!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! FREELY REGISTER YOUR COPY AT MY HOMEPAGE: HOME.T-ONLINE.DE/HOME/ENOCH OR SEND AN E-MAIL TO: hendrix_@gmx.net ннннннннннннннннннннннннннннннннннннннннннннннннннннннннннннннннннннннннннннннн INDEX Disclaimer System Requirements CARDWARE, please register (for free)! Spreading this program Keyboard Layout Messages in Real-Mode Messages in Protected-Mode Helpers ############################################################################### Disclaimer <==========> HENDRнX or UCF cannot be held responsible for any damage GTR.COM causes. You run GTR.COM at your own risc! To reduce the risc of damages: ■ do not cache your harddisk when working with GTR ■ keep backups! ############################################################################### System-Requirements <===================> ■ 486+ ■ fast CPU (486DX2/66 works okay) ■ plain real-mode (NO EMM386, NO HIMEM.SYS, NO Windows-DOS-box) ■ mouse at COM-port (/mp[portnumber]) ■ 2MB RAM ############################################################################### CARDWARE <========> Okay, this is Cardware. That means if you like this program, you need to register (for free) so the author knows that someone is using the program. Otherwise there will be no new releases. Just send an e-mail to: hendrix_@gmx.net Please do not expect to receive a key within some weeks. There is nothing happening, except your name will be displayed. If you do not like the unregistered-string, patch GTR. ############################################################################### Spreading <=========> Please pass this tool to your friends! ############################################################################### Keyboard-Layout <===============> TO INTERRUPT GTR ANYTIME PRESS THE LEFT MOUSE-BUTTON (see /mp-option) When the GTR-Screen is showed and when TRacing, try these keys: F1 ......... go to the options-requester (see below) F2-F7 ...... activate helper 1-7 (see 'HELPERS') F8 ......... edit registers F9 ......... sub 400h from HexView-offset F10 ........ add 400h to HexView-offset F11 ........ enter new HexView-segment and -offset F12 ........ show the Userscreen. any key returns. left [CTRL] hold down to run while /TR+ ############################################################################### Messages in Real-Mode <=====================> ■ 86/186 detected ■ 286 detected ■ 386 detected GTR needs a 486+ to run: buy a new computer! ■ V86-Mode detected GTR does not work with EMM/QEMM: remove these memory-managers! ■ HIMEM.SYS detected GTR uses the extended-memory-area in an incompatible way: boot flat! ■ Windows detected There can only be one OperatingSystem at a time: quit Windows! ■ Error in the Commandline: xx The option is not valid: look at OPTIONS.TXT! ■ Not enough Memory There is not enough memory: GTR needs very little environment, remove all memory-eating drivers! ■ Loading HELPERS: ■■■ GTR loads the helpers ■ Loading Program The program to be unpacked is being loaded. ■ Loading .xxC The macro-file is being loaded. ■ Reading EXE-Infos EXEs are identified and infos read. ■ Tracing Program GTR is going to work on the program: press left mouse-button to interrupt! ■ Program terminated The program terminated to DOS. ■ Saving .xxD The dumpfile is being saved. ■ Saving .xxI The infofile is being saved. ■ Saving .xxC The macrofile is being saved. ■ DOS error occured Caused when files are read/written (e.g. EXE-file not found, disk full, ...). ############################################################################### Requesters/Messages in Protected-Mode <=====================================> ■ Terminated The Program terminated to DOS. ■ PrefetchQueueAlert [Save] [Cont] [Opt] [eXit] The program altered bytes that are normally stored in the CPUs PrefetchQueue. Due to the tracing the *altered* bytes are executed. This is often used to determine whether the prog is traced or running. Try the -pe option to emulate the PrefetchQueue or see if the program runs anyways. ■ Unwanted Instruction : xxxxx GTR encountered an instruction that had to be emulated. ■ No Emulation The program tried to execute a priveledged instruction. These instructions can cause the OperatingSystem to loose control. This is not okay under Windows, or EMM386, neither GTR. ■ Causing Int xxxx A hardware-interrupt (8=Keyboard, C=Mouse, ...) is caused. To increase speed use the 8e-option to emulate interrupt 8. ■ Unpacked? [Save] [Cont] [Opt] [eXit] The program may be unpacked. Have a look at the registers and the memorydump. ■ Escape: [Cont] [Opt] [Save] [eXit] You pressed the left mouse-button or pressed [ESC] while stepping. ■ Breakpoint: [Cont] [Opt] [Save] [eXit] The IP=breakpoint and registers are set up like defined by the su-option. ■ Opt: [R][B/A][+/-][D][P][8][I][C][T]...[eXit] Toggle the options: [Ru][Bp0000][su0000][Da][Pq][8o][It][Cs][Tr]... ■ Internal Exception/Interrupt GTR has an internal error. ■ Trapping... The trap-flag is set and int 1 is caused. ■ PQ-Emulation The PrefetchQueue-emulation is active. ■ Unexpected Exception xxxx (...) There was an exception that should not be caused at that moment. Mostly due to wrong decryption there are 'Except 6 (invalid Opcode)' caused. GTR might have been detected. Try to use the /pe option for a more transparent tracing. ############################################################################### Helpers <=======> Let your program run while GTR debugs! Just make a file named 'helpers' and put your COM-programs' names in brackets [myprog.com]. IMPORTANT: when GTR calls a helper, it saves the complete taskstate and jumps to the helper (runs in v86-mode like the program to be unpacked) with following register setup (the interrupt-table has been restored to normal): CS=DS=ES GS=PSP of debugged program SS=GTR's data-segment SP=stack in GTR's data segment (size=1000h) DI=offset to saved interrupt-table of debugged program SI=offset to register-set in GTR's data-segment: EIP dd ? EFLAGS dd ? EAX dd ? ECX dd ? EDX dd ? EBX dd ? EAX dd ? ESP dd ? EBP dd ? ESI dd ? EDI dd ? ES dw ?,0 CS dw ?,0 SS dw ?,0 DS dw ?,0 FS dw ?,0 GS dw ?,0 emuEFLAGS dd ?