
-----------------------------------------------------------------------------
unCOM - Generic COM unpacker
-----------------------------------------------------------------------------
UnCOM is able to unpack ALLMOST every scrambler written by a 'beginner',
even if there's heavy anti-debugging code included. Please note unCOM
executes parts of the host file - so DO NOT unpack viruses!

usage:  uncom phile.com                         - Shows only cryptor infos
        uncom phile.com unpacked.com            - Unpacks phile.com
        uncom phile.com new.com /Options

Options
-----------------------------------------------------------------------------
/?              Show a short help
/INFO /I        Check only with Crypter is used and quit without unpacking
/NOSAVE         Don't patch file while copying
/NULL           Force second level automatic size determination. Works only
                if automatic file size is used.
/Usage          Show's this short help
/V              Verbose breakpoint mode

Options can now be mixed!  Options are NOT case sensitive.  You can use
the slash "/" or the hyphen "-" to start an option.  Options can be set
using the environment variable UNCOM (set UNCOM=...).  To unset an
option set by setting UNCOM=...  you can use the a "-" at the end of the
option (for example: set UNCOM=/nosave -> uncom a: -nosave-).

ENVIRONMENT VARIABLE FOR UNCOM:

         e.g.:             set UNCOM=/NULL
         or:               SET uncom=-Option /Option /Option ...

ADT
-----------------------------------------------------------------------------
ADT means that the protector includes anti debugger tricks.


Cryptor's
-----------------------------------------------------------------------------
I have tested unCOM at least on these protectors, stickers or scramblers:

Elite           COM Compressor, is unpackable by unCOM, use unROSE instead

NSP             N0P Shit Protector (3 versions) - done by Ka0t (and
                Ghostbuster?) Very good antidebugging tricks!  unCOM is as
                far as I know the only availiable unpacker - even TRON fails.

Vandal          Scrambler

ABK-Prot        Simple Scrambler found on ABK-DEPROT

Binlock         Scrambler, ADT

Lore.155        Scrambler found in intros from Lore BBS. 155 bytes

F-Xlock 1.15    Sticker, virus shield by Frisk, scanned by TBSCAN as
                Piter.C virus :-)

Rand0m/Tulpe    Unreleased protector by Rand0m, unCOM can handle all known
                versions.  ADT - good!  I have written for this protector
                a generic patching unit. Use the switch /nosave to examine
                what unCOM has patched/NOP'ed.

Iceman/ABK      Compressor found in intros from Iceman and in the file
                ABK-DEPROT. unCOM does a generic unpacking and size
                calculation. At least three different versions known.

CryptCom        Known versions Dropper-D, A, B, ^UE and ^WA
Dropper-D       Simple scramblers 29-33 bytes

RC1             ROSE COM Crypt I, like CryptCom 33 bytes - not in the public
                (meanwhile I have released it in April 97 at the TPiNC party)

T-Pack 0.50     LZ COM Compressor - nice and short from Germany :)
                There are two variants: Small and larger decompression
                routines. Switch /m1 and /m2
                UnCOM can unpack both versions, automatic size calculation
                Sometimes I use this packer, because it can compress files
                where ComPack fails!

HD-Killer       Buggy scrambler, kills int 1 & 3, ADT

Comlock         Scrambler

DeepCrypt       0.10

Moshe 0.10      Scrambler, 31 bytes?

Sea.Prot.32     Scrambler found on the file CES.COM from SEA
Sea.SelfCheck   Simple selfcheck routine (128 bytes) found on the file
                CES.COM from SEA

UCF.Pack        Unknown COM packer found in LOADFIX.COM from UCF,
                automatic file size calculation.

Crypt.26        Found in a virus dropper. The shortest protector/scrambler
                I have found yet.

ProCrypt 1.0    By Lukas Fabian Moser. 1072 bytes. Scrambler with a stack
                trick to fool debuggers.

CryptCom.41     Found in a virus dropper. Unknown Scrambler.

Immune 1.0      COM/EXE file protector from 1992. No ADT. Has an option to
                scramble the host. unCOM can unpack both versions, the size
                must be adjusted manually (files are about 800 too long :).

XComor          Prepending cryptor, for that reason the cryptor length can
LordCaligo      not calculated. I have 2 versions:

                        0.99f = 170 bytes, AD
                        0.99g = 274 bytes, AD

Cypoxl          77 bytes, no AD. UnCOM uses special breakpoint mode on it

ComCrypt        40 bytes. Very intelligent program name... :) Got the
                protector from Hanno's EXE Mailing list.

MSCC            110 bytes, AD - easy to bypass

Crush           50 bytes, AD (SoftIce, very lame)

Shadow          26 bytes, very lame :)

cyberRAX        This protector has three different envelopes, small, medium
                and huge. unCOM can only unpack the small version (21 bytes),
                other versions will be detected but unpacking doesn't work.

and many more
-----------------------------------------------------------------------------

Send me all those scramblers unCOM can not unpack, as well as a short mail
if it can unpack a protector NOT in this list!

-----------------------------------------------------------------------------

See ROSEBBS.TXT for full address & pgp key