SuckStop
~~~~~~~~
        An impressive and short protector from KA0T.  There are more than
        five versions availiable: Most of them have the ASCII remark
        "SuckStop 1.00 by DOSE" ...  Unprot can detect and patch in this
        version only the first versions (499/618/???).

        The third version is a little bit polymorph encrypted. If I have
        the time I'll code an unpacker too. :-)

        My virus scanner finds the first two polymorph versions, saying
        the file is infected by a BWME/RME virus! This has been fixed in
        later versions!

        Meantime CUP 386/3.0b with the option /7 can unpack SuckStop
        version 1-4. Due to this fact Ka0t as released a new version with
        386 anti-debugger code.

        Due to the fact SuckStop disables the keyboard and the inline code
        for enableing the keyboard under TP doesn't work, it's recommended
        to use the supplied batch file _UNSSOLD.BAT which automaticly calls
        KEYB_ON.COM. The protector is only unencrypted and the antidebugging
        code overNOPed. So afterwards you can unpack the file with an
        generic (tracing) unpacker. This is done 'cause I'm a lazy bone!

        Here I have discovered an interesting bug in allmost all generic
        unpackers: None of them is unable to unpack the patched file
        except TRON! Why: SuckStop doesn't use a jmp far xxxx:yyyy to
        return control back to the host. Instead push seg, push offset,
        retf instructions are used. It seams that

                unp t   (4.12á)
                tsup    (1.6)
                uup     (1.4)
                cup     (1.2 + 386/3.0b)

        are waiting to reach the jmp far instruction thus running the
        program or stoping with the first interrupt call... so you must
        use tron...

        From SuckStop I have meanwhile about 10 different versions, the
        latest are CUP 3.2 aware!

        To unpack some of the registered version of SuckStop use unSS now!