random known protor/packer
antidump
pass-prot
OEP removing
code redirect
debug blocker
strip overlay
strip reloc
pres resources
optimizes dos header size
refuse to prot some files ('SizeofHeaders too small')
premature exit & errorenous proted-exe if it is pre-(pack/prot)ed
works fine on my 5th & 6th cpu
x64 v1.12 [2010]
-ExeShield Deluxe
year: 2009?/2010?
uses 1 of external PE packers (included)
-ExChain
v1.15
v1.16 [2010?]
no doc
prog x doesn't run on my 5th cpu
-Harlequin Dylan
by: Harlequin Group
V1.2
EdH: dunno what the hell is this
---
Win Malware Crypters
---
-1337 Cryptor
v2
-ABC Crypt
v1.0
-ADN Exe Protector
v0.5
-Alien Cryptor
v1.0
-Angel's Crypteur
v0.2
-ass - crypter
-AuraStomper Crypter
-Billar Crypter
v2.0
-Bifrost Crypter
v1
-BlindSpot File Binder
v1.0
-Breakpoint Crypter
v0.0.79
-BUD Crypter
-Cigicigi File Crypter
v1.0
-Crypt Dmar Nar
v0.5
-Cryptic
v2.0
-CryptWOZ
v1.0
-DarkAvengard Crypter
-DarkCrypt
v1.2 (Private Version)
-DH Cripter
v0.1
-DirTy CrYpt0r
-dSR File Protector
-ETCV
v1.0
-EXE Evil
v1.0
-Fakus Crypter
-FastFileCrypt
v1.6 Public
-Fatalz Crypt
v2.14a
-Gentlemen Crypter
v1
-GKripto
v1.0
-Hac-Crew Crypter
-Hack Hound File Binder
-HellCrypter
v1
-ICrypt
v1.0
-K!Cryptor
v0.11
-KeyCrypter
-KGB Cypter
v1.0a
-Kratos Crypter
-Lilith Crypter
-L0rD Crypter
v1.0
-marcrypt
v0.1
-Minke Executable Crypter
v1.0.1
-Money Crypter
-Mortal Team Crypter
v2
-Mu$hr00M CryPtOR v1.0
-Nidhogg
by: p0ke
v1.0f [2008]
prog x triggers 2 avirs (Avast 4.8 Home & Avira Personal 9)
v1.1b1
-NovaCipher
v1.0 Beta
-MZ0oPE
v1.0.6b
-Poisen Ivy Crypter
v1
-p0ke Scrambler
v1.2
-Puri Crypt
v1.2
-QrYPt0r
v1.0
-RDG PolyPack
v1.1
-RDG Tejon Crypter
v0.3
v0.6
v0.7
v0.8
-RoguePack
v3.3
v4.0b1
v4.1
-ScanCryptic
v2.0
-Secure Shade
v1.8
-Sexe Crypter
v1.1
-Simpl3 CrYpT3R
-Sky Crypt
v2.0
-SnoopCrypt
-The Best Cryptor
by: FsK
-Themis Binder
v0.2
-TsT Crypter
-UndergroundCrypter
v1.0
-unkOwn Crypter
v1.0
-UnLimited Crypter
v1.0
-Werus Crypter
v1.0
-WindOfCrypt
-Wingscrypt
v2.0
-WL-Crypt
v1.0
-X-Crypter
v2.01
-xHacker Cryptor
-XShell
v1.5
-Yokoh Crypter
v1.3
--------------------
DEDICATED TO herinmi
--------------------
---
DOS VIRUS SHIELD
---
-File Shield
By: Uzi Apple & Yuval Tal / McAfee (USA)
Type: AV.shield
V1.5 [1990]
Adv:
covers x
store exe header
can
remove vir from mem on x exec
restore x to fshield-ed state, whether presed/proted/vir-infected
won't propagate vir spreading
Disadv:
shareware
add 1600 - 6000b (average: 2000b) to x
can't
shield exe+ovl
stop overwriting vir
annoying exit prompt on prog exit
Note:
double prot is unallowed
shield is removable by the prog itself & X-TRACT V1.51
advanced shield over CPAV?
-F-Xlock (Frisk's eXe Lock)
By: Fridrik Skulason, Vesselin Bontchev/Frisk Software (Iceland)
Type: EXE?.AV.shield
V1.16 [1991]
-VSS (Viren Schutz Schild)
By: ROSE aka Ralph Roth/ROSE SWE (Germany)
Year: 1990-2001
Type: COM.AV.shield
v1.0 [1993]
v1.0? [2001]
Note:
non-pub
PCU removable
-VSD (Virus Self Destructor)
by: Wojciech Wysznacki
type: x
V2.00 [1996]
-Vaccine
by: Rustam M. Abdrakhimov
type: exe
V1.03
V1.10 [1995]
-VACCINE Sphinks-2
by: RedArc
year: 1997
type: AV.detect.shield
-Shield 386
by: V Communication & Steel Rat
V1.70
-Health
by: Muslim P. Polyak
type: immunizer
V5.1
-Scan /AV
by: McAfee
-CPAV (Central Point Anti Virus)
By: CPS (USA)
Type: AV.shield
Note: based on TNT/AV
-TNT/AV
By: Carmel Software Engineering
Type: exe?.AV.shield
-NAV (Norton Anti Virus)
by: Peter Norton/Symantec (USA)
-NoAV (No Anti Virus)
By: VAG aka Vladimir Gneushev (Russia)
Type: COM.AV.false-detect.avoider?
V1.0c [1999]
non-pub
removable by proted x itself (option @@)
Note:
found on some VAG progs
McAfee's ScanPM V4.70 + DAT V4095 detect it as new virus :)
-Condom
V1.5
-Step
by: Jibz aka Joergen Ibsen (Denmark)
type: com
V0.02
---
DOS COMPRESSOR
---
-StartSYS
by: A. Falin
v1.0 [1997]
EdH: is it presor or protor?
-SYSPACK
by: Vadim V. Vlasov (Russia)
type: dos.sys.presor
compiler: msc(++) [1990/1992]
V0.1 [1992]
note: UPX has better pres
-LZCOM
By: JauMing Tseng
V1.4
-XPACK
Year: 1995?-1999
By: JauMing Tseng or Kevin Tseng (Taiwan)
V1.31 [1996]
V1.60-: freeware
V1.60+: shareware
1.67l [Jul 1997]
free?
V1.67.r [Oct 1999]
Adv:
dos/sys
can add comment on presed x
anti-vir
TSR online depres (RAM resident transparent expander)
needs 4Kb of upper mem & 32Kb EMS
can create
XDI (XPACK [presed] Disk-Image)
supports MS-DMF/FDFORMAT/2M format
regged ver offers XDI2EXE -> SFX XDI
year: 1995-1998
v1.65b4 [29 Dec 1996]
archiver
lib.unpacker (-UX option)
guard codes against some lib.unpackers
self check
Disadv:
slow pres
EXE depres not available (regged?)
EdH: it try to follow DIET
Note: kernel code optimized by Harald Feldmann (HAP archiver's author)
-XE (X-pack for Executable)
By: JauMing Tseng or Kevin Tseng (Taiwan)
Year: 1998-2000
Adv:
supports watcom/le, tmt/adam, dos/exe, dos/com, dos/sys
free
Disadv:
slow pres
change orig 32bit format to XE format
needs spec.loader (XELoader)
no depres
no 16bit segment reloc handler
V1.4.5 b0119 [Jan 2000]
Note:
uses Sergey Belyakov's ZRDX dosx & Jibz's aPLib preslib
XE divides file into blocks when pres (unlike aPLib)
EdH: To JMT I suggested XPE as new name instead of XE
-DIET
By: Teddy Matsumoto (Japan)
Type: EXE presor (COM -> EXE) but can force real COM (option -xc)
Compiler: BC++ [1990]
V1.00 [1990]
V1.20
NC 4.0 Russia is packed with this
V1.45f [Jun 1992] last known ver
fixes halted depres on 486
Adv:
TSR online depres
Stacker-like
can pres dos/sys
100b depresor
-g: fast depres (+100b)
free
Disadv:
bad pres ratio
no depres
deletes pressed x (even if its size is smaller) if it requires same
cluster as orig x
can't pres x smaller than ~15-20 kb & bigger than ~2Mb
VeK: very stable x presor
ROSE: DIET-ed x expects BX reg = 0
Note: add string "diet" to presed x
-WWP or WWPACK ((Wierzbicki & Warezak's / World Wide) PACKer)
By: Rafal Wierzbicki & Piotr Warezak (Poland)
Year: 1993-1997
Type: EXE presor (COM -> EXE), max 15000 reloc
Compiler: BP 7.0
Variant: WWPACK32 (for Win32/PE) V1.20b2
V3.04a [Jan 1996]
V3.05b5 [Jan 1997] higher pres ratio for big file
Adv:
a lot of features:
data pack
password
anti vir
unextractable
soft: can't be depres by WWPACK
hard: light ADT (+ user ADT module)
No_Hacks package contains user ADT module samples
date/time limit
Disadv:
slow pres
shareware
Note:
uses EXE header to store its config. no external config & still presible
WWPACKed header also left $1A-$1F untouched
tightest x presor at its time
some foolers modify WWPACKed x start-up code with mte-ed code (WWPMutator)
started from V3.02a, WWPACK is proted by HackStop V1.0?
WWPACK V3.04a & V3.05b5 is proted by HackStop V1.11a
-aPACK
By: Jibz aka Joergen Ibsen (Denmark)
Year: 1997-2000
Compiler: WC 32
Type: x presor, 286
V0.91b [Aug 1998]
V0.98b [1999]
V0.99b [2000]
Adv
the tightest small/average DOS x presor
smallest depresor (133-340b)
3 more different encoding (-1/-2/-3)
1 may improves pres
no reloc (-h)
tiny EXE depacker (-t)
XT-compatible depacker (-x)
very fast depres
no mem overhead
Free for Non-Commercial Use
Disadv
slow pres
no depres
no self check
no check for already presed x
Note:
better pres than WWPACK
pres uses Jibz's own LZ, 56-60kb lookback + lazy match + Gamma encoding ->
aPLib algo
based on Pasi Ojala's pucrunch
EdH: aPACK's history is fun to read :)
-32LiTE
Year: 1998-2000
By: Oleg Prokhorov /UG2000 (Russia)
Type: multi format x presor
Compiler: WC 32, PE compiler?
V0.02d
aPLib V0.22
V0.03a
aPLib V0.26
the prog x format is PE
V0.03b
APLib V0.26 [SE]
more options
prog x must be patched to run under DOS:
offset
50h: B0h -> 6Dh
51h: 19h -> 1Ah
Adv:
multi-format x packer
supports some ancient formats
capable to pres x with multi-in-one format
restricted capability to pres to different format
calls & jump optimization (-8 & -9)
Disadv:
slow pres
no depres
but sometimes no depres is an adv :)
Note: uses Jibz's aPLib preslib
-DJP (DJ Packer)
by: Markus Franz Xaver Johannes Oberhumer (Austria) & Laszlo Molnar (Hungary)
V1.07 [1996?]
