~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Greetz to all friendly programer around the world Ϳ ile nfo v2.43 ij written by M.Hering (c) 1997-2000 mailto: herinmi@tu-cottbus.de ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ WaNTeD WaNTeD WaNTeD WaNTeD WaNTeD TinyProg v1.0, 2.0 Xpack v1.2?, 1.44 ComPack v4.4 and minors JmCryptExe v0.7g, v0.7i and {minor} MegaLite v1.1? {minor v1.20a} TraceLock v0.9 PkLite v1.20 {not v1.12 hack} Health v5.1 Ucexe v2.? {minor v2.3} PW v1.0 (Oberpichler) ProtExe v2.12a (T.Torfs) PG-Prot !? Netrun v2.?? (J.Tucker) UnpackStop v0.9 (Szaszi) ComCrypt v0.68 (W.Kaniewski) Overlay v3.0 UnitA 3 (Sanitary) Ady`s Glue v0.10 (Guy Shattah) Tscrunch v3.01 (Clarion) Kvetch (Tal Nevo) PCC v1.2 !? Com2Txt v1.00, 1.12, 1.20 ComCrypt v1.41 !? the proggie is detected, but as single file only ޱ Ϳ ޱ pROJECT: DEZ-24-2000 FI - FileInfo v2.43 ޱ ʹ ޱ fOR wHAT: Identifier & Analyser (+ HeaderEditor) for eXec files ޱ ʹ ޱ dETAILED: cOm/sYs/nLm/eXe/Ne/Le/Lx/Pe/cOff/Adam/PMW1/XE ޱ ʹ ޱ wRITTEN bY: Michael Hering ޱ ʹ ޱ rEQUIRED: cpu: 386+, ram: 372KB, XMS, display: VGA, dos: v5.00+ ޱ ʹ ޱ sTATE: FrEEwArE for NoNproFIT-USage.. but unregistered! ޱ ʹ ޱ lIMITED: nothings, mail me for key, i wish happy new year!! :) ޱ ===================================-= 01 ===================================-= ޱ Ϳ ޱ dISCLAIMER: I can't give guarantee that FileInfo is without bugs! ޱ Therefore i do not take responsibility for any damage ޱ caused by FILEINFO as a result of un/known error. ޱ ޱ If you want to edit your files, than do it, but don`t ޱ report me, if you has destroy any file with fileinfo! ޱ ޱ If you think this is unacceptable, then ޱ you shouldn`t use this great proggie! ޱ ޱ BUT >> i have taken me much time to make it great << ޱ ===================================-= 02 ===================================-= ޱ Ϳ ޱ pURPOSE: FileInfo is your advance tool to analyze of files ޱ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ޱ choice of execution between list/show mode ޱ in Showmode unique header description for dos & win eXecutables ޱ only graphical screen to check file encoding/encrypting ޱ it can handle 9 batches (fXX.bat) to run externals ޱ all lines file viewer internal (HEX/TXT, no edit!), contains ޱ used now options (g)oto, (j)ump, (a)lign, (f)ilter, (s)earch ޱ ===================================-= 03 ===================================-= ޱ Ϳ ޱ pARAMETER: Listmode: "fi.exe" help screen and list (auto /p+) ޱ ~~~~~~~~ ޱ "fi <*.*> " ޱ !Attention! ޱ by "fi *.exe" list all of eXe-files in current dir ޱ listings ޱ under "fi /r" or "/s" list all from current with subdirs ޱ multi-user ޱ mode "fi /f" list identified files only ޱ ޱ "fi /l" lfn win95/98 (int21h,ah=71h) enabled ޱ ޱ "fi /d-" info follow each subdirectory disabled ޱ ޱ "fi /p+" list pageable and wait for a keystroke ޱ ޱ "fi /c+" calculate CRC32 instead to show date ޱ ޱ "fi *.exe /r >mydir.log" list *.exe into a logfile ޱ ޱ Showmode: "fi file.ext >" l=level, c=color ޱ ~~~~~~~~ l = 1..9 , c = 0..3 or not ޱ level only ޱ for analyser "fi file.ext" shows the overgiven file with level 2 ޱ ޱ "fi file.ext /1" level 1 and color scheme black ޱ ޱ if set color "fi file.ext /31" level 3 and color