CiN1 TeAm - Cracking Is Number 1  

☆ We are the champions AFF Suzuki Cup 2018 ☆

Go Back   CiN1 TeAm - Cracking Is Number 1 >
~~ Learning Cracking ~~
> Cracking Tools

Nội qui diễn đàn - Forum Rules Must Read

Search kỹ trước khi post bài

Thread Tools Display Modes
Old 29-12-2009, 11:47 PM   #1
User Profile
>>> CiN1-TeAm <<<

phongvucba's Avatar
Join Date: Fri May 2009
Location: Từ liêm,hà nôị
Posts: 703

Cấp bậc: 24 [cin1teamcin1teamcin1teamcin1teamcin1teamcin1team]
Sức sống: 0 / 576
Hoạt động: 234 / 16244
Kinh nghiệm: 7%

Địa chỉ: Từ liêm,hà nôị

Thanks: 2,892
Thanked 2,751 Times in 855 Posts
Icon5 Protection ID v667 [ All Versions ]

Những cải tiến mới của bản này :

- detection of every major PC ISO Game / Application protection
- currently covers 475 detections, including win32/64 exe protectors & packers, .net protectors, dongles, licenses & installers
- sector scanning CDs / DVDs for Copy Protections
- files / folders can simply be drag & droped into pid
- strong scanning routines allowing it to detect multiple protections
- easy scanning via shell context menu
- usefully misc tools included
- coded 100% in Win32 assembly language
- fully 32bit & 64bit compliant
- working from Win9x to Windows 7

hello folks!

We are proud to present you the next and most up2date version of protection id.
it was about time to bring this to the public, as the last version was released back in march.

During development of this version we ported it over to MASM v10,
using the latest compiler & linker available at the moment.

This version of pid features highly optimized scanning routines, resulting in very fast detections.
i.e. a 2 GB setup.exe in processed in less then 1 second (smart mode kicks in).

We tweaked nearly all scans to benefit from our new procs.

core additions / changes

- new: compiled using masm v10 compiler & linker
- new: added in new and optimized scanning routines
- new: protection id is now able to scan inside msi files
- new: clean temp tool (Extensions -> Clean Temp)
- new: added in our own fast internal zlib decompresion routines
- new: compiler detector updated to detect:
- more Visual C++
- appended flash files
- Power Basic
- Watcom C/C++
- MinGW

- update: reporting part on file type, now reports bitness & file subsystem
- update: added in recovery system - if a crash happens when scanning a file/cd/dvd and the crash is in the scanning thread,
the seh system will 'recover' the crash, skipping all other scan modules and simply clean things up.
So a crash when scanning does NOT take protection id down (the crash is reported to the log)
- update: windows error code resolver dialog got a face lift and some added functionality
- update: initial modification to report cpu usage on ALL available cores
- update: shortcuts are now not made if pid is run from a removable drive
- update: added in reporting for uac setting in vista or higher
- update: scan size threshold increased to 50mb
- update: added in the nfo association configuration
- update: compiler detection enabled by default now
- update: adjusted the way the systray worked
- double left click on the pid icon will cause the pid window to be shown / hidden
- right click on the pid icon will cause the right click systray context menu to appear

- bugfix: cab file handler bug fixed
- bugfix: scan file on cd/dvd did not work
- bugfix: fix for shortcuts getting fucked
- bugfix: fixed bug in the seh system, which lead to a crash
- bugfix: file queue stuff (pause, remove, clear all) fully operational again
- bugfix: logic fix, checking section count could technically be wrong if exe was x64
- bugfix: selecting scan folder 2x resulted in it messing up
- bugfix: minor adjustment to avoid closing an invalid handle
- bugfix: fixed output bug on small files
- bugfix: fixed a possible win9x issue
- bugfix: minor gui fixes

detection additions / changes

- new: check_activemark.asm - added exact version detection & more detailed output for v4, v5 & v6 of ActiveMark
- new: check_byteshield.asm - ByteShield detection got heavily updated, now it contains a lot extra more info
- new: check_ea_custom.asm - added in detection for EA Custom Protection (used in The Sims 3)
- new: check_gameguard.asm - GameGuard Launcher Module & it's version got reported
- new: check_hackshield.asm - AhnLab HackShield detection added
- new: check_impulse.asm - Impulse DRM (+ core module) detection added
- new: check_protectdisc.asm - added in new versions: v9.11.0, v9.20.0, v9.25.0 & latest v9.26.0
- new: check_protectdisc.asm - added in detection of how many trial days a Protect Disc exe is allowed to run
- new: check_safedisc.asm - updated to detect clcd32.dll, dplayerx.dll, drvmgt.dll from old safedisc 1 games
- new: check_secureebook.asm - added in Secure eBook Wrapper detection
- new: check_securom.asm - added SecuROM DFA v1 and v2 detection
- new: check_securom.asm - added SecuROM 7 dfa.dll detection
- new: check_securom.asm - added detection for SecuROM 5 and 4 (or lower) dll modules (cms*.dll sintf*.dll)
- new: check_solidshield.asm - added in Tages Setup version detection in solidshield core.dll (if found)
- new: check_solidshield.asm - SolidShield wrapped dlls will be detected now
- new: check_starforce.asm - added in detection of StarForceFileSystem containers (SFFS)
- new: check_steam.asm - added in detection of the Steam Client API Module & report Steam api usage in exe
- new: check_themida.asm - updated to show watermarking on some versions
- new: check_playfirst.asm - added in detection of the Playfirst Game Library
- new: check_playrixwrapper.asm - added Playrix Game Wrapper detection
- new: check_reflexivearcade.asm - added in detection of build 177 & build 178 of the ReflexiveArcade Wrapper
- new: check_robingameswrapper.asm - added in Robin Games Wrapper detection
- new: check_spintop.asm - added SpinTop DRM Module detection
- new: check_mfortress.asm - added MegaFortress detection
- new: check_upx.asm - added in more informative upx info

- new: check_aase.asm - added Aase detection
- new: check_adnexeprotector.asm - added ADN Exe Protector v0.5 detection
- new: check_aliencryptor.asm - added Alien Cryptor v1.0 detection
- new: check_armadillo.asm - added Armadillo v6.40 and v6.60 - v7.00 (or newer) detection
- new: check_aspack.asm - added ASPack v2.2 detection
- new: check_asprotect.asm - added ASProtect v1.4 build 04.01 Beta detection
- new: check_aurastompercrypter.asm - added AuraStomper Crypter detection
- new: check_babelobfuscator.asm - Babel .Net Obfuscator detection added
- new: check_blindspot.asm - BlindSpot File Binder v1.0 detection added
- new: check_deepseaobfuscator.asm - added in DeepSea .Net Obfuscator detection
- new: check_dotfixniceprotect.asm - added version detection for v1.0 - v2.x, v2.8 - v2.9, v3.0 - v3.6
- new: check_dotnetreactor.asm - added in detection of dotNET Reactor v4.0 (or newer)
- new: check_dsrfileprotector.asm - added dSR File Protector detection
- new: check_eprot.asm - added !EProt detection
- new: check_epprotector.asm - added EP Protector v0.1 detection
- new: check_fishnet.asm - added Fish.NET packer detection
- new: check_flyskysoftware.asm - added Fly Sky Software Custom Protector detection
- new: check_hackhoundbinder.asm - added in Hack Hound File Binder detection
- new: check_ionworxidentifier.asm - added Ionworx Identifier SDK Module detection
- new: check_leetcryptor.asm - added LeetCryptor v1 detection
- new: check_moleboxultra.asm - added in MoleBox Ultra v4.x detection
- new: check_pcguard.asm - added detection of latest PC-Guard v5.04
- new: check_alloy.asm - added PGWARE Alloy [generic] detection
- new: check_rdgpolypack.asm - added RDG PolyPack v1.1 detection
- new: check_simbioz.asm - added in SimbiOZ v2.1 detection
- new: check_skycrypt.asm - added in Sky Crypt v2.0 detection
- new: check_stultrapack2.asm - added ST Ultra Pack 2 v0.6s detection
- new: check_themisbinder.asm - added in Themis Binder v0.2 detection
- new: check_upack.asm - added detection of more detailed versions
- new: check_vprotect.asm - added VProtect detection
- new: check_zipworx.asm - added ZipWorx detection

- new: license_bentleyieg.asm - added Bentley IEG License Service detection
- new: license_crypkeysdk.asm - added CrypKey v7.0 (or newer) detection
- new: license_crypkeysdk.asm - added detection of the CrypKey License Service Installer
- new: license_desawarelicensing.asm - added Desaware Licensing System for .NET Module detection
- new: license_elicense.asm - now detecting on a dll it didn't see before
- new: license_interlok.asm - updated to detect PACE InterLok System File
- new: license_reprise.asm - added Reprise License Manager detection
- new: license_sentinelrms.asm - added SafeNet Sentinel RMS v8.x detection

- new: dongle_hasp.asm - NetHASP Network Dongles are detected
- new: dongle_hasp.asm - added in detection of the Aladdin HASP SRM Run-time Environment Installer
- new: dongle_ilok.asm - added in iLok USB Hardware Dongle detection
- new: dongle_matrix.asm - added Matrix Dongle detection
- new. dongle_microdog.asm - added SafeNet MicroDog Driver installer detection
- new: dongle_sentinel.asm - added in detection of Rainbow NetSENTiNEL SUPER PRO Dongle
- new: dongle_syncrosoft.asm - added in SyncroSoft USB Dongle detection

- new: installer_advancedinstaller.asm - added Advanced Installer detection
- new: installer_autoplay_media_studio.asm - added Indigorose - AutoPlay Media Studio
- new: installer_bitrock.asm - added BitRock InstallBuilder Module detection
- new: installer_fenomen.asm - added Fenomen Downloader detection
- new: installer_gamehouse.asm - added GameHouse Installer detection
- new: installer_setupfactory.asm - added detection of Setup Factory v8.x modules
- new: installer_uharcsfx.asm - added UHARC SFX Archive detection

- improved: check_3plock.asm - added in another generic check
- improved: check_enigmaprotector - now detects on an Enigma version it didn't 'see' before
- improved: check_hexalock.asm - optimized HexaLock detection
- improved: check_laserlok.asm - optimized Laserlok scanning speed
- improved: check_protectdisc.asm - tweaked output
- improved: check_safedisc.asm - optimized Safedisc v1 scanning speed
- improved: check_smarte.asm - added in two new checks
- improved: check_starforce.asm - improved scanning speed
- improved: check_steam.asm - updated detection on another steam variant on assassins creed and r6 vegas
- improved: check_tages.asm - improved detection of the Tages protection driver
- improved: check_vob.asm - added one more generic check
- improved: check_execryptor2.asm - code tweaked to reduce false positives

- improved: check_alawar.asm - scanning speed optimizations
- improved: check_elefunwrapper.asm - scanning speed optimizations & reports offset / size of virgin executable
- improved: check_popcapdrm.asm - scanning speed optimizations
- improved: check_reflexivearcade.asm - optimized ReflexiveArcade Wrapper detection