DJGPP2/COFF presor
note:
predecessor of UPX
may also known as MLP (Markus & Laszlo's Packer)
-UPX (Ultimate Packer for eXecutables)
By: Markus Franz Xaver Johannes Oberhumer (Austria) & Laszlo Molnar (Hungary)
Year: 1998-2006
Type: multi format x presor, max 24,000 reloc, 286
Compiler: DJGPP V2 (DOS ver)
Adv:
extendable (portable endian-neutral C++)
self check
the tightest big x presor
pres better than zip/gzip
fast depres: 10Mb/sec on Pentium-133
multi x formats are supported
no mem overhead
overlapping (depresor place in mem is reused by depresed code)
free
8086-compatible depacker
support unpack ('restore')
Disadv:
only partial support for WDOS/X + LE
no 16bit segment reloc handler
V0.30 [Jul 1998]
V0.40-
x formats supported:
dos/exe, dos/com, dos/sys, djgpp2/coff, watcom/le
V0.40
uses NRV V0.32
added dos/exeh method (386+)
V0.50
added win32/pe, rtm32/pe & tmt/adam format
V0.60
NRV V0.54
added atari/tos format
V0.70 [Mar 1999]
NRV V0.61
added linux/i386 format
added best pres-level (--best)
V0.90
added win32/pe depres
V0.99
src release under GPL
but NRV isn't, so to make this src compilable and works, free ver of NRV
called UCL is released
V1.02 [2000]
NRV 0.73
somewhat slightly faster pres
prog x is now can depres itself (& its older vers down to v7 (tested so far))
EdH: apparently no user but me aware of this, because nobody else
uses UPX secret switches for their progs :-)
V1.03- : best pres (-9, --best) is very slow
V1.03 [30 Nov 2000]
NRV 0.81
little more pres
much faster pres, also for best pres & big x
added atari/tos/FreeMiNT
binded with CWSDPMI r5 by CWSDSTUB (DOS ver)
V1.07 [20 Feb 2001]
V1.20 [23 May 2001]
NRV 0.82
little more speed
V1.21 [01 Jun 2002]
an option to give UPX more mem to possibly improve pres
V1.24 [07 Nov 2002]
NRV 0.84
uses --best --crp-ms=999999 --small (--nrv2b or --nrv2d) for best pres
possible
V1.25 [29 Jun 2004]
V2.01 [6 Jun 2006]
by: John Reiser &? Jens Medoch (co-authors)
supports arm/pe (ARM executables running on WinCE), linux elf/amd64,
linux elf/ppc32, mach/ppc32 (Apple Mac OS X), bootable Linux kernels
("vmlinuz/386"), and Playstation exes ("ps1/exe")
little more pres w/ new NRV2E algo
new option: --brute for best pres possible
improved win32/pe compat
direct ELF-to-mem depres
various bug fixes
EdH: the authors rock!
V3.05
V3.07
Note:
uses Markus Oberhumer's NRV (Not Really Vanished) pres-lib
successor of DJP
UPX gives better pres ratio on JMT's XDOC-ed text than aPACK
'secret' switches:
--info (verbose)
--fileinfo (identify if target is presed by UPX and by what method)
--small (skip the addition of UPX's copyright message)
--filter=/cpu=/crp-mm=/crp-mo=/crp-pl=/crp-hl=/crp-sl=/crp-cf=
-AXE (SEA-AXE)
By: SEA (System Enhancement Associates)
Type: x presor
Year: 1987-1989
Compiler: MSQC [1988/1989]
V2.0
V2.2 [Jan 1989]
1,510b depresor
Disadv:
presed code stored as ovl after depresor
lame pres ratio
shareware
Note: oldest? EXE presor
-EXEPACK
By: MicroSoft
Type: EXE presor
V4.06 [Feb 1986]
V4.06 = V4.05
V4.07
Adv: free
Disadv:
lame pres ratio
uses RLE
old ver's presed x prints "packed file is corrupt" & halt
under EMM & lots of base mem
-EXEPACK
by: TurboPower
V7.0
-MS-LINK /EXEPACK
v3.60
v3.64
v3.65
V3.69
v5.01.21
V5.31.009
-SPACEMAKER
Type: reloc presor
By: Realia
V1.03
V1.07
exe2com?
-PACK (PACK/TP)
By: Kim Kokkonen/TurboPower Software
Type: reloc presor
V1.0 [1987]
-RELOC
By: Piotr Warezak (Poland)
Type: reloc presor
V1.00 [1997]
=? Kim Kokkonen's PACK V1.0
-RERP
By: Ralph Roth aka ROSE/ROSE SWE (Germany)
V0.02 [1997]
mostly pres smaller than EXEPACK or PACK/TP (?)
-RP/386
By: Michael Hering/Germany
Type: reloc presor
V1.20 [1999]
V1.21
-ReloPack
By: Stefan Esser
type: reloc presor
V1.0 [1996]
herinmi: improved Kim's PACK V1.0
-COMPACT
By: Klaus Peichl (Germany)
Year: 1994, 1998
Type: COM presor, max 15,000b
V1.05 [1998]
presed x needs 33kb freemem or quit
82b depresor (no huffman decoder)
20 to 50 passes pres (very very slow) but (suspend & continu)able
no need to depres & re-pres if we want further pres
more passes = longer exec time
uses RLE-2 pres (pres pointer is the least frequent byte in inputfile)
bad pres ratio
-OPTLINK
By: Symantec
Note:
non-pub, only for Symantec progs (ex: MS-DOS Defrag)
pass1: pres reloc, pass2: pres code
-OPTLINK
by: SLR/[RoboCod]
-LZEXE
By: Fabrice Bellard (France)
Type: EXE presor
Year: 1989/1990?
Compiler: BP V5.5
V0.90
V0.91
V1.00a [Sep 1991]
Adv:
self check
free
Disadv:
bad pres ratio
no depres
Note:
the 1st real? EXE presor
adds string 'LZ91' or? 'ICE' to presed-x
used to pres ARJ-SFX, RAR-SFX & some others
EdH: I remembered reading English LZEXE but why V1.00a doc is in France?
-PACKWIN
By: Lei Jun & Wang Quanguo /Yellow Rose Workgroup (China)
Year: 1993-1995
Type: EXE presor
V1.0a [Jun 1994]
V2.02 [1995]
add string "YRZLITE (C) 1993 WYellow Rose" to presed x
can press dos/exe & win/ne
faster but lower than PKLITE V2.01?
-624 (Six-To-Four)
By:
Kimmy/Pulp aka Kim Holviala
TomCat/Abaddon
Boogie/ESP aka Andras Barthazi
Type: COM presor, < 25000b
Adv:
option -s: better pres
free?
Disadv:
option -s is very slow
aPACK/UPX gives better result
V1.0
adds string "PULP" to presed x
+ C src
by: Kimmy/Pulp aka Kim Holviala
V1.1 [1997]
compiler: BAP
by: Boogie/ESP aka Andras Barthazi
rewritten to get 4x speed & 1/10 x size
adds string "[ESP]" in begin of presed x
-RUCC/586 (ROSE Ultra COM Compressor)
by: Ralph Roth aka ROSE / ROSE_SWE (Germany)
type: COM (< 23000b) presor
V1.01 [28 May 2002]
Pentium-optimized code
prog closes DOSbox on my 3rd cpu if executed
DOS32 ver (DJGPP v2)
stub size = 121b
smallest for < 5kb COMs (?)
note:
based on 624 COM presor by Kimmy
pres uses 8bit Huffman
-PKLITE
By: PKWARE (USA)
Year: 1990-1992, 1995, 1996
Type: x presor, DOS V2.1
V1.00b
BenC: for certain x, the last 512b image is moved to ovl
V1.10: hacked ver
V1.14 [1992] add crypt to presed x
V1.15
BenC: not detect Win / OS/2 x & pres it as dos/exe -> no longer runnable
V1.20:
a lot of hacked ver declared as V1.20 before its release
different crypt
V1.50 [1995] optional image checksum
V2.01 [Mar 1996] can pres Win3.(0/1) NE & DLL files
Adv:
very fast pres
regged ver. offers option:
-e
crypt
extra pres
put string "PK" or "pk" in 1st fcb (offset 5C) of PSP
presed x checks for such sig & aborts exec if can't find it
UNP & X-TRACT fakes this sig on unpacked x to make it run?
-e-
extra pres w/o PSP sig
check? for enough mem
Disadv:
shareware
up to 84kb mem overhead
rather bad pres ratio
Note:
adds string 'PKLITE Corp. (c) [year] PKWARE' to presed-x
the most famous x presor at its time
there are a lot of hacked or *independently improved* PKLITE vers
-AVPACK (Andrei Volkov PACK)
By: Andrei Volkov (Russia)
Type: x presor
V1.20
BenC: if to-be-presed EXE size = multiple of 512 byte:
it's regarded as ovl-ed EXE
only stores the first 20h bytes of EXE header, thus
prevents complete restore
V1.22 [Apr 1993]
Adv:
very fast pres
can
crypt (not removable by prog itself)
crypt so presed x only run on one's PC
free for non-commercial use
Disadv: rather bad pres ratio
BenC: similar to PKLITE
-TINYPROG
By: Tranzoa, Co (USA)
Type: EXE presor (COM -> EXE), DOS V2
Year: 1990-1994
V3.6 [1992]
V3.9 [Mar 1994]
Adv:
basically no extra mem
about 1.8kb, usually already claimed by presed x
password
user error message
user message
misused by foolers (ROSETiny, PKTiny, TinyProt, TinyHack)
ex: by fill it with PKLITE header
crc-check
regged ver offers /D -> unextractable pres
many ADTs
quite fast pres
Disadv:
shareware
each session plays time-consuming 'happy talk' before exit
bad pres ratio
V4.0: ROSE: same as V3.9, but rearranged code & slightly longer depresor
ROSE: some fake/modified ver exists (Dezet, Fischer)
-COMPACK
By: W. J. Collis/Prominence Computer Services Ltd (Italy)
Type: x presor, COM: =< 65000b, EXE: =< 12000 reloc, DOS V2
Year: 1990-1993
Compiler: BC V2.0 [1998]
V4.4
BenC:
end of depresor contains a far jmp to depresed prog. This jmp points
to 0:0 but is adjusted not much earlier before the exec of this
instruction. On 386- the PIQ is small enough to allow this
self-modification. But on 486+, the read-ahead buffer is much larger so
the jmp 0:0 has been read & exec-ed when the adjustment takes place,
most likely cause a system crash.
V4.5 [Nov 1991] : optimize EXE header (option -h)
V5.1 [1993]
Adv:
adds 193b (?) to presed COM
1 of fastest x presors
no OS dependencies (runnable on future OS?) like:
DOS calls
int latency
DOS/BIOS mem access
can add message to presed x
sfx
can pres system/driver
Disadv:
shareware
can't pres prog:
loading on hi-mem
with ovl/debug info
limited sfx (max is 640Kb?)
-PROPACK
By: Rob Northen Computing (England)
Type: (data & x) presor, archiver
Year: 1991-1993
Compiler: BC++ [1991]
V2.08
V2.14 [1992]
V2.19 [1993]
Adv:
support for Amiga, Lynx, ST, 68000 x ?
free for non-commercial use
registration & update is free for sw developers
Disadv: bad pres ratio
Note:
adds string "RNC" to presed x
use p -fp as x presor
-UCEXE
By: Andrew Cadach/AIP-NL (The Netherlands)
Type: x presor (COM -> EXE)
V2.4 [Apr 1996]
Adv:
1 of fastest x presors
better pres ratio than PKLITE V2.01 & COMPACK V5.1
self check
Disadv:
shareware
not preserved date/time stamp
buggy when unpacking (?)
