Thread: Protection ID info thread - v6.4.0 (build 08.07.2010)
View Single Post
  #4  
Old 27-03-2009, 07:55
cdkiller cdkiller is offline
Registered User
  
Join Date: Oct 2002
Posts: 1,899
Thanks: 0
Thanked 5 Times in 1 Post
cdkiller is on a distinguished road
v6.2.2

core additions / changes

- new: incorporated PEiD / PE Tools database usage
-> additionally displays the protection found via the userdatabases
-> peid database is expected to be in the same folder as protection id
and should be called peid_database.txt
-> petools database is expected to be in the same folder as protection id and should be called petools_signs.txt

- enable/disable: go to Configuration -> Allowed Scanning Types -> peid / petools (3rd party scan)
- once enabled you can browse the signature files when
clicking the 'Extensions' tab (second icon from the bottom right)
- note: in cases of multiple hits, the highest probability is automatically figured out and reported

- new: work on compiler detection began
-> The compiler detection simply reports what compiler was used to make
the executable, It can also sometimes report the programming language
the executable was made with.

current detections: dotnet, visual basic & visual basic.net, some visual c/c++, borland c++, delphi

enable/disable: Configuration -> Allowed Scanning Types -> Enable Compiler Detection Scan


- new: tooltip preview (configurable option in the settings - under the gui portion)
- new: added in drive type reporting in the misc tools section
- new: added in option in configuration to dedicate 1 cpu to scanning core (if multiple cpu's are found on the system)
- new: added in little pause/resume button in the main dialog (green circle when you load pid)
- new: added in activity reporting on hdd reads, pid is so quick though, you may not notice it, but on large files, its useful because its an indicator pid is doing something


- update: turned on scan inside microsoft cab files as default
- update: added more informative comments into pe stuff
- update: file queue now reports the amount of files it has processed
- update: updated detection routine to report dll compiled in native mode
- update: folderwatch cleanup now works and reporting is handled correctly
- update: updated version info core to handle 'strange' exes with fucked version info, or version information that version.dll does not 'see'
- update: fixed some imports so that pid now loads on windows nt 4.0 (and probably 3.x) without the system throwing an import missing error and exiting the process
- update: services now disables itself if the os is 9x/me (9x/me doesnt have 'services') shares also disables itself if the os is 9x/me (api not present in these os'es)
- update: gui -> cd/dvd tools and the folderwatch buttons are now automatically disabled if the operating system is windows 9x/me (ie: less than windows 2000)
- update: folder location shell32 output now made 9x/me compliant(old comctl32.dll listview issue)
- update: added in minimize to systray if its set in the configuration. if set, pid will minimize itself when its loaded for the first time
- update: added in another handler for smbios, its quicker, but only available in vista or higher
- update: windows product key updated code, now should be good for all windows versions except nt 4.0
- update: windows product key is now also reported for 9x/me
- update: updated code so that windows 95, windows nt 3.x and nt 4.x do NOT have ownerdrawn menus (95 couldn't handle them properly anyway, and nt 3/4 had issues too)
- update: added battery reporting into misc tool window
- update: dep reporting done in misc tools information section
- update: fixed icons in 9x looking too big (now pid looks the same in 98, me, 2k, xp, vista)
- update: pause / resume is now properly functional
- update: added in pause checking into the cab file handler
- update: progress bar resets once scan is complete
- update: added in animated rect for sizing (work in progress)
- update: added tooltip to sizer window

- bugfix: fixed 9x/me crash (bsod) issue in petools stuff
- bugfix: fixed crash issue when viewing reloc information on some x64 files
- bugfix: silent exit / crash issue fixed in win2000 server
- bugfix: fixed position saving bug (reported by Blazkowicz)
- bugfix: fixed os detecton (win nt was detected as 2000)
- bugfix: fixed the strange drag -> drop, file added to queue but scanning not started bug
- bugfix: fix for buffer overrun error when saving a protection log containing lots and lots of files
- bugfix: folderwatch - fixed crash when trying to add more than 2 folders
- bugfix: dirty buffer used in folderwatch reporting code
- bugfix: 9x sizing issue fixed
- bugfix: fixed some problems with windows 95 original (before 95a, 95b and 95c...) where the versioninfoex struct is expected to be a different size, this resulted in a failure in detecting the operating system
- bugfix: various other tweaks & fixes...


detection additions / changes

- new: check_protectdisc.asm - added ProtectDisc v9.5.0 detection & detection of ProtectDisc drivers
- new: check_byteshield.asm - added ByteShield Software Activation Client detection
- new: check_safedisc.asm - now also detects Safedisc 1 icd file as being protected &secdrv.sys
- new: check_tages.asm - code updated to detect Tages protection drivers
- new: check_armadillo.asm - added Armadillo v6.24 (or newer) detection
- new: check_pcguard.asm - added PC Guard v5.03 detection
- new: check_themida.asm - added detection for Themida / Winlicense with Hide PE Scanner Option
- new: check_asprotect.asm - added exact detection of ASProtect v2.3 Build 05.14 & ASProtect v1.40 Build 11.20
- new: check_privateexe.asm - added Private EXE Protector v3.0 (or newer) detection
- new: check_stardock.asm - added Stardock Product Activation Module detection
- new: check_reflexivearcade.asm - added ReflexiveArcade Wrapper - Build 171 and newer detection
- new: check_realarcade_drm.asm - added in RealArcade DRM Module detection
- new: check_popcapdrm.asm - added PopCap DRM Protect detection
- new: check_elefunwrapper.asm - added Elefun Trial Game Wrapper detection
- new: check_playfirst.asm - added PlayFirst DRM Module detection
- new: check_oberonmediatime.asm - added detection for Oberon Media Time Protection Module
- new: check_wildtangent.asm - added detection of the Wild Tangent Wrapper v2.1.2.26 (or newer)
- new: check_dotnetreactor.asm - added .Net Reactor v3.x Library mode (+ Necrobit) detection
- new: check_macrobjectnet.asm - added Macrobject Obfuscator.NET 2008 detection
- new: check_noobyprotect.asm - added NoobyProtect v1.0.x.x and v1.1.x.x - v1.4.x.x.
- new: check_spicesnet.asm - added Spices.Net Obfuscator detection
- new: check_pegasyscustom.asm - added PEGASYS Custom Layer detection
- new: check_serialshield.asm - added Ionworx SerialShield Core.dll & itīs version detection
- new: check_dotnetguard.asm - added detection of the DotNet Guard HVM Runtime Library Module
- new: check_eakey.asm - added in EA Key Module detection
- new: check_sevlock.asm - added sevLock detection

- new: check_asscrypter.asm - added ass - crypter detection
- new: check_billarcrypter.asm - added Billar Crypter v2.0 detection
- new: check_bitfrostcrypter.asm - added Bifrost Crypter v1 detection
- new: check_cigicigi.asm - added Cigicigi File Crypter v1.0 detection
- new: check_cryptdmarnar.asm - added Crypt Dmar Nar v0.5 detection
- new: check_darkavengard.asm - added DarkAvengard Crypter detection
- new: check_dexcrypt.asm - added DeX-Crypt v2.0 detection
- new: check_dirtycrypt0r.asm - added DirTy CrYpt0r detection
- new: check_dhcripter.asm - added DH Cripter v0.1 detection
- new: check_etcv.asm - added ETCV v1.0 detection
- new: check_fishpacker.asm - added FishPacker v1.03 & v1.04 detection
- new: check_flashbackscrambler.asm - added Flashback Scrambler v1.3.x detection (all 3 modes :-))
- new: check_idapplicationprotector.asm - added ID Application Protector v1.2 detection
- new: check_freecryptor.asm - added FreeCryptor v0.3b Build 3 detection
- new: check_gentlemancrypter.asm - added Gentlemen Crypter v1 detection
- new: check_gkripto.asm - added GKripto v1.0 detection
- new: check_haccrewcrypter.asm - added Hac-Crew Crypter detection
- new: check_hipacryp.asm - added HipACryp v0.0.1 detection
- new: check_icrypt.asm - added ICrypt v1.0 detection
- new: check_keycrypter.asm - added KeyCrypter detection
- new: check_lordcrypter.asm - added L0rD Crypter v1.0 detection
- new: check_maskpe.asm - added MaskPE v2.0 detection
- new: check_ncode.asm - added N-Code v0.2 detection
- new: check_nidhogg.asm - added Nidhogg v1.0 Final, v1.1 Beta 1 and [unknown version] detection
- new: check_novacipher.asm - added NovaCipher 1.0 Beta detection
- new: check_npack.asm - added nPack v2.0.100.2008 detection
- new: check_pfecx.asm - added PFE CX v0.1 detection
- new: check_poherna.asm - added Pohernah v1.02, v1.03 & v1.07 detection
- new: check_pokescrambler.asm - p0ke Scrambler v1.2 detection added
- new: check_rdgtejoncrypter.asm - added RDG Tejon Crypter v0.6, v0.7 & v0.8 detection
- new: check_rewolfdllpackager.asm - added ReWolf DLLPackager v1.0 detection
- new: check_roguepack.asm - added RoguePack v4.1 detection
- new: check_scancryptic.asm - added ScanCryptic v2.0 detection
- new: check_securepe.asm - added SecurePE v1.6 detection
- new: check_supercrypt.asm - added Super Crypt v1.0 detection
- new: check_tgrcrypter.asm - added TGR Crypter v1.0 detection
- new: check_vegancrypter.asm - added Vegan-Crypter v0.7 detection
- new: check_yokohcrypter.asm - added Yokoh Crypter v1.3 detection

- new: license_adobelm.asm - Adobe Systems License Manager Module detection added
- new: license_deploylx.asm - added DeployLX Licensing for DotNet detection
- new: license_esellerate.asm - added eSellerate Activation System Core Module detection
- new: license_infralution.asm - Infralution Licensing System for DotNET detection added
- new: license_isquicklicense.asm - added Interactive Studios Quick License Manager detection
- new: license_mirage.asm - added detection for Mirage License Protector
- new: license_sentinelrms.asm - added SafeNet Sentinel RMS Core.dll detection
- new: license_xheolicensing.asm - added Xheo Licensing Module for DotNet detection

- new: dongle_biteboard.asm - added Bite-Board USB Dongle detection
- new: dongle_copylock.asm - added CopyLock Dongle detection
- new: dongle_marx.asm - MARX Crypto-BOX Dongle detection added
- new: dongle_rockey.asm - added Rockey2 / Rockey4 Dongle detection
- new: dongle_sentinel.asm - added detection of the NetSentinel Win32 Client DLL
- new: dongle_sentry.asm - added Sentry Hardware Lock detection
- new: dongle_wizzkey.asm - added Wizzkey Dongle detection

- new: installer_digital_river_downloader.asm - Digital River Download Manager detection
- new: installer_gpinstall.asm - added GP-Install Module detection
- new: installer_lymesfx.asm - added Lyme SFX Extractor Module detection
- new: installer_install_anywhere.asm - added InstallAnywhere detection
- new: installer_installshield.asm - added InstallShield v15 detection & Installshield PackageForTheWeb Installers
- new: installer_lindersoftsetup.asm - added Lindersoft Setup Builder Module detection
- new: installer_omnisetup.asm - added Omni Setup Module detection
- new: installer_popcap.asm - added PopCap Installer detection
- new: installer_realarcade_downloader.asm - added RealArcade Download Manager detection
- new: installer_reflexive_arcade.asm - added Reflexive Arcade Install Wrapper detection
- new: installer_smart_install_maker.asm - added Smart InstallMaker detection
- new: installer_visual_patch.asm - added detection for Visual Patch Installer

- improved: check_starforce.asm
- updated to handle those strange starforce 5.60 exe's that
didn't have version information
- updated to handle Gothic 3 Forsaken Gods (russian)
- improved: check_securom.asm - code updated to detect the drm dyn data module
- improved: check_protectdisc.asm - added one more older version (v7.7.0)
- improved: check_codelok.asm - scanning speed optimizations
- improved: check_sysiphus.asm - optimized detection & scanning speed
- improved: check_solidshield.asm - update for those strange exe's and dll's with no version information
- improved: check_themida.asm - better version detection (v1.8.2.0 - v1.9.5.0, v1.9.7.0 - v1.9.9.0, v2.0.0.0 - v2.0.2.0, v2.0.3.0 - v2.0.4.0, v2.0.5.0 (or newer))
- improved: check_acprotect.asm - faster scanning results
- improved: check_armadillo.asm - armadillo detection code updated
- improved: check_asprotect.asm - rewritten for better version detection
- improved: check_xenocode.asm - tweaked detection
- improved: check_thinstall.asm - updated with another detection method for v3.207
- improved: check_upx.asm - fixed UPX detection code so it detects upx'ed dlls too
- improved: check_xprotector.asm - added in another check (this also fixed a possible wrong detection of Themida / WinLicense protected DotNet executables)
- improved: check_vmprotect.asm - made more generic, adjusted version info output
- improved: check_andpakk2.asm - rewritten, additionally we exactly detect the 2 versions (v0.06 & v0.18) now
- improved: check_anslympacker.asm - rewritten
- improved: check_cicompress.asm - tweaked & optimised
- improved: check_exestealth.asm - added in one more generic check
- improved: check_mew10.asm - tweaked mew 10 detection
- improved: check_pebundle.asm - updated, now detects on an exe wich didnīt before
- improved: check_rdgtejoncrypter.asm - added in a more generic detection method
- improved: check_telock.asm - tweaked TeLock v0.96 detection

- improved: license_elicense.asm - completely rewritten (better v3.2 & v4.0 detection)
- improved: license_flexlm.asm - optimized detection & scanning speed
- improved: license_flexnet.asm - optimized detection & scanning speed
- improved: license_haspsl.asm - added another check for HASP SL
- improved: license_interlok.asm - added in one more generic check
- improved: license_salesagent.asm - optimized detection & scanning speed
- improved: license_sentinellm.asm - optimized
- improved: generic speed improvements in almost all license scans

- improved: dongle_keylok2.asm - updated KeyLok2 Dongle detection for better detection
- improved: generic speed improvements in all dongle scans

- improved: installer_7zip.asm - code updated, now detects an exe it never 'saw' before
- improved: installer_installaware.asm - updated to detect a custom version wich was un-detected before
- improved: installer_installshield.asm - installshield detection is now more generic and improved
- improved: installer_mscabsfx.asm - microsoft cab sfx format detection is now made better
- improved: installer_nullsoft.asm - updated to handle nullsoft sfx exe's with the data in the resource section
- improved: installer_rarsfx.asm - WinRAR SFX detection updated
- improved: installer_zylomgames.asm - detection of another variant of Zylom Games Setup

- bugfix: fixed bug in Cactus Data Shield file scan (discovered by Blazkowicz on acrobat.dll)
- bugfix: check_obsidium.asm - bugfix in obsidium detection code
- bugfix: check_polyene.asm - fixed possible crashbug
- bugfix: installer_redshift.asm - fixed potential bug

Quote:
still #1 again
currently detecting 430 different (!) 32/64bit exe protectors/packers/crypters, dongles, licenses, installers...
__________________
http://pid.gamecopyworld.com

home of Protection ID the ultimate Protection Scanner.
Last edited by cdkiller; 27-03-2009 at 08:00.
Reply With Quote