Protection ID v0.6.3.5 Public DECEMBER 2009

protectionid

Protection ID v6.3.5 – 2009.12.24
hello folks!

we are proud to present you the next and most up2date version of protection id.

it was about time to bring this to the public, as the last version was released back in march.

during development of this version we ported it over to MASM v10,

using the latest compiler & linker available at the moment.

this version of pid features highly optimized scanning routines, resulting in very fast detections smile

i.e. a 2 GB setup.exe in processed in less then 1 second (smart mode kicks in).

we tweaked nearly all scans to benefit from our new procs.

core additions / changes

– new: compiled using masm v10 compiler & linker

– new: added in new and optimized scanning routines

– new: protection id is now able to scan inside msi files

– new: clean temp tool (Extensions -> Clean Temp)

– new: added in our own fast internal zlib decompresion routines

– new: compiler detector updated to detect:

– more Visual C++

– appended flash files

– Power Basic

– Watcom C/C++

– MinGW

– GoASM

update: reporting part on file type, now reports bitness & file subsystem

– update: added in recovery system – if a crash happens when scanning a file/cd/dvd and the crash is in the scanning thread,

the seh system will ‘recover’ the crash, skipping all other scan modules and simply clean things up.

So a crash when scanning does NOT take protection id down (the crash is reported to the log)

– update: windows error code resolver dialog got a face lift and some added functionality

– update: initial modification to report cpu usage on ALL available cores

– update: shortcuts are now not made if pid is run from a removable drive

– update: added in reporting for uac setting in vista or higher
– update: scan size threshold increased to 50mb

– update: added in the nfo association configuration

– update: compiler detection enabled by default now

– update: adjusted the way the systray worked
– double left click on the pid icon will cause the pid window to be shown / hidden
– right click on the pid icon will cause the right click systray context menu to appear
– bugfix: cab file handler bug fixed
– bugfix: scan file on cd/dvd did not work

– bugfix: fix for shortcuts getting fucked

– bugfix: fixed bug in the seh system, which lead to a crash
– bugfix: file queue stuff (pause, remove, clear all) fully operational again
– bugfix: logic fix, checking section count could technically be wrong if exe was x64

– bugfix: selecting scan folder 2x resulted in it messing up
– bugfix: minor adjustment to avoid closing an invalid handle

– bugfix: fixed output bug on small files

– bugfix: fixed a possible win9x issue

– bugfix: minor gui fixes

detection additions / changes
– new: check_activemark.asm – added exact version detection & more detailed output for v4, v5 & v6 of ActiveMark

– new: check_byteshield.asm – ByteShield detection got heavily updated, now it contains a lot extra more info

– new: check_ea_custom.asm – added in detection for EA Custom Protection (used in The Sims 3)
– new: check_gameguard.asm – GameGuard Launcher Module & it’s version got reported

– new: check_hackshield.asm – AhnLab HackShield detection added
– new: check_impulse.asm – Impulse DRM (+ core module) detection added

– new: check_protectdisc.asm – added in new versions: v9.11.0, v9.20.0, v9.25.0 & latest v9.26.0
– new: check_protectdisc.asm – added in detection of how many trial days a Protect Disc exe is allowed to run
– new: check_safedisc.asm – updated to detect clcd32.dll, dplayerx.dll, drvmgt.dll from old safedisc 1 games

– new: check_secureebook.asm – added in Secure eBook Wrapper detection

– new: check_securom.asm – added SecuROM DFA v1 and v2 detection

– new: check_securom.asm – added SecuROM 7 dfa.dll detection
– new: check_securom.asm – added detection for SecuROM 5 and 4 (or lower) dll modules (cms*.dll sintf*.dll)
– new: check_solidshield.asm – added in Tages Setup version detection in solidshield core.dll (if found)

– new: check_solidshield.asm – SolidShield wrapped dlls will be detected now

– new: check_starforce.asm – added in detection of StarForceFileSystem containers (SFFS)

– new: check_steam.asm – added in detection of the Steam Client API Module & report Steam api usage in exe

– new: check_themida.asm – updated to show watermarking on some versions

– new: check_playfirst.asm – added in detection of the Playfirst Game Library

– new: check_playrixwrapper.asm – added Playrix Game Wrapper detection

– new: check_reflexivearcade.asm – added in detection of build 177 & build 178 of the ReflexiveArcade Wrapper

– new: check_robingameswrapper.asm – added in Robin Games Wrapper detection

– new: check_spintop.asm – added SpinTop DRM Module detection

– new: check_mfortress.asm – added MegaFortress detection

– new: check_upx.asm – added in more informative upx info

– new: check_aase.asm – added Aase detection

– new: check_adnexeprotector.asm – added ADN Exe Protector v0.5 detection

– new: check_aliencryptor.asm – added Alien Cryptor v1.0 detection

– new: check_armadillo.asm – added Armadillo v6.40 and v6.60 – v7.00 (or newer) detection
– new: check_aspack.asm – added ASPack v2.2 detection
– new: check_asprotect.asm – added ASProtect v1.4 build 04.01 Beta detection

– new: check_aurastompercrypter.asm – added AuraStomper Crypter detection

– new: check_babelobfuscator.asm – Babel .Net Obfuscator detection added

– new: check_blindspot.asm – BlindSpot File Binder v1.0 detection added

– new: check_deepseaobfuscator.asm – added in DeepSea .Net Obfuscator detection

– new: check_dotfixniceprotect.asm – added version detection for v1.0 – v2.x, v2.8 – v2.9, v3.0 – v3.6

– new: check_dotnetreactor.asm – added in detection of dotNET Reactor v4.0 (or newer)

– new: check_dsrfileprotector.asm – added dSR File Protector detection

– new: check_eprot.asm – added !EProt detection

– new: check_epprotector.asm – added EP Protector v0.1 detection

– new: check_fishnet.asm – added Fish.NET packer detection
– new: check_flyskysoftware.asm – added Fly Sky Software Custom Protector detection

– new: check_hackhoundbinder.asm – added in Hack Hound File Binder detection
– new: check_ionworxidentifier.asm – added Ionworx Identifier SDK Module detection
– new: check_leetcryptor.asm – added LeetCryptor v1 detection

– new: check_moleboxultra.asm – added in MoleBox Ultra v4.x detection

– new: check_pcguard.asm – added detection of latest PC-Guard v5.04

– new: check_alloy.asm – added PGWARE Alloy [generic] detection

– new: check_rdgpolypack.asm – added RDG PolyPack v1.1 detection

– new: check_simbioz.asm – added in SimbiOZ v2.1 detection

– new: check_skycrypt.asm – added in Sky Crypt v2.0 detection

– new: check_stultrapack2.asm – added ST Ultra Pack 2 v0.6s detection

– new: check_themisbinder.asm – added in Themis Binder v0.2 detection
– new: check_upack.asm – added detection of more detailed versions

– new: check_vprotect.asm – added VProtect detection

– new: check_zipworx.asm – added ZipWorx detection

– new: license_bentleyieg.asm – added Bentley IEG License Service detection

– new: license_crypkeysdk.asm – added CrypKey v7.0 (or newer) detection
– new: license_crypkeysdk.asm – added detection of the CrypKey License Service Installer

– new: license_desawarelicensing.asm – added Desaware Licensing System for .NET Module detection

– new: license_elicense.asm – now detecting on a dll it didn’t see before

– new: license_interlok.asm – updated to detect PACE InterLok System File
– new: license_reprise.asm – added Reprise License Manager detection

– new: license_sentinelrms.asm – added SafeNet Sentinel RMS v8.x detection

– new: dongle_hasp.asm – NetHASP Network Dongles are detected

– new: dongle_hasp.asm – added in detection of the Aladdin HASP SRM Run-time Environment Installer

– new: dongle_ilok.asm – added in iLok USB Hardware Dongle detection

– new: dongle_matrix.asm – added Matrix Dongle detection
– new. dongle_microdog.asm – added SafeNet MicroDog Driver installer detection

– new: dongle_sentinel.asm – added in detection of Rainbow NetSENTiNEL SUPER PRO Dongle

– new: dongle_syncrosoft.asm – added in SyncroSoft USB Dongle detection

– new: installer_advancedinstaller.asm – added Advanced Installer detection

– new: installer_autoplay_media_studio.asm – added Indigorose – AutoPlay Media Studio

– new: installer_bitrock.asm – added BitRock InstallBuilder Module detection
– new: installer_fenomen.asm – added Fenomen Downloader detection
– new: installer_gamehouse.asm – added GameHouse Installer detection