Note:
add strings 'UC2X' to presed-x
part of UC2 archiver
-PKSMART V1.0
By: PSV (Puchkov Sergey) & Alex(ander Ryumshin) (Russia)
compiler: bc++ v3+ [1991]
V1.0 [Jun 1998]
Adv: very good pres ratio (sometimes better than WWPACK 3.05)
Disadv:
shareware?
slow pres
not properly coded? (often hangs)
not very compatible?
Note: no other ver
-PGMPAK (ProGraM (?) PAcK)
By: Todor Todorov
Type: x presor (COM -> EXE)
Compiler: BC V2.0 [1988]
V0.15 [May 1991]
Adv: free
Disadv:
same pres ratio but slower than PKLITE V2.01
add 12b ovl 00h+"PGMPAK 0.15" to presed x
most presed x hangs
not giving full mem
Note:
prog x contains PKZIP [1990]
EdH: maybe it's used this way:
call PKZIP inside prog x to pres to-be-presed x
attach (mini) ZIP-Sfx then depresor to presed x
if exec-ed, depresor execs (mini) ZIP-Sfx to depres (in mem?) & execs
depresed x
STN: PGMPAK is buggy
-PAKEXE
By: Sergio Artic
V1.0b [1996]
Adv: free
Disadv: requires PK(UN)ZIP to (de)pres
EdH: I'm not sure how it works but maybe like this:
x is presed with PKZIP -> file A
File A is stubbed with $pakexe (depresor) -> file B
if file B is exec-ed, depresor run PKUNZIP to depres ZIP -> file C
exec file C
-SHRINK
Type: COM presor
V1.0 [1988]
by Thomas G. Hanlin III
max to-be-proted x is 30,000b
average pres ratio = 7%
82b depresor
uses RLE2 pres method (uses least frequent byte inside file as pres flag)
free
BenC:
if all 256 bytes appear at 1 time in to-be-presed x, triggers 2 bugs:
-if a RLE byte followed by 00h, 00h is written to prog instead
-last byte of presed x isn't written
V2.0 [1995]
by JauMing Tseng or Kevin Tseng (Taiwan)
uses SHRINK2 pres method
104b depresor
max to-be-proted x is 65,536b minus 104b (?)
removes 3 fatal bugs from V1.0 -> lost (rlekey/dupchar/lastbyte)
src is provided
free
-T-PACK
By: Max/Tuscon aka Norman Rudolph (Germany)
Year: 1996?
Compiler: BP V7.0
V0.5b
Adv:
-m1: 69b depresor (matching length = 32b)
-m2: 122b depresor + more pres (matching length = 2,048b)
Disadv:
very
slow
bad pres ratio
buggy (?)
Note: uses LZ77 + 2kb sliding dictionary
-ELITE (EXELITE or Exe-LITE)
By: (Patryk E. Glowacz & Adam Augustyn)/Code Blasters (Poland)
year: 1994-1996
Compiler: BC++ V3.0 [1991], large model
V1.00b : password
V2.00S beta [Jan 1996]
Adv:
new exe-header format
reduce presed x size
very little mem to depres presed x
regged ver offers
prot
crypt + ADTs (against CUP, TRON, Soft-ICE, TD, CodeView, etc)
no orig EXE header
can
add message to presed x
create sfx-dat to be used in application
pres data file
add anti-vir
heuristic repair of damaged presed x (tested with 37 virs)
Disadv:
shareware -> $15
faster but worse pres ratio than PKLITE V2.01?
Note:
uses
dynamic Lempel-Ziv (DLV) for x pres
EdH: it should be DLZ, not DLV :)
LZSS + Huffman for data file pres
EdH: repair & anti-vir addition are silent when I modify presed x
-MEGALITE
By: ThE KiLLeR of MEGATEAM 'n CTF
Type: EXE presor
Compiler: MS-C [1990/1992]
Disadv: up to 4kb mem overhead
V1.20a+ [Nov 1994]
better pres
new sig
8086 runnable
Note:
prog x is processed by:
-Megalite V1.20a
-modified CPAV to confirm license agreement on each exec
-ICE V1.00
-EXE2COM (regular)
-TINYPROG V3.9
-ICE V1.00
-MCLOCK V1.2 or V1.3
-COM2EXE
-PKLITE V1.15
-EXE2COM (regular)
-TINYPROG V3.9
-MEGALITE V1.20a
prog x contains PKLITE V1.14 (?)
presed x "MZ" sig is swapped to "ZM"
V1.5
BenC:
PKLITE-like pres
it changes 1 byte of depresor -> screw up code
-AINEXE
By: Alexander Kulpin/Transas Marine (Russia)
Year: 1993-1996
Type: EXE presor
V2.23 [1995]
1 of fastest EXE presor -> uses? (X/E)MS
better pres than PKLITE V2.01
Note: part of AIN archiver
-Synopsis's COM Packer
by: Synopsis (The Netherlands)
year: 1997?
ROSE:
overwrite int0-4 w/o restore
COMPACK rip (?)
Note:
non-pub
found on Synopsis's UPC prog x (?)
EdH: is this protor &/ presor? Fileinfo says it's Synopsis Protection
-JAM
By: Eugen N. Vasilchenko (Russia)
Type: x presor
Year: 1990-1991
Compiler: BP V6.0
V2.21 [1991]
shareware
slower pres than PKLITE V2.01
VeK's TYP: caution on 486!
presed x hangs my cpu (if generated under 486, presed x is buggy?)
-CC
By: Anry Hacker/UniHackers Group (Russia)
Year: 1991-1994
Type: x presor (EXE -> COM), 286
Compiler: BC++ V3.0 [1990]
V2.61b
fast x unpack header
LZ pres
worse & slower than PKLITE V2.01
small EXE2COM
prot
simple ADT (based on PIQ)
crypt
SME (Startup Mutation Elusiver)
AIDS (Anti Intruder/AutoHack Daemon System) V86
CUP V3.4 /3 removable
shareware?
MANtiC0RE [1999] fixed presed x locks keyboard on Pentium+
-CRUNCHER
By: Ori Berger (Israel)
Type: x presor (COM -> EXE), DOS V3
V1.0 [Aug 1989]
shareware
stores presed code as x ovl
slow depres (proted x exec shows depres progress)
2,151b depresor
lame pres ratio
uses dynamic LZ 9-12 bits with Table Clearing
-PACK
By: M. Sotoodeh (?)
Type: x presor
V4.04?
-PACK
By: NoddegamrA (Poland)
Compiler: BC V1.0 [1987]
V2.01 [Oct 1995]
shareware
data pack
bad pres ratio
slower than PKLITE V2.01
herinmi: DIET V1.00 rip, only 4b is different
-EXEHIGH
By: NoddegamrA (Poland)
Year: 1995
Compiler: BC V2.0 [1988]
V1.01 [Oct 1995]
shareware
free
lower & slower than PKLITE V2.01
-LGLZ (Lyapko George LZ)
By: Y. George Lyapko (Ukraine)
Year: 1996-1999
Compiler: BP V7.0
V1.04b [Dec 1997]
V1.04e [1999]
V1.03 = V1.04a-e
fast self extract module
uses modified LZ77 + 8,192b sliding window dictionary + lazy matching
better & faster than PKLITE V2.01
free
-MS-LITE (Mercury Soft LITE)
By: Andy Cheng/Mercury Soft Technology (Hong Kong)
Year: 1997 (?) - 1998 (?)
V2.3 [1998]
-SCRNCH (SCRuNCH)
By: Graeme W. McRae
Year: 1987-1988
Type: COM presor, 8086, DOS V2
V1.02 [Apr 1988]
shareware
customized exit routine
same pres ratio but much slower than PKLITE V2.01
author: EXEPACK + SCRNCH give more pres ratio
EdH: my test shows the contrary
-VACUUM
By: Dark Fiber/[NuKE]
Type: COM presor
V0.01c [1996]
lower & much slower than PKLITE V2.01
no check for already presed x
prog x is Adam's DOS32 V3.40b prog
V?.?? [1999]
can't run on Pentium (?)
-COMPREXE (COMPRess EXEcutable)
By: Tom Torfs (Belgium)
Type: x presor
V1.0 [Sep 1997]
lower & slower than PKLITE V2.01
reports orig & presed x differences
free
Note: part of ProtEXE
-RJCRUSH (Roland J. CRUSH)
By: Roland J. Skinner/RJS Software (South Africa)
Year: 1994, 1996
Type: EXE presor
Compiler: BP V7.0
V1.10 [May 1996]
shareware
prog x exec sometimes show beg scr
can pres BP V5.55-V7.0 prog ovl (if src available)
1 of fastest EXE presor
slightly better pres than PKLITE V2.01
reloc sort
2pass reloc pres
no depres
-KVETCH
By: Tal Nevo
Year: 1993?
Type: x presor
-A.C.E. Packer
year: 1996
note: can pres COM
-SANCTION Packer
By: Pinker aka Dirk Kueppers / SANCTION (Germany)
Type: COM? presor
Year: 1996-1997 (?)
V1
uses dynamic LZSS77_ari + 8bit fixed pointer
unpack header = 250b
V2
uses LZSS77 + dynamic multi-precision arithmetic
pres ratio = RAR/ARJ (?)
worse pres ratio than 624
complete depresor size = 133b (+30b for copying, etc)
Note:
non-pub?
found on SANCTION's 4k Intros
-RTD_Compressor
type: com
---
MISC
---
The recent DOS x-presor like aPACK & UPX achieves more pres & speed with
these:
-386 PM & extended memory for presing
-More aggresive pres algo, so they are much slower than common/previous
DOS x presor
-Depresor code eats little in RAM & space, pres format is simple (arranged
with pres algo) to achieve very fast depres even on very old cpu
I think some programmers now uses exe-presor for their programs because
their programs are poorly written or written in big bloat compiler due to their
incapacity to create small, efficient programs, yet want to look good :-)
---
WIN COMPRESSOR
---
-NED (NE Deshrinker)
type: NE
v2.30
note: can only pres NE VB v3.0 exes
-NELite 2002
by: Veit Kannegieser (Germany)
type: NE targeted for OS/2
v3.03 [2002]
note: based on LXLite
-WINLITE
by: Doren Rosenthal/Rosenthal Engineering (USA)
type: NE presor
V1.0 [1993]
adv: regged ver offers Virus Armor -> kind of x-crypt ?
disadv:
(s)lower than PKLITE/NE pres
can't pres DLL
-LXLITE
by: Veit Kannegieser (?) /Friends Software
type: OS/2 x presor
V1.3.0
src (eventhough on separate package)
-PKLITE32
by: PKWARE
type: win4
V1.1
non-free
-WWPack32
by: Rafal Wierzbicki & Piotr Warezak (Poland)
year: 1997-1998
V1.20d
non-free
-HackStop/32
by: Ralph Roth aka ROSE / ROSE_SWE (Germany)
V1.00
always say 'nonrecoverable error' :) on my 3rd cpu
after select a target file or if cancelled
its window text says it's actually a PE presor, not protor
EdH: free/not?
-EZIP
by: Jonathan Clark
v1.0 [Apr 2001]
EdH: not coded very good
non-free
note: =? author of Abuse game (same name)
-EXE32Pack
v1.42
non-free
-KasperSky Pack
non-free
-NSPack
by: North Star
v2.3
v3.7
v4.1
non-free
-NTkernelPacker
v0.1
non-free
-Software Compress
by: bgsopt.com
v1.2 lite
non-free
-Thinstall
by: Jitit Software
v2.4x
v2.7x
non-free
-NEOLITE
by: Lee Hasiuk (?) /Neoworx
year: 1998-1999
V2.00
non-free
-NEOSPACE
by: Neoworx
non-free (?)