scheme blue ޱ then level ޱ must be too "fi file.ext /52" level 5 and color scheme green ޱ ޱ "fi file.ext /90" level 9 and color scheme grey ޱ ޱ reg. only!! "fi file.ext /m-" textmode-switch ?? ޱ ===================================-= 04 ===================================-= ޱ ͸ ޱ main kEYS: Listmode : Enter Current directory only ޱ Space at current dir with all subdirs ޱ Showmode : ޱ F1 About and short help ޱ f02..f10.bat F2..F10 to run user own specific batch ޱ included TAB Analyzer screen ޱ in path! ^TAB,<- toggle from header to viewer vv. ޱ ޱ C toggle through the colorschemes ޱ c toggle on/off crc32 for the file ޱ Ctrl-r refresh the screenmode and font ޱ ʹ ޱ other kEYS: Header screen LE/LX/PE/(NE/DJGPP/PMW1/ADAM) ޱ (Showmode) Enter want to toggle between dos/win header ޱ Space or Zero, Cursor up/down ޱ Cursor left/right or 1/2 ޱ reg. only!! g = if mz/relocs then select a new start value ޱ m = if mz/header then edit the minmem. value ޱ f/F = if mz|pe/header show|edit the filechecksum ޱ WinNT shit! e/A-e/E = if mz|pe/header go & go back|edit the header ޱ S = if pe/header edit the section ޱ a = if pe/header edit the file alignment value ޱ A = if pe/header edit the section align value ޱ s = if pe/header edit the offset symbols ޱ S = if pe/header edit the count of symbols ޱ ޱ Hint!! hold (Ctrl+Shift)+key, if you want to edit decimal ޱ "Shift-e" = "E", "Alt+e" = "A-e" ޱ ޱ Analyzer screen -> Now is it an analyzer!! :-) MH. ޱ Cursors, Pos1/End, ESC/Space, F1..F12, Enter ޱ ޱ Viewer screen ޱ Cursors, ( Alt+ or Ctrl+ ) pgup/pgdown ޱ Enter = toggle the view from HEX to TXT, vice versa ޱ D = change the date of file ޱ T = change the time of file ޱ a, A a = toggle the local zero position ޱ A = goto local zero position if align, else "a" ޱ f = toggle on|off special color for Textfilter ޱ j = jump when first char in [E8,E9,EB,EA,9A] ޱ g, G G = dezimal value, g = hexadezimal value ޱ ^g, pe-RVA when goto: "y,z/F5" jump to entry ޱ "h/F8" jump to image/header ޱ "o/F2" jump to overlay ޱ not so big! s = search mode: HEX only Hexsearch ޱ ;-( TXT only Stringsearch ޱ ^s = search up away or from current position ޱ ޱ reg. only!! W = save/split/cut the file at current position ޱ and you can input for every part a new name ޱ ===================================-= 05 ===================================-= ޱ Ϳ ޱ gREETZ: Rose, Stonehead, Liutt, SEN, Jibz, JMTseng, DingBoy ޱ Oberhumer/Molnar, The Archivist, Kaparo, Aaron, C.Rax ޱ V.K., R.S., A.A., O.P., T.B., VAG, Sage, PHaX, Hanno ޱ Morgan, ANAKiN, Prof.X, Duke, Ankan, Gamumba, Majestic ޱ and you ޱ H I S T O R Y of F i l e I n f o ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ==================================== Ϳ ʹ v1.0 The begin in 1997, at this time was "high water" in the region "Lausitz" and the death of "Lady Di" ʹ v1.20 First public release at Apr-01-1999 "http://suddendischarge.com" (Hi David!) ʹ v1.30 internal release only, but source is public under "http://www.egroups.com/group/exelist" (Hi Hanno!) ʹ v2.00 full improved detection library partly removed leading zeros f03.bat included ʹ v2.01 finally improved LX entrypoint (a joke, 4give me) added size of resources for NE added size of overlay for NE/L?