Protection ID v0.6.3.5 Public DECEMBER 2009

protectionid

Protection ID v6.3.5 – 2009.12.24
hello folks!

we are proud to present you the next and most up2date version of protection id.

it was about time to bring this to the public, as the last version was released back in march.

during development of this version we ported it over to MASM v10,

using the latest compiler & linker available at the moment.

this version of pid features highly optimized scanning routines, resulting in very fast detections smile

i.e. a 2 GB setup.exe in processed in less then 1 second (smart mode kicks in).

we tweaked nearly all scans to benefit from our new procs.

Continue Reading

P32dasm.v2.6 Cracked

-+- P32Dasm 2.6 * Copyright (C) DARKER (SCF) 2oo9 -+-
==========================================================

P32Dasm is a VB PCode + Native code Decompiler. It can generate String, Numbers,
Objects, Import and Export function listing. There is also PCode Jump calculator.
You can set shortcut to your favorite hex editor for fast patching. I personally
prefer Hiew.

How to use it
=============
Load file by pressing F1, from command line or Drag and Drop.

Tips & Tricks
=============
– You can edit output by pressing button “Edit”. Now you can color interesting
sections, write yours comments, etc …
– For fast moving you can use Position manager. Set cursor to some position click
in Position manager to “Add” button and enter your description. Any time you
need fast jump to your location just doubleclick to your list.
– For VB Native code executables are generated only MSVBVM, External calls and
string references. Usefull for setting BPX, you don’t need search in debugger
where start some Command Button event etc …
– On BIG apps I don’t recommend use option “Use syntax highlight color” – it’s
slow, use normal mode
– If you still need syntax highlighting you can use included Syntax highlighting
for UltraEdit. Just add it to the end of original “wordfile.txt”.
– By some problems you can decompile only some parts with “Decompile from offset”
function. Experienced users only! or read below

Downloadlink:http://www.cracklab.ru/_dl2/centner/decompilers/p32dasm.v2.6.zip

Continue Reading

常见语言编写的exe入口点代码

Ddelphi:

55            PUSH EBP
8BEC          MOV EBP,ESP
83C4 F0       ADD ESP,-10
B8 A86F4B00   MOV EAX,PE.004B6FA8

VC++

55            PUSH EBP
8BEC          MOV EBP,ESP
83EC 44       SUB ESP,44
56            PUSH ESI

VB:

00401166  - FF25 6C104000   JMP DWORD PTR DS:[<&MSVBVM60.#100>]      ; MSVBVM60.ThunRTMain
0040116C >  68 147C4000     PUSH PACKME.00407C14
00401171    E8 F0FFFFFF     CALL <JMP.&MSVBVM60.#100>
00401176    0000            ADD BYTE PTR DS:[EAX],AL
00401178    0000            ADD BYTE PTR DS:[EAX],AL
0040117A    0000            ADD BYTE PTR DS:[EAX],AL
0040117C    3000            XOR BYTE PTR DS:[EAX],AL

BC++

0040163C > $ /EB 10         JMP SHORT BCLOCK.0040164E
0040163E     |66            DB 66                                    ;  CHAR 'f'
0040163F     |62            DB 62                                    ;  CHAR 'b'
00401640     |3A            DB 3A                                    ;  CHAR ':'
00401641     |43            DB 43                                    ;  CHAR 'C'
00401642     |2B            DB 2B                                    ;  CHAR '+'
00401643     |2B            DB 2B                                    ;  CHAR '+'
00401644     |48            DB 48                                    ;  CHAR 'H'
00401645     |4F            DB 4F                                    ;  CHAR 'O'
00401646     |4F            DB 4F                                    ;  CHAR 'O'
00401647     |4B            DB 4B                                    ;  CHAR 'K'
00401648     |90            NOP
00401649     |E9            DB E9
0040164A   . |98E04E00      DD OFFSET BCLOCK.___CPPdebugHook
0040164E   > \A1 8BE04E00   MOV EAX,DWORD PTR DS:[4EE08B]
00401653   .  C1E0 02       SHL EAX,2
00401656   .  A3 8FE04E00   MOV DWORD PTR DS:[4EE08F],EAX
0040165B   .  52            PUSH EDX
0040165C   .  6A 00         PUSH 0                                   ; /pModule = NULL
0040165E   .  E8 DFBC0E00   CALL <JMP.&KERNEL32.GetModuleHandleA>    ; \GetModuleHandleA
00401663   .  8BD0          MOV EDX,EAX

Dasm:

00401000 >/$  6A 00         PUSH 0                                   ; /pModule = NULL
00401002  |.  E8 C50A0000   CALL <JMP.&KERNEL32.GetModuleHandleA>    ; \GetModuleHandleA
00401007  |.  A3 0C354000   MOV DWORD PTR DS:[40350C],EAX
0040100C  |.  E8 B50A0000   CALL <JMP.&KERNEL32.GetCommandLineA>     ; [GetCommandLineA
00401011  |.  A3 10354000   MOV DWORD PTR DS:[403510],EAX
00401016  |.  6A 0A         PUSH 0A                                  ; /Arg4 = 0000000A
00401018  |.  FF35 10354000 PUSH DWORD PTR DS:[403510]               ; |Arg3 = 00000000
0040101E  |.  6A 00         PUSH 0                                   ; |Arg2 = 00000000
00401020  |.  FF35 0C354000 PUSH DWORD PTR DS:[40350C]               ; |Arg1 = 00000000