-SHRINKER
by: A.S.M. Inc.
V3.2: NE
V3.4: PE
v3.5
non-free
-Alloy
by: Prakash Gautam /PGWARE
1.04.14.2000
1.08
non-free
note: glue? packer
-ASPack
by: Alexey Solodovnikov
year: 1998-2010
compiler: Borland Delphi v2
V1.03: time trials
v2.00
improved pres ratio
max pres is added
V2.12 [2002]
shareware
better pres than UPX v1.24 (for MS-Office97's Excel.exe)
even without /M (max pres) option (shocking!)
but worse pres than UPX v2.01 (for small exes) even with /M option
unpackable by ASPackDie v1.3d
v2.24 [2010] 8 years later
note: also PE light-protor
-PEBundle
by: Jeremy Collake
V0.15wtd
v3.xx
-ShrinkWrap
by: Jeremy Collake
V1.22
herinmi: it`s totally the same as pecompact
V1.4
EdH: free/not?
-PEcompact
by: Jeremy Collake /bitsum
type: win4, shareware
V0.977: time trials
V1.43
V1.46
V3.02
V3.03b5 [2010]
by: Jeremy Collake/BitSum
has different loaders (AD, no_RWX, ZRDX), preslibs (aPLib, FFCE, JCALG1,
LZMA), API_hooks (crc check, is_packed, redirection) -> also PE light protor
-Feoktisov-Packer
dunno free/not
-!EP
by: g-l-u-k [Team - X] (Russia)
v1.0 [2005]
-AHPacker v0.1
-ANDpakk2 (apk2)
by: Dmitry "AND" Andreev (Russia)
year: 2006-2007
v0.16
v0.18 [2007]
meant for 64k intros
pres uses PPM
packed x shows 'Decompressing...' dialog 1st (disableable, though)
because the depres is slow (not suitable for online depres)
packed x triggers an avir (Avira Personal 9)
packed x-es in package triggers an avir (Avast 4.8 Home)
-Anslym Packer
-ASDPack v2
-BamBam v0.0.1
-BeRoEXEPacker v1.00
-Berio v1.0
-cEXE
by: Tinyware Inc.
V1.0a
V1.0b
note: presor only under winNT
-ClCompress v1.0
-DePack
-fEaRz Packer v0.3
-hmimys PE-Pack v0.1
-hmimys Packer v1.0
-IMP-Packer v1.0
-JD Pack v2.00
-KByS Packer v0.28b
-kkrunchy
-MEW
by: Northfox (Hungary)
5 Exe Coder v0.1
10
11 SE
v1.2 [2008?/2009?]
triggers avir (Avira Personal 9)
-mkfPack
-mPack v0.0.3
-MuCruncher
-nPack
by: NEOx (Russia)
v2.0.100.2008
-Packanoid v1.1
-PackItBitch v1.0
-Packman
by: Brandon LaCombe
v1.0
-Pack Master v1.6
-PEQuake v0.06
-PE Shrink
=? PE Shrinker
-PE Shrinker (PCSHRINK)
by: Virogen /PhrozenCrew
V0.71b [27 Jun 1999]
pres uses aPLib v0.22
note: based on src from (or written together with) Zhang De Hua (?)
-PE Zip v1.0
-QuickPack NT v0.1
-ReWolf DLLPackager v1.0
-RDG Pack Lite Edition v0.4
-SimplePack
v1.0
v1.11
v1.2
v1.2x
-TPP Pack
-UPack
by: Dwing (China)
v3.90f [2005]
has GUI ver
pres uses LZMA v4.30
packed x = loader + ovl (!)
-VPacker v0.02.10
-xxPack v0.1
-YZPack v1.1 & v1.2
-ZipWorx
-PE-PACK
by: ANAKiN aka Stefan Esser (Germany)
V0.99 [1998]
V1.00 [1998]
note: uses Jibz's aPLib preslib
-Petite
by: Ian Luck /Un4Seen
year: 1998-2005
type: PE presor
V1.0 [22 May 1998]
V1.4
V2.2 [15 Dec 1999]
v2.3 [27 Feb 2005] 5+ years later :)
?: later ver uses SEH & some anti tricks
note: pres uses ZIP algo, packed x = loader + ovl (!)
-RLPack
by: Reversing Labs
Basic Edition v1.21 [2008]
GPL
but Full Edition (+prot) isn't freeware
pres can use apLib v0.43 or LZMA v4.30
pres rate is excellent for small files, but packed x
doesn't run on my 5th cpu
triggers an avir (Avira Personal 9)
-FSG (Fast Small Good)
by: dulek, bart /xtreeme (Poland)
type: PE-presor for small PEs
v1.0
v1.33 [15 Nov 2002]
sort of GUI, prog x screams after finishes & immediately quit
v2.0 [24 May 2004]
has ini
-MPRESS
by: MATCODE
year: 2007-2010
type: win4
v2.15 [Mar 2010]
pres uses LZMAT
v2.17
---
ARCHIVER DOS SFX
---
-UCSEA (Ultra Compressor Self Extracting Archive)
By: AIP-NL (Ad Infinitum Programs-NetherLands)
V2.37b [1996]
Adv:
need < 270 kb mem
UltraFast pres engine
Disadv:
distribution needs registration
different format than UC (needs repres)
Note:
UltraFast may be used in portable UC3 ?
part of UC2 archiver
-ARJ-SFX
By: Robert K. Jung/ARJ Software (USA)
V2.10+: presed by FaB's LZEXE
V2.70 [1999]
3 sfx modules:
6,204b (ARJSFXJR/junior), unpresed: 8,162b
16kb (standard)
18kb (mentioned on ARJ/v2.70/TECHNOTE.TXT) -> supports ARJ-SECURITY
27kb (ARJSFXV/multi-volume) -> supports ARJ-SECURITY
V2.75a [2000]
Disadv: distribution needs registration
Note:
has string 'RJSX'
part of ARJ archiver
-RAR-SFX
By: Eugene Roshal (Russia)
Compiler: BC++ [1991]
V2.70b2 [2000], unpresed size: 13,823b
Note:
has string 'RSFX'
part of RAR archiver
presed by FaB's LZEXE
-ZIP-SFX (PKSFX)
By: PKWARE
V2.04g [1993] unpresed size: 18,912b/3,002b (mini)
V2.50 [1999] unpresed size: 20,640b/3,150b (mini)
Note:
part of PKZIP archiver
presed by PKLITE
-ACE-SFX
By: Marcel Lemke (Germany)
V1.2b [1998]
presed by Jibz's aPACK V0.82b?
uses 1Mb EMS (dos/exe)
size: 24kb (senior) 3,802b (junior)
V2.0b1 [2000]
UNACE is rewritten to be SFX
x = PMODE/W V1.33 + watcom/le
presed by UPX V0.99.3
V2.0b4 [2001]
Note: part of ACE archiver
-PROPACK SFX
By: Rob Northen Computing (England)
V2.18 [1993]
1,913b sfx
hangs my cpu while depres
part of PROPACK
-AIN-SFX (AINEXT)
By: Alexander Kulpin/Transas Marine (Russia)
V2.31
sfx = separate (freeware) extractor x + AIN archive (as ovl)
27,770b
Note: part of AIN archiver
-LHA-SFX
By: Haruyazu Yoshizaki (Japan)
compiler: LSI-C86 V3.20
V2.13 [July 1991]
size=1,942/1,945b (large); 1633b (small)
free
Note: part of LHA archiver
-LHARK-SFX
By: Kerwin F. Medina
V0.4
Note: part of LHARK archiver
-BSN-SFX
By: PTS (Russia)
V2.0 [1994]
presed size = 3,884b
Note: part of BSA archiver
-Compack-Sfx
---
DEDICATED TO EXEList: DOS DEBUGGER/EMULATOR/TRACER/DUMPER/UNPACKER/DISASM
---
Info Source:
Jose M. L. Lopes/MASK V2.5/DOC
CyberRax/LCCrypt V1.2/unpack.txt
---
-GDB (GNU Debugger)
by: FSF (Free Software Foundation)
v4.16
v6.21 [2004]
-Sourcer
By: V Communications
Type: disasm
CyR: the commenting disassembler, elitest of the elites, now is forgotten,
but still an excellent prog
-UNComBat
By: ROSE aka Ralph Roth/ROSE SWE (Germany)
Year: 1993-1999
Type: spec.deprot.COM
Note:
a DOS DEBUG script written in batch file
part of ROSE's UnTiny package
-UPCOM
By: Hanno Bock/SAVE (Germany)
Year: 1997
Type: unpack.COM
Note:
a DOS DEBUG script written in batch file
part of HUNP (Hanno's UNPacker) V1.01 package
-DEBUG
By: MicroSoft
Year: 19??
Type: RM.debug
Note:
part of MS-DOS package
like other MSDOS prog, it refuses to run on other MSDOS ver
CyR: still useful for small/fast work
-SYMDEB (SYMbolic DEBug)
By: MicroSoft
V4.00 [1985]
-386 MiniBug
By: Phar Lap Software
V2.2d [1989]
-ACT N82538872
By: Victor M.Gamayunov
Year: 1993
-D(ALF)
By: Obraztzow S. (Russia)
V1.0b [1992]
-EDB
By: Serge Pachkovsky (Russia)
V0.15 [1991]
-MegaDebugger
by: Mark Thomas
v1.0
-VIM (Virtual Machine)
By: DDI
Type: RM.debug
V1.01PD
-DEBUG
By: PhysTechSoft, Ltd. (Russia)
V1.30 [1999]
Type: RM.debug
Note:
part of PTS-DOS 2000 package
more complete & user-friendly than (MS)debug
-GRDB
By: LADSoft
Type: RM.debug
V1.7
Adv:
supports Pentium opcodes and HW-breakpoints
source is released
Note: (MS)debug-like interface
-CV (CODEVIEW)
By: Microsoft
Type: RM?.debug
-SSD (Serville's Software Debugger)
By: Mathew Probert
Type: interpret.?
V6.0 [1996]
Note: designed to analyze (crypt/mte)d virs
-386SWAT
By: Qualitas Inc.
Type: TSR.debug
V6.02
Adv:
free
can debug VCPI, DPMI progs
a lot of docs
Note: created to debug 386MAX memman by same company
-DCA (Deep Code Analyzer)
By: PReDaToR 666
Type: few.spec.unpack
V1.4 [1996]
dedicated to Oren Maurice
unpackers are put as external x
-ABKDEPRO
By: fds0ft (Hungary?)
