The Elite Hackers Toolkit

home *** CD-ROM | disk | FTP | other *** search

/ The Elite Hackers Toolkit / TheEliteHackersToolkitVolume1_1998.rar / HACKERS.BIN / appcraks / UCFPD1A9.ZIP / VERSION.TXT < prev

Wrap

Text File | 1990-01-01 | 6KB | 153 lines

Packer/protector tested : ───────────────────────── I tested with success depacking of : ■ PELOAD - My own tool ;) Don't ask. ■ ENC 0.1 - A basic PE encrypter. ■ WWPACK 32 Beta - after a fucking while.. Nearly 4,000,000 lines executed ! ■ WWPACK 32 1.0 - 4,300,000 lines !!!!!!!!! ■ Shrinker 32 3.3 (version <3.3 use instable code) (305,000 lines). ■ Stone's PE Encrypter up to 1.13. ■ Some few version of PeCrypt (not the version >0.8). ■ May be some others I don't have tried ;) Packer/Protector tested but not working (yet ?): ■ Shrinker 3.2 : This one has a fucking bad loader. For Example: xor eax,eax mov byte ptr [eax],20 <- Fault ! is a part of the loader. Later in the loader such crap occurs too. Tips : Try to use J0B unshrinker for version 3.2. OR do it by the hand : BPX .LOAD+2672h (.LOAD RVA) ■ PECRYPT32 : Ahem... I talked much with Random and told him many tips like how my import detection work, etc... Moreover there are several MTE in the code and Some IDT manipulations which cause the loader to not be traced totally. I personnally tested trace of 10 MILLIONS of lines with an access violation error at the end. IN CONCLUSION : you can't trace it by using ProcDump... At least you can analyze a dump. The full support of PECRYPT32 will be done one day.... When I got or did a fully featured tracer ;). ■ PESHIELD : due to the fact it uses a ring 0 stack trick, it can't be traced under windows 95. I suspect the IDT manipulation to cause the access violation. I have not investigated much about it because I did unPESHiELD which handle every version perfectly. I will add soon support to it in fast unpacking mode. Generally, always use specific unpackers/deprotectors because they handle perfectly the PE and restore it to its EXACT state before protection. To be done : ──────────── ■ Import name rebuilder if I have time. ■ Reloc Table scanner & rebuilder. ■ Module unpacker (It can be done... but I need time hehe). ■ Implement some anti ADT.... just in case ;) ■ Stronger tracer. ■ More fast unpacking. ■ Script tracing to speed up unpacking/deprotecting. ■ Fix some obvious bugs =) These points are in development... Any help would be appreciated. Especially if u can code : ■ In PURE WIN ASM32 the interface :). ■ Visual ASM32 / ASM Builder or any ASM Win32 IDE tool like that (I dream) ;) ■ A Better tracer code .... With Anti ADT and Fault filtering. ■ A reloc detector - not an object name scanner please. History : ───────── version 1.0 Alpha 9 [04-20-1998] ■ Added some sanity check about non PE header. (04-10) ■ Added Module lister for a given process. (04-12) ■ Added Module Dumper. (04-12) ■ Added Header Full rebuilder when destroyed. (04-13) ■ Added Fast unpacker for a few packers. (04-15) ■ Import Rebuilder 100% working [many things fixed] (04-20) Rebuild ordinal for crashed import table at runtime. ■ On successfull unpack, display EIP before Jump. (04-15) ■ Some cosmetic changes. (04-13) ■ Source code cleaned up a little. (04-13) I know, I know : u don't care ;) ■ Optimized a little the code size. (04-12) ■ Helped a little the garbage collector...ooopps ;) (04-20) ■ Updated the documentations (04-20) version 1.0 Alpha 8 [04-06-1998] - Public ■ "Public" version ;) For those who knows how/why to use this. ■ Changed a bit the object size updater. ■ On failure, Display EIP we where. ■ Terminate correctly in all cases now (Trace)... except if Win crash ;) ■ Exe Size reduced. ■ New GFX added ;) version 1.0 Alpha 7 [03-27-1998] ■ Changed the debug tracing interception mode. ■ Eip no more destroyed in dump & reload mode. ■ First version WITH a working PE unpacker !! ■ Fixed a little bug in import rebuilder. ■ Removed "always on top" feature... was annoying. version 1.0 Alpha 6v[03-26-1998] ■ Visual Progression of the tracer so that u can know if we are killed or not. ■ Some others minor things. version 1.0 Alpha 6 [03-24-1998] ■ Tracer Code fixed and more secure - no more Reboot32 code ;). ■ Traps for ACCESS_VIOLATION ■ Traps when Process is out of itself !! version 1.0 Alpha 5 [03-23-1998] ■ Tracer Code added [TO DEBUG] !!Don't use if u don't know what u do!! Means : Only if u are called Stone or G-RoM ;). Actually it is nearly a Reboot32 Code ;). version 1.0 Alpha 4 [03-20-1998] ■ DLL export analyzer enhanced. -> ordinal export supported in import rebuilder [Ex: kernel32.1 allowed]. ■ Memory leak fixed. ■ Load External option fixed (ahem....forgot a boolean test !). ■ Mangled import function restore. See Special Section. version 1.0 Alpha 3 [03-19-1998] ■ DLL name autorestore. ■ IAT special entry pb solved. version 1.0 Alpha 2 [03-18-1998] ■ New import section detector (generic). ■ Header rebuild 100% okay now [bss always 0 !] ■ Some checks were added just in case. version 1.0 Alpha [03-13-1998] ■ Import loader now rebuild a valid import table, import by Name is always tried before by ordinals. version prealpha [03-08-1998] ■ External Buffer conversion added. version 0 [03-03-1998] ■ Interface done ■ Translated my win32 asm prototype in inline asm under delphi. ■ File dump at exact size works now.