– new: installer_setupfactory.asm – added detection of Setup Factory v8.x modules
– new: installer_uharcsfx.asm – added UHARC SFX Archive detection

– improved: check_3plock.asm – added in another generic check

– improved: check_enigmaprotector – now detects on an Enigma version it didn’t ‘see’ before

– improved: check_hexalock.asm – optimized HexaLock detection

– improved: check_laserlok.asm – optimized Laserlok scanning speed

– improved: check_protectdisc.asm – tweaked output

– improved: check_safedisc.asm – optimized Safedisc v1 scanning speed

– improved: check_smarte.asm – added in two new checks

– improved: check_starforce.asm – improved scanning speed
– improved: check_steam.asm – updated detection on another steam variant on assassins creed and r6 vegas

– improved: check_tages.asm – improved detection of the Tages protection driver

– improved: check_vob.asm – added one more generic check

– improved: check_execryptor2.asm – code tweaked to reduce false positives

– improved: check_alawar.asm – scanning speed optimizations

– improved: check_elefunwrapper.asm – scanning speed optimizations & reports offset / size of virgin executable

– improved: check_popcapdrm.asm – scanning speed optimizations

– improved: check_reflexivearcade.asm – optimized ReflexiveArcade Wrapper detection

– improved: check_abccryptor.asm – added in a new check

– improved: check_armprotector.asm – added in one more generic check

– improved: check_asdpack.asm – scanning speed optimizations

– improved: check_aspack.asm – scanning speed improvements

– improved: check_asprotect.asm – tweaked version output

– improved: check_atreprotector.asm – added in another generic check

– improved: check_bambam.asm – added in two more checks to tighten detection

– improved: check_beria.asm – improved Beria detection

– improved: check_dalcrypt.asm – added in two new checks
– improved: check_dotfuscator.asm – optimized scanning speed

– improved: check_dotnetprotector.asm – optimized scanning speed

– improved: check_enigmaprotector.asm – added in another generic check
– improved: check_epprotector.asm – code adjusted, made faster

– improved: check_exestealth.asm – optimized scanning speed

– improved: check_ezip.asm – scanning speed optimizations

– improved: check_exestealth.asm – improved scanning speed

– improved: check_gieprotector.asm – optimised the signature scan

– improved: check_kkrunchy.asm – added in detections for old kkrunchy (2003)

– improved: check_mew5.asm – Mew 5 EXE Coder v0.1 detection tweaked

– improved: check_mpress.asm – mpress for dot.net – tweaked detection

– improved: check_mslrh.asm – added in two more generic checks)

– improved: check_mucruncher.asm – rewritten MuCruncher detection

– improved: check_mz0ope.asm – added in another check

– improved: check_nidhogg.asm – optimized Nidhogg scanning speed

– improved: check_packitbitch.asm – added in two new checks

– improved: check_polyene.asm – added in more generic checks for PolyEne

– improved: check_punisher.asm – added in three new checks
– improved: check_sevlock.asm – tweaked sevLock detection

– improved: check_simplepack.asm – now detects all the simplepack exe’s it didn’t detect before

– improved: check_softsentry.asm – added in more checks + optimized scanning speed

– improved: check_spicesnet.asm – added in another check

– improved: check_telock.asm – improved TeLock v1.0 detection

– improved: check_upack.asm – added more detailed version checks, tweaked some detections

– improved: check_upx.asm – fixed possible wrong detection

– improved: check_vbowatch.asm – updated with a better signature

– improved: check_visualprotect.asm – added in one more check

– improved: check_vmprotect.asm – now it detects on a dll it didn’t ‘see’ before

– improved: check_wildtangent.asm – scanning speed optimizations

– improved: check_wlcrypt.asm – optimized WL-Crypt detection

– improved: check_xprotector.asm – added in two heuristic checks

– improved: check_yzpack.asm – tweaked

– improved: dongle_hasphlenvelope.asm – now detects on wrapped sys files too

– improved: dongle_keylok2.asm – improved Key-Lok II Dongle scan speed

– improved: dongle_marx.asm – added in another check

– improved: dongle_sentinel.asm – detects Sentinel on x64 executables

– improved: dongle_wibu.asm – added in another check
– improved: minor tweaks for all license detections

– improved: license_crypkeyinstant.asm – improved scanning speed in files wrapped with CrypKey Instant
– improved: license_crypkeysdk.asm – updated / tweaked CrypKey detection

– improved: license_elicense.asm – improved eLicense scanning speed

– improved: license_haspsl.asm – speed up HASP SL Licensing System scans

– improved: license_interlok.asm – scan speed improvements + added in detection for another ‘variant’ of InterLok

– improved: license_ntitles.asm – scanning speed improvements

– improved: installer_akinstaller.asm – scanning speed optimizations

– improved: installer_clickteam.asm – improved generic detection

– improved: installer_createinstall.asm – scanning speed optimizations

– improved: installer_gkwaresfx.asm – improved generic detection

– improved: installer_patchwise.asm – now detects a module it didn´t ‘see’ before

– improved: installer_rarsfx.asm – updated to handle new winrar sfx

– misc: group_tags.asm – added some more tags

– bugfix: check_starforce.asm – fixed possible crashbug

– bugfix: check_dotnetguard.asm – fixed non register preservation

– bugfix: check_vmprotect.asm – fixed generic detection

– bugfix: check_forgot.asm – fixed non detection

– bugfix: check_quickpacknt.asm – fixed non-detection bug

– bugfix: check_shrinkwrap.asm – fixed non-detection bug

– bugfix: check_upx.asm – fixed a possible wrong detection

CD/DVD/Image file/sector scan

– added in SecuROM v7.40 (or newer) detection via sector scan

– some more updates on the iso making code, and the cddvd_api core

– tweaking the cd/dvd dialog portion, now detects and reports errors better, along with better sector calculations

(will now abort if it detects a css encrypted sector when making an iso)

Protection ID v6.2.3 – 2009.03.28

– bugfix: check_starforce.asm – starforce ‘crap output’ bug fixed

– update feature – updated to show version number on update as well, instead of some ‘strange’ number

Protection ID v6.2.2 – 2009.03.27

core additions / changes

– new: incorporated PEiD / PE Tools database usage

-> additionally displays the protection found via the userdatabases

-> peid database is expected to be in the same folder as protection id

and should be called peid_database.txt

-> petools database is expected to be in the same folder as protection id

and should be called petools_signs.txt

– enable/disable: go to Configuration -> Allowed Scanning Types -> peid / petools (3rd party scan)

– once enabled you can browse the signature files when

clicking the ‘Extensions’ tab (second icon from the bottom right)

– note: in cases of multiple hits, the highest probability is automatically figured out and reported

– new: work on compiler detection began

-> The compiler detection simply reports what compiler was used to make

the executable, It can also sometimes report the programming language

the executable was made with.

current detections: dotnet, visual basic & visual basic.net, some visual c/c++, borland c++, delphi

enable/disable: Configuration -> Allowed Scanning Types -> Enable Compiler Detection Scan

– new: tooltip preview (configurable option in the settings – under the gui portion)

– new: added in drive type reporting in the misc tools section

– new: added in option in configuration to dedicate 1 cpu to scanning core (if multiple cpu’s are found on the system)

– new: added in little pause/resume button in the main dialog (green circle when you load pid)

– new: added in activity reporting on hdd reads, pid is so quick though, you may not notice it,

but on large files, its useful because its an indicator pid is doing something

– update: turned on scan inside microsoft cab files as default

– update: added more informative comments into pe stuff

– update: file queue now reports the amount of files it has processed

– update: updated detection routine to report dll compiled in native mode

– update: folderwatch cleanup now works and reporting is handled correctly

– update: updated version info core to handle ‘strange’ exes with fucked version info,

or version information that version.dll does not ‘see’

– update: fixed some imports so that pid now loads on windows nt 4.0 (and probably 3.x)

without the system throwing an import missing error and exiting the process

– update: services now disables itself if the os is 9x/me (9x/me doesnt have ‘services’)

shares also disables itself if the os is 9x/me (api not present in these os’es)

– update: gui -> cd/dvd tools and the folderwatch buttons are now automatically disabled if

the operating system is windows 9x/me (ie: less than windows 2000)

– update: folder location shell32 output now made 9x/me compliant(old comctl32.dll listview issue)

– update: added in minimize to systray if its set in the configuration

if set, pid will minimize itself when its loaded for the first time

– update: added in another handler for smbios, its quicker, but only available in vista or higher

– update: windows product key updated code, now should be good for all windows versions except nt 4.0