- improved: check_abccryptor.asm - added in a new check
- improved: check_armprotector.asm - added in one more generic check
- improved: check_asdpack.asm - scanning speed optimizations
- improved: check_aspack.asm - scanning speed improvements
- improved: check_asprotect.asm - tweaked version output
- improved: check_atreprotector.asm - added in another generic check
- improved: check_bambam.asm - added in two more checks to tighten detection
- improved: check_beria.asm - improved Beria detection
- improved: check_dalcrypt.asm - added in two new checks
- improved: check_dotfuscator.asm - optimized scanning speed
- improved: check_dotnetprotector.asm - optimized scanning speed
- improved: check_enigmaprotector.asm - added in another generic check
- improved: check_epprotector.asm - code adjusted, made faster
- improved: check_exestealth.asm - optimized scanning speed
- improved: check_ezip.asm - scanning speed optimizations
- improved: check_exestealth.asm - improved scanning speed
- improved: check_gieprotector.asm - optimised the signature scan
- improved: check_kkrunchy.asm - added in detections for old kkrunchy (2003)
- improved: check_mew5.asm - Mew 5 EXE Coder v0.1 detection tweaked
- improved: check_mpress.asm - mpress for - tweaked detection
- improved: check_mslrh.asm - added in two more generic checks
- improved: check_mucruncher.asm - rewritten MuCruncher detection
- improved: check_mz0ope.asm - added in another check
- improved: check_nidhogg.asm - optimized Nidhogg scanning speed
- improved: check_packitbitch.asm - added in two new checks
- improved: check_polyene.asm - added in more generic checks for PolyEne
- improved: check_punisher.asm - added in three new checks
- improved: check_sevlock.asm - tweaked sevLock detection
- improved: check_simplepack.asm - now detects all the simplepack exe's it didn't detect before
- improved: check_softsentry.asm - added in more checks + optimized scanning speed
- improved: check_spicesnet.asm - added in another check
- improved: check_telock.asm - improved TeLock v1.0 detection
- improved: check_upack.asm - added more detailed version checks, tweaked some detections
- improved: check_upx.asm - fixed possible wrong detection
- improved: check_vbowatch.asm - updated with a better signature
- improved: check_visualprotect.asm - added in one more check
- improved: check_vmprotect.asm - now it detects on a dll it didn't 'see' before
- improved: check_wildtangent.asm - scanning speed optimizations
- improved: check_wlcrypt.asm - optimized WL-Crypt detection
- improved: check_xprotector.asm - added in two heuristic checks
- improved: check_yzpack.asm - tweaked

- improved: dongle_hasphlenvelope.asm - now detects on wrapped sys files too
- improved: dongle_keylok2.asm - improved Key-Lok II Dongle scan speed
- improved: dongle_marx.asm - added in another check
- improved: dongle_sentinel.asm - detects Sentinel on x64 executables
- improved: dongle_wibu.asm - added in another check

- improved: minor tweaks for all license detections
- improved: license_crypkeyinstant.asm - improved scanning speed in files wrapped with CrypKey Instant
- improved: license_crypkeysdk.asm - updated / tweaked CrypKey detection
- improved: license_elicense.asm - improved eLicense scanning speed
- improved: license_haspsl.asm - speed up HASP SL Licensing System scans
- improved: license_interlok.asm - scan speed improvements + added in detection for another 'variant' of InterLok
- improved: license_ntitles.asm - scanning speed improvements

- improved: installer_akinstaller.asm - scanning speed optimizations
- improved: installer_clickteam.asm - improved generic detection
- improved: installer_createinstall.asm - scanning speed optimizations
- improved: installer_gkwaresfx.asm - improved generic detection
- improved: installer_patchwise.asm - now detects a module it did not 'see' before
- improved: installer_rarsfx.asm - updated to handle new winrar sfx

- bugfix: check_starforce.asm - fixed possible crashbug
- bugfix: check_dotnetguard.asm - fixed non register preservation
- bugfix: check_vmprotect.asm - fixed generic detection
- bugfix: check_forgot.asm - fixed non detection
- bugfix: check_quickpacknt.asm - fixed non-detection bug
- bugfix: check_shrinkwrap.asm - fixed non-detection bug
- bugfix: check_upx.asm - fixed a possible wrong detection

CD/DVD/Image file/sector scan

- added in SecuROM v7.40 (or newer) detection via sector scan
- some more updates on the iso making code, and the cddvd_api core
- tweaking the cd/dvd dialog portion, now detects and reports errors better, along with better sector calculations
�� (will now abort if it detects a css encrypted sector when making an iso)
[Only registered and activated users can see links. ]

Last edited by quygia128; 31-10-2014 at 08:44 PM.
  Reply With Quote
The Following 4 Users Say Thank You to phongvucba For This Useful Post:
Old 12-07-2010, 08:09 PM   #2
User Profile
>>> CiN1-TeAm <<<

pnta's Avatar
Join Date: Mon Apr 2009
Location: Home
Posts: 919

Cấp bậc: 27 [cin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1team]
Sức sống: 0 / 650
Hoạt động: 306 / 18520
Kinh nghiệm: 2%