Year: 1996
Type: few.spec.unpack.COM, 286, DOS V3.3, 200kb freemem
beta 3 [1996]
Adv:
GUI
free
-INTRUDER
By: CREAT0R/CreaSoft/FBI aka Alex Taylor or Alexey A. Novojilov (Russia)
Type: lib.unpack
V1.30 [1994]
supports BP, BC(++), MS-C, Clipper
V1.31 [1998]
by: dR.No/ViP Software/DTG/UG2000
enhanced MS-C & Clipper support
Note: 1st lib.unpacker
-UPC (Universal Program Cracker)
By: Synopsis (The Netherlands)
Type: lib.unpack
year: 1996-1997
V1.11 [Aug 1997]
Adv:
supports
BP V6.0 & V7.0
BC(++)
MS-C(++) / QB
ZC (only tested on V3.0)
WC++ 16
Note: based on Intruder
-ENTPACK
By: Veit Kannegieser (Germany)
Year: 1995-1998
Type: lib.unpack
19.09.1996 : WC, LSI C
05.10.1996
(Fitted & TopSpeed) M2, (Turbo & Quick) Basic,
(Zortech/Symantec) C, HackStop V1.13
11.10.1996 : RCC 1.10
08.05.1997
HARDLOCK (HLVXD.EXE)
Bat2Exec
31.12.1997
ANTIUPC, WWPACK V3.05▀5, PCRYPT V3.45, Parameter t for HARDLOCK and DOG212,
XPACK Guard, PROTEXE
16.01.1998 : ProtEXE V3.11
31.03.1998 : Selfenc/Bat2Exec(Trap)
08.04.1998 : ILUCRYPT V4.0
24.04.1998 : Upstop
28.05.1998 : TRAP 1.17
14.06.1998 : aTEU 1.1
15.06.1998
-TEU (The Executable Unpacker)
By: JVP
Year: 1996-1998
Type: lib.unpack, 386
Compiler: TASM V3.20, small model
V1.82 (1998)
Adv:
recognizes much more compilers than UPC V1.11
-g : gen unpack
-! : save on termination
-M(n): PassiveX(n), n=1..4
mutate itself in mem to avoid mem detection
unpacks so easily
many (unsuccessful) effort are done to stop TEU:
UET, ATEU, EXELOCK666, etc
Disadv:
uses (rather) incompatible prots for TEU x, sometimes hang
unpacked x produced is always EXE
Note: prog x is proted by many nebelbombs
-XPACK -UX
By: JauMing Tseng or Kevin Tseng (Taiwan)
Type: lib.unpack
Note:
a spec.unpack switch in XPACK
JMT: -UX is hacked UPC code
-PCU (pGA! cOm unpacker)
By: fds0ft (Hungary?)
Type: few.spec.unpack.COM
Year: 1997
Adv:
GUI
can remove some COM processors UNP & X-TRACT can't
-Khrome Decrypter
By: Teraphy
Type: few.spec.unpack.COM
V0.1 [1997]
-UN-PACK
By: Snow Panther/DTG/UG2000 (Russia)
Type: many.spec.unpack
Compiler: BP V7.0
V1.0 [1998] : can find 5 of 9 Lost Soul/UCF 's anti-CUP386 /7 tricks
V1.1
COM2EXE
COM tracer (-t)
V1.2 : reloc handler (-r)
V1.4 : EXE2COM
V1.5
truncates & separates file (-f)
portions from ST!LLS0N's EXESCAN V3.25
some sigs
gen detection (-g)
TEU support (-u)
V1.666 [2000]
free
portions are from
Hypn0tizeR's File Analyzer (extension detector)
Juergen Peter's IDArc (archive detector)
V1.7 [2000]
free ver available
sometimes suggest you to unpack certain x yourself with:
CUP V3.4, X-TRACT V1.51 & ProcDump V1.6
extension detector file is now presed with TTCOMP
COM dumper
V1.8 [2000] : add Code Master's Disasm
V1.9 [Oct 2000]
V2.0
Note:
commercial use is prohibited
contains unpackers written by other people
author also include his non-pub spec.unpackers
-UNP
By: Ben Castricum (The Netherlands)
Type: many.spec.unpack
V3.00 : option -a (self-repeat to remove deeper layer on unpacked x)
V4.10 : command t: trace x (4 COM = gen unpacker)
V4.11 [1995]
prog x is DIET V1.45f-presed & DShield-proted
reconfigurable options, saved in the x
can't scan unpacked x with TBScanX (but mentioned on DOC!)
cardware or $1 for commercial use
V4.12b : can scan unpacked x with TBScanX
Adv:
lot of options to manipulate x
COM2EXE, EXE2COM
copy/remove/merge ovl
optimizes reloc
remove not-relevant header data
align header data
Note: 1st known prog capable to remove many x processors
-X-TRACT
By: Pablo Carboni
Type: many.spec.unpack
V1.51 [1995] last known ver
Adv:
self-repeat to remove deeper layer on unpacked x
unpacks some more x processors UNP can't remove
Note: another old unpacker
-UX
By: Misha/UCF
Year: 1992-1996
Type: many.spec.EXE.unpack
V0.55
last ver
src is released
free for non-commercial use
-TRON
Year: 1994-1996
By: Michael Bauder aka Avenger/Smile Soft (Germany)
Type: gen.trace.unpack?
V1.30 [1996]
Adv: -p or -u: universal PM expander (regged)
ROSE,herinmi: tricky to stop
-unROSE/386
by: Ralph Roth aka ROSE/ROSE_SWE (Germany)
year: ?-2002
type: DOS v5, 386
v0.53b [25 Apr 2002]
disadv: prog creates temp file (exe) on root dir,
not current dir. if prog can't rename it, it
left the temp file
adv: can unpack some (newer) x-processors
unpackable by Tron v1.30, UNP v4.12, X-Tract v1.51a
note: based on IUP v0.6.7
-TD, TD286 & TD386 (Turbo Debugger)
By: Chris & Rich Williams/Borland
Year: 1988-1993
Type: debug
V3.1 [1992]
V4.0 [1993] PM debugger
Note:
TD & TD286 is easy to kick (RM debugger, int1/int3)
CyR: simple HLT will crash TD
TD386 uses 386 spec. hw bkpts
-Soft-ICE (Soft-ICE Win, WinICE, NTice, FrogsICE)
By: Nu-Mega Tech.
Type: TSR.debug
V2.64 [1993]
V2.80
95 V3.xx
Note:
the first? & famous 386 debugger
uses 386 spec. hw bkpts
acts as EMM
most older ADT is created to kick Soft-ICE :)
-CUP & CUP386 (CyberWare Universal unPacker)
By: Alex Petroukine aka Sage/Cyberware/UCF (Russia)
Type: gen.trace.unpack, 386, DOS V5
Year: 1995?-1997
V1.2: 3pass
V3.2: 386
anti runningline
V3.3a: StE: full of bugs
V3.4: 386
Adv:
has CyberWare Code Digger (debugger) inside -> option /d
cup /1: RM tracer
cup /3: 386 spec. hw bkpts -> only run on RM
cup /7: pretender (emulator) -> only run on RM
Note:
the most fearsome unpacker at its time
LostSoul/UCF worked to find 9 anti-CUP tricks
unused space in unpacked x sometimes contains repeated strings of
"!reve4erawrebyc`" -> flipped "`cyberware4ever!"
EliCZ: based on LIDT
-TR (Super TRacer)
By: Liu Tao Tao (China)
Type: RM/v86?.interpret.debug
Variant: TRW V1.22, TRW2000
V2.03: CG: V2.03 is better than V2.52 (large model instead of small model?)
V2.52 [Nov 1998] last know ver
Adv:
run on V86
user interface
script
supports 'function keys' & 'debug like' usage
kicks 'check if last key was [ENTER]' ADT
Disadv: shareware, but U can suspend the payment until you're rich :)
Note:
the best debugger
most newer ADT is created to kick TR :)
-LTR (LADO's TRacer)
By: LADO aka Attila Ladomerszky (Hungary)
Type: RM?.interpret.debug
Disadv: only run on RM
V1.0 [1999]
CG: slow & mighty interpreter, full DRx hw bkpt possibility
CG, ChS: very strong
EliCZ:
based on LIDT
starts PM or sets IDT back to 0:3ff (like AdFlt2A) will kick it
V1.01 (?)
-EDUMP or EZDump (EliCZ's DUMPer)
By: EliCZ/pCE (Czech)
Type: WIN mem dumper for DOS x
Ver I
Ver II: runnable under Win31
Adv:
unpacks any
unrunnable protor
runtime crypt
modified ver is able to kick FSE V0.76
Note: the unstoppable unpacker?
EliCZ: truly & fully gen unpacker, bypass polymorph & mte
CG:
using WIN DPMI functions to gain access of hw bkpts
very strong
STN:
the ultimate unpacker
no EDUMP detection better than (the lame) mem detection
EDUMP run at ring-0 while proted x at ring-3. EDUMP can't be removed
without harming Win
-GTR (General TRacer)
By: Hendr!x/UCF aka Patrick Enoch
Type: trace.unpack?, 386 RM
Year: 1998?-1999?
V1.Df/Dt [1999?]
Adv:
STN: the best tracer
CG: clever hw bkpt tracing method in PM
ChS: it now reflects hw bkpts to V86 mode
Disadv: hard to use
Note: ver numbering is numeric then alphabet (8,9,A,B)
-DG (DeGlucker)
Type: rm?.debug
V0.0? : by ALI aka A. Ilyushin & MASTER aka S. Gorokhov (Russia)
V0.04rc: by CrazyMax aka Max Martynov (Russia)
V0.05 : [2000]
by OlegPro aka Oleg Prokhorov & VAG aka Vladimir Gneushev (Russia)
herinmi, manticore, cyr: very good
OlegPro: it can trace FSEd x
Disadv:
src is released
can't run with EMM
-ICEUNP (Intel Complex Emulator UNPacker)
By: JauMing Tseng or Kevin Tseng (Taiwan), Christopher Gabler (Germany)
Year: 1996?-2000
Type: emu-trace.unpack
JMT: based on IUP-frame-work/interface & TEU-exe-rebuilder
up to V0.31:
by JMT
open src
CG: using TF, own stack, DRx tracing, int1/3 emulation
V0.32-V0.33:
by CG
add HS & MESS tracing
EdH: slow but working :)
V0.34
by JMT
regs are set like DOS before run
-IUP (Intelligent UNPacker)
By: Frank Zago (France)
Type: 1-step-trace.unpack, 386 RM
V0.67 [1996]
Adv:
immune to int1/3 & IN/OUT trick
1pass
Disadv:
strange result & slower on QEMM than real mode?
kickable by stack playing trick
src is released
Note: JMT independently improved IUP as ICEUNP
-AutoHack
By: Y. Tolsky/BCP (Russia)
Type: gen?.unpack
Compiler: BP V7.0
V4.1 [1994]
][ V1.0b [1994]
semi GUI
EdH: non-English. review, plz!
-SnapShot Pro
By: DaLe. Co (Russia)
Year: 1992-1994
Type: dump?
V3.0 [1994]
can do lib.unpack
EdH: review, plz!
-GETEXE
By: Tzer (Russia?)
Type: TSR.trace?
V2.0b [1993]
-HaSP-Extractor
By: Lord of Gifts
Type: many.spec.depres
V1.00 [1996?]
SBUST clone -> supports similar progs (?)
-BW (BlastWave)
By: Ding Boy (Taiwan?/China?)
Year: 1998(?)-1999
Type: dump/lib.unpack, DOS V6, 386
Compiler: QB V4.5, MASM V6.11
Variant: BW2000
V2.5b2 [1999?]
V2.5 [1 Feb 1999]
CG: interesting dumping method
STN: latest fine breed of lib.unpacker
EdH: good, but non-English. more review, plz!
-ERP (Executable Recovery Program)
By: Richie
Year: 1996-1997
V0.97b [1997]
Type: append.remover
Adv: may remove appending (vir/protor) from known packer/compiler
Note: the only append.remover unpacker
-RIPPER/32
By: Werong Ho (Taiwan?/China?)
Type: ?
Year: 1995
V2.01
Easy Version src is included
V3.00
Zenix: I like the src very much
-AUP (AUP386) (Acheron Universal unPacker)
By: Sirius aka lopenpet(?) (Slovakia?)