/PE implemented a simply file viewer (BIN only) improved header layout new procedure for Stringhandle add detection: UPX/com, RecSmall.AV/com CodeSafe/pe and a lot of others ʹ v2.02 improved screen layouts add detection: Archiv's, aPack 0.98 -t, UPX v0.82 changed protector of own use (because win crashs) ʹ v2.02a removed some orthographical errors (shame on me!?) for ROSE only improved leading zeros in header layout add detection: some different COM -> EXE maker ʹ v2.03 internal viewer it`s used for all of the files added for the viewer GOTO and SEARCH (up only) added switch /0..3 for differents color schemes add detection: HS v1.19.217-221/exe, Mess v1.31 RP/386 v1.20 included (a small relocs packer) ʹ v2.04 restore at the end of execution textcolor to 00/07 changed ASC view to TXT view (with CR/LF) add detection: RSCC v1.0?/com, Trap v1.24/com AdFlt #1,#2,#4/com Attention: change detect: HS v0.98-1.00/exe, WWpack v3.?? PR RPx86 is some- Gleam v1.00,CodeSafe v2.0/pe times wrong improved RP/386 to v1.21, now some bytes smaller ʹ v2.05a added for PE the view of Import/Export and 10 dirs for ROSE only some bugs removed, no runtime Error with cd-files add detection: XoReR v1.0|2.1/com, UsCC v1.4/com Ucomcry/com, TinyXor v0.1/com CheckPrg./com, TinyXor v0.1/com, SDW386/com EPW v1.2|1.3/c|e, HS v1.00/c|e, Bunny v4.1/exe Trap v1.20|1.21/exe, HS v1.19.80/exe, RarSfx/pe RTPatch/pe, GLBSInstall/pe, InstallShield/ne ʹ v2.06 added into the viewer toggle zero position key "a" added this nice document, thanXs flys to uCF-group v2.06a removed major bug if goto to header, now key "r" untinypackage add detection: Aluwain v8.03a/exe, RoseTiny v1.03 from Rose Protect v3.0-5.0/com, Trap v1.25/c|e Trap v1.18-1.19/exe change detect: Avpack v1.2?/c|e, ProPack v2.08/c|e Protect v5.?/com Apack v0.??/c|e, Gardian Angel v1.0r/c|e (options) ʹ v2.07 rewritten code to make it runable under WinNT v4.0 Testversion new layout for entry stack / overlay under MZ/exe for some improved show of PE import/export datas peoples improved PE entypoint (hi ROSE!), detect CIH-Virus shows now entrypoint for sysdriver/com a brain miss! callback for viewer and goto header key "h" new in analyzer: advance peaklevel via keys "1..9" new in viewer: jump when E9,E8,EB,EA,9A key "j" toggle highlighted strcolor key "f" special thanxs add detection: Com Tagger v1.3, fds0ft-cp v0.0/com goes to ROSE Inbuild v1.0/com, SUNProt v1.01/com to Stonehead N0PsProtector v0.002, PPC v1.0/com, SysPack v0.1 StExeCrypter, Suckstop v1.05|7.02r, NoClip v4.0 aTeu v1.2/exe, Anti-Lame Cryptor/com, LockTite/exe Scramble v0.23/com, Vaccine Sphinks v2.0/com Scram 0.4|2|4/com, Sesame v1.1/com|exe, UPX/sys Protect v1.0|2.0/com, Copy-Protector v1.02/com|exe Shadow v1.0/com, Scramb v1.20/com, Com4Mail v1.0 CPT v2.0/exe|com|sys, Crypt v2.0/exe|com|sys Alec v0.1/exe, UPX v0.83|4/exe/le/pe PE-diminisher, PEcompact v0.97?, Phantasm v1.2/pe QuickBasic v4.5, Topspeed Modula2 better detect: standard dos stubs in winfiles Secure v0.29/exe, HS v1.10|1.11/exe Scram 5/com, RCC II/286, RCC II/386 v0.51 ScrB2E v1.0?/exe, PkLite v?.??, Alec v1.2|..|5/exe AsPack v1.08?