Packer/protector tested :


 I tested with success depacking of :

   PELOAD - My own tool ;) Don't ask.
   ENC 0.1 - A basic PE encrypter.
   WWPACK 32 Beta - after a fucking while.. Nearly 4,000,000 lines executed !
   WWPACK 32 1.0 - 4,300,000 lines !!!!!!!!!
   Shrinker 32 3.3 (version <3.3 use instable code) (305,000 lines).
   Stone's PE Encrypter up to 1.13.
   Some few version of PeCrypt (not the version >0.8).
   May be some others I don't have tried ;)

To be done :


  Import table builder with function name restore for killed one.
  Reloc Table scanner & rebuilder.
  Module dumper/unpacker (dunno if unpack can be done !!).
  Implement some anti ADT.... just in case ;)
  Stronger tracer.
  Specific Protector/Unpacker Fast Unpacking.
  A little SDK ? ;)
  Fix some obvious bugs =)

 These points are in development... Any help would be appreciated.

 Especially if u can code :

  In PURE WIN ASM32 the interface :).
  Visual ASM32 / ASM Builder or any ASM Win32 IDE tool like that (I dream) ;)
  A Better tracer code .... With Anti ADT.
  A reloc detector - not an object name scanner please.

History :


version 1.0 Alpha 8 [04-06-1998] - Public

  "Public" version ;) For those who knows how/why to use this.
  Changed a bit the object size updater.
  On failure, Display EIP we where.
  Terminate correctly in all cases now (Trace)... except if Win crash ;)
  Exe Size reduced.
  New GFX added ;)

version 1.0 Alpha 7 [03-27-1998]

  Changed the debug tracing interception mode.
  Eip no more destroyed in dump & reload mode.
  First version WITH a working PE unpacker !!
  Fixed a little bug in import rebuilder.
  Removed "always on top" feature... was annoying.

version 1.0 Alpha 6v[03-26-1998]

  Visual Progression of the tracer so that u can know if we are killed or
   not.
  Some others minor things.

version 1.0 Alpha 6 [03-24-1998]

  Tracer Code fixed and more secure - no more Reboot32 code ;).
  Traps for ACCESS_VIOLATION
  Traps when Process is out of itself !!

version 1.0 Alpha 5 [03-23-1998]

  Tracer Code added [TO DEBUG] !!Don't use if u don't know what u do!!
   Means : Only if u are called Stone or G-RoM ;).
   Actually it is nearly a Reboot32 Code ;).

version 1.0 Alpha 4 [03-20-1998]

  DLL export analyzer enhanced.
   -> ordinal export supported in import rebuilder [Ex: kernel32.1 allowed].
  Memory leak fixed.
  Load External option fixed (ahem....forgot a boolean test !).
  Mangled import function restore. See Special Section.

version 1.0 Alpha 3 [03-19-1998]

  DLL name autorestore.
  IAT special entry pb solved.

version 1.0 Alpha 2 [03-18-1998]

  New import section detector (generic).
  Header rebuild 100% okay now [bss always 0 !]
  Some checks were added just in case.

version 1.0 Alpha   [03-13-1998]

  Import loader now rebuild a valid import table, import by Name is always
   tried before by ordinals.

version prealpha    [03-08-1998]

  External Buffer conversion added.

version 0           [??/??/1998]

  Interface done
  Translated my win32 asm prototype in inline asm under delphi.
  File dump at exact size works now.
