Title | Content |
---|---|
Title | ARM Protector |
Version | v0.1 |
Author | SMoKE |
Description |
Program: ARM Protector v0.1 (EXE Shield v0.8) Author: SMoKE Date: 2004 Code: Pure Win32 ASM (big part of loader coded with opcodes, i dont
Intro ~~~~- ARM Protector is a Windows Portable Executable (PE) file protector and cryptor against reverse engineering (cracking, debugging and other illegal modifications). It has some nice protection options (i'll keep adding them as much as i can) Protection Options ~~~~~~~~~~~~~~~~~~ - Anti Ring3 Debugger (Application Level) - Anti SoftIce and Monitoring Tools - Exit In Case Of Bad CRC - Erase API/DLL Name Strings (Destroy IT) - Anti API Breakpoint - Anti In-Loader API BPX (Prevent Unpack) - Anti In-Loader Code BPX - Anti Hardware Breakpoint - Password Protect
Default Options ~~~~~~~~~~~~~~- and there are some default options. that means they always present in protected executable, which makes loader code and whole protector more secure. here the some of them... + Every time even the same file is encrypted in different way. So there isn't standart en-decryption key/mechanism that one can use to attack this protector. + Code of in-mem loader is very confusing, thats make debugging and unpacking a bit harder. + As you can see there is no import table after protecting, and of course all gets emulated. + Even after raw dumping there won't be any protector code parts, loader deletes itself before passing execution to program, so attacker can't disasm decrypted loader's code and try to attack. + Advanced import related stuff random encryption i think thats enough for those who want to protect file with ARM Protector, more info is dangerous for security of the protector... debug it, if you need more infos hehe ;) To do... ~~~~~~~~ for now i think about this options to add... some anti tracing stuff... (theoretically i know what to do) softice detecting with interrupt gate and self-tracing... more advanced method to detect sice all this wont be hard to implement, i need only patience to do this... History ~~~~~~- v0.1 - now it called ARM Protector (ARMENIAN PROTECTOR)
v0.8 - now you can protect your executables with custom password,
v0.7 - added new, very advanced encryption mechanism for
v0.62 - fixed bug in Anti Ring3 Debugger option. Now protected
v0.61 - fixed bug with ordinal handling v0.6 - added new great option to fight against hardware
v0.5 - minor bug fix in Anti In-Loader Code BPX code v0.4 - finally i implemented Anti In-Loader Code BPX stuff, added
v0.3 - finally fixed problems with Anti Ring3 debugger option to
v0.3b - removed Erase PE Header (was very crappy and buggy) and added
v0.2b - fixed some bugs and added function to prevent double protecting v0.1b - first public release Bugs ~~~~ i guess there are no bugs atm... but still waitin for your bugreports, to make this project perfect :) Bug? - i can say only one thing atm, but thats not my fault, thats
SORRY ALL THOSE WHO IS STILL USING THIS M$ WINDOZE 2000 CRAPPPPPP ! Some InfoZ ~~~~~~~~~~ anyway ARM Protector tested only on Win98SE and WinXP, as you already know protected exes wont run on Win2000 (and you even know why :)) dunno about Win95, WinNT (4.0...), WinME and Win2003... but think that should work ok. If there is someone who tested on this OS, let me know... ABOUT PASSWORD PROTECTION ~~~~~~~~~~~~~~~~~~~~~~~~- why the program crashes when you enter wrong password instead just saying that ?...ok, i made that way coz of security reasons, so this way i dont keep good password, and program doesnt know about right password, it just decrypts program with password entered, so if it was wrong one, junk will be generated and program will crash... you can enter password of length 1 to 100 and i think thats enough. so now attacker can only do brute-force... hmm which is not very good method to unpack :) Thanx & Helloz ~~~~~~~~~~~~~~ s0nkite - thank you for testing on WinXP and tellin me some errors FlameGod - thanx for WinXP testings ScoRpIo - thanx for testing with a lotta compilers under WinXP pusher - thankyooz for holdin me up :-) AleksV - thank you for testing on Win2000 zombie - for telling me bug about bad ordinals handling, fixed now :) YOU - thank YOU for using this stuff... :) thats it for now... keep checking for the newer versions. P.S. for any advice, ideas, bugs and even if you can be good beta-tester feel free to contact me. smoke@freenet.am |
View: | 2082 |
Publish time |
6 years ago
2018-10-30 02:42:51
|
Download |
|
AcTioN |
|
Please login/register to Leave a Reply