home *** CD-ROM | disk | FTP | other *** search
/ Cracking 2 / Cracking II..iso / Tools / ProcDump 1.6.2 / SCRIPT.INI < prev    next >
Encoding:
INI File  |  2000-01-17  |  8.2 KB  |  561 lines
  1. ;────────────────────────────────────────────────────────────────────────────
  2. ; ProcDump Specifics Packers/Protectors Definitions.
  3. ;
  4. ; (C) G-RoM iN 1998, 1999, 2000
  5. ;────────────────────────────────────────────────────────────────────────────
  6. ; Implemented :
  7. ;
  8. ; ADD  : ADD a value to temporary address
  9. ; BP   : Set a Breakpoint at temporary address.
  10. ; BPX  : Set a Breakpoint at given address.
  11. ; BPREG: Set a Breakpoint with register value [EAX/EBX/EDX/ECX/EDI/ESI].
  12. ; BPF  : Break until flag is set/unset.
  13. ; BPC  : Break until Counter is reached.
  14. ; BPV  : Break until Register [EAX/EBX/EDX/ECX/EDI/ESI] is equal.
  15. ; DEC  : DEC a value to temporary address
  16. ; EIP  : Use next EIP as Original EntryPoint.
  17. ; JMP  : Jmp to script line.
  18. ; JZ   : Jmp if last search was successfull.
  19. ; JN   : Jmp if last search saw unsuccessfull.
  20. ; HELP : Launch external file with PARAMS.
  21. ; OBJR : Set Object search start with current EIP.
  22. ; LOOK : Scan a signature. Address found is stored temporary.
  23. ; MOVE : Set eip to eip + param. Be carefull with it !!
  24. ; POS  : Set Local Address Value.
  25. ; QUIT : Abort Script Interpretation.
  26. ; REPL : Replace at temporary address by string.
  27. ; STEP : Single step mode (end of batch).
  28. ; WALK : Execute the next instruction.
  29. ;────────────────────────────────────────────────────────────────────────────
  30. ; All parameters will be interpreted As hexadecimal values.
  31. ; For parameters Don't use prefix, postfix like 0x or h. They will cause to
  32. ; stop parameters interpretation.
  33. ;────────────────────────────────────────────────────────────────────────────
  34. [OPTIONS]
  35. CAPTION=ProcDump32 (C) 1998, 1999, 2000 G-RoM, Lorian & Stone
  36. BHRAMA=ProcDump32 - Dumper Server
  37. OPTL1=00000000
  38. OPTL2=01000101
  39. OPTL3=01010001
  40. OPTL4=00010000
  41. OPTL5=00000000
  42.  
  43. [INDEX]
  44. P1=Hasiuk/NeoLite
  45. P2=PESHiELD
  46. P3=Standard
  47. P4=Shrinker 3.x
  48. P5=Wwpack32
  49. P6=Manolo
  50. P7=Petite<1.3
  51. P8=Vbox Dialog
  52. P9=Vbox Std
  53. PA=Shrinker 3.2
  54. PB=PEPack
  55. PC=UPX
  56. PD=Aspack<108
  57. PE=SoftSentry
  58. PF=CodeSafe 3.X
  59. P10=Aspack108
  60. P11=Neolite2
  61. P12=Aspack108.2
  62. P13=Petite 2.0
  63. P14=Sentinel
  64. P15=PKLiTE
  65. P16=PCShrink
  66. P17=PCGUARD v2.10
  67. P18=Aspack108.3
  68. P19=PE Compact
  69. P1A=PCShrink II
  70. P1B=VGCrypt 0.75
  71. P1C=Aspack108.4
  72. P1D=Aspack2000
  73.  
  74. [Aspack2000]
  75. L1=OBJR
  76. L2=LOOK 68,?,?,?,?,C3
  77. L3=JZ 5
  78. L4=QUIT
  79. L5=BP
  80. L6=STEP
  81. OPTL1=00000000
  82. OPTL2=01010001
  83. OPTL3=01010001
  84. OPTL4=00030000
  85. OPTL5=00000000
  86.  
  87. [Aspack108.4]
  88. L1=OBJR
  89. L2=LOOK ?,C3
  90. L3=JZ 5
  91. L4=QUIT
  92. L5=BP
  93. L6=OBJR
  94. L7=LOOK 5B,0B,DB
  95. L8=BP
  96. L9=OBJR
  97. LA=LOOK C3
  98. LB=BP
  99. LC=STEP
  100. OPTL1=00000000
  101. OPTL2=01010001
  102. OPTL3=01010001
  103. OPTL4=00030000
  104. OPTL5=00000000
  105.  