– update: windows product key is now also reported for 9x/me

– update: updated code so that windows 95, windows nt 3.x and nt 4.x do NOT have ownerdrawn menus
(95 couldn’t handle them properly anyway, and nt 3/4 had issues too)

– update: added battery reporting into misc tool window

– update: dep reporting done in misc tools information section

– update: fixed icons in 9x looking too big (now pid looks the same in 98, me, 2k, xp, vista)

– update: pause / resume is now properly functional

– update: added in pause checking into the cab file handler

– update: progress bar resets once scan is complete

– update: added in animated rect for sizing (work in progress)

– update: added tooltip to sizer window

– bugfix: fixed 9x/me crash (bsod) issue in petools stuff

– bugfix: fixed crash issue when viewing reloc information on some x64 files

– bugfix: silent exit / crash issue fixed in win2000 server

– bugfix: fixed position saving bug (reported by Blazkowicz)

– bugfix: fixed os detecton (win nt was detected as 2000)

– bugfix: fixed the strange drag -> drop, file added to queue but scanning not started bug

– bugfix: fix for buffer overrun error when saving a protection log containing lots and lots of files

– bugfix: folderwatch – fixed crash when trying to add more than 2 folders

– bugfix: dirty buffer used in folderwatch reporting code

– bugfix: 9x sizing issue fixed

– bugfix: fixed some problems with windows 95 original (before 95a, 95b and 95c…) where the versioninfoex struct

is expected to be a different size, this resulted in a failure in detecting the operating system

– bugfix: various other tweaks & fixes…

detection additions / changes

– new: check_protectdisc.asm – added ProtectDisc v9.5.0 detection & detection of ProtectDisc drivers

– new: check_byteshield.asm – added ByteShield Software Activation Client detection

– new: check_safedisc.asm – now also detects Safedisc 1 icd file as being protected &secdrv.sys

– new: check_tages.asm – code updated to detect Tages protection drivers

– new: check_armadillo.asm – added Armadillo v6.24 (or newer) detection

– new: check_pcguard.asm – added PC Guard v5.03 detection

– new: check_themida.asm – added detection for Themida / Winlicense with Hide PE Scanner Option

– new: check_asprotect.asm – added exact detection of ASProtect v2.3 Build 05.14 & ASProtect v1.40 Build 11.20

– new: check_privateexe.asm – added Private EXE Protector v3.0 (or newer) detection

– new: check_stardock.asm – added Stardock Product Activation Module detection

– new: check_reflexivearcade.asm – added ReflexiveArcade Wrapper – Build 171 and newer detection

– new: check_realarcade_drm.asm – added in RealArcade DRM Module detection

– new: check_popcapdrm.asm – added PopCap DRM Protect detection

– new: check_elefunwrapper.asm – added Elefun Trial Game Wrapper detection

– new: check_playfirst.asm – added PlayFirst DRM Module detection

– new: check_oberonmediatime.asm – added detection for Oberon Media Time Protection Module

– new: check_wildtangent.asm – added detection of the Wild Tangent Wrapper v2.1.2.26 (or newer)

– new: check_dotnetreactor.asm – added .Net Reactor v3.x Library mode (+ Necrobit) detection

– new: check_macrobjectnet.asm – added Macrobject Obfuscator.NET 2008 detection

– new: check_noobyprotect.asm – added NoobyProtect v1.0.x.x and v1.1.x.x – v1.4.x.x.

– new: check_spicesnet.asm – added Spices.Net Obfuscator detection

– new: check_pegasyscustom.asm – added PEGASYS Custom Layer detection

– new: check_serialshield.asm – added Ionworx SerialShield Core.dll & it´s version detection

– new: check_dotnetguard.asm – added detection of the DotNet Guard HVM Runtime Library Module

– new: check_eakey.asm – added in EA Key Module detection

– new: check_sevlock.asm – added sevLock detection

– new: check_asscrypter.asm – added ass – crypter detection

– new: check_billarcrypter.asm – added Billar Crypter v2.0 detection

– new: check_bitfrostcrypter.asm – added Bifrost Crypter v1 detection

– new: check_cigicigi.asm – added Cigicigi File Crypter v1.0 detection

– new: check_cryptdmarnar.asm – added Crypt Dmar Nar v0.5 detection

– new: check_darkavengard.asm – added DarkAvengard Crypter detection

– new: check_dexcrypt.asm – added DeX-Crypt v2.0 detection

– new: check_dirtycrypt0r.asm – added DirTy CrYpt0r detection

– new: check_dhcripter.asm – added DH Cripter v0.1 detection

– new: check_etcv.asm – added ETCV v1.0 detection

– new: check_fishpacker.asm – added FishPacker v1.03 & v1.04 detection

– new: check_flashbackscrambler.asm – added Flashback Scrambler v1.3.x detection (all 3 modes :-))

– new: check_idapplicationprotector.asm – added ID Application Protector v1.2 detection

– new: check_freecryptor.asm – added FreeCryptor v0.3b Build 3 detection

– new: check_gentlemancrypter.asm – added Gentlemen Crypter v1 detection

– new: check_gkripto.asm – added GKripto v1.0 detection

– new: check_haccrewcrypter.asm – added Hac-Crew Crypter detection

– new: check_hipacryp.asm – added HipACryp v0.0.1 detection

– new: check_icrypt.asm – added ICrypt v1.0 detection

– new: check_keycrypter.asm – added KeyCrypter detection

– new: check_lordcrypter.asm – added L0rD Crypter v1.0 detection

– new: check_maskpe.asm – added MaskPE v2.0 detection

– new: check_ncode.asm – added N-Code v0.2 detection

– new: check_nidhogg.asm – added Nidhogg v1.0 Final, v1.1 Beta 1 and [unknown version] detection

– new: check_novacipher.asm – added NovaCipher 1.0 Beta detection

– new: check_npack.asm – added nPack v2.0.100.2008 detection

– new: check_pfecx.asm – added PFE CX v0.1 detection

– new: check_poherna.asm – added Pohernah v1.02, v1.03 & v1.07 detection

– new: check_pokescrambler.asm – p0ke Scrambler v1.2 detection added

– new: check_rdgtejoncrypter.asm – added RDG Tejon Crypter v0.6, v0.7 & v0.8 detection

– new: check_rewolfdllpackager.asm – added ReWolf DLLPackager v1.0 detection

– new: check_roguepack.asm – added RoguePack v4.1 detection

– new: check_scancryptic.asm – added ScanCryptic v2.0 detection

– new: check_securepe.asm – added SecurePE v1.6 detection

– new: check_supercrypt.asm – added Super Crypt v1.0 detection

– new: check_tgrcrypter.asm – added TGR Crypter v1.0 detection

– new: check_vegancrypter.asm – added Vegan-Crypter v0.7 detection

– new: check_yokohcrypter.asm – added Yokoh Crypter v1.3 detection

– new: license_adobelm.asm – Adobe Systems License Manager Module detection added

– new: license_deploylx.asm – added DeployLX Licensing for DotNet detection

– new: license_esellerate.asm – added eSellerate Activation System Core Module detection

– new: license_infralution.asm – Infralution Licensing System for DotNET detection added

– new: license_isquicklicense.asm – added Interactive Studios Quick License Manager detection

– new: license_mirage.asm – added detection for Mirage License Protector

– new: license_sentinelrms.asm – added SafeNet Sentinel RMS Core.dll detection

– new: license_xheolicensing.asm – added Xheo Licensing Module for DotNet detection

– new: dongle_biteboard.asm – added Bite-Board USB Dongle detection

– new: dongle_copylock.asm – added CopyLock Dongle detection

– new: dongle_marx.asm – MARX Crypto-BOX Dongle detection added

– new: dongle_rockey.asm – added Rockey2 / Rockey4 Dongle detection

– new: dongle_sentinel.asm – added detection of the NetSentinel Win32 Client DLL

– new: dongle_sentry.asm – added Sentry Hardware Lock detection

– new: dongle_wizzkey.asm – added Wizzkey Dongle detection

– new: installer_digital_river_downloader.asm – Digital River Download Manager detection

– new: installer_gpinstall.asm – added GP-Install Module detection

– new: installer_lymesfx.asm – added Lyme SFX Extractor Module detection

– new: installer_install_anywhere.asm – added InstallAnywhere detection

– new: installer_installshield.asm – added InstallShield v15 detection & Installshield PackageForTheWeb  Installers

– new: installer_lindersoftsetup.asm – added Lindersoft Setup Builder Module detection