Type: unpack
V1.0b [1997]
unfinished prog
no help
not properly tested (often hangs?)
prog x can't run with emm or disk cacher
no handler for PIQ tricks
CG: unstable hw bkpt
Note:
the only ver
can't unpack anything? :)
-Game Tools
By: Wong Win Kin (Hong Kong)
Type: DOS
V3.23 [1993]
Note: to cheat games, but also used for cracking :)
-GW (Game Wizard) 32 Pro
By: Ray Hsu & Gerald Ryckman /Enhanced Software Design (Canada)
type: DOS, TSR
V2.20 [1994]
V3.0 [1995]
req: 386, DOS V3.1, VGA, 13kb RAM
adv:
self (save/load), mem (edit/freeze), (saveable) cheat table, force.exit,
game.speed.adjust
file.view/hex-edit, scr.capture
disadv:
shareware
overproted
win incompatible
Note:
game cheater, not debugger/unpacker
but since it goes TSR & may help x unpack, some protors (ex: MASK)
disable it
-Game Buster
type: DOS
-CRKCOM
By: ST!LLS0N
Type: dump.COM
V0.92 [1997]
option /1: RM.trace
free
no doc
-DUMPCOM
By: ST!LLS0N
Year: 1997-1998
Type: dump.COM
Compiler: BP V7.0
V3.55 PRO [1998]
free
no doc
-tHE DUMPER
By: LazyC0DEr/BotH
Type: dump/lib.unpack, 386pm
V1.00 [1999]
lib.unpack.detection is based from INTRUDER V1.30
-LCDump (LaMe CoM DuMPeR)
By: CyberRax (Estonia)
Type: dump.COM, 286, DOS V3
V1.0 [1 Jan 2000]
V1.01 build 7 [3 Jan 2000]
now supports COM presors
sets DOS mem alloc strategy to 1st fit
dumps after target prog is terminated
can be kicked with mem cleaning or anti-load
-UNSHELL
By: Feng-Zhihong/JWL Co. & New Bible Workgroup (China?)
Type: unpack.EXE
Compiler: BP V7.0
V1.1 PRO [1995]
shareware (to unpack, must wait 60 sec 1st)
adds string saying that unpacked x is unpacked by UNSHELL V1.0
-TBCLEAN
By: ThunderByte B.V. (Australia)
Type: trace.clean
V7.00 [1996]
V8.09
Note:
to clean vir, but...
part of TBAV
TBAV is bought by Norman Data Defense
CyR: decryptor part awfully resembles a virus, so...
-DECOM (DEcrypt COM)
by: ROSE aka Ralph Roth/ROSE SWE (Germany)
year: 1990-2002
desc: to clean COM files infected with virus with polymorph.decryptor
v1.10 [Mar 1995]
has sw emu
v1.20 [Mar 1996]
needs 386
v1.26 [15 Feb 1998]
v1.29 [14 Apr 2002]
note: pair of RVK
-RVK (ROSE's Virus Killer)
by: ROSE aka Ralph Roth/ROSE SWE (Germany)
Type: heur.clean.COM
year: 1992-2002
v0.20 [March 1995]
has sw emu
v1.20 [March 1996]
needs 386
v1.27 [Feb 1998]
v1.29 [14 Apr 2002]
Adv: bypass more ADT than TBClean
Disadv: TBClean's UI is nicer
Note:
to clean vir, but...
pair of DECOM
-CUNP (ROSE's Generic COM file unpacker)
By: ROSE aka Ralph Roth/ROSE SWE (Germany)
Type: gen.unpack.COM
Year: 1996-1997
V0.17b [1997]
CyR: all vers crash on my PC
-UCOMUX (Vandals's COM Expander)
By: MegaDevil/Vandals (Portugal)
Type: dump.COM
Year: 1996
Note:
goes TSR until next COM exec & dump the COM before exit
always dump 64kb
part of Vandals's UNPCOM
-COMDump
By: MegaDevil/Vandals (Portugal)
Type: dump.COM
V1.0 [1996]
goes TSR, while run proted-COM press F12 to dump
always dump 64kb
part of Vandals's UNPCOM
-Simple COM dumper
By: Christopher Gabler/UG2000 (Germany)
Type: dump.COM, 386
Year: Mar 2000
Disadv: can't unpack COM exiting with int20
Note: part of UNPKIT (asm src)
-HACKTOOLS
By: Oleg N. Kolesnikov (Russia)
V3.0 [1994]
-Cheat Compiler
By: Steel Rat
V1.0 [1993]
-Player's Tool
By: Dmitry Yakunin & Andy Robinson /UHC (Russia)
V3.996b [1994]
-Action Replay
-AFD (Advanced Fullscreen Debug) PRO
By: Puttkammer?/AdTec GmbH
Type: RM.debug
V1.00 [1985]
-bXd (brandX SYMBOLIC DEBUGGER)
By: Sonam G. Gyato
Type: debug
V1.0
V2.6 [Aug 1987]
adv: regged offers bXd3: bXd2 + src debug + dual monitor support
disadv: shareware
-R86 Reassembler
by: Stefan Bion
type: disasm
v1.00 [1992]
note: generates A86-compatible asm
-X-C0M (X-C0M386)
By: rAND0M/xADI & ROSE aka Ralph Ropth/ROSE SWE (Germany)
Year: 1996
Type: gen.unpack.COM, 386
-SuperCX (Super COM-eXtractor)
By: Lost Soul/UCF
Type: unpack.COM, 8086
V2.00 [1994]
no ADT handler
src is provided [1996]
for learn & knowledge purposes
-ICEberg
By: Jos‚ M. L. Lopes
-DIS86 (Interactive Disassembler)
By: James R. Van Zandt
-IDA (Interactive DisAssembler)
By: Ilfak Guilfanov (Russia)
Year: 1991-1995
Type: disasm
V3.80 (?)
-Intercept/Interpret
By: Ned Konz
Type: used-int.recorder
-Periscope
By: The Periscope Company, Inc.
-DXDEBUG
By: PharLap Software
-QA (Quaid Analyzer)
By: Robert T. McQuaid
-Ultimate Unpacker
By: Andry Kobilykov aka AVK aka MERLiN /DTG/UG2000 (Russia)
V0.3 [1998]
non-pub
-SID (Symbolic Instruction Debugger)
By: Digital Research
Note: part? of DR-DOS
-COMUNP
By: Bushwoelie/MSH
Type: gen.unpack.COM
V1.0f [1997?]
only run in RM
dump mode
-Decay/386
By: Bushwoelie/MSH & Stonehead/TPiNC
Type: gen.unpack.COM
Compiler: TASM V4.0
V0.05 [1997]
only run in RM
successor of COMUNP
can't unpack 386 prot
-DumpExe
By: Bugsy/OBSESSiON aka Benjamin Petersen
Type: dump.helper
V2.4?
Note: plug-in for debugger
-UUP (Universal EXE UnPacker)
By: Nicolai Logvinov & Ilfak Guilfanov /Unibest (Russia)
Year: 1991-1993
Type: gen.depres.EXE
Compiler: BC++ [1991]
V1.4 [1993]
free
-TSUP (TSEP Universal unPacker)
By: Orion aka Levan Natroshvili & Zlorfik aka George Datuashvili /TSEP
Type: gen.depres
Compiler: MS-C [1992]
V1.60 [1993]
-UP (UnPack)
By: Wong Wing Kin (Hong Kong)
Year: 1990-1993
Type: few.spec.depres
Compiler: BP V6.0
V3.1 [1992]
V3.2 [1993]
-UNPACKER
By: VSF&K (Russia)
Type: few.spec.depres
Year: 1991-1992
V0.9b [May 1992]
Note: very old unpacker for very old presors
-XO or XOE (X-OPEN)
By: Ady E. aka Guy Shattah
Type: many.spec.unpack, 8086, DOS V3, min 40kb freemem
V3.30 [1993]
shareware
regged ver: option -c: gen.unpack.COM
no ADT handler
Note: very old unpacker
EdH: is Ady E. = Guy Shattah ?
-SBUST (Stick-Buster)
By: Lior Cohen/Exculiber
Type: many.spec.unpack
V1.10 [1993]
V2.40 [1993]
V2.40r : cracked by Damage,Inc.
Note: very old unpacker
-COMHack
By: Prince/IdleSoft
Type: unpack.COM, DOS V5
V1.02 [1996]
prog x is processed by an unknown presor & 2 unknown protors
EdH: non-English. review, plz!
-TPCX (T.P.C.'s X-tractor)
By: Asher Alon?/T.P.C. (Israel)
Type: many.spec.unpack, DOS V3.3, 64kb freemem
Compiler: BP V6.0
V1.0 [1994]
-XRay
By: Tom Kihlen
-Mark's Multidebugger
Type: RM.debug
V1.00 [1995?]
-AC (Anti-Crypt)
By: SMT/SMF (Russia)
Year: 1998-1999
Type: few.spec.unpack, 386, max 64kb proted x
V0.30.0 [Dec 1998]
prog x is proted by do-nothing-on-my-cpu protor (SMT's PolyScrypt)
V0.32.0 [1999]
src is provided
-MOW (Lame macronopper)
By: StoneHead/TPiNC (The Netherlands)
Year: 1997-1998
Type: macro.patch
Compiler: BP V7.0
V1.8 [1998]
439 macros
slow processing
-AHCR (ANTi-HACKiNG C0DE REM0VER)
By: ROSE aka Ralph Roth/ROSE SWE (Germany)
Type: macro.patch
V1.36 [2000]
-UNCOM (General Com-Unprotector)
By: ’narchistic Ka0t/N0PS
Year: 1996
Type: gen.unpack.COM, 386
Note: uses 386 hw bkpt
-unCOM
By: ROSE aka Ralph Roth/ROSE SWE (Germany)
Type: many.spec.deprot.COM
Compiler: BP
V1.25 [2000]
part of ROSE's UnTiny package
CyR: has some generic code
-UNEXE (UNiversal EXE/COM unpacker)
By: FALinc/NightMareCorporation (Russia)
Type: gen.unpack
Compiler: BC++
V1.0 [1997]
option -c: lib.unpack for BC(++), MS-C(++), WC(++), BP
prog x is proted by FALinc prot
---
WIN UNPACKERS/DISASSEMBLERS
---
-ProcDump
by: G-ROM & Stone
type: win32.pe
V1.6f
-W32DSM
-OllyDbg
---
VIRUS
---
Info Source: Frisk/F-PROT/2.??/VirDesc
---
-Brain
by: ? (Pakistan)
1st DOS virus
-DIR, DIR-II (Creeping Death)
Type: file vir, infects x
Length: 691b, 1024b
Procedure:
when resident, it change dir structure data so certain x are linked to
itself
if you exec a file linked to it, it's also exec-ed & infect other files
on read/write
Damage: when all x is infected, no x can be exec-ed
Detect: chkdsk: some files are cross-linked to the same position
Note: not hook int24 when infect (omit i/o error)
-Flip
Type: boot vir, infects x
Length: 2672b
adds 2153b to infected x
uses smart anti-AV-detect
rotates scr display 180 degrees
-Monkey (Stoned.Empire.Monkey.B, Monkey 2)
Type: boot vir, infects boot sectors
Detect: chkdsk: -1024b of freemem
1 of few virs that can infect floppies under Win
crypts partition table of mbr
if you boot from clean floppy, disk can't be accessed
if resident & you check mbr, it will display orig, uninfected ver
-Mummy
Type: file vir, infects EXE
resident
sometimes hang while resident
adds 1,300b-1,503b to infected x
crypted string in vir code:
"Mummy Version x.xxx",
"Kaohsiung Senior School",
"Tzeng Jau Ming presents",
"Series Number=[xxxxx]."
JMT: I wrote it for experiment & my friends spread it
-GOLD-BUG
Type:
(color video & xtended HMA mem) resident,
requires 80186, DOS V5/6 + Himem.Sys
multipartite,
polymorphic,
EXE created only has 2 bytes that remain constant
512 front-end decryptors * 128 decrypt pattern
double crypt + int3 (ADT)
stealth,
infected self-check x won't detect any change
(boot & master)-sector infector,
spawning,
anti-AV: if resident:
(delete / stop exec) of any EXE which:
> 64kb
last 2 letters of filename are "AN" to "AZ" (SCAN/CLEAN/CPAV/MSAV/etc)
delete files (CPAV/MSAV)'s chklist.*
Length: 1,024b
Symptoms:
CMOS chksum failure
creates file w/o extension
modem answer on 7th ring
-TREMOR
-Shifting Object
Author: Stormbringer / Phalcon/SKISM
Type: vir
V3.0
Note: 1st vir to infect OBJ format
-3APA3A
Type: BS infector
Note: 1st (only?) kernel infector. Infects 1st file on HD
(usually IO.SYS or IBMBIO.COM)
-VCL (Virus Creation Laboratory)
Type: vir.lab
By: NoWhere Man/[NuKE]
V1.00 [199#]
Note: its ZIP package is crypted, the passphrase is "Chiba City"
CyR: most user-friendly DOS vir.lab
-BW (Biological Warfare)
By: MnemoniX (USA)
Type: vir.lab
V1.00 [1994]
COM/EXE/x infector
(non) resident
anti-trace
int24 handler
dir stealth
none/crypt/mte (BWME)
Note: the prog is password proted
-CIH (CIHorChernoble)
by: Cheng Ing Hau (Taiwan)
Type: Win95.vir
CyR:
1st vir to destroy hardware
1 of the most widely spread virs ever
caused havoc around the world
attacks on 1998 (or 1999?)
-PH33r
by: VLAD
year: 1995
-Love Bug
type: e-mail.vir
shuts down mail servers at many companies
-Mellisa
by: David L. Smith
---
(POLYMORPHIC/MUTATION) ENGINE
---
-MtE (MuTation Engine)
By: Dark Avenger or Mad Maniac /CrazySoft, Inc./Destroyers, Inc. (Bulgaria)
Type: vir.mte
v0.90
V1.00b [1992]
TASM V2.5
no src
2kb engine
CyR: legendary
-NED ([NuKE] Encryption Device)
By: Nowhere Man/[NuKE]
Type: vir.mte
V0.90b [1992]
TASM V3.0
1,355b engine
15+b decryptor
uses Cryptex(C) polymorphic mutation algorithm
CyR: should be non-pub, but a person who get it from a [NuKE] member
distribute it
v1.00
-TPE (TridenT Polymorphic Engine)
By: Masud Khafir/TridenT virus research group
Type: vir.mte
v1.0
v1.3
V1.4 [1993]
inspired by Dark Avenger's MtE
no src
1,6kb code
-VME (Visible Mutation Engine)
By: American Eagle Publications, Inc.
Year: 1993
Type: vir.mte
Disadv: no src
Note: only for research & educational purposes
-DSME (Dark Slayer Mutation Engine)
By: Dark Slayer (Taiwan)
Type: vir.mte
V1.0
Note: predecessor of DSCE
-DSCE (Dark Slayer Confusion Engine)
By: Dark Slayer (Taiwan)
Type: vir.mte
V1.0 [1994]
1,024b decryptor
no src
TASM/MASM
successor of DSME
-SMEG (Simulated Metamorphic Encryption Generator)
By: The Black Baron (England?)
Type: vir.mte
V0.1
used in PATHOGEN vir
V0.2
used in QUEEG vir
V0.3 [1994]
no src
TASM 2.51
-BWME (Biological Warfare Mutation Engine)
By: MnemoniX (USA)
Type: vir.mte
V1.00 [1994]
companion for Biological Warfare Virus Creation Kit
-MutaGen
By: Mnemonix (USA)
Type: vir.mte
V2.0 [1994]
no src
-GPE (GUN N' ROSES Polymorphic Engine)
By: Slash Wu (Taiwan)
Type: vir.mte
V1.00 [1994]
-RTFM (Rajaat's Tiny Flexible Mutator)
By: Rajaat
Type: vir.mte
V1.1 [1994]
650b engine?
no src
-SPe (Simple Polymorphic Engine)
By: LoRD Zer0
Year: 1994-1995
Type: vir.mte
V1.21 [1995]
419b engine
-Small Polymorphic Engine
By: Wild W0rker
-TCE (The Chaos Engine)
By: Sepultura (Australia)
Type: vir.mte
V0.4 [1995]
anti-heuristic?
-PME (Phantasie Mutation Engine)
By: Burglar (Taiwan)
Type: vir.mte
V1.0 [1995]
TASM V1.0
no src
free use except for injuring anything
-√ICE (√irogen Irregular Code Engine)
By: √irogen/[NuKE]
Type: vir.mte
V0.5 [1995]
TASM V2.0
1,995b engine code
13 - 850b decryptor
CyR: the most used mte in protor
-RTP (Red Team Polymorphy) Engine
by: TSM
type: vir.mte
V0.1b [1997]
-G2
vir.mte?
-PS_MPC
vir.mte?
-GCE
vir.mte?
-IVP
vir.mte?
-DAME
type: vir.mte?
v0.90
-HPE
type: vir.mte?
v0.90
v0.91
-MutaMorph (Memory Mutation Engine)
by: Morgan
type: protor.mte
disadv:
sometimes hang
non-pub
note:
mentioned by Morgan
based on Red Team mte
-SimpMut (SiMPle MuTation Engine) or Mutare
By: ANAKiN aka Stefan Esser (Germany)
Type: protor?.mte
v0.1 [1997]
src
pub domain
-VBPE (Valmii's Basic Polymorphic Engine)
By: Valmii/tKD aka Soeren Pretzel (Germany)
V0.4 [2000?]
included on Valmii's CCE (x protor) beta
-TME (TRAP's Mutation Engine)
By: Christopher Gabler (Germany)
Type: protor.mte
V1.02 [Jan 2000]
Note:
used in CG's TRAP (x protor)
based on √irogen's √ICE V0.5
non-pub
-MPME (MERLiN's Polymorphic Mutation Engine)
By: Andry Kobilykov aka AVK aka MERLiN /DTG/UG2000 (Russia)
Type: protor.mte
Note:
used in MERLiN's PCrypt (x protor)
non-pub (?)
-Jmute (Jeremy mutate)
by: Jeremy Lilley (USA)
type: protor.mte
note: very good
-HS-Muteng (HackStop Mutation Engine)
By: ROSE aka Ralph Roth/ROSE SWE (Germany)
Type: protor.mte
V1.0
based on TPE v1.4
V2.0
Note:
used in ROSE's HackStop (x protor)
non-pub
-SHAME (StoneHead Adjusted Mutation Engine)
By: StoneHead (The Netherlands)
Type: protor.mte
Note:
based on Darkman/VLAD disasm of Wild W0rker's Small Polymorphic Engine
used in STN's MESS (x protor)
non-pub
but STN plans (?) to release the src
STN: next plan for SHAME (][) should be a MMX-mte jumps anonymously to
ring 0, debug bkpts to lock up debuggers using Pentium II/III
errata, shovel off enough unpackers, BUT I don't have the spirit & time
Zenix: SHAME is a masterpiece
EdH: maybe next SHAME can be renamed as SHAMESS or MESHAMIAS
-ZVCE (Zenix V-Code Engine)
By: Zenix Yang aka Yang Shiuh-Phong (Taiwan)
Type: protor.mte
II
used in Zenix's FFSE (EXE protor)
non-pub
manual trace is boring
---
FILE IDENTIFIER
---
-FI (FileInfo)
By: Michael Hering aka herinmi (Germany)
Year: 1997-2000
Type: file.identify, 386, ~372kb (as shell = 32kb) mem, XMS, VGA, DOS V5
Compiler: BP V7.0
V2.06
part of ROSE's UnTiny package
CyR: prog x contains nice ASCII picture
V2.40 [2000] free-regged to a few people (including me :)
V2.43a [Dec 2000]
Adv:
free (but unregged)
most up-to-date identifier
still updated
GUI
crypt/encoding 'opinion'
Win LFN support
external batches
Disadv:
requires VGA
prog x prot often changes
note: focusing on x processor
-TYP
By: Veit Kannegieser (Germany)
Type: file.identify
variant: for DOS, DOS32, OS/2, Win4
Year: ? - 2004
Compiler: BP V7.0 or VP V2.00
15.04.2000
25.08.2002
13.08.2004
Adv:
doesn't detect file from extension
most (accurate & wide-range of) detection
cpu emulate (to bypass protor mutation)
free
Disadv: not frequently updated
Note: the prog spent 1000+ hours of author time
-GT (GETTYP)
By: PhaX aka Philip Helger (Austria)
Type: file.identify, 286, 250 kb basemem, XMS (optional)
Year: 1997-2000
Compiler: BP V6.0
adv:
free
still updated
V2.52
V2.60 [Dec 2000]
EdH: very long history (I DID read it!)
-FA (File Analyzer)
by: Vadim Torosov (Latvia)
type: file.identify
-File Analyzer
by: Hypn0tizeR
V1.8
-AINFO (Amon's file INFOrmation)
by: Amon Soft (Russia)
compiler: BP V7.0
V4.2 [Sep 1999]
beerware
-EXESCAN
By: ST!LLS0N
Year: 1997-1999
Compiler: BP V7.0 (?)
type: exe.identify
V3.21 [1998?]
last pub ver
V3.25 [1999]
used in Snow Panther's UN-PACK
-ChkEXE
By: Hanno Bock/SAVE/EXEList (Germany)
type: exe.identify
V1.17? [1997?]
note: the 1st? protor/presor checker
-Exeinfo Pro
by: Adam Lojewski/A.S.L Software (Poland)
year: 1994/1996
type: exe.identify
compiler: bp v7.0
V1.7xb
-PEiD (PE Identifier)
by: snaker, Qwerton, Jibz, & xineohP
type: win4
v0.95 [03 Nov 2008]
focusing on PE
-FastScanner
by: AT4RE (Arab)
type: win4
v3.0 Final [18 Jan 2010]
also tells which auto-unpacker needed to unpack found prot/pres
focusing on PE
-PID (Protection ID)
by: CDKiLLER & TippeX
type: win4
v6.1.6 Public [Jan 2009]
v6.3.5 [24 Dec 2009]
focusing on prot
-ExeInfo PE
by: A.S.L. (Poland)
year: 2006-2010
v0.0.2.7 [Apr 2010]
also tells which auto-unpacker needed to unpack found prot/pres
don't recognize old (packer/protor)s
focusing on PE
note: author=Adam Lojewski who write Exeinfo Pro (?)