  106. [Aspack108.3]
  107. L1=OBJR
  108. L2=LOOK 6A,00,50
  109. L3=JZ 5
  110. L4=QUIT
  111. L5=BP
  112. L6=OBJR
  113. L7=LOOK 50,C3
  114. L8=ADD 1
  115. L9=BP
  116. LA=WALK
  117. LB=OBJR
  118. LC=LOOK 50,C3
  119. LD=ADD 1
  120. LE=BP
  121. LF=STEP
  122. OPTL1=00000000
  123. OPTL2=01000001
  124. OPTL3=01010001
  125. OPTL4=00030000
  126. OPTL5=00000000
  127.  
  128. [VGCrypt 0.75]
  129. L1=LOOK E9,E4,00,00,00
  130. L2=JZ 4
  131. L3=QUIT
  132. L4=BP
  133. L5=LOOK E8,4B,FF,FF,FF
  134. L6=BP
  135. L7=LOOK 00,FF,E3
  136. L8=ADD 1
  137. L9=BP
  138. LA=STEP
  139. OPTL1=00000000
  140. OPTL2=01010001
  141. OPTL3=01010001
  142. OPTL4=00010000
  143. OPTL5=00000000
  144.  
  145. [PE Compact]
  146. L1=LOOK 5A,FF,E2
  147. L2=JZ 4
  148. L3=QUIT
  149. L4=ADD 1
  150. L5=BP
  151. L6=WALK
  152. L7=OBJR
  153. L8=LOOK 5F,F3,A4,E9
  154. L9=ADD 3
  155. LA=BP
  156. LB=WALK
  157. LC=LOOK 61,9D,68
  158. LD=BP
  159. LE=STEP
  160. OPTL1=00000000
  161. OPTL2=01010001
  162. OPTL3=01010001
  163. OPTL4=00030000
  164. OPTL5=00000000
  165.  
  166. [PCShrink II]
  167. L1=LOOK 5F,FF,E7
  168. L2=JZ 4
  169. L3=QUIT
  170. L4=ADD 1
  171. L5=BP
  172. L6=WALK
  173. L7=OBJR
  174. L8=LOOK 5F,F3,A4,E9
  175. L9=ADD 3
  176. LA=BP
  177. LB=WALK
  178. LC=LOOK 61,9D,BA
  179. LD=BP
  180. LE=STEP
  181. OPTL1=00000000
  182. OPTL2=01010001
  183. OPTL3=01010001
  184. OPTL4=00030000
  185. OPTL5=00000000
  186.  
  187. [Shrinker 3.x]
  188. L1=LOOK 8D,4D,E4,51,6A,02,FF,35
  189. L2=JN 5
  190. L3=ADD 14
  191. L4=REPL 90,90
  192. L5=LOOK FF,75,10,FF,75,0C,FF,75,08,FF,55
  193. L6=JZ 8
  194. L7=QUIT
  195. L8=BP
  196. L9=STEP
  197. OPTL1=00000000
  198. OPTL2=01010001
  199. OPTL3=01010001
  200. OPTL4=00020000
  201. OPTL5=00000000
  202.  
  203.  
  204. [PCGUARD v2.10]
  205. ; Layer1
  206. L1=LOOK 86,07,47,C3
  207. L2=BP
  208. L3=WALK
  209. L4=LOOK 86,07,47,C3
  210. L5=BP
  211. L6=WALK
  212. L7=OBJR
  213. L8=LOOK FC,8D
  214. L9=BP
  215. ; Layer2
  216. LA=LOOK 86,07,47,C3
  217. LB=BP
  218. LC=WALK
  219. LD=LOOK 86,07,47,C3
  220. LE=BP
  221. LF=WALK
  222. L10=OBJR
  223. L11=LOOK FC,8D
  224. L12=BP
  225. ; Layer3
  226. L13=LOOK 86,07,EB,01
  227. L14=BP
  228. L15=WALK
  229. L16=LOOK 86,07,EB,01
  230. L17=BP
  231. L18=WALK
  232. L19=OBJR
  233. L1A=LOOK FC,8D
  234. L1B=BP
  235. ; Layer4
  236. L1C=LOOK 86,07,EB,01
  237. L1D=BP
  238. L1E=WALK
  239. L1F=LOOK 86,07,EB,01
  240. L20=BP
  241. L21=WALK
  242. L22=OBJR
  243. L23=LOOK FC,8D
  244. L24=BP
  245. ; Layer5
  246. L25=LOOK 86,07,EB,01
  247. L26=BP
  248. L27=WALK
  249. L28=LOOK 86,07,EB,01
  250. L29=BP
  251. L2A=WALK
  252. L2B=OBJR
  253. L2C=LOOK FC,60
  254. L2D=BP
  255. ; GET RID OF DEBUG API CHECK
  256. L2E=LOOK 0F,84,07,01,00,00
  257. L2F=REPL 90,E9
  258. ; FIND CLEARUP
  259. L30=LOOK F3,AA,8B,85
  260. L31=ADD 2
  261. L32=BP
  262. L33=OBJR
  263. ; FIND JUMP BACK
  264. L34=LOOK 61,C3
  265. L35=BP
  266. L36=STEP
  267. OPTL1=00000000
  268. OPTL2=01010001
  269. OPTL3=01010001
  270. OPTL4=00020000
  271. OPTL5=00000000
  272.  