– new: installer_omnisetup.asm – added Omni Setup Module detection

– new: installer_popcap.asm – added PopCap Installer detection

– new: installer_realarcade_downloader.asm – added RealArcade Download Manager detection

– new: installer_reflexive_arcade.asm – added Reflexive Arcade Install Wrapper detection

– new: installer_smart_install_maker.asm – added Smart InstallMaker detection

– new: installer_visual_patch.asm – added detection for Visual Patch Installer

– improved: check_starforce.asm

– updated to handle those strange starforce 5.60 exe’s that didn’t have version information

– updated to handle Gothic 3 Forsaken Gods (russian)

– improved: check_securom.asm – code updated to detect the drm dyn data module

– improved: check_protectdisc.asm – added one more older version (v7.7.0)

– improved: check_codelok.asm – scanning speed optimizations

– improved: check_sysiphus.asm – optimized detection & scanning speed

– improved: check_solidshield.asm – update for those strange exe’s and dll’s with no version information

– improved: check_themida.asm – better version detection (v1.8.2.0 – v1.9.5.0, v1.9.7.0 – v1.9.9.0,

v2.0.0.0 – v2.0.2.0, v2.0.3.0 – v2.0.4.0, v2.0.5.0 (or newer))

– improved: check_acprotect.asm – faster scanning results

– improved: check_armadillo.asm – armadillo detection code updated

– improved: check_asprotect.asm – rewritten for better version detection

– improved: check_xenocode.asm – tweaked detection

– improved: check_thinstall.asm – updated with another detection method for v3.207

– improved: check_upx.asm – fixed UPX detection code so it detects upx’ed dlls too

– improved: check_xprotector.asm – added in another check (this also fixed a possible wrong detection

of Themida / WinLicense protected DotNet executables)

– improved: check_vmprotect.asm – made more generic, adjusted version info output

– improved: check_andpakk2.asm – rewritten, additionally we exactly detect the 2 versions (v0.06 & v0.18) now

– improved: check_anslympacker.asm – rewritten

– improved: check_cicompress.asm – tweaked & optimised

– improved: check_exestealth.asm – added in one more generic check

– improved: check_mew10.asm – tweaked mew 10 detection

– improved: check_pebundle.asm – updated, now detects on an exe wich didn´t before

– improved: check_rdgtejoncrypter.asm – added in a more generic detection method

– improved: check_telock.asm – tweaked TeLock v0.96 detection

– improved: license_elicense.asm – completely rewritten (better v3.2 & v4.0 detection)

– improved: license_flexlm.asm – optimized detection & scanning speed

– improved: license_flexnet.asm – optimized detection & scanning speed

– improved: license_haspsl.asm – added another check for HASP SL

– improved: license_interlok.asm – added in one more generic check

– improved: license_salesagent.asm – optimized detection & scanning speed

– improved: license_sentinellm.asm – optimized

– improved: generic speed improvements in almost all license scans

– improved: dongle_keylok2.asm – updated KeyLok2 Dongle detection for better detection

– improved: generic speed improvements in all dongle scans

– improved: installer_7zip.asm – code updated, now detects an exe it never ‘saw’ before

– improved: installer_installaware.asm – updated to detect a custom version wich was un-detected before

– improved: installer_installshield.asm – installshield detection is now more generic and improved

– improved: installer_mscabsfx.asm – microsoft cab sfx format detection is now made better

– improved: installer_nullsoft.asm – updated to handle nullsoft sfx exe’s with the data in the resource section

– improved: installer_rarsfx.asm – WinRAR SFX detection updated

– improved: installer_zylomgames.asm – detection of another variant of Zylom Games Setup

– bugfix: fixed bug in Cactus Data Shield file scan (discovered by Blazkowicz on acrobat.dll)

– bugfix: check_obsidium.asm – bugfix in obsidium detection code

– bugfix: check_polyene.asm – fixed possible crashbug

– bugfix: installer_redshift.asm – fixed potential bug

2009.01.18

core additions / changes

– new: enabled the PE Stuff dialog (still in early stages)

– new: smbios reporting added (misc tools portion)

– update: pid entrypoint code optimised

– update: updated resizing core, and squashed a few bugs

– update: false positive with some anti virus programs is now fixed (gdata and avast)

– update: folderwatch, task manager, cd/dvd filter driver report, services report and folder

locations all have right click context menus allowing the data to be saved to file

– update: uninstaller code tweaked – various fixes on some entries that would not uninstall

– update: update portion is now tweaked, a bit better and more futureproof

– update: windows 7 is now detected right and everything is functional (we are windows 7 compatible)

– bugfix: gui issue when run from context menu (log window will be shown)

– bugfix: file open doing nothing bug fixed – happened on WinXP with no service packs

– bugfix: folderwatch – bugfix in window handler, could have caused a lockup in 9x/me systems

detection additions / changes

– new: check_protectdisc.asm – added ProtectDisc exact v9.0.0, v9.1.0 & v9.2.0 detection

– new: check_g4wl.asm – added Games for Windows Live detection (xlive)

– new: check_steam.asm – added Steam (basic stub) detection

– new: check_activemark.asm – added ActiveMARK v6.50.767 detection

– new: check_breakpointcrypter.asm – added Breakpoint Crypter v0.0.79 detection

– new: check_expressor.asm – added exPresor v1.6.1 (Pro) detection

– new: check_fearzcrypter.asm – added fEaRz Crypter v2.2.0 detection

– new: check_hellcrypter.asm – added HellCrypter v1 detection

– new: check_kratoscrypter.asm – added Kratos Crypter detection

– new: check_npack.asm – added nPack v1.1.800.2008 + unknown version detection

– new: check_obsidium.asm – added Obsidium v1.3.6.1 detection

– new: check_pespin.asm – added PeSpin v0.1 (x64) detection

– new: check_rdgpack.asm – added RDG Pack Lite Edition v0.4 detection

– new: check_roguepack.asm – added RoguePack v4.0 Beta 1 detection

– new: check_rlpack.asm – added RLPack v1.21 detection

– new: check_simplecrypter.asm – added Simpl3 CrYpT3R detection

– new: check_xcrypter.asm – added X-Crypter v2.01 detection

– new: check_zprotect.asm – added in *generic* ZProtect detection

– new: dongle_softdog.asm – added SoftDog Dongle detection

– update: check_protectdisc.asm – removed protection level output (basic/pro) when detecting v9

(this version is all ‘Pro’, no more ‘Basic’ v9 games)
– update: check_activemark.asm – ActiveMark v6.1.335 detection rewritten

(thx Nacho_dj for reporting a bug in American McGee’s Grimm Bundle)

CD/DVD/Image file/sector scan

– update: sector scan updated to handle various movie protections

(css/cpmm, cprm, aacs hddvd, aacs bd), this code is still in the experimental stage,

and needs testing, but seems to work smile

[I] Init cd/dvd sector scan for Drive O

[i] Detected CSS / CPMM Protection! (0x00000001)

[i] Region Lock Detected -> RegionBitMask: 00000002

[.] Region(s) allowed : 2 (Drive region will need to be changed, you have 2 changes remaining,

your current region is : 1)

– Scan Took : 0.828 Second(s)

– bugfix: fixed bug in cddvd sector scanning code (register got trashed) – not critical..

2008.12.23

core additions / changes

– new: width-RESIZEABLE main window

– new: user can now choose what protection scans to skip

– new: added in new configuration item allowing the user to specify if iso, ccd, mds

etc modules are to be treated as discs (and therby subject to a sector scan)

– new: ability to scan inside microsoft cab files has been implimented

– update: we are now v0.6.1.3

– update: faster scanning core smile

– update: configuration window has a new look

– update: better 64 bit file handling support added

– update: appended data detection tweaked a little

– update: now if pid is running and an exe is scanned from the context menu, the main

window will change to the log window (looks better.. suggested by loki)

– update: lnk file resolving is now complete, if user has selected to resolve links,

the system handles this all automatically

– update: window position is now centred if a previous window location was not recorded

– update: adjusted ia64/x64 vs. machine check portion of code (thx to teddy rogers)

– update: configuration – windows product key showing is now a configuration item

– update: configuration – now ‘themes’ and ‘flat mode’ can not be selected at the same time,

this is how it should be as themes override flatmode etc… so now only one can

be selected, and the other is ‘auto unselected’ (suggested by syk0)

– update: configuration – addedin code to enable/disable the ‘protection report bubble’

after a scan is completed

– update: Memory Optimiser – the progress bar should get to the start again when user

clicked on Optimize and Purge was successful

– update: Memory Optimiser – code heavily updated, to work in chunks (if largest size

requested is not available), so, end result – more reliable, faster and optimised

– update: misc tools – added in quick uninstall tab

– update: misc tools – added in CD/DVD Filter Driver scanner tab

– update: misc tools – added in Windows Error Code Resolver tab

– update: misc tools – added in CPU Info tab

– update: misc tools – added in windows directory in the system info output

– update: misc tools – added in Folder Locations scanner

– update: misc tools – system information window now reports graphic device names

(geforce, etc), username & computername and terminal services availability also reported

– update: misc tools – windows install date (from registry) is now reported in the misc tools

‘system info part’, windows install date (from folder) is now also reported.