---
DOS EXTENDER
---
Some Info Source: OlegPro/32LiTE/V0.02d/DOC
--
-DOS4GW or DOS/4GW (DOS (up to) 4 Gigabytes for Watcom c/c++)
Protected Mode Run-time
By: Rational System
Year: 1989-1998
Type: LE extender, 386, AT or PS/2, DOS V3, 64kb XMS
v1.8 [1992]: size = 231,179b
V1.95 [Nov 1993]
size = 254,556b
V1.96 [17 Feb 1994]
found in DGate.exe (game)
V1.97 [19 May 1994]
most popular ver
bindable
x is inpresible
size = 265,396b or 265,420b
V2.01a [Apr 1996]
by Tenberry Software (formerly Rational System)
bindable
x is inpresible
found on McAfee VirusScan for DOS/PM V4.xx
can't run under OS/2
V2.61 [01 Apr 1998]
Note:
Pro (licensed) ver can only be binded
contains DOS/4G & DOS/16M
= modified DOS/4G to support LE
the official dos-extender (or licensed) for WC(++)
its big size causes people to write alternative LE dos extenders
-DOS4G or DOS/4G (DOS (up to) 4 Gigabytes) Protected Mode Run-time
By: Rational System or Tenberry Software
Year: 1987-1998
Type: 386, AT or PS/2, DOS V3
V2.60 [1997] : size = 350kb (?)
found? on IDSoftware's DOOM II x (game)
V2.61 [01 Apr 1998]
size = 208,164b
EdH: doesn't work pretty good with ACE DOS V2.02
maybe because it's not meant for WC progs
Note: Pro (licensed) ver can only be binded
-DOS16M or DOS/16M (DOS (up to) 16 Megabytes) Protected Mode Run-time
By: Tenberry Software
Year: 1987-1995
Type: 286, DOS V3
V6.01 [1995]
internal (only bindable) ?
Note: found on NU for Win4x/DOS/(NDD, DiskEdit, UnErase) prog x
-PMW or PMODE/W (Protected Mode for Watcom c/c++)
By: Daredevil aka Charles Scheffold & Tran aka Thomas Pytel
Year: 1994-1997
Type: LE extender
V1.0
V1.16 [1994?]
V1.20 [1995]
PMWLITE
V1.33 [1997]
size = 12kb (presed), ~16kb (unpacked)
tested on WC v9.5, 10.0, 10.5, and 10.6
internal (only bindable)
own code pres (by PMWLITE)
free for non-commercial use
commercial use: 500 USD
student: 100 USD
no history
last ver
Note:
famous, common replacer for DOS4GW
based on Tran's PMODE
Hint: oldie collector can get pmode/w v1.0 from Epic's OMF 2097 V2.0 (game)
in MASTER.DAT
-PMODE
By: Tran aka Thomas Pytel
type: asm 32bit dos extender
V2.4
V2.51 : all dead code are removed
V3.07 [1994]
adv: free
Note:
used by many softwares
asm src
-PMODE/DJ
By: Tran aka Thomas Pytel & Matthias Grimrath
year: 1993-1995
Note: for DJGPP x
EdH: once hangs my 3rd cpu
-DOS32A or DOS/32A (DOS/32 Advanced)
By: Narech Koumar (Naresh Kumar)/SUNSYS or Supersnar Systems (Sweden/Russia)
Year: 1996-1998, 2002
Type: LE & LX extender, DOS V4
Compiler: TASM v4+, WC v10.6+
V4.30
mode switching is optimized for any CPU with multiple execution units
supporting RISC86 (ex: Pentium MMX/II & AMD K6)
official format = LX, but LE is still supported
V5.00 [1998]
size = 26,126b (16bit presable)
bindable
various options
commercial use: 499 USD
VESA VBE V2.0 & mouse support
can alloc up to 64Mb (max possible 2Gb) RAM
supports up to 32 objects per application
no (VM & pres & non-zero based flat model) support
V6.00 [16 Apr 1998]
can pres LE & LX exe-format (converted into LC format)
> 64Mb RAM (2Gb under XMS, 256Mb under VCPI)
installer/install.exe doesn't run on my 3rd cpu (DOS Box)
but can run under 'restart to MS-DOS' mode
V7.00 [1998]
commercial?
SP1 Rev. C
V7.10 (Liberty Edition)
released as public domain (?)
src included
last ver done by Narech Koumar
V7.20 [15 Oct 2002]
by: Javier Gutierrez/DOS32A Team
part of FreeDOS
Note:
100% asm
most compatible, flexible & fastest (?)
-ZRDX (ZuRenava Dos Extender)
By: Sergey Belyakov (Russia)
year: 1998-1999
Type: LE extender
V0.49 [1999]
Size = 12Kb
Internal (only bindable)
Free
with src
-CauseWay
by: John Wildsmith
year: 1992-1995
v2.64 [1995]
-CW (CauseWay)
By: Michael Devore
Type: 386, DOS V3.1
Year: 1992-1999
V3.25 [1996] : size = 46,608b (presed)
V3.49- : commercial
V3.49 [1999]
size = 47,088b (presed)
supports Clipper V5.1 & Clarion V2.1
presable (CWC)
internal (only bindable)
auto log if error
pub domain
src is released (EdH: author gives up on DOS :)
Note:
has spec.x.format called 3P
famous, used by F-Prot V3.x (AV), PGP V5.0bi (crypt), PQMagic v7 (partition) exes
-PharLap TNT
By: PharLap Software
Year: 1986-1991
type: 286?
Note:
Commercial
Found on some Microsoft products (MASM)
-DOS32
By: Adam Seychell (Australia)
Year: 1993-1996
Type: Adam (32bit exe-format) extender, 386
V3.0
V3.3 [Nov 1995]
size = 8.5kb
free for non-commercial use
commercial: typically $150
own code pres (by linker)
OMF linker
DLL support
V3.4b rev 9 [1995]
found on Dark Fiber/[NuKE]'s VACUUM prog x
V3.5b rev 6 [Aug 1996]
size = 9,008b
shareware
1/2 sec delay
undisable logo
max 4mb mem
Note:
has spec.x.format called Adam
depresable (OlegPro's DOS32Unp)
-Prospero
Disadv: Commercial
Note: supports Pascal & ?
-FlashTek X-32
by: FlashTek
year: 1992-1993
Note: mentioned in Ralf Brown's Interrupt List
-DOS extender
by: Doug Huffman
year: 1991-1994
size: 1,536b (loader)
note:
loader has string 'B23X'
found on SciTech/UniVBE/5.1/VBETest.EXE
= FlashTek X-32 (modified by author)
-WDOS/X (Wuschel DOS eXtender) or WDX
By: Michael Tippach aka Wuschel (England)
Year: 1996-2000
Type: multi.extended.x.extender, 386
V0.94 [1997]
V0.96b1 [May 2000]
supports LE, COFF, PE
Size = 11,094b (LE)
Free
presable (Jibz's WDOSX-PACK)
bindable
simplest binding
Win32-like API
v0.96 [2001]
V0.97
Note: used by TMT Pascal
-E.O.S (Eclipse Operating System)
By: Eclipse
Type: LE extender, 386, DOS V3
V2.08
V3.05 [1997]
Free?
Note: found on RAO's ERI32 (multimedia file presor)
forget what ver, but surely not from ERI32 v5.1fre
-BLINKER (BLX286)
By: ASM (Assembler Software Manufacturers)
Type: Clipper NE extender, 286, DOS V3
Year: 1992-1998
V5.10 [1998]
Size = 42kb
note:
actually a linker?
allows NE exe to run on DOS?
-GO32
By: DJ Delorie
V1.08
V1.12 [4 Aug 1994]
Note:
no longer used for DJGPP v2
part of DJGPP (C compiler)
-CWSDPMI (Charles W. Sandmann DPMI)
By: Charles W. Sandmann
Year: 1995-2000
Type: 32bit DPMI server (esp. for DJGPP V2), 386, DOS V3
Adv:
few DPMI V1.0 extensions
also run (DJGPP V1.x & RSX) x
1-time service or goes TSR
Disadv: no support for 16bit DPMI
V0.90+ r1 [1995]
Compiler: Turbo C++ [1990] or BC V3.0 [1990]
V0.90+ r3 [1996]
max 128Mb paging file
V0.90+ r4 [1997]
max 256Mb paging file
IDSoftware's Quake V1.06 [1996] refuses to run under V0.90+ r4
maybe because of merely different setting
r5 [2000]
bindable?
found on UPX V1.04+
Note:
based on DJ Delorie's GO32
v0.90+ marks the DPMI ver supported, not the prog ver
-EMX (Eberhard Mattes's eXtender (?))
By: Eberhard Mattes
Year: 1991-1995,2000
Type: EMX C extender/loader
V0.9d (rev 60) [1995]
V0.9d (rev 61) [2000]
Note:
part of EMX C Compiler
found on RAR V2.6+ for DOS32 or OS/2
EMX needs RSX when run on Win9x/DOSBox (?)
EMX application can't? run on Win NT/2K
-RSX (Rainer Schnitker's eXtender (?))
By: Rainer Schnitker
Year: 1993-1998
Type: DPMI v0.9/v1.0 extender for EMX & RSXNT x, 386
V5.21 [1998]
free
requires DPMI server
RSX application can't? run on Win NT/2K
-PRO32
by: Dieter Pawelczak (Germany)
year: 1996-1999
v1.7 [Jan 1999]
size=9,984b (presed? by Pack V1.0)
note: part of Pass32 assembler package
-Xtender
by: vyc/sophtXS
V1.04.36066
note: to support XSC x (hi-lang compiler)
-PowerPack
by: Borland
note: to support BC V5+ (?)
-RTM
by: Borland
year: 1990-1993
type: 16bit NE extender
V1.1 [1993]
note:
to support 16bit PM Borland stuff (BP V7.0 TPX.EXE, TLINK V6.00)
paired with DPMI16BI.OVL
-32RTM
by: Borland
year: 1992-1994
type: 32bit PE extender
V1.5 [1994]
~60kb resident
note:
to support 32bit PM Borland stuff (ex: TASM32 V4.0)
paired with DPMI32VM.OVL
VeK: 32rtm from BP v7.01 crashes my machine (too much mem?)
-DOSX16 (MDX)
by: Chris Jones
v1.00a [1998]
size~93kb
still beta
last ver
provides 16Mb memory for Win3 prog compiled using Borland C v4.5
---
*FAMOUS* QUOTATIONS:
EliCZ: compare the number of protors with the number of proted x
PaC: if a prot system is safe, it will be broken (Murphy's Law)
JeL: X (de)prot = hi-tech cat & mouse game
STN: X (de)prot = holy war
EdH:
"CRYPT", "SCRAM*" & "CC*" are considered as very creative names for some
protors :)
No LE/LX protector? Oh, I know, it's not DOS which is dead, but the
prot scheme itself :)
---
MISC
---
?: disadv of Win32/PE pres: increase mem requirement if user starts
several instances of the (big) prog.
ANAKiN: using win32/pe presor wasted a lot of mem, but that's Microsoft's
fault because Memory decommit functions simply don't work.
X Loading may take longer, but after it's unpacked the pages get swapped
out if there're no more accesses on them. And btw: code sharing is easily
possible.
CG: hw bkpt isn't possible under Win
STN:
Win32/PE prot is based on the fact that Win32 is closed-src
Linux prot is impossible -> can change Linux kernel to dump every
loaded x image
EdH:
Since materials reviewed here are mainly from SuddenDischarge, I can't
help to think that this info = SuddenDischarge documentation :)
Hanno Bock's is called EXEList, ProsInfo should be called ListEXE :)
I imagines Troy people saying: 'Don't call it trojan! It was Greek who send
that cursed thing to us and yet we get the blame for it. You should call it
greek!'