  273. [PCShrink]
  274. L1=LOOK FF,E2
  275. L2=BP
  276. L3=STEP
  277. OPTL1=00000000
  278. OPTL2=01000101
  279. OPTL3=01010001
  280. OPTL4=00030000
  281. OPTL5=00000000
  282.  
  283. [PKLiTE]
  284. L1=LOOK 68,00,00,00,00,E8
  285. L2=ADD 0A
  286. L3=BP
  287. L4=STEP
  288. OPTL1=00000000
  289. OPTL2=01010001
  290. OPTL3=01010001
  291. OPTL4=00010000
  292. OPTL5=00000000
  293.  
  294. [Sentinel]
  295. L1=LOOK 8B,44,24,1C,8B,4C,24,18,8B,54,24,14,50,51,52
  296. L2=BP
  297. L3=WALK
  298. L4=WALK
  299. L5=WALK
  300. L6=WALK
  301. L7=STEP
  302. OPTL1=00000000
  303. OPTL2=01010001
  304. OPTL3=01010001
  305. OPTL4=00030000
  306. OPTL5=00000000
  307.  
  308. [Petite 2.0]
  309. L1=OBJR
  310. L2=LOOK 83,3A,00,0F,84
  311. L3=ADD 3
  312. L4=BPF z
  313. L5=WALK
  314. L6=WALK
  315. L7=WALK
  316. L8=OBJR
  317. L9=LOOK 83,3E,00,0F,84
  318. LA=ADD 3
  319. LB=BPF Z
  320. LC=LOOK F3,AA,FD,33,C0,B9
  321. LD=BP
  322. LE=OBJR
  323. LF=STEP
  324. OPTL1=00000000
  325. OPTL2=01010001
  326. OPTL3=01010001
  327. OPTL4=00030000
  328. OPTL5=00000000
  329.  
  330. [Aspack108.2]
  331. L1=OBJR
  332. L2=LOOK E9
  333. L3=BP
  334. L4=WALK
  335. L5=OBJR
  336. L6=LOOK E8,8A,02,00,00,E8
  337. L7=BP
  338. L8=MOVE 0F
  339. L9=STEP
  340. OPTL1=00000000
  341. OPTL2=01010001
  342. OPTL3=01010001
  343. OPTL4=00030000
  344. OPTL5=00000000
  345.  
  346. [Aspack108]
  347. L1=OBJR
  348. L2=LOOK E9
  349. L3=BP
  350. L4=WALK
  351. L5=OBJR
  352. L6=LOOK AC,AA,58
  353. L7=BP
  354. L8=STEP
  355. OPTL1=00000000
  356. OPTL2=01010001
  357. OPTL3=01010001
  358. OPTL4=00030000
  359. OPTL5=00000000
  360.  
  361. [Neolite2]
  362. L1=OBJR
  363. L2=LOOK FF,E0,80,3D
  364. L3=BP
  365. L4=STEP
  366. OPTL1=00000000
  367. OPTL2=01010001
  368. OPTL3=01010001
  369. OPTL4=00030000
  370. OPTL5=00000000
  371.  
  372. [CodeSafe 3.X]
  373. L1=LOOK 89,04,8A
  374. L2=ADD 5
  375. L3=BP
  376. L4=LOOK FF,E1,C3
  377. L5=BP
  378. L6=STEP
  379. OPTL1=00000000
  380. OPTL2=01010001
  381. OPTL3=01010001
  382. OPTL4=00010000
  383. OPTL5=00000000
  384.  
  385. [SoftSentry]
  386. L1=LOOK FF,D7,6A,00,68
  387. L2=BP
  388. L3=STEP
  389. OPTL1=00000000
  390. OPTL2=01010001
  391. OPTL3=01010001
  392. OPTL4=00020000
  393. OPTL5=00000000
  394.  
  395. [Aspack<108]
  396. L1=OBJR
  397. L2=LOOK 75,00,E9
  398. L3=BP
  399. L4=WALK
  400. L5=WALK
  401. L6=OBJR
  402. L7=LOOK 61,FF,E0
  403. L8=ADD 1
  404. L9=BP
  405. LA=STEP
  406. OPTL1=00000000
  407. OPTL2=01010001
  408. OPTL3=01010001
  409. OPTL4=00030000
  410. OPTL5=00000000
  411.  
  412. [UPX]
  413. L1=OBJR
  414. L2=LOOK 61,E9
  415. L3=BP
  416. L4=STEP
  417. OPTL1=00000000
  418. OPTL2=01010001
  419. OPTL3=01010001
  420. OPTL4=00030000
  421. OPTL5=00000000
  422.  
  423. [Petite<1.3]
  424. L1=LOOK 5E,5B,C9,C3,E8
  425. L2=JN 7
  426. L2=ADD 4
  427. L3=BP
  428. L4=WALK
  429. L5=OBJR
  430. L6=LOOK 61,66,9D
  431. L7=JZ 9
  432. L8=QUIT
  433. L9=BP
  434. LA=STEP
  435. OPTL1=00000000
  436. OPTL2=01000001
  437. OPTL3=01010001
  438. OPTL4=00030000
  439. OPTL5=00000000
  440.  
  441. [PEPack]
  442. L1=LOOK 61,FF,E0
  443. L2=BP
  444. L3=STEP
  445. OPTL1=00000000
  446. OPTL2=01000001
  447. OPTL3=01010001
  448. OPTL4=00030000
  449. OPTL5=00000000
  450.  
  451. [Hasiuk/NeoLite]
  452. L1=LOOK 50,FF,25
  453. L2=BP
  454. L3=BPR EAX
  455. L4=EIP
  456. L5=STEP
  457. OPTL1=00000000
  458. OPTL2=01000001
  459. OPTL3=01010001
  460. OPTL4=00010100
  461. OPTL5=00000000
  462.  
  463. [Manolo]
  464. L1=BPX 181
  465. L2=STEP
  466. OPTL1=00000000
  467. OPTL2=01000001
  468. OPTL3=01000001
  469. OPTL4=00010000
  470. OPTL5=00000000
  471.  
  472. [PESHiELD]
  473. L1=LOOK 0F,85
  474. L2=BPF Z
  475. L3=LOOK FF,E0,00
  476. L4=BP
  477. L5=STEP
  478. OPTL1=00000000
  479. OPTL2=01000001
  480. OPTL3=01000001
  481. OPTL4=00010000
  482. OPTL5=00000000
  483.  
  484. [PESHiELD Secure]
  485. L1=LOOK 0F,85
  486. L2=BPF Z
  487. L3=LOOK CB,8D,B5
  488. L4=ADD 1
  489. L5=BP
  490. L6=STEP
  491. OPTL1=00000000
  492. OPTL2=01000001
  493. OPTL3=01000001
  494. OPTL4=00010000
  495. OPTL5=00000000
  496.  
  497. [Wwpack32]
  498. L1=LOOK 3E,32,65,00,45,E2,F9
  499. L2=JN B
  500. L3=ADD 7
  501. L4=BP
  502. L5=DEC 7
  503. L6=REPL 80,F4,CC,80,F4,66,90
  504. L7=MOVE FFFFFFF9
  505. L8=LOOK E2,F9,EB
  506. L9=ADD 2
  507. LA=BP
  508. LA=LOOK 5D,5B,E9
  509. LB=JZ D
  510. LC=QUIT
  511. LD=BP
  512. LE=STEP
  513. OPTL1=00000000
  514. OPTL2=01000001
  515. OPTL3=01010001
  516. OPTL4=00010000
  517. OPTL5=00000000
  518.  
  519. [Standard]
  520. L1=LOOK FF,E0
  521. L2=BP
  522. L3=STEP
  523. OPTL1=00000000
  524. OPTL2=01000001
  525. OPTL3=01010001
  526. OPTL4=00010000
  527. OPTL5=00000000
  528.  
  529. [VBOX Std]
  530. L1=LOOK FF,D0
  531. L2=BP
  532. L3=STEP
  533. OPTL1=00000000
  534. OPTL2=01010001
  535. OPTL3=01010001
  536. OPTL4=00030000
  537. OPTL5=00000000
  538.  
  539. [VBOX Dialog]
  540. L1=LOOK FF,D0
  541. L2=BP
  542. L3=BPR EAX
  543. L4=OBJR
  544. L5=LOOK FF,D0
  545. L6=BP
  546. L7=STEP
  547. OPTL1=00000000
  548. OPTL2=01010001
  549. OPTL3=01010001
  550. OPTL4=00030000
  551. OPTL5=00000000
  552.  
  553. [Shrinker 3.2]
  554. L1=BPX 2672
  555. L2=STEP
  556. OPTL1=00000000
  557. OPTL2=01010001
  558. OPTL3=01010001
  559. OPTL4=00020000
  560. OPTL5=00000000
  561.