– update: misc tools – tweaked x64 os detection code, so its a lot more reliable

– update: misc tools – windows product key reporting now also handles x64 systems

– update: nfo viewer – extra checking now added – zip, rar and mz executables will NOT be

displayed, instead, a warning message is displayed

– update: process view – added in check for terminate, dump, priority change..

if selected process is pid, the menu items are disabled (for safety and security)

– update: svf checking now reports current offset on the line when processing

– update: sfv processing now works with quoted filenames

– update: winspy – process name is now also reported (if we could obtain it.. )

– update: log window in cd/dvd operations now has a context menu, allowing for…

clear log

copy selection to clipboard

copy log to clipboard

save selection (txt)

save selection (csv)

save log (txt)

save log (csv)

– bugfix: admin reflection / reporting was incorrect on 9x/ME systems

– bugfix: ‘admin shield’ icon is now moved, it looked out of place if the other progress bars

showing cpu usage etc were turned off.. (reported by loki)

– bugfix: Export as .txt doesn’t work properly, only the first file does get saved

– bugfix: event bug fixed, which sometimes resulted in pid sticking at about 35% cpu

– bugfix: pause/resume in the queue window was sometimes wrong for the text (reported by r!co)

– bugfix: Fixed SFV bug – Click on make, don’t select any files and press abort.

You can’t use the complete SFV feature as it’s all greyed out (reported by Blazkowicz)

– bugfix: sfv output for large files (mb, gb etc) was VERY wrong, its since corrected

– bugfix: fixed ‘disappearing window’ problem

– bugfix: ‘large icons’ issue fixed in 9x

– bugfix: sfv – abort now works

– bugfix: sfv – output issue should be 110% fixed now (new buffering system used)

– bugfix: task manager -> potential stack bug fixed

– bugfix: configuration – shortcut creation was broken

– bugfix: nfo viewer – fixed potential memory leak on drag/drop

– bugfix: bug in the code checking for digital signatures (found by Blazkowicz)

code now performs a sanity check on accessed memory areas

detection additions / changes

– new: check_activemark.asm – added version detection for v6.3.562

– new: check_alawar.asm – added Alawar Try & Buy Activation detection

– new: check_hexalock.asm – added HexaLock Copy Protection detection

– new: check_protectdisc.asm – added more Protect DiSC v8 subversions

– new: check_securom.asm – added in detection for sll modules + SecuROM Matroschka Package

– new: check_acprotect.asm – added ACProtect v2.1, v2.1.1 and v2.1.2 detection

– new: check_angelscrypter.asm – added Angel’s Crypteur v0.2 detection

– new: check_antidote.asm – added AntiDote v1.4 SE detection

– new: check_armadillo.asm – added version detection v6.00 or newer

– new: check_atreprotector.asm – added AT4RE Protector v1.0 detection

– new: check_avlock.asm – added AVLock detection

– new: check_budcrypter.asm – added BUD Crypter detection

– new: check_coolcrypt.asm – added COOLcryptor 0.9 detection

– new: check_cryptwoz.asm – added CryptWOZ v1.0 detection

– new: check_darkcrypt.asm – added DarkCrypt v1.2 (Private Version) detection

– new: check_dcrypt.asm – added DCrypt Private v0.9b detection

– new: check_dotfixniceprotect.asm – added DotFix NiceProtect v1.0 detection

– new: check_dotnetreactor.asm – added dotNet Reactor v3.3 (or newer) detection

– new: check_enigmaprotector.asm – added version grabber for Enigma Protector

– new: check_execrypt.asm – added ExeCRyPT v1.0 [ReBirth] detection

– new: check_exefog.asm – added EXEFog v1.1 detection

– new: check_exewrapper.asm – added ExeWrapper v3.0 (533Soft) detection

– new: check_expressor.asm – added ExPressor v1.6 detection

– new: check_fakuscrypter.asm – added Fakus Crypter detection

– new: check_fastfilecrypt.asm – added FastFileCrypt v1.6 Public detection

– new: check_fatalzcrypt.asm – added Fatalz Crypt v2.14a detection

– new: check_flashbackprot.asm – added Flashback Protector v1.0 detection

– new: check_gieprotector.asm – added Gie Protector v0.2 detection

– new: check_imppacker.asm – added IMP-Packer v1.0 detection

– new: check_kcryptor.asm – added K!Cryptor v0.11 detection

– new: check_kgbcrypter.asm – added KGB Cypter v1.0a detection

– new: check_leetcryptor.asm – added 1337 Cryptor v2 detection

– new: check_lilithcrypter.asm – added Lilith Crypter detection

– new: check_maxtocode.asm – added MaxtoCode .Net Encryption detection

– new: check_minke.asm – added Minke v1.0.1 Executable Crypter detection

– new: check_moneycrypter.asm – added Money Crypter detection

– new: check_morphna.asm – added Morphna Beta 2 detection

– new: check_mortalteamcrypter.asm – added Mortal Team Crypter v2 detection

– new: check_mpress.asm – added MPRESS NET compressor detection

– new: check_mushroomcrypter.asm – added Mu$hr00M CryPtOR v1.0 detection

– new: check_nme.asm – added NME Executable Crypter v1.1 detection

– new: check_npack.asm – added nPack v1.1.500.2008 Beta detections

– new: check_obfuscatornet.asm – added Macrobject Obfuscator.NET detection

– new: check_privateexe.asm – added version detection for v2.00 – v2.25 and v2.30 – v2.70

– new: check_puricrypt.asm – added Puri Crypt v1.2 detection

– new: check_quickpacknt.asm – added QuickPack NT v0.1 detection

– new: check_rcryptor.asm – added RCryptor v1.6d detection

– new: check_rdgpack.asm – added RDG Pack Lite Edition v0.2 detection

– new: check_rdgtejoncrypter.asm – added RDG Tejon Crypter v0.3 detection

– new: check_rlp.asm – added ReversingLabs Protector v0.7.4 beta detection

– new: check_rlpack.asm – added RLPack v1.20 detection

– new: check_roguepack.asm – added RoguePack v3.3 detection

– new: check_russiancryptor.asm – added Russian Cryptor v1.0 detection

– new: check_securepe.asm – added SecurePE v1.5 detection

– new: check_secureshade.asm – added Secure Shade v1.8 detection

– new: check_snoopcrypt.asm – added SnoopCrypt detection

– new: check_thinstall.asm – added THInstall detection

– new: check_tstcrypter.asm – added TsT Crypter detection

– new: check_undergroundcrypter.asm – added UndergroundCrypter v1.0 detection

– new: check_unlimitedcrypter.asm – added UnLimited Crypter v1.0 detection

– new: check_unopix.asm – added UnoPiX v0.94 detection

– new: check_upxlock.asm – added UPX Lock v1.01 – v1.02 detection

– new: check_weruscrypter.asm – added Werus Crypter v1.0 detection

– new: check_wildtangent.asm – added Wild Tangent v2.1 Activation detection

– new: check_windofcrypt.asm – added WindOfCrypt detection

– new: check_wingscrypt.asm – added Wingscrypt v2.0 detection

– new: check_winutilitiesexeprot.asm – added WinUtilities EXE Protector v2.1 detection

– new: check_wlcrypt.asm – added WL-Crypt v1.0 detection

– new: check_xenocode.asm – added XenoCode .NET protector detection

– new: check_xenocode.asm – added XenoCode Postbuild 2007 + 2008 for .NET detection

– new: check_xhackercryptor.asm – added xHacker Cryptor detection

– new: check_xshell.asm – added XShell v1.5 detection

– new: check_zprotect.asm – added ZProtect v1.4.3 detection

– new: check_zylomwrapper.asm – added Zylom Wrapper Crypted Game.exe detection

– new: license_nalpeiron_scan.asm – added Nalpeiron Licensing Service detection

– new: installer_install4y.asm – added Install4j Wizard Module detection

– new: installer_installshield.asm – added InstallShield v12 BETA Version detection

