ŪŪŪ² ß²²ŪÜÜÜÜŪ²±° ²° Ü ° ÜÜÜÜÜŪ °Ž±±±Ż ÜÜÜÜ°°±±Ż ßßßßßßßßßßܲ±°ßÜ°°² ßßß²²²²Ż ܱ±±ßÜ ÜÜÜÜÜÜÜÜÜ°ŪŪßßßß±±²²(pm!)ŪßÜ° ÜŪŪ°ß Ū²ßß ±±±±° Ž°°°Ż°ŽŻ °Ū²±° Ž²±Ü° ܲŪßßŪŪÜÜ ²° ß ŽŪŪŻŻ° ŪŻŻ° Ž°°°°Ü °Ū°°°Üß ÜßŪŪÜÜ Ū²ßŻ Ž²±ŻŻ°Ž²ŪŻŻŪŪÜ° ßŪŪÜÜ Ū²ÜÜ °ßßßßßßß °²ßßÜÜ Ż°Ž²ŪŻŻ°Üß ß²ŪÜÜŪŪßß ²Ū²² ÜŪŻ Ūß°ß ßŪ²ÜÜ ²²²²° ßÜŪŪßß ²ß°Ū °ŪßÜÜÜÜÜ ÜŪŪßß °°ßßn ŪŪܲ °Ž±²ŻŻ Ž±±±±² ßŪ²ŪŻ °Ūß°ÜÜÜܲŻ °°°ŪŽŪ²ŻŻ° °°°° ßß±° ܲŪß² ß°°°°ŪÜÜÜ°²±t ŪÜŪpŪ²Ū°± °Üܲ° ß²° Ü ±±±± cŪŪ°ÜÜÜܱ° ° °ßßßßßŪ°°ŪŻ °°°° °ŪŻ°ŽŽŻŻ ßßßßßß ²²²² ßßßßßßßßŪŪ°ŪŻ °ß ±±±± ßßßßiß°Ü ß ²²²² ŚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄPR0GRAM iNF0ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄæ | PR0GRAM : Messśśśśśśśśśśśśśśśśś CPU : 386+śśśśśśśśśśśśśśśśś | : VīRSi0N : 1.20śśśśśśśśśśśśśśśśś LANGUAGī : TASMś40śśśśśśśśśśśśśś : : UTiL TYPī : Scramblerś(COM/EXE)śś RīLīASīD 0N : 25ś12ś97śśśśśśśśśśśśś : | C0DīR : Stonehead^TPiNCśśśśśś RATiNG 1/10 : 09 | ĄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄŁ ascii version.. my asm smoothviewer can only handle 200 lines ;( ŚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄD0CUMīNTATi0NÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄæ | | : This program is a scrambler. Thus it should protect and encrypt : ł your executables against reverse engineering. It was coded for ł ś fun and not for the illusion of 100% safety. I hope you like it. ś ś ś My target is a both dos & windows compatible 386+ protection. Due to the phrase "it was not coded for the illusion of 100% safety" most users seem to skip Mess and go using CrackStop because it has a doc pretending that CS will never be unpackable, which is false. I am not arrogant enough to tell you the advantages Mess offers that CrackStop does not. Let's for once point out that Mess will crypt every EXE file completely, that Mess uses a mutation engine for constructing a decryptor, that Mess is freeware, that Mess does not contain useless fake jumps, that Mess has an original name and that Mess does not at all feel like being a hack of HackStop. I never saw a scrambler author talk about the objectives of his program, so let's do that. Mess is one of the scramblers that does not run on the most incompatible computer in the universe, the 486 Cyrix of Rose SWE. New heuristic virusscanners might recognize a virus in Mess. Mess cannot handle overlays nor Windows programs. If you are looking for a scrambler to protect your self-written shareware, skip Mess and use HackStop. Mess is only meant for non-commercial software, as I hate paying for software. And last but not least, it is useless to protect files if you know that there is an unpacker available within two weeks after the release. This objective concerns all scramblers. I don't care about that anymore; there has never been, and there will never be a protection that keeps everyone out forever. However, at the moment I write this, this Mess version cannot be unpacked by any program. This won't happen often anymore. Once the generic unpackers will be bugfree. EXE protection nowadays is living on the bugs in other programs. Some years ago it was art. On Sudden Discharge you will find older, incompatible but wonderful and creative scramblers. In 1997, coding a scrambler is more like collecting bugs of unpackers. In 1998, coding a scrambler will be collecting compilers to fix your PE crypter for. So, would I gain something if I switched to Windows? Because of this loss of creativity, I encourage you to take a look in Mess and I hope that you will share the fun I had in coding it. I hope Mess v1.20 defeated the ungeneric unpackers now, but I still expect much to be possible. Maybe you will be the first one to deny me. Mess is freeware. If you want to register it to yourself, grab an ascii editor, create a mess.key file and throw your name in it. Remember, if you rename mess.com to mess120.com, the keyfile should be named mess120.key. Mess has been distributed via hanno b”ck's mailinglist. It's free to place it at any ftp site, bbs or cd-rom. Please send comments, bugreports, disassemblings or experiences to stonehead@a-vip.com. Thanks for your feedback! From v1.14 on, Mess has a mutation engine. It is based on the Small Polymorphic Engine of Wild W0rker/RSA. A nice side-effect of coding a MTE this way is that you don't need to think about code size, because the output file only contains the product of the mte, not the mte itself. Starting with v1.19, com files are crypted like exes. Because of this, only cute com files can be crypted, so don't use unallocated memory. I think there are enough freaky com crypters which use weird and sometimes incompatible tricks, Mess will no longer be one of those. Exe files are harder to unpack anyway, so it isn't that bad. Mess can be recognized with the exeheader (checksum=version, offset 1C reads 'MESS', so does the entrypoint. Mess is currently recognized by DąrK-Mąļ's Scanexe, St­lls0n's ExeScan and Hanno B”ck's ChkExe. After execution of Mess, interrupt 1 and 3 are reset to an iret and on 0040:00f8 the text 'MESS' should be found. Hint for coming unpackers: I've now seen enough "unmess" programs or "mess removers". What about calling your program The Messias? :) ś ś ś ś ł and i'm here to remind you of the mess you left when you went away ł : it's not fair to deny me of the cross i bear that you gave to me : | | ĄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄŁ ŚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄRīLīASī HiST0RYÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄæ | | : Mess, Copyright (c) Stonehead^TPiNC 1996,1997,1998 : ł only releases mentioned ł ś ś ś Scram! į5, 25ś12ś96, com decryptor 412 bytes ś ! initial release, coded together with bushwoelie Mess 7, 26ś01ś97, com decryptor 582 bytes exe decryptor 736 bytes ! renamed, bushwoelie and acp continued Scram! The last Scram! release would become v0.8a1. + exe support up to 64 kb like exe2com + all debuggers kicked * xt recognition * resists random's killhs 1.2 - keyboard lock, screen black Mess 1.07, 05ś05ś97, com decryptor 1549 bytes exe decryptor 933 bytes ! version number became too big.. divided by 10 :) ! credits: [NuKE] Encryption Device for rnd routine * one program for both exe & com + unlimited exe support * unlimited com support (ń 63 kB output) - keyboard traps + filedate/time unchanged * resists ka0t's uncom, upc 1.06.3, teu 1.66 xpack 1.67f, intruder, autohack, snapshot + editable keyfile Mess 1.14į, 17ś09ś97, com decryptor 1917 bytes + docs in mess.com itself * exe: force new bakfile + int 1/3 is rehooked to a bios iret * pentium 90 was recognized as a 286 * com: crashed on a IBM 386SX PS/2 55 * exe: crashed instead of exit if not 386+ + com: mess on the moon * resists teu 1.69,1.72,1.73,1.74 * resists upc 1.10,1.11. I bugfixed v1.10, Rose released my hack as v1.11, but this is a secret. :) * resists iceunp 0.1.4 + exe: Stonehead's Adjusted Mutation Engine ! credits: SHAME is based on SPE, coded by Wild W0rker/RSA and analysed by Darkman/VLAD ! beta version spread over the Net by Valentino Tosatti, passed Hanno's mailing list Mess 1.15į, 22ś09ś97, com decryptor 2020 bytes * resists gtr 1.81-1.83 + hardware int 8 + exe: another gtr requester ! beta version spread over the Net by tHE cRACKER, passed Hanno's mailing list Mess 1.20, 05ś12ś97 * exe: resists gtr 1.84,1.85,1.90 * exe: resists teu 1.75,1.76,1.77 * exe: TBScan stack flags ? and K fixed + shame: multiple layers, heavily improved - com decryptor * exe: maximum memory problem fixed ! Christmas 1997 release. Traditionally there are loads of undocumented features. ś ś ś symbols: ! info ś ł + new ł : * fixed : | - removed | ĄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄŁ ŚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄUNPACKiNGÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄæ | | : Unpackers known to unpack newer Mess versions : ł ł ś RaPho Unp 1.00į, May 1997, by EniX/Radical Phorce, Turbo Pascal ś ś + Dumps Mess 1.07 COM sometimes (int 20) ! Close your file after writing! (Error 105) iCeUnP 0.1.4, June 1997, by JauMing Tseng, Turbo Assembler + Unpacks Mess 1.11 COM correctly ! Generic tracing unpacker based on IUP and TEU UPC/TEU, by Synopsis/JVP, Turbo Assembler + Unpack Mess sometimes ! This is an endless battle. These utils are based on language libraries. Usually the newest release wins. ! JVP: Yes I have seen your new fucking macro's. I'm not going to spoil my Christmas on writing the generic MOW v2.0 I have in mind. TEU works well, but it is still unstable and badly coded.. P.S. I think ASMEdit sucks. :) Unmess 1.07, August 1997, by Falcon, Turbo Assembler + Unpacks Mess 1.07 COM & EXE correctly ! Non-generic, good basic unpacking idea. Good job! CUP386 3.3, April 1997, by Alex/Cyberware, Turbo Assembler + Able to unpack Mess correctly ! Only for experienced people. ! Great program. Mess would not exist without it, it was the only one I could debug Mess with. GTR 1.85, October 1997, by Hendrix/UCF, Turbo Assembler + Able to unpack Mess correctly ! I'm getting convinced that detecting GTR and staying compatible with all OS'es at the same time is impossible. Therefore another technique is used. Real GTR freaks can bypass everything. HUNP 1.01, September 1997, by Hanno B”ck, .BAT + Dumps Mess 1.14 COM after running ! This is dumping, not unpacking. Try MESS.COM itself. MESSR 1.0, September 1997, by Stefan Esser, Turbo Pascal + Unpacks Mess 1.07, 1.13, 1.14 EXE correctly MESSR 1.1, October 1997 + Unpacks Mess 1.08, 1.12, 1.15 EXE correctly ! Based on two ints I forgot to nuke. MUM, October 1997, by Richie, Turbo Assembler + Unpacks Mess 1.13, 1.14 EXE without relocations ! Original idea to get rid of SHAME. ! Sorry for having reviewed your program so slowly, instead you'll earn eternal honour in this doc. TR 1.97, December 1997, by Liu TaoTao, Turbo Assembler + I guess it's possible to do it with this one.. According to my betatesters, it is not yet :) ! Untested, I hate SoftIce-alike keydefinements.. Same as CUP: nice for the freaks, not for lamers ś ś ś ś ł ł : of course some might not have been mentioned.. or try it yourself! : | | ĄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄŁ saturday teenage kick - kick scene d'ya have a chick seen ŚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄCL0SiNGÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄæ | | : Keep coding.. : ł Stonehead^TPiNC ł ś ś ś ś Techno Products Inc ś P/O Box 876 ś ś 5000 AW Tilburg ś ł The Netherlands ł : : | E-Mail: stonehead@suddendischarge.com / stonehead@a-vip.com | ĄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄŁