ÛÛÛÛÛÝ ÛÛÛ ÛßßÛ ÛßßÛ ÞÝ Û Û ÛÜÜÛ Û Û ÞÝ Û Û Û Û Ûßßß ÞÝ Û Û Û Û Û ÞÝ Û Û Û Û Û FREEWARE 1.26 þ Coded by Christoph Gabler 01.02.00 þ (C) by Christoph Gabler 1997-2000 ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³ TABLE OF CONTENTS ³ ³ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄŽ ³ ³ ³ [1] - About TRAP ³ ³ [2] - News in current version ³ ³ [3] - The features TRAP offers ³ ³ [4] - TRAP resists these unpackers/debuggers ³ ³ [5] - TRAP resists these dumpers/startupcode unpackers ³ ³ [6] - Optional switches ³ ³ [7] - Working details ³ ³ [8] - Engine information ³ ³ [9] - Security against compatibility ³ ³ [A] - Contacting the author ³ ³ [B] - TRAP compatibility testing ³ ³ [C] - Disclaimer ³ ³ [D] - Futur planning ³ ³ [E] - Greetings and thanx ³ ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ ÜÜÚÄÄÄÄÄÄÄÄÄÄÄÄ¿ Ý1³ About TRAP ³ ßßÀÄÄÄÄÄÄÄÄÄÄÄÄÙ Have you ever written a program/game and now want to protect it against cracking, hacking, modifying and viewing. You tried many different encryptors and protectors but each could be unpacked/unprotected just while running CUP386, GTR, TR, IceUnp and some other automatic unpackers. Even GA, CS 1.03, HS 1.19, Mess 1.31... can be removed with them. It's time to change the protector : Use TRAP ! Both EXE and COM files will be completely encrypted, the current version of TRAP is also able to handle relocation items. ÜÜÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ Ý2³ News in current version ³ ßßÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ News from last version to the current : - Fixed wholes in encryption layers - Header SP now randomized against detection - Decryptors crc check themselves - Skipped inbuild full MtE II which would have prevented sw break inserts into the code shown by last detrap version. Instead all interrupts and code segment changings were moved outside the full MtE, semi MtE now secures both interrupt calls and full MtE. - Image encryption now more variable - COM files will not be converted to EXE before protecting because now I needn't spend my time writing anti debugging/layers... for two formats - Anti BlastWave routine made stronger against patched nonpublic versions - Stronger anti SoftIce tricks added - Inbuild anti debugging code into MtE added - Fixed a small bug in kernel code - Several other tricks added - Fixed another security whole (credits go to Vladimir Gneushev) ÜÜÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ Ý3³ The features TRAP offers ³ ßßÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ - Compatibility - Security - Dumping prevention - Quickness - Reliability - Polymorphism ÜÜÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ Ý4³ TRAP resists these GenericUnpackers/Debuggers ³ ßßÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ û GTR 1.DF û CUP386 3.4 û ICEUNP 0.3.4 û AUP386 1.0 û IUP 0.6.4 û UNP (-T) û XO (-C) û TR 2.52 û LTR 1.0 û Winice, SoftIce, NTIce û Deglucker 0.04rc û Debug/CV/TD/TD386... *AND MUCH MORE* ÜÜÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ Ý5³ TRAP resists these dumpers/startupcode unpackers ³ ßßÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ û EDUMP I & II û BLASTWAVE û CRKCOM û DUMPCOM û DECAY05 û UPCOM.BAT (Debug) û UPCOMUX/COMDUMP û UNCOM û STNGCMD û DECOM û AUTOHACK I & II û TEU û ENTPACK û UPC û INTRUDER û DUMPEXE ÜÜÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ Ý6³ Optional switches ³ ßßÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ /B == In order to backup the file before protecting. /INFO == To get more infos about TRAP. /??? == Try to find the secret switchs. ÜÜÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ Ý7³ Working details ³ ßßÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ Executable format support : TRAP is an executable file protector for standard DOS executables only, NE, PE, LX or other OS depending formats can't be protected. The advanced DOS executable format called LE is in most cases operating with an extender to reduce the ammount of space loaded into main memory. If TRAP changes the size of such files the main code will not be found by the extender and exit with an error message. Filesize support : TRAP is able to protect .COM files with a size of 4 bytes till 65000 bytes. The .EXE support reaches from 32 bytes to 0.5 MB. Overlay handling : Files with overlay become completely encrypted, sometimes removing the overlay, protecting the file and then sticking the overlay onto the file again works nice with some files, otherwise, don't protect overlayd files. Additional info on the display mode : TRAP itself uses nonstandard ascii chars for displaying the box around the TRAP logo and information. If strange chars instead of an box appears when starting TRAP.EXE, you should remove "DEVICE=COUNTRY.SYS..." from your CONFIG.SYS. ÜÜÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ Ý8³ Engine information ³ ßßÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ [TME] - TRAP's Mutation Engine ADD,SUB, and XOR - combinations of any. Direct, load into register and manipulate, or load key into register and directly crypt. Based on the viCE05 by Virogen. Added were multiple layer, more random/multiple garbage, bug fixes and inbuild antidebugging. A second full mutated layer is still in progress because of too many unfixed bugs. Current version : 1.02 Compile date : 20.1.2000 [GDD] - Generic Dump Detection This is my patented detection engine which genericaly detects nearly all dumpers (via execute function 21,4B) without also detecting Windows 9X/NT/2K when no COMMAND.COM was loaded. This makes GDD to one of the most compatible/secure dumping detection system known to man. Or have you ever seen a generic dump detection which also works from Windows Explorer? Current version : 1.07 Compile date : 1.5.1999 [MMtE] - Mini Mutation Engine Slightly adapted from my big W32 MtE I've done for my PE project. Included is multiple operands, random garbage, random placing, random values. Current version : 1.00 Compile date : 19.1.2000 [SADD] - Self Anti Debugged Decryption TRAP uses the antidebugging within the decryptors which makes simply jumping over important antidebugging code impossible because the decryptor requires the antidebugging code to decrypt properly. You will soon notice that the decryptors are nearly impossible to be debugged from TR, CUP, DG and similar debuggers. Current version : 1.06 Compile date : 18.01.2000 ÜÜÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ Ý9³ Security against compatibility ³ ßßÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ Every executable protection system can be unpacked by experienced crackers with a manual unpack. Protectors are not written for beeing 100% hack-proof because this is impossible. Protectors are written to hold back automatic unpacking and to make manual unpacking difficult. However, protectors (should!) also be made nearly 100% compatible even to excotic computer systems because nobody likes to get a crash report of some one who used his protected program. TRAP is based on the fact that EVERY executable protection can be removed, which means that most of the time of coding it was used to assure a very compatible/stable protection system and not putting such big afford on doing a strong anti manual unpack envelope. Anyway, beginners and average people won't break it, try it yourself and tell me, how you liked it. ÜÜÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ÝA³ Contacting the author ³ ßßÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ Contact me for any sane or insane reason : 1. If you find any bugs. 2. If you just want to talk. 3. If you have anything interesting to say or talk about. 4. If you want to trade girls. :) Email to : ChristophG1@Hotmail.Com (A little bit of patience please) Or write to : Name : Christoph Gabler Street : Oberer Kmmelbergsweg 1 Area : 56567 Neuwied Country : Germany Via good old voice : National: 02631/57807 International: 0049 2631/57807 ÜÜÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ÝB³ TRAP compatibility testing ³ ßßÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ þ TRAPped files have been tested on the following CPU's without problems : 80386i/80486i/Pentium/Cyrix/AMD/AMD K6/AMD K6 2/Pentium II/Celeron þ And with the following memory managers : HIMEM.SYS/EMM386.EXE/QEMM 7.5/QEMM 8.0 þ And on the following operationsystems : DOS 6.2 & 6.22/Windows95 A & B/Windows98/PTSDOS/NT 4.0 ÜÜÚÄÄÄÄÄÄÄÄÄÄÄÄ¿ ÝC³ Disclaimer ³ ßßÀÄÄÄÄÄÄÄÄÄÄÄÄÙ TRAP is freeware. This means you are allowed to (if in unmodified state) copy, upload or spread the TRAP package in any form. TRAP 1.26 is (c)opyright 2000 by Christoph Gabler in germany. The author cannot guarantee the errorfree working due to the nature of the anti debugging code used by TRAP, altough the beta tester team has done its best to assure compatible working. Files protected with TRAP are free for commercial usage and for any spreading purpose. In case of unproper usage or any other kind of punishable offense, civil legal persecution will eccour. ÜÜÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ÝC³ Futur planning ³ ßßÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ - Relocation compression - Data compression - Making MtE II bug free ÜÜÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ÝE³ Greetings and thanx ³ ßßÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ Personal greetings go to : ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ -> LiuTaoTao, For the two damn nice debuggers. -> JauMingTseng, For the IceUnp source, xpack and email contact. -> MnemoniX, My personal coding god of the past - of course inactive too! -> Dr.No & Darkgrey, For IRC discussions and different things! -> Icepic, Hope to see you on IRC again. MK2... that were times. :) -> [AWO], Darthmouth '97, Blanes '98 and Korfu '99 Greets to everybody there! We had the best time. -> Vladimir Gneushev, For your great help! -> Jibz, for APack -> Markus & Laszlo, for UPX -> Elicz, EDump and the Filter's rule. -> MantiC0re, for SDW386 and emails. -> Yakko, for conversations and ideas. -> Lado, Your tracer is slow but very strong, hope to see a next version soon. -> Ding Boy, BW introduces an interesting dumping method. -> Zenix Yang, For FSE and the help with the MtE some time ago! -> The Rain, For the great work with PE-SCRAMBLE until now! -> Hendrix, GTR's tracing engine rox! -> You, Try to meet me on IRC, my nick: CHRiSTOPH Thanx fly out to : ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ -> Slayer, You are the "diabolus in musica" of the trash scene! -> Megadeth, For their great music and for the new album! -> Dismember, For making my neighbours ring on my door and for ruling so much! -> Signourney Weaver, Alien 4 kicked ass as expected. -> Kai Neitzert, Your TRAP homepage rules. (Add 3DFX support :) -> Public Enemy, For your help with the kosovo report and for beeing a good friend. -> The Cleric, For beeing a good friend and for all our conversations! -> Loren Zen, You are simply the best beta tester and friend one can wish! -> Iosco, For our email contact some time ago. -> Steve Perry, For writing such damn nice Aliens books! Stephany Perry, same job, nearly as great work! -> All betatesters of TRAP, Without your help I could not be able to make TRAP as compatible/good as it is! Always get the newest TRAP versions on the following pages : -[Home of TRAP]- WWW.THEPENTAGON.COM/TRAP -[SAC Download Page]- WWW.THEPENTAGON.COM/PROTECTORSPAGE -[Suddendischarge]- WWW.SUDDENDISCHARGE.COM -[Exe Mailing List]- WWW.EGROUPS.COM/LIST/EXELIST TRAP.DOC : 01.02.2000