– new: installer_squeezesfx.asm – added Squeeze Self Extractor Module detection

– new: installer_trymediadownload.asm – added Trymedia Systems Download Manager detection

– new: msi and 7zip file type reporting is now done to the log window

(similar to the .rar, zip etc reporting)

– new: added in quick detection for starforce protected pdf file

– update: check_aspack.asm – added additional check for ASPack 2.x to avoid a false positive

when scanning a file wrapped by FlashBack with ASPack entrypoint signature

– update: check_codelok.asm – improved detection

– update: check_dotnetreactor.asm – some parts recoded to be more generic & faster

– update: check_execryptor2.asm – improved detection with heuristic checks

– update: check_laserlok.asm – updated to handle older (v3) versions of laserlok

– update: check_passlock2000.asm – improved detection

– update: check_reflexivearcade.asm – executables builds are now reported (if found)

– update: check_safedisc.asm – updated to detect safedisc lite

– update: check_securom.asm – updated to handle VERY old versions & updated to detect a modified paul.dll

– update: check_solidshield.asm – minor modifications, but results in better reporting

– update: check_starforce.asm – updated to handle the new variant (v5.5) and also report bitness of the exe

– update: check_sysiphus.asm – optimized detection

– update: check_themida.asm – updated to handle dll protected Themida files

– update: check_vmprotect.asm – added new generic detection code (catches now dlls we missed before)

– update: check_upx.asm – improved to be ‘more generic’

– update: check_vob.asm.asm – updated to handle older version (4 or less)

– update: dongle_guardant.asm – added reporting of old Guardant Dongle Protections

– update: dongle_hasphlenvelope.asm – improved detection

– update: license_sentinellm – improved for better detection

– update: installer_7zip.asm – improved detection

– bugfix: check_telock.asm – fixed v1.0 detection

– bugfix: check_yzpack.asm – fixed bug resulting in non detections

– bugfix: installer_installshield.asm – fixed possible non detections

CD/DVD/Image file/sector scan

– new: b6i image added into the supported file list

– new: added in ‘Extract Boot Sector’, now the boot sector from the cd/dvd can

be ‘extracted’ to a file.. for use with something else maybe smile

– new: cddvd_cactus.scan.asm – Cactus Audio detection added to file scan in cddvd module

– new: cddvd_protectdisc.scan.asm – added in sector scan module for protectdisc / protectcd

– update: if a disk is detected as being protected when making the iso,

the user will be prompted to continue or not

– update: sector stuff – updated handler to handle udf format disks

(BEA01 header instead of CD001)

– update: sector scan – tweaked sector scan for tages a little

– update: sector scan – tweaked the safedisc detection code

– update: sector scan – updated to now NOT stop if a sector 16 read failure happened

– update: sector scan – securom scan updated to handle version 4.x (and probably lower),

which used a different ‘fingerprint’ and some minor tweaks / fixes

– update: sector scan – starforce + starforce keyless scan was heavily updated..

reducing probability of false positives as well as catching some we missed before

– bugfix: sector scan – codelok scan fixed

2007.12.24

– update: version changed to 0.6.0.0 BETA XMAS 2007 PREVIEW

– update: pause/resume and event handing is now handled better, less ‘pausing’ in scans…

– bugfix: sfv tool – crcing large (>4gig) files bug issue is now fixed

– new: check_celsiuscrypter.asm – added Celsius Crypter v2.1 detection

– new: check_fearzcrypter.asm – added fEaRz Crypter v1.0 Beta 1 detection

– new: check_fishpeshield.asm – added FishPe Shield v2.0.1 detection

– new: check_marjinzscrambler.asm – added MarjinZ ScramblerSE detection

– new: check_sexecrypter.asm – added Sexe Crypter v1.1 detection

– new: check_thebestcryptor.asm – added The Best Cryptor [by FsK] detection

– new: check_unknowncrypter.asm – added unkOwn Crypter v1.0 detection

– update: check_securom.asm – updated for new paul version, code made more generic too

– bugfix: check_air_exelock.asm – fixed possible crashbug

– bugfix: check_cexe.asm – fixed possible crashbug

– bugfix: check_exeprotector.asm –  fixed possible crashbug

– bugfix: check_forgot.asm –  fixed possible crashbug

2007.11.28

– new: deferred window positioning system included into pid now depending on ‘demand’

– new: added in ‘export as csv’ and ‘export as txt’ into the context menu, allowing the protection report

(all of it.. not selections) to be exported to a file in 2 formats

– new: time added to the report

– new: added in an ‘eject cd/dvd’ menu item now, allowing eject to be done easily ;p

NOTE: This is ONLY available via right/left click on the systray icon…

It is also disabled on non NT based systems

– new: cd/dvd sector scan – added in ‘action’ code, where we can report even

unknown protection found on the disk by using a heuristic analysis.. smile

– new: check_protectdisc.asm

– added Protect DiSC v8.0.2 detection

– added Protect DiSC v8.0.4 detection

– added Protect DiSC v8.0.5 detection

– new: check_packitbitch.asm – added PackItBitch v1.0 detection

– new: check_pezip.asm – added PE Zip v1.0 detection

– new: check_smartassembly.asm – added {smartassembly} DotNet Obfuscator detection

– new: check_thunderbolt.asm – added Thunderbolt v0.0.2 detection

– new: check_ussr.asm – added USSR v0.31 detection

– new: check_vcrypt.asm – added VCrypt v0.9b detection

– new: check_xheocodeveil.asm – added XHEO CodeVeil generic, v1.2, v1.3 support

– new: check_xxpack.asm – added xxPack v0.1 detection

– new: installer_akinstaller.asm – added AKInstaller Module detection

– new: installer_zylomgames.asm – added Zylom Games Setup Module detection

– update: check_protectdisc.asm – heavily cleaned, lookup tables used, and better

output to the log and report window, code is also faster than before

– update: check_solidshield.asm – got a huge update, now it uses ade32 for processing of the

executable, and the code has been optimised a large bit, its faster and more accurate

now, and caters for ALL versions currently using a generic algo smile

– update: check_armadillo.asm – improved specific version check for v4.64 & v4.66

– update: check_execryptor2.asm – added exact version scanning in executables where

.code section is uncompressed

– update: check_rlpack.asm – optimised code

– update: installer_nullsoft.asm – updated to detect the latest NullSoft Installer Builds

– update: installer_rarsfx.asm – updated to detect newer versions of WinRAR SFX Archive

– update: installer_wise.asm – updated to detect newer versions of the Wise Installation Wizard

– update: installer_zupmakersfx.asm – updated to detect the latest UPX´ed versions

– update: version updated to v0.5.81.13

– update: suspicious mz checking is now a LOT more intelligent

– update: cosmetic – config window has capitalised letters for every word

– update: task manager – context menus have accellerators now

– update: cd/dvd sector scanning menu item is now DELETED if a non NT based system is found

– update: main menu -> eject cd/dvd got boosted, now we have a ‘load’ as well

allowing you to eject/load cd/dvd disks into the system from the systray…

(obviously requires hardware support, but most systems do it)

now people dont need shitty little systray programs to open/close their cd/dvd drives

pid does it… and much much much more… wheeeeeee ;p

– update: main menu -> eject cd/dvd + load cd/dvd got made multi threaded, because on ‘load’ the gui could

appear frozen, while the operating system reads cd/dvd to get toc and so on, which

does not look good, this way, it works and its responsive (main aim is, that regardless

of what pid is doing, the gui should always be responsive, so the user does not think it has hung…)

– update: sfv ‘keeps’ its dir for saving the sfv file so its saved in the same dir

– update: scratchpad – ctrl+a to select all is now implimented (requested by Blazkowicz),

this is now global for the other subclassed editboxes too….

– update: if window position is not recorded (or if its fucked), pid will start centred on the desktop

– update: cd/dvd sector scan is now toggleable, and does not require you to reload pid to set/unset it….

