************************************************
************************************************

Unfortunately, this site has restricted functionality as this browser does not support the HTML button formaction attribute.

Unfortunately, this site has restricted functionality as this browser has HTML web storage turned off.

20031 of 48,116 files

1998 November 8

  • Zip - Windows / Computer tool
  • Egis, program credits
4 items in the archive
  • COREUTiL.NFO
  • FILE_ID.DIZ
  • pesum.zip
  • Core98.exe
[+] Configuration Copy text
─════════════════════════════════════════════════════════════════════─ PESum v0.01 ■ Updates the Checksum of a PE file (c) [eGIS!/CORE '98] Registered to: Public Domain. All rights reserved. ─════════════════════════════════════════════════════════════════════─ Document by [eGIS!/CORE] 1. Introduction --------------- It seems that some very good coders began to write PE encryptor and compressor. Lots of them are successfully to write their own ones. But sometimes when we run the encrypted/compressed EXEs, a virus-monitor alerts us: the files have been infected. Why? It is generally because of the PE file checksum has been changed during the encryption or compression process. But the author of the encryptor/compressor forgets to update that value. Windows 9x will ignore that value. But Windows NT will not, and some anti-virus program will not. 2. What is PESum? ----------------- PESum will check if a PE file has a correct checksum in its header. If it does not have, PESum will compute the checksum and update the PE file. 3. How to use? -------------- PESum is easy to use. If you want to check a PE named BLA.EXE, just type: PESUM BLA.EXE and PESum will do the rest. 4. Update or not? ----------------- PESum will always update the checksum if it finds a PE does not have the correct value. That will not do any harm to the EXE. 5. Known buggy encryptors/compressors ------------------------------------- PETite Version 1.00, 1.01, 1.02 by Ian Luck PE-Pack Version 0.99 by ANAKiN PEShield 0.1, 0.2a~0.2d by ANAKiN WWPack32 1.00, 1.01, 1.10, 1.11 by R.W. & P.W. PE-Crypt32 1.00, 1.01, 1.02 by Random, ACP & Killa BJFnt 1.1, 1.2, 1.3, 1.4 by MARQUIS STONE's encryptor 1.13 by STONE Only PELockNT does not has this problem. 6. Known anti-virus programs which report this error ---------------------------------------------------- AVP Version 3.0 will report this error. I have not found other AV programs report it including NAV 5.0.1. BTW: I strongly recommend you not to use AVP. AVP monitors conflicts with a lot of utilities, e.g. Norton SpeedStart which boosts up the startup time of a program up to 300%. AVP monitors slows down your Windows 9x. I personally use Norton AntiVirus 5, it simply rules. Maybe you are using TBAV or F-PROT, if the same error occurs, please tell me. 7. How to contact me -------------------- You can contact me by: E-Mail: [email protected] IRC : egis in EFNet, channel #cracking If you find bugs, please feel free to contact me. 8. Greetings ------------ All CORE members esp. katie, DrRhui, pSI and SiraX All PCE members mARQUIS, random, ANAKiN, acpizer, G-ROM & STONE for your hard work on PE file exploring dEVIL: you introduced me to UCF :) djHD, Dr. Arab, Prophecy, llLibRa 9. Technique Notes ------------------ This little program only uses MapFileAndCheckSum function to get the correct checksum and writes it back to the original EXE file. In order to use this API function, you must import IMAGEHLP.H & IMAGEHLP.LIB to your project. API details: MapFileAndCheckSum( BYTE* szName, DWORD* dwHeaderSum, DWORD* dwCheckSum ) szName: file name specification, length up to 260 characters (Win95) dwHeaderSum: buffer that receives the current header checksum dwCheckSum: buffer that receives the correct header checksum This is the struct of PE file header. [PEHEADER.H] ------------ typedef unsigned char BYTE; typedef unsigned int WORD; typedef unsigned long DWORD; typedef struct { DWORD PESign; WORD Machine; WORD NumofSections; DWORD TimeStamp; DWORD PointerToSymbolTable; DWORD NumofSymbols; WORD SizeofOptionalHeader; WORD Characteristics; } PEHeader; typedef struct { WORD Magic; BYTE MajorLinkerVer; BYTE MinorLinkerVer; DWORD SizeofCode; DWORD SizeofIData; DWORD SizeofUIData; DWORD AddressofEntryPointer; DWORD BaseofCode; DWORD BaseofData; DWORD ImageBase; DWORD SectionAlignment; DWORD FileAlignment; WORD MajorOSVer; WORD MinorOSVer; WORD MajorImageVer; WORD MinorImageVer; WORD MajorSubSysVer; WORD MinorSubSysVer; DWORD Reserved; DWORD SizeofImages; DWORD SizeofHeaders; DWORD CheckSum; WORD SubSys; WORD DLLChars; DWORD SizeofStackReserve; DWORD SizeofStackCommit; DWORD SizeofHeapReserve; DWORD SizeofHeapCommit; DWORD LoaderFlags; DWORD NumofRVAAndSizes; } PEOptionalHeader; typedef struct { BYTE szObjName[ 8 ]; DWORD VirtualSize; DWORD RVA; DWORD PhysicalSize; DWORD Offset; DWORD Reserved[ 3 ]; DWORD Flags; } ObjectHeader;
COREUTiL.NFO 80x177 Font
80