/pe, TNT-AV/exe ʹ v2.08 removed major bug in file listing, no more crash! bugfixed PE-Entrypoint with section RVAsize=0 bugfixed protect search engine, no more crash? bugfixed jump when le/lx filetyp, now 32-bit rewritten library code, ( maybe false positives!) change Adflt #1 add detection: SCC v1.0/com, Lucestop v1.0/exe to SCC v1.0 Proton v2.0/c|e, FoolTeu v1.0/exe File Protect. v2.20/c|e, XE v1.??/com|exe|sys|le special thanxs MakeExe(Unsec.), Proton v2.0/c|e, PEcompact v0.978 goes Xenia v1.0 -v/exe, XLoader v2.0, AddCode v1.0/exe to Gamumba Jam v2.21/c|e, Bat2com-converters better detect: aPack v0.?? {big}/exe, PgmPack/exe UPX v0.8?/pe ʹ v2.09 rewritten help screen (F1) und list function Testversion removed some small bugs in layout for some added 3 musics into help screen (MaDoKaN "*.xms") peoples rewritten Flags pe/ne/l? to other short letters add detection: Xpack/sys, TxTmaker/com, Yifpress UPX v0.80, UPX v0.89.6/exe|pe Stone`s PE-Pack v2.0 better detect: UPX v0.8?/pe, Exeguard v1.3, TP 3.0 ʹ v2.10 removed music from help screen (not enough fun) bugfixed protect search engine at second (hi RS!) v2.10b made a nicer layout for files listing and help Testversion new list options "/r" subdirs and "/f" identified vmm32.exe is actived, lfn are supported (hi AA!) bugfixed PE-Entrypoint at x-ten time, red is fault change Foolteu add detection: Byteworx-Protect/exe, AEP v1.0/com to Byteworx-P. XcomOR v0.99a/com, Compack v4.4/c|e Crypt v1.20/exe, XoReR v2.0/com, CC v2.61b/com|exe special thanXs Scram v0.7c1/com, MegaShield v1.0?/com, aPack v0.71 goes to V.K. Vaccine v1.03|10/exe, MakeExe(ReKOMB), V-Load v0.9 to PHaX PirateStop v1.01|5|9/exe, File Defender/e|c|{pwd} to ROSE CodeLock v3.0|4.0/com, BatchFile Compiler v3.10 Boogie`s Netcode, VSD v2.0/com|exe, Crypt v1.1/com eXeCoM v2.0/com, EXE_Protector v6.0/exe|{txt} eXtORtiONeR {pkl}/exe, WiZ v1.00a/com, HPAc2t v0.6 PassEXE|COM v2.0, EXELocker v1.1, CC v1.01|5/com UPX v0.90|2|3, PkTiny v1.5/exe, Crunch v1.2/com PECompact v0.92|0.98-1.10/pe, ExE-Protect v1.0/pe CodeCrypt v0.12|3|4/pe, PC-Shrinker v0.29|45|71/pe AsPack v1.084/pe, Stone`s PE-Encrypter v1.0/pe PC-Guard32 v2.10|3.00/pe, PECrypt v0.3|1.01/pe File-Locker32 v2.0/pe, FoolTeu v1.0/ne better detect: ExeToCom (MS), WWPack32 v1.??/pe WWPack v3.04a|05 (mte boogie)/exe WWPack v3.05 (mr.wicked)/exe, UPX v0.8?/pe ʹ v2.11 now packed with upx v0.94 "--best", no overhead!! changed code to make it runable for 486+, 386+? v2.11b when show pe-sections or mz-relocs, use left/right Testversion when show pe-dirs and import dll`s, use up/down bugfixed PE-Entrypoint with Base of Code=0 Byteworx-P. is add detection: Grasp-Interpreter, MsBasic v5.60 now $pirit {} RTD_Compressor/com, EXE2COM v9.50 PkTiny v1.4/exe, Crypt v1.3/c|e, UPX v0.94|0.76.3 ExE-Protect/pe EXE_Protector v2.0|4.7|5.0/exe|{txt}, AinExe v2.1 is an fake, do Compress-EXE v1.0, UsCC v1.3|31/com, Mask v2.?/com not use it! Protect v7.1/exe, Password v6.1/exe, Com2Txt v1.40 CC v1.0/com, $pirit v1.?/com, E2C v1.0, XE v1.32 LC encryptor v1.12/com, StartSYS, ExeLock666 v1.02 EXE converter v3.06/com (opt.), V-Load v0.91/exe PCrypt v2.6|3.0|3.2|3.32|41|43|44|45|50|51/exe|com LameCrypt v1.0/pe, PkLite32 v1.1/pe, CEXE v1.0a/pe special thanXs PECompact v0.90|93|94|9753|9761|1.00b3..b8|1.20|22 goes to A.A. PE-Crypt32 v1.0, Petite v2.2/pe, AsPack v2.000/pe to Archivist CodeCrypt v0.14pre|15/pe to Gamumba better detect: Watcom C/C++16, CryPack v3.0/exe to Kaparo PC-Guard32 v2.??/pe, Ucexe v2.?/exe to Aaron AinExe v2.2, Mess v1.29|30/{c2e}, ExE-Protect v1.0 Pack v2.01/exe, V-Load v0.9/exe, Kartz v0.3/exe ʹ v2.12 the prefetch queue, shit-hardware (ThanXs O.P!) now it runs perfectly also under 486-cpu, 386? changed /l- to /l+, means lfn must enable to show added djgpp/coff-header, layout is similiar to pe added dos32-header with signum "Adam" special thanXs add detection: SDW v1.79/com, x3 crypter v1.3/com goes to A.A. ComCrypt v0.01a, XE v1.43|44|45 to O.P. XorCom v1.0, RTD_ENC 1|2|3/com, Vacuum v0.01c/com to V.K. Ady`s Glue v0.10/exe, Anti Trace v1.0, KL-Glue/exe to kaparo AsPack v1.01b, PCguard32 v3.01, Protector {pwd}/pe PECompact v1.23.1, ASProtect/pe better detect: QuickBasic v4.?, PC-guard v3.??/exe PECompact v1.2?+aPLib, UPX/djgpp ʹ v2.20 added switch /p+ for pageable listings and waiting implemented path for both modi, problems?! ;:-|[)P v2.20b,v2.20 now right djgpp/coff entry point, before was wrong Testversion added pmwlite-header with signum "PMW1" big improved LX entry point, overlay and layout big improved NE e.p. + overlay, because selfloader rewritten bitfield shortcuts pe/ne/l?, it`s easily and bugfixed some other faults, too much to tell ComCrypt v0.01a add detection: ComCrypt v1.0 (Stone), Trap v1.26 = v1.0 (Stone) Txt2COM v1.1|1.?|2.06, ANZC {t2e} iLUCrypt v4.019/com, encRYPTOR v1.0/com, aPatch/com E-PROT v1.0 "/u"/com|exe, EXE Shield v1.0/com|exe HackFuck v1.0/exe, SuckStop v1.0, UPX v0.99+{DLL} special thanXs Crunch v1.0/pe, ASPack v1.03/pe, PE-Shield v0.25 goes to V.K. WinKript v1.0/pe, ASPack v2.001, CodeCrypt v0.16/pe to JMTseng PECompact v1.23.2|24, Virtual Pascal to O.P., R.S. better detect: Pklite v2.00|01/ne, WinLite v1.0/ne to T.B., A.A. LxLite v1.1?, packed (RLE)|(LZ)/lx to kaparo PECompact v1.10.6-1.24 + fast|small, Trap {MtE} ʹ v2.30 now packed again with apack v0.99 "-3" (Hi Jibz!) new DOS-String routine (INT21h/40h) for output v2.20j,k,l,m,n improved sysdriver detection, before sometimes bad Testversion color of filename for coff/dos32/adam.. now right improved pageable list, timer & redirect (Hi VAG!) bugfixed "MH.+lc" l=1..9, c=0..3,4; at offset 28 bugfixed analyser error and failed listing output some small bugfixes in code and layout add detection: Trivial173/com, PolyScrypt 1.2/com ComCrypt v1.58, EXE!COM v1.30, YAAA v1.01/com Mess v1.2? "/M"/com, ATAC 2|3/exe, Apack "-i"/exe special thanXs Anti-Lamer Cryptor v1.0/com, Inv. Cryptor v0.77/com goes to A.A. 32Lite/coff/dos32, HS v1.20.225/c|e;206|216|220/exe to VAG Xpack/sys, NFO v1.0/pe, PECompact v1.24.2|3|1.25 to Jibz UPX {DLL}/pe, Armadillo v1.72../pe, Aspack v2.1/pe to T.B. Joiner v1.5/pe, SmartGlue32/pe, ADC v1.6/com to R.S. better detect: SPHINXC/com, Protect v5.5/com, UPX to Gamumba Hackstop/com, Xpack/com, Ady`s Glue to CyberRax SDW 1.79/com & Spirit v1.5/com, JMCE v0.7?/exe, XE ʹ v2.40 improved keypress function, made more stabile :)) bugfixed the handling of overgiven listmode path bugfixed a runtime error in analyzer (Hi C.Rax!) v2.30b..m, bugfixed ram alloc. with pklite detection, Urrgh!! v2.39 bugfixed phys. offset in LX-object, if pages=0 Testversion added: the show of count & size for PE-resources added: if date/time suspicious then used red color poly=$EDB88320 press "c" and CRC32 will be printed, in list "/c+" "/c#poly" press "m" and you can edit mz/header minmem. value now colors used in listmode, i hope it`s funny ;-) needs XMS!!! if exec then XMS is required, RAM alloc. 31KB only now it will regged through keyfile (Hi Morgan!) crack possible, because encryption isn`t strong special thanXs add detection: a lot of not so known crypted com`s goes to VAG Encripter/com, Xpack v1.0h|j|m|29|40|653,4,6 to V.K. SDW v1.80, LC encryptor v1.2/com, Mask v2.5/com to Aaron MicroXor 16|17/com, tECC v0.02/com, Step v0.02/AV to Rose MoonRock v0.50/com, Crypt v1.15/exe, HS v1.14/c|e to T.B. TCEC v3.58/exe, 32Lite v0.03a, Lock98 v1.00.28/pe to Duke PECompact v1.26|30..40/pe, Armadillo v1.80..83/pe to CyberRax CodeCrypt v0.164/pe, Alloy/pe, UnHack v1.?/exe/pe to Prof.X Aspack v1.0/pe, PCguard32 v3.03/pe, Phantasm v1.5b3 to JMTseng better detect: HS/com|exe, RCC286/com, Xpack/exe to A.A. Demo v1.0|2.0, CryptEXE v1.01, GameWizard-Protect ʹ v2.42 added error handler, now more stabile :)) ; i hope v2.40b..2.41m fix, LE object show rewritten, an error in v2.40 added: mz/pe-header edit; key "E", walk "e", "A-e" added: mz/pe file checksum, key "f" show, "F" edit X-MAS trial added: pe-sections full editing, key "S" to entry added: into viewer "D" and "T" to change filedate fix, heuristic 1 was wrong for comfile encryption fix, cscrypt heuristic range fault (Hi CyberRax!) fix, detection of stack range +256, (Hi Jibz!) small reengineered Analyzer, now up to 12 peaks a bit changed PE-Header layout, all values now needs XMS!!! shrinked the own stack size -> as shell RAM=32 KB report: Hackstop'ed files won't work if SoftIce is loaded in win background, save your life!! thanXs to all add detection: some of new signatures (Arcs/Pics) were PeCompact v1.40|4|5|6, AsPack v1.03/pe helping me Shield v1.70/exe, LaserLok/exe, Compact v1.05/com Cryptlite v4.50/com|exe, Compackr, Alloy v1.08/pe a lot of men Armadillo v1.83|84/pe, COMER v1.1/com, MakeRead/com and special RatPacker/pe, Feoktisov-Packer/pe, PEMangler v1.0 DUKE/SMF Dn.COM Cruncher, ExeManager v3.0, VBOX v4.20/pe Archivist tELock v0.4x|51/pe, MultiBinder/pe, EXE Smasher/pe Spaceman ASPack v2.11, ASProtect v1.1/pe, SecuPack v1.0/pe CyberRax VisualProtect v1.1.3|2.1.0|2.5.2/pe, RHC v1.99/exe MegaCrypt v0.01/com, Com xor Coder v1.0, Nota v1.0 ExeTools v2.0, Exe2Com v1.1, some SelfEncrypted f. and much more! Simple COM cryptor, Elicz CryptC/com, PKLite v1.00 better detect: WatCOM C++, Shrinker v3.xx/ne|pe Asprotect|AsPack/pe, Nuke Prot./com, Protect v5.0 ʹ v2.43 a little bit changed keys, if pe edit, now a/A,s/S improved ne jump to overlay, now it works fine Happy new Year small changed, output late save/cut/split action thanXs add detection: Visual Protect v2.5.3/pe, PeCompact for support Condom v1.5/AV, Arf-Inject v2.4, HS v1.11gs inPEct v1.0/pe, E-exeJoiner/pe, raven-binder/pe Hi PHAX!! RCC286 v1.07/com, Username v3.00/c|e, PEBundle/all Hi majestics!! Yoda`s Cryptor/pe, tELock v0.6x/pe, CyberShadow/com written in TurboPascal v7.0 with a lot of Assembler routines ==================================== T H A N X S for F i L e S ==================================== Ϳ Austria PHaX CC v2.61, Crypt v1.20, STnPEcrypt v1.0 .. hint and codes to PEBundle China Aaron MkPatch, Link it, Compress, Com2Txt v1.40, KE v1.16 Crypack v3.0, Lock98, ExeKey, Keymaker v3.0 .. report of unidentified files Estonia CyberRax Sphinx-C, PCOM, MoonRock, Banzai and more.. bug report about analyzer & mte report of unidentified files hint/samples to PKLite v1.00 Germany ROSE Trap v1.1?, Secure, PirateStop, PE-Crypt32 HS v1.17i and something more Veit Kannegieser much stuff: VSD v2.0, Vaccine, MegaShield, WiZ .. & much more: XorCOM, AnzC, Txt2COM, StComCrypt .. Torsten Becker HackFuck, Suckstop v1.00, Diet v1.43, Trivial173 Xpack v1.40|1.65b?, Com2Txt v1.03 Prof.X Xpack v1.0j India Ankan (CodersDomain) 1way/pe .. Netherland Stonehead a lot of older stuff: Scram, Alec, Mess, HS .. Russia Tiny Spaceman Com4mail, Scramb, CPT v2.0, Scramble, Jam v2.21, Cryptlite v4.50, many un/miss/identified files sample of RHC v1.99 Gamumba (DTG,UG) a big lot of russian stuff: Xenia, Crypt v2.0 .. a big christmas'99 gift: EXE_protector, Pcrypt .. hint to TurboProlog, AsProtect v1.1 V.Gneushev YAAA v1.01, ADC v1.6, Invisible Cryptor v0.77 much un/miss-identified files DUKE (SMF) MegaCrypt v0.01 a lot of unidentified single crypted/prot. files O.Prokhorov bug report about prefetch queue, and solution 32Lite v0.03a some un/miss-identified files MANtiCORE Dn.COM Cruncher v1.2 Majestics (SMF) CyberShadow cryptor, sample of exe-crypt v1.08 USA Jeremy Lilley Protect v1.0, v2.0 The Archivist (SuddenDischarge) PeCompact 0.9?, UsCC v1.3?, encRyptor EXEManager v3.0, EXESmasher v1.0, AsPAck v1.03 and what i have downloaded (Alec v2.0 is a virus!) Kaparo (ProTools) RTD_Compressor, codecrypt v0.16 and wihd.. Taiwan JauMing Tseng Com2Txt v1.40jmt, ZRDX v0.49, JMce v0.7p/r/s XE v1.44 ==================================== T H A N X S ==================================== Ϳ R.Schefu for his brain and file support A.Alferowich for his help, mails, suggestions and big testing T.Becker for his fine support Prof.X for his suggestion and support E.Hawk for his informations Aleph for his report about hackstop+softice zer0flag for his info about new asprotect kelly for nice email and hint to nukem forum page airwolf for his info, and sorry because you're crackmaster majestic for his support, fine mails E.Suslikov (SEN) "HIEW" v6.60 i like this hexeditor!! L.TaoTao (Liutt) "TR"/"TRW" v2.52/1.22 unpacking? soo easy A.Petroukine (Sage) "CUP386" v3.4 trace and unpack.. cool! DingBoy "Blastwave" v2.5b2 another strong way .. M.Bauder "Tron" v1.30r old, but tricky to stop JVP "TEU" v1.82 vertrauen sie mir, ich.. EliCZ "Win32 EDUMP II" maybe the last way out.. P.Carboni (Woody) "X-tract" v1.51 old, but very big help!! V.Gneushev (VAG) "detrap,deups,xpcr" pretty well coding!! ;-) "Deglucker v0.5" thanXs for Your checks!! J.Ibsen (Jibz) "apack" v0.99 for best compression!!! O.Prokhorov "32lite" v0.03 Thx for report & help! Oberhumer/Molnar "upx.exe" v1.04 fair project, good coding