– update: deferred window positioning system included into pid now depending on ‘demand’

– bugfix: seh minidump – minidumps are now saved, there was a minor bug in the routine

(bad ptr) also for uac compatability, pid will save the dump file to the user folder

if creation in the local folder failed somehow

– bugfix: check sfv – gui might be wrong on big files / last output

– bugfix: memory optimiser – gui adjusted, check boxes were too close together

for some.. now they’re nicely spaced out…

– bugfix: cd/dvd sector scan code was somehow broken

– bugfix: disable inet access, do a right click and select ‘update’,

it will crash (reported by Blazkowicz) – fixed

– bugfix: output of a filename with an umlaut caused a crash (because seh data wasn’t there) – fixed

2007.10.14

– new: configuration option ‘supress cd/serial string reporting’ and ‘cd/dvd checks’

– new: added in smooth window transitions configuration setting, allows you

to choose if you want fast or smooth window changing

– new: added in -safe commandline to force pid to launch in safemode (where plugins etc

will not be loaded) registry will still be processed etc, but any bad data will be

reset, and plugins will not be loaded this allows the user to recover from fuckups.

current commandline list:

-auto -> loads pid with windows when it loads (auto start)

-cons -> starts pid in console mode (test purposes only)

-scdf -> scan drive/folder mode (additional params in commandline expected)

-sfvc -> checks sfv file (sfv filename expected to be an additional param in the commandline)

-scan -> scans file (filename expected to be an additional param in the commandline)

-safe -> impliments safe mode (action is not taken yet tho)

– new: pid reports if safemode is active in the log window

– new: check_protectdisc.asm

– added Protect DiSC v7.8.1 detection

– added Protect DiSC v8.0.0 detection

– added Protect DiSC v8.0.3 detection

– new: check_starforcedll.asm – added TradeName detection (Basic, Builder, Pro)

– new: check_sysiphus.asm – added Sysiphus DVD Copy Protection detection

– new: check_avercryptor.asm – added Aver Cryptor v1.00 & v1.02 Beta detection

– new: check_cryptic.asm – added Cryptic v2.0 detection

– new: check_exeevil.asm – added EXE Evil v1.0 detection

– new: check_fearzpacker.asm – added fEaRz Packer v0.3 detection

– new: check_mucruncher.asm – added MuCruncher detection

– new: check_netz.asm – added .NetZ detection

– new: check_obsidium.asm – added Obsidium v1.3.4.1 detection

– new: check_qryptor.asm – added QrYPt0r v1.0 detection

– new: check_rlpack.asm – added RLPack exact version detection for v1.16, v1.17, v1.18, v1.19

– new: check_shrinkwrap.asm – added Shrink Wrap v1.4 detection

– new: check_vpacker.asm – added VPacker v0.02.10 detection

– update: check_fsg.asm – minor improvements

– update: version number increased 5.75.12

– update: adjusted status window messaging system, its now on an interval,

result is that scans are much faster

– update: seh now reports thread that crashed too, along with its name….

handier for reporting, it also only reports scan previous/next etc if the

crash actually happened within the main scanning thread….

– update: started updating code for app verifier compliance

– update: app verifier presence reported in misc tools info output

– update: auto start with windows works (vista support soon)

– update: added detection for windows server 2008 (misc tools report)

– update: IsVista proc updated to handle for windows server 2008

– update: shortcut making system is operational. we can now make shortcuts

on desktop for pid, safe mode etc..

– update: more settings stored in registry – including current version of pid

– update: folder queue window supports drag and drop

– update: configuration auto enables/disables the ‘safe mode’ shortcut setting if

desktop shortcut is not checked… looks better

– update: suspicious mz reporting now tightened (also, possiblity of e_lfanew

being null and causing crash also fixed)

– update: adjusted drag and drop functionality for windows and sub windows

ie:  window currently shown is the ‘active’ drag/drop target, if you see the ‘+’ appear

on the cursor when dragging, the window supports drag/drop, if you see the ‘no’ sign

appear then it doesnt.. before dragging anything onto the pid window caused it to scan

the file… this behaviour has been changed… to have pid scan a file on drag/drop

you MUST have the log window open… otherwise it goes to the other handlers…

– update: check_ringprotech.asm – improved to detect more ‘versions’

– update: check_securom.asm – added SecuROM v7.02 detection with ‘double layer crypt’

– update: check_solidshield.asm – added support for newer versions

– update: installer_siliconrealms.asm – recoded detection

– bugfix: bugfix in configuration, due to a duplicate resource some settings were not saved correctly

– bugfix: bug in the system information (misc tools) ESI got corrupted, so memory output was crap

– bugfix: drag/drop issue fixed on log window (didnt go multi threaded for some odd reason…)

– bugfix: configuration, somehow the scanondemand setting on the registry was made as

a DWORD, but set as a bool leading to regedit reporting ‘invalid dword value’

– bugfix: bugfix in task manager – freesid called when allocateandinitializesid wasnt (leading to app verifier bitching)

– bugfix: check_asprotect.asm – fixed possible crashbug

2007.09.13

– new: added in experimental transparent mode for 2k or higher, where the button bar will

appear to be ‘split’ from the main window, and there will be transparency in the gap..

available as ‘button bar split’ in configuration, its enabled by default

(you can click thru it smile

– new: speech system integrated (speech isnt exactly perfect…)

configuration -> allow speech -> close pid and reload it (says hello 😉

speech system is threaded, so no wait until its finished talking

– new: protection report window now has a new option in its context menu

‘Open Command Prompt in location’, which (if selected) opens a command prompt console

in the directory where the file is located… quite useful

– new: icon added near pid caption in main window – it reflects the user level

– 4 color ‘shield’ – pid not running in admin mode

– green shield – pid running as admin

– new: check_armadillo.asm – added exact version detection for v3.50

– new: check_cdsss.asm – added CDS SS 1.0 Beta 1 detection

– new: check_kaspersky_pack.asm – added KasperSky Pack detection

– new: check_obsidium.asm – added Obsidium v1.3.2.2 detection

– new: check_poisenivy.asm – added Poisen Ivy Crypter v1 detection

– new: check_rlpack.asm – added RLPack [generic] detection

– new: check_securom.asm – now detects securom pa (paul.dll)

– new: dongle_guardant.asm – added Novex Guardant DONGLE detection

– new: installer_installaware.asm – added InstallAware Setup Module detection

– update: Task Manager – pressing the delete key in task manager now kills the selected process

(requested by Blazkowicz)

– update: update downloader automatically puts .rar extension now on saved downloaded updates

– update: scratch pad automatically puts .txt extension on saved files

– update: iso maker now has the .iso extension if the user doesnt type in .iso as

the extension and that the ‘auto filename’ thing is enabled in configuration

– update: taskmanger now has icons in the menus

– update: images/icons now loaded as shared – prevents resource leak due to duplication

– update: admin/non admin shield icons are now sized properly and recolored

– update: richedit in log window has had its flickering reduced, it can still flicker though

but the effect has been reduced

– update: scan files on cd/dvd has now been moved to a multi threaded code block, this

stops gui ‘freeze’ when selecting to scan files on cd/dvd

– update: added in uptime reporting to the misc tools window…

yes, it does handle > 49days too… (GetTickCount has a limitation of 49 days)

– update: misc tools – system information also now reports admin status

– update: edit boxes in update, scratch pad, host/ip resolver all now have an

ownerdrawn menu, similar to the log window menu, so our ‘look’ is now consistant

– update: editbox subclassing now has a ‘select all’ entry in the menu too, for this to be

enabled, the window MUST be the one with keyboard focus

– update: paste added to context menu, only available on the new editboxes, which are NOT set for readonly

– update: save portions from the menus, now also support the auto append filename (if set)

– update: minimize button, magnetic button, exit button, all are now iconized, topmost button

is now auto set to the right icon

– update: auto start with windows now enabled (registry key set now) with new commandline for pid (-auto)

– update: window minimizing is now a thing of the past, instead we intelligently handle the

window location and show/hide it (for -auto, we relocate off screen and hide,

then when show is selected, we move the window to the recorded coordinates

and then show…)

– update: right click context menu on edit boxes – save selection / save to log is now completed, works fine smile

– update: handle if window position recorded does not fit the current window regions

(force reset to centre) could happen if pid was running, user changed resolutions

to higher, moved pid, exited pid, switched resolution back, pid would appear off screen ;p

– update: sfv handler can now handle sfv files using the following ‘format’ for new line

0d0ah  (was handled before in previous versions)

0a0dh  (was handled before in previous versions)

0dh     (new)

0ah     (new)

– update: check_cdkey_and_serial.asm – added new string check ‘ActivationCode’

– update: check_solidshield.asm – recoded to detect SolidShield v1.8.3.0 (or newer)

– bugfix: msinfo button bug – program files\common files is translated differently

in other languages

– bugfix: sfv now properly handles the extension thing

– bugfix: tooltip for configurations were missing 1 tooltip

– bugfix: potential parse bug in commandline parser fixed (checked for space after -xxxxx)

– bugfix: winspy window looked AWFUL in vista, the group boxes text was centred

in the middle of the group window

– bugfix: fixed some resources in gui

– bugfix: new_pecode.asm – bugfixed in calculate_time_data proc

(months in system time start at 01 not 00)

– bugfix: new_pecode.asm.asm – issue in the get_real_module_name proc happened when the

export info from a packed file was attempted to be read… (reported by korn2006)

– bugfix: check_molebox.asm – optimized code (resulting in faster & more accurate detection)

– bugfix: check_vob.asm – fixed VOB Protect CD format output in Protection Report

– bugfix: installer_clickteam.asm – fixed bug causing possible wrong detections

2007.08.27

– new: configuration -> allow folder shredding

– new: configuration -> auto filename extension

– new: commandline availability for sfv checking (protection_id -sfvc sfvfilename.sfv)

– new: sfv association now incorporated into pid (context menu style, or double click)

note: when sfv is clicked, selecting ‘open with protection id’ will cause the sfv

file to be processed, when its loaded, checking begins automatically and active

pid window is also set to the sfv window..

