----------------------------------------------------------------------- unROSE/386 (80386+, DOS 5.0+) ----------------------------------------------------------------------- An unpacker for some COM and EXE packers/protectors that are not supported by common unpackers like Tron 1.30, UNP 4.12 or X-Tract 1.51a Run unROSE to see a list of currently supported packers. ----------------------------------------------------------------------- Note on CryptLS --------------- When unpacking, you'll see a lot of tracing information that are needed for unpacking. If I omit these informations then the unpacker will hang (strange...). Tested with 1.15 (works well), 1.20 (seems to be buggy) and 1.21 (works well). WWPack + WWPMutator ------------------- WWPMutator is a program that can be used to fake WWPack unpackers by inserting an own startup code for WWPack. unROSE detects and unpacks the WWPMutator startup code. Currently those versions exists: - 1.00 adds "standard" startup code to WWPacked files - 1.10 uses an encrypted startup code using a poly engine - 1.10b bug fixed 1.10 with changed mutation engine Due to the fact that I am the author of different antivirus programs I have developed a correlation scanner I use to add detection of highly polymorph viruses to VirScan Plus. This scanner managed it to pick up (10 sec.) an constant search string for WWP-Mutator 1.10 - so for unROSE it's an easy job to detect this kind of "poly engine". To remove WWPack completely you must run unROSE twice: First run will remove the compression, the second run will remove the compressed relocation (PR). WWPack PU/Hard 3.04a and 3.05á5 can not be expanded. PU/Soft can be removed easyly. For this reason WWPMuta with WWPack 3.05á5 can not be removed (currently :). ProtEXE 2.11 ------------ Unpacks both versions: Shareware and Registered. The file size calculation is a little bit buggy, but who cares about it? Protect! -------- Currently unROSE can detect the versions 5.0, 5.5, 5.6 and 6.0 Unpackable are only versions 5.5 and 5.6 :) ComprEXE -------- COM & EXE packer found in the ProtEXE 3.11 package. I have added it to unrose, because the is currently no unpacker (besides generic unpackers) availiable. ----------------------------------------------------------------------- Please note that unROSE is a tracer thus sometimes tracing trough the code under the protector. This will result often in a removing of the compressor below the protector, just try it on the original PROTEXE.EXE file :) ----------------------------------------------------------------------- (C)opyright 1987-97 (ALL RIGHTS RESERVED!) ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿ ³ ROSE Softwareentwicklung ³Û ³ Dipl.-Ing. (FH) Ralph Roth ³Û ³ Finkenweg 24 ³Û ³ ³Û ³ D 78658 Zimmern o. R. ³Û ³ ³Û ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙÛ ßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßß Refer to the ROSEBBS.TXT file for PGP key, FAX, EMail address etc.