K.Tseng (JMTseng) "jmce.exe" v0.7s thx a lot for references! Wierzbicki/Warezak "wwpack" v3.05 the best before apack.. V.Kannegieser (V.K.) "typ3.exe" thx for mails & support.. P.Helger (PHaX) "gtw.exe" v2.60 thx for supported files S.Morgan "touch.exe" thx for info`s and code A.Brthz (Boogie) "bd.com" v1.02 fine 7-bit mail decoder C.Gabler (CHRiSTOPh) "trap.com" v1.26 unpacked with TR.. Well!? J.M.L. Lopes "mask.com" v2.5 nice.. Int09h update CyberRax "lcenc.exe" v1.2 very nice Huge model!! Manticore "sdw.com" v1.80 fine to hear from you "comprotector package" thanXs to You!! Valmii "cce" ooh..no envelope com cryptor R.Roth (ROSE) "hs.exe" v1.20b230 Das Leben noch frisch.. Stonehead "mess.com" v1.31 Good luck to you.. Ĵ A.Solodovnikov "aspack" v2.11 much time to research! J.Collake "pecompact" v1.43 unbelieveable fast update Wierzbicki/Warezak "wwpack32" v1.20d special in original files Defiler "codecrypt" v0.164 schwabadidudeidadi.. ANAKiN "pe-shield" v0.25 ThanXs for your mails.. the Egoiste "tElock" v0.61 good job, men.. BiWeiGu "unaspack" i hope mail was incoming r!sc "unpetite" very well, good job SAC "unasprotect" cracking 4 life, cool men lutin noir "unaspack 2.11" yeah it works ʹ M.Russinovich, B.Cogswell - memory, file and registry capture! "http://www.sysinternals.com" [USA] (4 Win32 very useful!!) Ĵ T.Schiemann, C.Laumann - TuneUp97 for Win95/98 "http://www.TuneUp.de" [DE] (great and easy, but closed!) Ĵ MooSoft, The Cleaner is beautiful - save your pc and system! "http://www.moosoft.com" [USA] (4 Win32 very useful!!) Ĵ Hanno Boeck`s EXE-Mailing-list, always infos about new stuff! "http://www.egroups.com/group/exelist" (what is an exeheader? :-P) Ĵ FTP-Server maintainer P.Hubinsky, big library of pc filestuff! "ftp://ftp.elf.stuba.sk/pub/pc" [Slovakia] (a lot of mirrors) Ĵ Ankan Coders Domain, fine layout is cool, the greyside page! ;-) "http://" or try "http://codersdomain.cjb.net" [India] (some rare links) Ĵ Aaron's Homepage, some in chinese, but newest stuff & large libs! "http://home.zjg.jsinfo.net/home/aaron" or try aaron.bentium.net "http://www.exetools.com" [China] (my door in the east) Ĵ Kaparo's ProTools, come in and find out, good links! "http://www.protoolz.com" or try "http://protools.cjb.net" [USA] (site is up to date) Ĵ David and The Archivist maintainers of "http://www.suddendischarge.com/index.shtml" "http://www.suddendischarge.com/compressors-all.htm" "http://www.suddendischarge.com/encryptors-all.htm" Good luck.. dire "The Archivist" (wow, forum and new layout) Ĵ my own HomePage, a little bit links and download "http://www-user.tu-cottbus.de/~herinmi/INDEX.HTM" [DE] ʹ Great music from "Fields of the Nephilim" & "The Sisters of Mercy" "Wolfsheim project", "X-perience", "Siouxsie & the Banshees" ==================================== And all those peoples, which have reading this document! Have all 4 ever and overall a peaceful time.. bye says Michael Remember!!! We have only this one world.. war, death and destroy.. WHY ?? ;''-( M.H. ------------------------------------------------------------------------------ If you want to mail me, please take a look at your mind before! however, i will being try to give my answer fast