– new: check_armadillo.asm

– added Armadillo version range detection for v2.xx – v3.xx,

v4.00 – v4.42, v4.44 – v4.62, v4.64 – v4.66, v5.00 – v5.02 in case the specific

version can´t be detected

– added more detailed version detection for v2.00 – v2.61, v3.00 – v3.10, v3.20,

v3.30 – v3.40, v3.50 – v3.61, v3.70, v3.75, v3.76, v3.78, v4.00 – v4.05,

v4.10 – v4.20, v4.30, v4.40, v4.40a, v4.40a Beta 2, v4.42, v4.44a Beta 1, v4.44a

– new: check_dotnetguard.asm – added DotNet Guard detection

– new: check_encryptpe.asm – added Encrypt PE v2.2006.10.1 detection

– new: check_kbys.asm – added KByS Packer v0.28 Beta detection

– new: check_orien.asm – added ORiEN v2.12 detection

– new: check_epexepack.asm – added EP (EXE Pack) detection

– new: check_simplepack.asm – added SimplePack v1.11 detection

– new: installer_installshield – added InstallShield v11 detection

– update: added in support for windows version dependant programs in the ‘misc tools’

– update: system information window in ‘misc tools’ reportedly opens another window in vista should now be fixed..

– update: button 7 on the misc tools (system info) should now show the right window in vista

(problem was caused by vista changing lots of things.. like parameters…)

– update: add new button in misc tools now disabled if the os is vista (vista doesnt use this system anymore)

– update: sfv file also has .sfv appended to its name if user did not enter .sfv when selecting the save filename

– update: added in…

add/remove programs

add new programs

add/remove windows components

set program access and defaults

windows security center (xp or higher)

control panel

Char(acter) Map

ClipBook

Help and Support Center

DirectX Diagnostics

Microsoft Paint

Notepad

Write

…to the ‘misc. tools’ window

– update: check_securom.asm – code updated to handle fucked files, and also report old (v4)

securom versions etc.. (v4.68.00 exe wasnt detected before)

– update: dongle_wibu.asm – improved generic detection

– bugfix: queue count in tooltip was wrong, always truncated to the 64th character

– bugfix: ‘rare’ screen flicker is now possibly fixed

– bugfix: fixed a potential bug in the shellexecute in the misc tools system for the system

components, the paths weren’t really qualified, leading to to a 50/50 on the

launching for add/remove programs etc..

– bugfix: potential memory leak in the browse for folder code

– bugfix: check_armadillo.asm – fixed bug in generic detection

– bugfix: check_molebox.asm – fixed non detection due a bug

– bugfix: check_protectdisc.asm – fixed crashbug for older v6.x to v7.1

2007.08.12

Note to WinXP [or higher] OS system users:

PID now does include Themes

– goto Configuration window

– enable ‘Allow Themes’ -> click ‘Apply’

– new: Protection ID is now signed with a certificate

– new: xp theme manifest added to resources

– new: theming enable/disable option now in settings

– new: core_code\themes.asm – themes are fully operational smile

– new: right click context menu for folders and drives implimented in registry stuff and core

(note: drive scan is file mode – NOT sector mode)

sector stuff is outdated and probably not used.. maybe we should drop it?

– new: check_armadillo.asm – added Armadillo v2.xx – v3.xx and v4.xx – v5.xx generic detection

and lots of specific version (still not all…)

– new: check_encryptpe.asm – added Encrypt PE v2.2007.4.11 detection

– new: check_intenium.asm – added INTENIUM Try & Buy detection

– new: check_mkfpack.asm – added mkfPack detection

– new: check_sixxpack.asm – added Sixxpack .Net Compressor detetion

– new: check_softwarecompress.asm – added Software Compress v1.4 detection

– new: check_yzpack.asm – added YZPack v1.1 & v1.2 detection

– update: version is now 0.5.45.07 BETA RC1 NON-DISTRO

– update: winspy portion done, its only reportative at the minute

– update: folderwatch – selected items can now be removed by pressing

the delete key (DEL) on the keyboard (suggested by Blazkowicz)

– update: task manager now has sortable button like column selectors

(feature isn´t done yet, atm its just proof of whats planned)

– update: protection report list now has more menu items… all implimented

– open location in explorer

– clear all

– clear selected

(items can also be removed now by pressing the DEL key)

– update: check_activemark.asm – updated detections of newer ActiveMARK wrapped exes

– update: check_armadillo.asdm – recoded, added one more generic Armadillo check

– update: license_haspsl.asm – optimized HASP SL detection

– bugfix: nfoview code, drag and drop of multiple files resulted in a crash (found by Muji-Fightr)

– bugfix: nfo viewer was black on black ;p somehow….was a dirty buffer (reported by muji-fghtr)

– bugfix: plugins should now unload properly if themes toggling is done

– bugfix: check_asdpack.asm – fixed possible crashbug

– bugfix: check_execryptor2.asm – fixed possible crashbug

– bugfix: check_gamehouse.asm – fixed crashbug when scanning MZ0oPE v1.0.6b protected files

– bugfix: check_molebox.asm – fixed possible crashbug

– bugfix: check_solidshield.asm – crash when scanning DLLs with Entrypoint 00h (reported by Blazkowicz)

– bugfix: check_softwarecompress.asm – fixed possible crashbug

– bugfix: check_vob.asm – fixed possible crashbug

– bugfix: installer_inno.asm – fixed possible crashbug

2007.08.03

– new: system info portion heavily updated, reports a lot more useful info smile

– new: task manager driver view now totally operational

– new: configuration – Scan during queuing (on demand)

– new: seh window now has minidump capabilities smile

– may only work in xp, depends on dbghelp.dll being present and having the right export

– seh window output bug also now fixed (wsprintf limitation)

– new: now we report the amount of scan modules in the about box

– new: check_abccryptor.asm – added ABC Crypt v1.0 detection

– new: check_andpakk2.asm – added ANDpakk2 detection

– new: check_asdpack.asm – added ASDPack v2 detection

– new: check_beroexepacker.asm – added BeRoEXEPacker v1.00 detection

– new: check_berio.asm – added Berio v1.0 detection

– new: check_copyminder.asm – added CopyMinder detection

– new: check_dalcrypt.asm – added DalKrypt v1.0 detection

– new: check_dotnetprotector.asm – added dotNet Protector v4 & v5 detection

– new: check_dotnetreactor.asm – added dotNet Reactor v2.0 – v2.9 & v3.0 – v3.2 detection

– new: check_enigmaprotector.asm – added Enigma Protector v1.14 & v1.16 detection

– new: check_exeshield.asm – added ExeShield v3.7 detection

– new: check_jdpack.asm – added JD Pack v2.00 detection

☆版权☆

* 网站名称:obaby@mars
* 网址:https://h4ck.org.cn/
* 个性:https://oba.by/
* 本文标题: 《Protection ID v0.6.3.5 Public DECEMBER 2009》
* 本文链接:https://h4ck.org.cn/2010/01/1050
* 短链接:https://oba.by/?p=1050
* 转载文章请标明文章来源,原文标题以及原文链接。请遵从 《署名-非商业性使用-相同方式共享 2.5 中国大陆 (CC BY-NC-SA 2.5 CN) 》许可协议。


猜你喜欢:

2 comments

  1. Level 1
    Internet Explorer 5 Internet Explorer 5 Windows 95 Windows 95 ru俄罗斯

    If you could e-mail me with a few suggestions on just how you made your blog look this excellent, I would be grateful.

    1. 公主 Queen 
      Opera 11 Opera 11 Windows 7 Windows 7 cn山东省济南市 电信

      just select a good theme ,then post as more as what u know ,that is all.lol

发表回复

您的电子邮箱地址不会被公开。 必填项已用*标注