home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
The Elite Hackers Toolkit
/
TheEliteHackersToolkitVolume1_1998.rar
/
HACKERS.BIN
/
appcraks
/
UNPSH13B.ZIP
/
UNPESH.TXT
< prev
Wrap
Text File
|
1990-01-01
|
5KB
|
117 lines
─────────────────────────────────────────────────────────────────────────
███ ██ ███ ██ ███▀██ ███▀██ ███▀██ ███ ██ ▀▀▀ ███▀██ ███ ███▀█▄
███ ██ ████ ██ ███ ██ ███ ███ ███ ██ ███ ███ ███ ███ ██
▓██ ██ ▓██████ ▓██▀▀ ▓██▀ ▀▀▀ ▀▀▀▀██ ▓██▀██ ▓██ ▓██▀ ▓██ ▓██ ██
▒▓█ ██ ▒▓█ ███ ▒▓█ ▒▓█ ▒▓█ ██ ▒▓█ ██ ▒▓█ ▒▓█ ▒▓█ ▒▓█ ██
░▒▓███ ░▒▓ ██ ░▒▓ ░▒▓▄██ ░▒▓▄██ ░▒▓ ██ ░▒▓ ░▒▓▄██ ░▒▓▄██ ░▒▓▄█▀
UNPE-SHiELD v0.13b (C) Copyright 1998 by G-RoM [PC/BS/PNC]
─────────────────────────────────────────────────────────────────────────
D O C U M E N T A T I O N
─────────────────────────────────────────────────────────────────────────
I. What is UNPE-SHiELD?
~~~~~~~~~~~~~~~~~~~~~~~~~
UNPE-SHiELD is a program, which decrypts 32-bit Windows
EXE files "protected" by PE-Shield. The version supported
are the 0.1ß, 0.1b, & 0.1c.
II. Disclaimer
~~~~~~~~~~~~~~~
I, the author, am *NOT* responsible for any damage caused
by the use of UNPE-SHiELD. It was tested with success
under Windows NT, Windows 95&98 and pure DOS ;).
III. Usage
~~~~~~~~~~
Using UNPE-SHiELD is very easy: Just type UNPESH [file]
and UNPE-SHiELD will try to remove the encryption from
the file u specified. The progression of the work will be
displayed on ur screen.
To fixup the relocations, run reloc.exe on the file u ran
unpesh.exe and not before u ran it !!
Ex:
unpesh taskman.exe
reloc taskman.exe
IV. Technical Notes
~~~~~~~~~~~~~~~~~~~~
UNPE-SHiELD was coded under PURE 32 bits assembler with
the use of DOS32 v3.5 services, which is on my point of
view the best DOS-Extender available for ASM32 coding. I
didn't do the job in PURE C coz I think it is useless ;)
The work was achieved in 3 hours.
V. Future Stuff
~~~~~~~~~~~~~~~~~~
■ Remover for any new features of PESHiELD ;)
■ Including of reloc.exe code in unpesh.exe.
VI. History
~~~~~~~~~~~~~~~~~~
V 0.0001 : Lame version, only removed a specific "MTE" version :(
Thanx Hann0 to report me what he thought to be a joke.
V 0.1α : (Internal release)
Added MTE analyzer.
Now any pe-shielded file might be supported. Please
report if u got an exe that crash ur PC when uncrypting.
V 0.1 : Added universal MTE remover.
V 0.11 : Improved MTE detector.
Thanx Hann0 for giving me a non working EXE ;)
V 0.12 : Added a new check to get real end of crypted infos (0.1b).
V 0.13 : Rewrote the GETorigEIP code To support 0.1c.
May rechange soon... I am not satisfied by the way it
works and the code I did.
Dll unpacking untested & may doesn't work at all.
V 0.13b : (optimisation / reloc support)
GetOrigEip rewrote to my convenience ;)
Dll unpacking was working perfectly in 0.13 ;)
Added Reloc.exe and external tool which allow the relocs
to work again.
VII. The author
~~~~~~~~~~~~~~~~~
G-RoM is a cracker for several groups and won't give you
his real info. Don't ask ;)
iRC: EFNET #CRACKING nick G-RoM.
VIII. Personal Greetinx
~~~~~~~~~~~~~~~~~~~~~~~~
RaNDoM ■ PeCRYPT is now 100% bugfree ;) Kewl..even if I never got any
pb with it ;) hehehe.
ANAKiN ■ Ooopps, I think u know now how my code works (Grrr..). About
my 'sick' remark... Reread the mail u sent me ;) That's what
u wrote !! I am working on a new generic method to kill MtE,
but won't be released until 1.0 ;) I got some time and saw
that CrapStop isn't really a NT friend. Update !!
Good luck and continue to update PESHiELD(tm ? hehe).
Stone ■ I really think that ur unWWPACK32 code is good, but we can
at least improve The size at the end : It is not hard to
remove the WWPACK32 unpack object and the code related to.
Stonehead, Dαrk-Mαn, Dark Stalker, KA0T, Marquis, Lord Byte, ACP,
Misha, TiNoX, SeNSi, Lord Caligo, LGB, KAB, Regor, Hann0 (error
reporter hehehe), Razzi and lots of others ;)
Greetings goes to the whole #cracking, uCF, Phrozen Crew, ... All
groups I know someone in ;)
PS: The documentation was written in a hurry...