ÄÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÄÄÄ ³ ³Ú¿ÚÄ UnPackStop v0.97 (c) by Szaszi ³ Ú¿Ú¿º ³ ³ÃÙÀ¿ E-mail: szabo30@iit.uni-miskolc.hu Å ³³ÃÙ³ ÀÄÙ³ ÄÙ ............................................... ÀÄÀÙ³ . ÄÍ[ Unregistered Freeware Version ]ÍÄ ÄÍ[ Contents ]ÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÄÄÄ ÄÍ[ Introduction ]ÍÄ.......................................ÄÍ[ Usage ]ÍÄ ÄÍ[ System requirements ]ÍÄ.............................ÄÍ[ Features ]ÍÄ ÄÍ[ Future versions ]ÍÄ..................................ÄÍ[ History ]ÍÄ ÄÍ[ (in)Compatibility ]ÍÄ.......................ÄÍ[ About the author ]ÍÄ ÄÍ[ To other protection tool's authors ]ÍÄ.............ÄÍ[ Greetings ]ÍÄ ÄÍ[ Introduction ]ÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÄÄÄ My english is not too good, but I hope you understand it. UnPackStop is a little tool, which protects your executables against generic unpackers and makes hacker's job harder ( I hope :) It's not an unhackable protection, but if you can't hack it, it may be better than your protection. ÄÍ[ Usage ]ÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÄÄÄ It's easy to use UPSTOP : UPSTOP [target] [/d] [/p] /d : disable the file size check /p : to prevent dumping ( maybe incompatible with shell type progs ) ( use this switch on PASCAL & C & .. compiled progs ) Examples : - UPSTOP ABC.EXE it creates ABC.UPS backup file and ABC.EXE protected file - UPSTOP ABC.EXE ABCP.EXE it creates ABCP.EXE protected file If the source file has overlays or it's a new-EXE you will get an error message. ÄÍ[ System requirements ]ÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÄÄÄ required: 80386 recommended : Pentium VI / 128Gb / 9Dfx / 9Tb / DVD / Gravis / 21" :) ÄÍ[ Features ]ÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÄÄÄ - various anti-debug tricks ( INT x, DRx and many other tricks ) - full EXE and COM encryption - random encryption keys - multiple layer encryption - polymorphic layer - checksums - generic dump prevention ÄÍ[ Future versions ]ÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÄÄÄ - better compatibility - overlay handling - decrease envelope size - /c switch : create COM type output ( if possible ) - /k switch : I don't know what will it do :) - polymorphic dump preventer - nice interface ;) ÄÍ[ History ]ÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÄÄÄ v0.9á : first public version ( released only in Hungary ) v0.91á : internal release v0.92á : - anti UPC code - advanced protection - "unhandled" invalid opcode trick v0.94 : - runs only on 386+ processors - fixed some bug - win '95 compatible - lame polymorphic layer - macrokiller ( wandering code ) - english DOC v0.94a : - bugfixed version - include UnPackMe v0.95 : - new DRx tricks to kick TEU, ENTPACK, UPC and similars - new tricks to kick TR, CUP386 /7 - increase polymorphic - increase wandering - remove some security hole - /d switch v0.96 : - remove some incompatible tricks - remove one backdoor - generic dump prevention ( /p switch ) - anti EDUMP code - anti LTR code v0.97 : - NT compatibility - better self checking - improve some old trick - anti DEUPS code ÄÍ[ (in)Compatibility ]ÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÄÄÄ Protected files work under ( for me ) : MS-DOS 6.22, EMM386, QEMM, Windows 3.11, Windows '98, OS/2 3.0, Windows NT 4 Protected file incompatible with : - generic unpackers - CUP386 v3.4 - IceUnP v0.1.5 - UPC v1.11 - GTR v1.C1 - ENTPACK - TEU v1.82 - and many other - debuggers ( if you are a lame cracker and just run under :) - SOFT-ICE - TR v2.52 - LTR v1.0 - and many other ÄÍ[ About the author ]ÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÄÄÄ Szaszi ( Szab¢ L szl¢ ), 21 ( and half ) years old E-mail : szaszi@elender.hu HomePage : http://www.elender.hu/~szaszi You should contact me : - if you can hack the protection - if you write an UPSTOP remover - if you find a bug - if you have any idea to make it better - if you want more information about UPSTOP - if you release a protected program ( you should send me a registered version ) - if you think UPSTOP is the best :) ÄÍ[ To other protection tool's authors ]ÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÄÄÄ I don't want to say : UPSTOP better than *STOP and ... I hope you think this :) I don't ( want to ) steal any code, I use only my tricks. ( Yes, I'm using INT1, INT3, DRx, stack,... tricks, but the method of using is my idea ). So if you find a trick which is similar with your trick, it's a chance ! ÄÍ[ Greetings ]ÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÄÄÄ [ZeNiX] of pCE '98 - for your help [eGIS!] of pCE '98 - for UPSR v0.92 the author of CUP386 - for CUP386 JVP - for TEU v1.82 ( it recognize ( not unpack :) older UPSTOP versions ) Hanno - for the mailinglist Lord Caligo - for your web page MaX / MovSD - for the /d switch idea Ninja - hogy legyen mibe belek”tn”d BLIZZARD - for STARCRAFT LADO - for LTR and tricks ELICZ - for FILTERs and UPDUMP Vladimir Gneushev - for DEUPS ( msg: try again ... ) peoples who can't break the protection :) you for reading this dox and using UPSTOP and all UPSTOP user ÄÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÄÄÄ