vm for the masses - a vm compiler incl source
от автора:
hi,
i have attached the complete sourcecode of a working vm compiler. this compiler was used for the 'impossible crackme' - crackmes
i have also included a brief explanation of everything
please keep in mind that this vm underwent some major changes (read the impossible crackme threads), thats why parts of the code are messy and smelly
rapidshare.com/files/25706809/xm.zip

| Сообщение посчитали полезным:

> WinUtilities EXE Protector 2.1
если я не ошибаюсь к нему в нете даже кейген есть =]

-----
Shalom ebanats!

| Сообщение посчитали полезным:

Johnson Finger
Поставь бряк на VirtualAlloc посмотри у меня примерно по адр 008ХХХХХ точно уж не помню но увидишь
копируется в буфер файло пакованое упх вырежи его и запусти где нить в укромном месте

| Сообщение посчитали полезным:

Еще какое-то чудо ...
rapidshare.com/files/28216921/CryptX_1.0.rar.html
pass: cryptX

-----
Crack your mind, save the planet

| Сообщение посчитали полезным:

Забавный пакер MZ0oPE гадит хидер прикольно ;) в архиве оригинал и анпукнутый

b715_13.06.2007_CRACKLAB.rU.tgz - MZ0oPE.rar

| Сообщение посчитали полезным:

Вот нарыл джойнер от каких-то мегокулхацкерофф =)
hччp://ццц.rapidshare.ru/З14084
есть ещё и опция packing (Upack и всё тут =) ) ;)

-----
все багрепорты - в личные сообщения

| Сообщение посчитали полезным:

**************************************************
** eXPressor Executable File Compresor *****
**************************************************
by CGSoftLabs

v 1.1.0 beta [5 feb 2003]
-bound imports are loaded via GetProcAddress...so no bound is preserved ;p (4 the moment)
-icons (all 32x32) and file version are preserved when compressing resources;
-chunck check;eXPressor will ask to add extra data found at the end of the PE;
-multilevel packing support;this means that you can pack over and over the same exe!
-so it can pack PEs packed with other packers which support multilevel packing;(tested on upx,pebundle packed programs)
-this ver doesn't support IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG;
-the entire packed PE structure is compressed now into a big section at the beginning of the file;
-full resource directory rebuilder;it will rebase the .rsrc dir at a new VirtualAddress;
-added a small window to see progress status;compression is made in a separate thread;
-packed programs will run under win98 too;
-pfffeew...who said building a packer it's easy ?...

У кого древней?
spiritst.narod.ru/eXPressor.1.1.0.zip

-----
iNTERNATiONAL CoDE CReW

| Сообщение посчитали полезным:

Sixxpack V1.1


Home:
www.reversers.net/


Sixxpack is a .net executable file packer capable of reducing your compiled .net filesize by as much as 80%. Sixxpack also helps protect programs against reverse engineering by hackers. Programs compressed with Sixxpack are self-contained and run exactly as before, with no runtime performance penalties

Requirements:* Microsoft .Net Framework


Sixxpack uses the zlib compression library with a configurable compression level. The decompression routine is 15k in size

spiritst.narod.ru/Sixxpack.1.1.zip

-----
iNTERNATiONAL CoDE CReW

| Сообщение посчитали полезным:

Akala EXE Lock can protect any executable file from non-authorized execution. It asks each time the program is loaded the password you have set.
Akala EXE Lock is great for keeping people out of your personal stuff (locking Quicken so your kids can't snoop through your bank accounts) and for preventing unauthorized use of programs they weren't meant to touch. For example games on your computer or PIMS, etc.

www.zero2000.com/files/ael.zip

-----
iNTERNATiONAL CoDE CReW

| Сообщение посчитали полезным:

Всем известный JDPack
Версии 2. Решил выложить, т.к. нормальную двойку нигде не видел...

spiritst.narod.ru/JDPack.2.00.rar

-----
iNTERNATiONAL CoDE CReW

| Сообщение посчитали полезным:

EDCrypt 3.1


Description

---------------------------------------------------------------------- ----------
Softuarium EDCrypt is an ActiveX control performing following functions: - encrypts and decrypts text and files using symmetrical ciphers: BLOWFISH, CAST128, GOST, RC2, RIJNDAEL, TWOFISH - computes hashes (message digests) of text and files using hashing algorithms: ADLER32, CRC32, CRC32B, GOST, HAVAL128, HAVAL160, HAVAL192, HAVAL224, HAVAL256, MD2, MD4, MD5, RIPEMD128, RIPEMD160, SHA1, SHA256, SHA384, SHA512 - securely shreds files Help files and example projects in several languages are included in the package. EDCrypt is a stand-alone component. It does not require any other files to work. The control can be distributed royalty-free in an unlimited number of commercial applications.

Не совсем прот,конечно... Может кому и надо...или для колекции.

spiritst.narod.ru/edcrypt.3.1.zip

-----
iNTERNATiONAL CoDE CReW

| Сообщение посчитали полезным:

Description:
Are you losing sales to software pirates?
Stop using your obsolete software protections.
Code-Lock, an advanced, secure software protection system, will stop crackers in their tracks.
Code-Lock, featuring CodeSecure Technology for Visual Basic, C#, VB.NET and Delphi applications, has never been cracked.
It is time to keep crackers awake while you sleep in peace.


Code-Lock has been uncrackable for 5 years 10 months 11 days 5 hours 16 minutes and 46 seconds...
Code-Lock has users from around the world including Australia, Canada, France, Germany, India, Italy, Japan, Malaysia, Mexico, Netherlands, Romania, Singapore, South Africa, United Arab Emirates, UK and US!

See what they think of Code-Lock!


www.chosenbytes.com/download.php?id=1

has never been cracked.
Какая самоуверенность...

-----
iNTERNATiONAL CoDE CReW

| Сообщение посчитали полезным:

VBEXEObfuscator.2005.15.build 340


VBEXEObfuscator.2005.15.build 340

www.joryanick.com/vb-obfuscator.htm

jory's VB EXE Obfuscator

UPDATED AUGUST 15, 2005

have you had a look at your Visual Basic compiled projects in a hex editor?
are you aware that your object names are compiled directly into your exe's, dll's and ocx's?
are you giving away trade secrets
by just having your object names exposed?
don't sweat it..
my new VB EXE Obfuscator will...
wash them away!
yup, its true. And it's a snap to use too.
in this screen-shot I'm loading a compiled VB EXE project named 'np'.



look at the detected object names - isn't that nasty?
and this is a small project, there could be hundreds if not thousands of objects listed in there! Do you want to help others figure out how you've designed your software?

well have no fear! One pass through my whiz-bang obfuscator and...



Voila! Garbage !

Your application operates just as it did before
but without the potential security risk!

Your original binary is not modified
the obfuscated file is saved to the same directory with the extension "-OB"

Distribute your software SAFELY
rename the obfuscated file and sleep easy!

What does this cost to use?
nischt, nada, zip, zero, nuttin. That's 0$ people!

Why am I doing this?
i think this tool will benefit everyone that comes across it

How well does it work?
stellar! try it for yourself!

Are there limitations to the size of the source file?
files of any size can be obfuscated!

Can I use other protection software with obfuscated files?
absolutely!

What are the consequences of using this tool?
if used properly, there are none.
Make sure you TEST obfuscated files after each run!

How do you use this tool properly?
when you select a file (EXE, DLL or OCX) it will be processed and all object names will be listed in the 'object names' box. If you have not yet created a 'clusion' (*.clu) file for automated 'inclusion' or 'exclusion' of object names the application will ask you if you want to create one. a clusion file is required for command line use and will speed up interactive builds by quickly showing you what has changed since the previous build.

Using clusion files for automation
when you select Yes to "No clusion file was found for this application, do you want to create one?", this dialog appears beside the main interface



in this window you will cut and paste items from the object pool to the 'include list' or 'exclude list' boxes. Items that appear in the 'include list' will be obfuscated, and items that appear in the 'exclude list' will not be obfuscated. In addition to cut & paste, you also have two options:

the 'smart auto-include' feature will automatically scan the entire object pool for object names that conform to the VB standards (eg: lblLabel, mnuMenu, txtText, etc..) and automatically insert them in the include list.

in either list box (include or exclude) you may enter items with wildcards to specify a wide range of objects that may change over time but all conform to a specific naming convention. Example: Adding "MyApp*" to the include list will automatically obfuscate any object name that begins with 'MyApp'.

once you are satisfied with the include and exclude lists, press 'build new list' and your clusion file will be saved in the same directory as the source filename. you can now click obfuscate to create a protected file, or use the command line features described below.

Interactive obfuscation
when you select No to the question "No clusion file was found for this application, do you want to create one?", the 'OBJECT NAMES' box is used to control obfuscatation. If you see an object that you do not want obfuscated (an exported function, an imported function, a garbage object name, etc..) simply delete its line. if you do not remove unknown or illegal object names your obfuscated program will CRASH! once you are satisfied with the OBJECT NAMES list, press 'obfuscate' to create a protected file with the extension '-OB.exe'.

Can I automate the obfuscation process?
yes! and the command line interface is a snap to use.
the option -o %filename% will automatically (and quietly) obfuscate your source file, overwriting the original. Here is a simple test script for automated compilation and obfuscation:
(in a command or batch file)

rem compile exe with visual basic
"c:\Program Files\Microsoft Visual Studio\VB98\vb6.exe" /m c:\test\test.vbp
rem obfuscate exe using my obfuscator
"c:\temp\VBEXEObfuscator.exe" -o c:\test\test.exe


note that this first command line version does not support spaces within filename paths

What users have said about my Obfuscator
"Thanks Jory! VB obfuscator is exactly what we were looking for! Your simple, effective interface and ability to automate it in our builds will help protect our hard work. I wish you the best of luck with your work! I will make sure to share your tool on our 'Must Haves' Windows page."
- Christopher Williamson, Lead developer, DreamQuest Software, dq.com

"This app is absolutely great!"
- A leading developer of VB tools who requested his name remain anonymous

"Awesome work Jory, I've been dreaming of a tool like this since the days of VB4!"

"It certainly works"
- Cad Delworth C.Eng MBCS, Ibex Technology Ltd.

Legal Notice - PLEASE READ!
the VB EXE Obfuscator software available from the download link below has been virus tested and will only perform what is described above. VB EXE Obfuscator software was developed with good intentions for the benefit of the entire Visual Basic community. that said, please review this legal notice:

YOU USE THIS FREE APPLICATION AT YOUR OWN RISK
No liability is assumed for consequential, incidental, indirect or special damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information and the like), whether foreseeable or unforeseeable, arising out of the use of or inability to use the VB EXE Obfuscator software, regardless of the basis of the claim and even if the author has been advised of the possibility of such damage.

spiritst.narod.ru/VBEXEObfuscator.2005.15.build.340.rar

-----
iNTERNATiONAL CoDE CReW

| Сообщение посчитали полезным:

pavka пишет:
Забавный пакер MZ0oPE
Сдампил на OEP, восстановил импорт, все секции "уползли" на 1000 байтов вперед?! скорректировал в эдиторе OEP, осталось разобраться с секцией данных как х.з?
Как его распаковать правильно?? Вообще как хидер после него восстановить?

-----
Nulla aetas ad discendum sera

| Сообщение посчитали полезным:

Последнее время полным полно появилось куча разных крипторов по ходу из одних сырков типа AnslymPacker, AREA51 Cryptor 1.1, NME.01,unnamed Scrambler 1.1C,WindOfCrypt1.0
Minke 1.01,PI 2.2.0 Cryptor,PollyBox накидал небольшой скриптик по выдергиванию

d134_15.06.2007_CRACKLAB.rU.tgz - Generic Unwrap many Cryptors .rar

| Сообщение посчитали полезным:

unkOwn Crypter 1.0
Сам по себе такое же дерьмо как и все крипторы подобного плана! Но сам накрыт каким то самопалом
типа анпакми нормально! Перемешает таблицу инициализации делфи, спласинг импорт т.д
если особо не заморачиватся с эстетикой то делов на пять минут..
в архиве оригинал и распакованый
rapidshare.com/files/38651922/unkOwn_Crypter_1.0.rar

| Сообщение посчитали полезным:

pavka пишет:
в архиве оригинал и распакованый
распакованный при запуске вылетает с ошибкой.
unkOwn Crypter напоминает Unnamed Scrambler

-----
Nulla aetas ad discendum sera

| Сообщение посчитали полезным:

Flint пишет:
распакованный при запуске вылетает с ошибкой.
Неряшливо распаковал наскоряк! Сори ;) вот переделал проверил на двух осях работает нормально Похоже это PeLock только чет я не видел раньше что бы он таблицу перемещал ;)
rapidshare.com/files/38818044/unkOwn_Crypter_1.0.rar

| Сообщение посчитали полезным:

Naked Packer 1.0
китайский пакер ;) в архиве оригинал и типа русифицированый ;))) и скрипт для распаковки!
rapidshare.com/files/38886371/Nakedpack.rar

| Сообщение посчитали полезным:

pavka вы антивирус включаете?
На Naked Packer 1.0 DrWeb ругается "Trojan.DownLoader.6315"

-----
Nulla aetas ad discendum sera

| Сообщение посчитали полезным:

Flint пишет:
На Naked Packer 1.0 DrWeb ругается "Trojan.DownLoader.6315"
Они много на что ругаются ;) А на то что нужно не ругаются Хотя бы пример с антидотом!

| Сообщение посчитали полезным:

вот тут есть что посмотреть
www.xclan.ru/printthread.php?s=73f75e6a7a00246820cca86f4613047f&t=264

-----
Nulla aetas ad discendum sera

| Сообщение посчитали полезным:

Flint
Подобня фигня происходит чаще всего из-за ботов, которые обрабатывают всякий хлам, сыпящийся в АВ компании. Я буду очень удивлён если когда-нибудь нормальный софт будет запакован чем-то подобным => от подобных лажняков только польза, имхо конечно, правда не только моё (:

-----
Crack your mind, save the planet

| Сообщение посчитали полезным:

rapidshare.com/files/39231044/12311134.rar
Китайский пакер

| Сообщение посчитали полезным:

Я там в скрипте для молебоха накосячил чуток спроверкой версии вот исправленый вариант!

c083_25.06.2007_CRACKLAB.rU.tgz - MoleBox Unpacker.rar

| Сообщение посчитали полезным:

Можно так сказать музей пакеров/протекторов:
www.exetools.com/protectors.htm
www.exetools.com/compressors.htm

-----
Don_t hate the cracker - hate the code.

| Сообщение посчитали полезным:

mysterio
Извини, но я считаю, что это не интересно...по моему с экзетулза все начинали...
Лично я тоже начинал забивать свой комп пакерами, етц. именно с него...

-----
iNTERNATiONAL CoDE CReW

| Сообщение посчитали полезным:

Spirit пишет:
начинал забивать свой комп пакерами
Ну с UPX мне понятно, - "старый конь борозды не портит".
А с остальными что делать?

-----
Чтобы юзер в нэте не делал,его всё равно жалко..

| Сообщение посчитали полезным:

fEaRz Crypter v1.0
ifolder.ru/1868997658

-----
Nulla aetas ad discendum sera

| Сообщение посчитали полезным:

Flint
А можно на рапиду, а то 0,4 кб/с ...
[EDITED]
Я уже нашел
www.unpack.cn/attachment.php?aid=9205
[/EDITED]

-----
iNTERNATiONAL CoDE CReW

| Сообщение посчитали полезным:

Pestil v1.0
Stub : 6 kb ( 4kb packed )
If you get errors while protecting,run program in safe mode(there is an option on agreement page)


What can i do with this program?
--------------------------------
[+]You can make any virus/trojan undedected.(scantime and runtime)
[+]You can prevent your programs.
[+]You can compress your programs.
[+]You can use it to change programs's icons.

Usage :
-------
[1]Drag and drop the file that you want to protect or press 'Select File' button and chose it.
[2]Choose your options(icon,version info,algorith) and protect it.
[3]Your crypted file is ready,now you can use it..

Properties :
------------
[+]Pestil uses XOR encryption and 3 different compression algoritm.
[+]Small stub.
[+]Pestil preserve EOF data automatically.So you can also crypt Flux,Bifrost,Poison Ivy,etc.. servers.
[+]Tested on Vista.



rapidshare.com/files/40811084/osC__CoDeR_-_Pestil.rar

-----
iNTERNATiONAL CoDE CReW

| Сообщение посчитали полезным: