home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
The Elite Hackers Toolkit
/
TheEliteHackersToolkitVolume1_1998.rar
/
HACKERS.BIN
/
appcraks
/
UNPSH14.ZIP
/
UNPESH.TXT
< prev
Wrap
Text File
|
1990-01-01
|
5KB
|
127 lines
─────────────────────────────────────────────────────────────────────────
███ ██ ███ ██ ███▀██ ███▀██ ███▀██ ███ ██ ▀▀▀ ███▀██ ███ ███▀█▄
███ ██ ████ ██ ███ ██ ███ ███ ███ ██ ███ ███ ███ ███ ██
▓██ ██ ▓██████ ▓██▀▀ ▓██▀ ▀▀▀ ▀▀▀▀██ ▓██▀██ ▓██ ▓██▀ ▓██ ▓██ ██
▒▓█ ██ ▒▓█ ███ ▒▓█ ▒▓█ ▒▓█ ██ ▒▓█ ██ ▒▓█ ▒▓█ ▒▓█ ▒▓█ ██
░▒▓███ ░▒▓ ██ ░▒▓ ░▒▓▄██ ░▒▓▄██ ░▒▓ ██ ░▒▓ ░▒▓▄██ ░▒▓▄██ ░▒▓▄█▀
UNPE-SHiELD v0.14 (C) Copyright 1998 by G-RoM [PC/BS/PNC]
─────────────────────────────────────────────────────────────────────────
D O C U M E N T A T I O N
─────────────────────────────────────────────────────────────────────────
I. What is UNPE-SHiELD?
~~~~~~~~~~~~~~~~~~~~~~~~~
UNPE-SHiELD is a program, which decrypts 32-bit Windows
EXE files "protected" by PE-Shield. The version supported
are the 0.1ß, 0.1b, 0.1c and 0.1d.
II. Disclaimer
~~~~~~~~~~~~~~~
I, the author, am *NOT* responsible for any damage caused
by the use of UNPE-SHiELD. It was tested with success
under Windows NT, Windows 95&98 and pure DOS ;).
III. Usage
~~~~~~~~~~
Using UNPE-SHiELD is very easy: Just type UNPESH [file]
and UNPE-SHiELD will try to remove the encryption from
the file u specified. The progression of the work will be
displayed on ur screen.
To fixup the relocations, run reloc.exe on the file u ran
unpesh.exe and not before !!
Ex:
unpesh taskman.exe
reloc taskman.exe
IV. Technical Notes
~~~~~~~~~~~~~~~~~~~~
UNPE-SHiELD was coded under PURE 32 bits assembler with
the use of DOS32 v3.5 services, which is on my point of
view the best DOS-Extender available for ASM32 coding. I
didn't do the job in PURE C coz I think it is useless ;)
The work was achieved in 3 hours.
V. Future Stuff
~~~~~~~~~~~~~~~~~~
■ Remover for any new features of PESHiELD ;)
■ Including reloc.exe code in unpesh.exe.
VI. History
~~~~~~~~~~~~~~~~~~
V 0.0001 : Lame version, only removed a specific "MTE" version :(
Thanx Hann0 to report me what he thought to be a joke.
V 0.1α : (Internal release)
Added MTE analyzer.
Now any pe-shielded file might be supported. Please
report if u got an exe that crash ur PC when uncrypting.
V 0.1 : Added universal MTE remover.
V 0.11 : Improved MTE detector.
Thanx Hann0 for giving me a non working EXE ;)
V 0.12 : Added a new check to get real end of crypted infos (0.1b).
V 0.13 : Rewrote the GETorigEIP code To support 0.1c.
May rechange soon... I am not satisfied by the way it
works and the code I did.
Dll unpacking untested & may doesn't work at all.
V 0.13b : (optimisation / reloc support)
GetOrigEip rewrote to my convenience ;)
Dll unpacking was working perfectly in 0.13 ;)
Added Reloc.exe an external tool which allows the relocs
to work again.
V 0.14 : (0.1d support fix)
Modified the GetOrigEIP method
Modified a little bit the MtE analyzer.
VII. The author
~~~~~~~~~~~~~~~~~
G-RoM is a cracker for several groups and won't give you
his real info. Don't ask ;)
iRC: EFNET #CRACKING nick G-RoM.
VIII. Personal Greetinx
~~~~~~~~~~~~~~~~~~~~~~~~
RaNDoM ■ PeCRYPT is now 100% bugfree ;) Kewl..even if I never got any
pb with it ;) hehehe.
ANAKiN ■ I played again with ur little modification to MtE. I support
ur new modification... Work again ;). There are still some
big hole in ur MtE ;) Continue to work on it ;)
BTW : what's the interrest to release PECRYPT EXE unpacked ?
I don't really understand. A generic unpacker is a thing
that might be interresting. We used to unpack EXE when they
are crippled/unregistered to change the default status of it
but PECRYPT is free & fully fonctionnal. I wait any comment
from you about that (EX: ur peshield.exe was never released
unpacked.. coz it is fully fonctionnal).
Stone ■ I really think that ur unWWPACK32 code is good, but we can
at least improve The size at the end : It is not hard to
remove the WWPACK32 unpack object and the code related to.
Continue ur interresting work on PE protection. ;)
Stonehead, Dαrk-Mαn, Dark Stalker, KA0T, Marquis, Lord Byte, ACP,
Misha, TiNoX, SeNSi, Lord Caligo, LGB, KAB, Regor, Hann0 (error
reporter hehehe), Razzi and lots of others ;)
Greetings goes to the whole #cracking, uCF, Phrozen Crew, ... All
groups I know someone in ;)
PS: The documentation was written in a hurry...