[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
protor new direction
- To: exelist@yahoogroups.com
- Subject: protor new direction
- From: EddyHawk <quarsicon@...>
- Date: Sun, 25 Mar 2001 06:03:38 -0800 (PST)
Dear EXEList members,
DOS protector doesn't work anymore, but it's a pity to
let all accumulated
knowledge goes by. How if this skill is directed to
more useful program?
-debug/trace/unpack/dump/disasm/patch/forgery/virus
detection tricks
.use the smallest/most compatible/clean ones
they don't have to be strong
they won't refuse/halt under windows/linux/ os/2
/etc
so they won't crash many times, still stops lame
hack tools, but no longer
need to be frequently updated/fixed (frustating for
author of previous
protector)
[Inspired by ROSE's RECSmall]
.friendly mode: doesn't crash but simply warns
cracker that his attempt will
violate other's copyright :), for example:
-"I met Hendrix/UCF's GTR in the corner. Why? You
dissapointed me :(
I must quit then"
-"This is my software. This is my hard work. This is
my copyright. But
you won't listen. So go ahead with your Bugsy's
DumpEXE. Nuke my program
& I swear to nuke yours too :)"
[Inspired by EliCZ's ADFlt2A]
.protected executable will let the hack-tools running
if (owner-defined)
option is given, ex:
-"DeGlucker is detected. But you run me with
'-/-Let's Debug' option. So
I won't stop you & I won't exit. DeGlucker may
pass :)
-"You're such a bad boy. Plz don't FOTO me while I'm
naked :)"
.protected executable will unpack itself with
(owner-defined) option, ex:
-"You can run 'ThisProg.EXE
/-+IDon'tWantToSeeThisGarbage' to unpack
itself instead of running MSDOSDebug. It won't
work anyway :)"
-"EliCZ Dumper II + Win2K is great unpacker, but run
'This.Prog.EXE +--NaKeD' & see which one is faster
8-)"
[Inspired by VAG's NoAV]
.each user can specify his own switches to be built
on different executable
and write it in the doc (to show that the user as
the author of the program
doesn't want to hide anything (bad) in his program,
but make the switches
harder to be typed (like passphrase) to prevent easy
protection
removal with auto program like viruses, trojan or
hack tools)
-image check on disk & memory using SHA1, SHA1 value
needed for decryption,
decryption won't work without ADTs
.to detect virus/harmful modification
.to stop accidental corruption goes unnoticed
[Inspired by Gabler's TRAP]
-image crypt + mutation
.doesn't need to be very strong encryption with
multiple layers
.to stop advanced virus from simply removing the
loader
.to remove virus addition to executable image (like
AV shield)
[Inspired by Stonehead's MESS]
-independent exit routine
.protect program exit from nop the jump to exit
routine
-generic/heuristic built-in virus
self-remover/detector
[Inspired by ROSE's RECAV]
-check the minimum required (hard/soft)ware
.processor, (vga/sound) card, cd-rom
.os, os enhancer (4DOS), network, dos extender
.xms/ems driver, dpmi server
.mouse driver, ansi.sys, disk-caching utilities :)
.free (disk space/memory)
[Inspired by Warezak's Secure & SolarDiz's
EXE-Manager]
as tough asm coders, protor authors won't have
trouble to code smaller/
faster/better ware-checker than the protected
program author :)
then protected program author doesn't need to recode
ware-checker
-adding owner copyright/logo/help/release
information/etc to executable image
just in case the doc is lost
[Inspired by ROSE's HackStop & Geoff's Help(EXE/COM)]
-optionally acts like exe2txt converter to make the
executable immediately
sendable through email
[Inspired by Nide's COM2TXT]
Then, removing the protector will reduce the protected
program usefulness
The protector is required to improve the protected
program quality :))
BTW: this mail was previously sent to Stonehead
regards,
eddyhawk
__________________________________________________
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail.
http://personal.mail.yahoo.com/