ÚËÍÍÍË¿ÚËÍÍËÄ¿ÚË Ë¿ ÍÍÍÍ» ÉÍÍÍ» ÉÍÍÍ ÀÊÍÍÍË¿³º È˳³º º º³ Í͹ ÌÍÍ͹ ÌÍÍÍ» ÀÊÍÍÍÊÙÀÊÍÍÍÊÙÀÊÍÊÍÊÙ ÍÍÍͼ ÈÍÍͼ ÈÍÍͼ -/ Shadow Com Cryptor v.1.78 /- 1.intro SDW386 is a freeware simplest com file encryptor, based on Tailgunner's "Shadow Com Cryptor", with polymorphic functions, lame and poor antidebug code against automatic unpackers like UNP, CUP386, AutoHack or something else and some com dumpers, based on check 100h, like DECAY or DumpCom. WARNING! SDW386 cannot stop TEU, E-Dump, Soft-Ice, TR and other advanced debuggers and dumpers. TEU unpack files, compiled on high level languages. If you want protect against TEU, modify startup code of your file and/or use tight commercial protectors like HackStop or other ... SDW386 provided "as-is" without warranty of any kind! IF (you disagree) THEN (you know ;-) REMEMBER! encryptors/protectors/guards cannot stop advanced cracker. Only FreeWare program stop it. Maybe. :-) You may use SDW386 freely, no lamers see your copyrights in crypted files ;-) If you wanna see in crypted files your name, like: [Registered to: KewlBeerDrinker] send me bottle of your favorite beer :-) and get unique version (i promise:) registered on your name :-) If you send me twenty bottles of beer, you may get full commented source of last version SDW386 :-) 2.features positive: - polymorphic decryptor with/without garble code. - some antidebug/antidumping code. - unlimited com size. - tested under MSD0S 7.0-6.22, PCDOS 7.0, (EMM386, QEMM 8.1, himem). Win95, Win95-OSR2, WinNT 4.0 Server and Workstation. - freeware ;-) negative: - cannot handle PE/NE/LE/LX/W3 executables. - cannot handle EXE files (maybe in next versions?). if you want crypt exe files, convert it to com. - antidebug code is very simple, crypted files easy to unpack. - single polymorph layer. - not create backup files. if you wanna backup, do it with your own. 3.usage SDW386.COM [switches] filename.com - file to encrypt. switches: /s - small, low polymorphic decryptor, easy to unpack. /l - large, highly polymorphic decryptor. /r - random decoding decryptor method /b - blind mode. copyrights and CPU check not added to crypted file. if you not use /s or /l switches, size of decryptor select randomly. 4.techInfo SDW386 use for polymorphism ûiCE 0.5 (ûirogen Irregular Code Engine) created by ûirogen/[NuKE] and little bit improved by me ;-) attach to protected files approx. 600 bytes - 1.8 Kilobytes lenght decryptor. Himself SDW386 and protected files required 386+ to run. Size of decryptor (small/large) you may see in end of encrypted file in string contain copyrights and reginfo: [SDW386 v.1.78s by MANtiC0RE] - small decryptor [SDW386 v.1.78L by MANtiC0RE] - large decryptor 5.greetz in random ;-) order: Many thanks for my wife Svetlana (Tiny Light) for moral support ;-) Stonehead - your help immeasurable ... very much thanks ... Rose - good man ;-) exellent programmer ... DarkGrey - thanks for some ideas, some code and for DeGlucker 0.05a anyway, talk through fido - slow and suxx :-( SuddenDischarge - nice filebase, but updates not regular ... :-( CrazyMax - DeGlucker - rulezz :-) ... Cristoph Gabler - insider.faq very informative ... big thanks for you unpack sdw386 script, unsdw386 and antiTR routines ... ûirogen - good mutation engine ... Hann0 Boeck - for creating mail list. MaX/MoVSD - ATEU 1.2 sources very help me :-) Wild Worker - good polymorphic engines. Cicatrix - very informative VDAT. but (imho) need links, where may get files. VAG - thanks for your version of DeGlucker, and many nice things Tailgunner - thanks for commented source ... all ExE-Li$t members ... all who want it :-) 6.history 1.0 - original Tailgunner's version 1.1-1.3 - my first experiments :-) lost after crash harddisk. 1.4a-1.4d - add some antidebug code, improve two layer of encryption decryptor. 1.5 - improve ûiCE 0.4 polymorphism, remove old encryption decryptor. 1.5a-1.5? - internal versions. experiments with some mutation engines (TPE, EVOL, $UPD, RHINCE, SMEG, MutaGen and other). /if you ask, i may send any of this versions/ 1.61 - add two method of mutate decryptor - small and large. use last version of ûiCE - 0.5 1.62 - [experimental version] replace ûiCE 0.5 to WWPE 0.1 (Wild Worker Polymorphic Engine) with 386 code. 1.7 - add antiTR trick and replace detect 386 CPU in crypter. thank you, Stonehead. Some cosmetical changes. 1.71 - change encryption scheme, add CPU detect (stn) to decryptor, some cosmetical changes. 1.72 - change antiTR trick, thanks for Christoph Gabler. add selfdecrypt section for fool stupid AV scanners 1.74 - add some antidebug code, thanks for Christoph Gabler. add nice color logo ;-) 1.75 - some cosmetical changes ... add some old and simple tricks. extremely huge decryptor not rulez. return to ûiCE 0.5 1.76 - bug fix version ... 1.77 - cosmetical changes and add crc checking ... 1.78 - add random decrypt layer (optional) ... 0.about MANtiC0RE // Tyumen, Russia E-Mail : manticore@mail.com FidoNet: 2:5077/60@Fido.Net EOF? where? :)