Địa chỉ: Home
Nghề nghiệp: Retiring

Thanks: 3,984
Thanked 6,165 Times in 1,196 Posts
Icon5 PROTECTiON iD v6.4.0

PROTECTiON iD v6.4.0

Core additions / changes

- new: added in whois capabilities to IP/Name resolver
- new: compiler detector updated to detect:
- more Borland Delphi
- more Visual C/C++
- more MinGW
- Visual Objects
- Liberty BASIC
- REALbasic

- update: changed output for rar/zip etc. wich is non protection related to be displayed in the logwindow only.
(protection report will only display protected files like securom/starforce containers etc.)
- update: some tweaks for the shortcut creation system
- bugfix: possible digital signature check crash fixed
- bugfix: peid extension code tweaks & some fixes
- bugfix: fixed closing a bad handle
Detection additions / changes

- new: check_cenega.asm - added in Cenega ProtectDVD detection (custom protection for cenega .pl games)
- new: check_protectdisc.asm - added in generic v9.27 (or higher) detection
- new: check_protectdisc.asm - added in exact Protect DiSC versions for v9.26, v9.28 & v9.30
- new: check_steam.asm - added in Valve CEG - Custom Executable Generation detection for Steam exe's
- new: check_ubidrm.asm - added in UBISoft Online DRM detection

- new: check_armadillo.asm - added in Armadillo v7.20 (or newer) detection
- new: check_asprotect.asm - added in ASProtect v2.56 (or newer) detection
- new: check_boxedapppacker.asm - added in detection for BoxedAppPacker bundled files
- new: check_clisecure.asm - added in detection for CliSecure .NET Code Protector
- new: check_codewall.asm - added in detection of CodeWall Technologies .NET Protector
- new: check_dyamarobfuscator.asm - added in DYAMAR Obfuscator detection
- new: check_enigmaprotector.asm - detection of Enigma Protector v2.xx wrapped files
- new: check_obsidium.asm - added in Obsidium v1.4.0.0 (or newer) detection
- new: check_reflexivearcade.asm - added in Reflexive Arcade Wrapper version info for build 179, 180, 181, 182, 183 & v184
- new: check_safeengine.asm - added Safengine Licensor v1.7.2.0 (or newer) detection
- new: check_salamandernet.asm - added in detection of Salamander .NET Protector & the core.dll (incl. version)
- new: check_shoecakedrm.asm - added in detection of Shoecake Games Activation
- new: check_softanchor.asm - added in UniLoc SoftAnchor detection
- new: check_themida.asm - detection of Themida using a new variant of Hide from PE Scanner
- new: check_xenocode.asm - added in detection for Xenocode Postbuild 2009
- new: check_xenocode.asm - added in detection for XenoCode Virtual Application Studio 2010

- new: check_apecsoftswftoexe.asm - added in ApecSoft SWF2EXE Converter v1.0 module detection
- new: check_babelobfuscator.asm - added in Babel .Net Obfuscator v3.x (or higher) detection
- new: check_exedefender.asm - added in ExeDefender v1.0 detection
- new: check_larp.asm - added in LARP v2.x detection
- new: check_netspider.asm - added in NET.Spider v1.0 (or older) and v1.1 (or higher) detection
- new: check_noobyprotect.asm - updated to detect NoobyProtect v1.7.x.x
- new: check_refruncycrypter.asm - Refruncy Crypter detection added
- new: check_scobfuscator.asm - added in SC Obfuscator detection
- new: check_scpack.asm - added in SC Pack v0.1 & v0.2 detection
- new: check_vprotect.asm - rewritten to detect VirtualizeProtect v1.0 (or newer)
- new: check_yincrypt.asm - added in YinCrypt v1 (Public) detection

- new: license_activelock.asm - added in ActiveLock Licensing Module for DotNET detection
- new: license_icelicense.asm - added in detection of IonWorx - ICE License
- new: license_iceni.asm - added Iceni Technology License Wrapper detection
- new: license_interlok.asm - added iLok USB device driver detection
- new: license_protectionplus.asm - added in detection of the Protection Plus v4.6 Wrapper

- new: dongle_marx.asm - now detects the MARX CryptoBox PE Envelope
- new: dongle_proteqcompact.asm - added in Proteq Compact-500 Dongle detection + driver & version reporting
- new: dongle_sentry.asm - added in detection for the Sentry Hardware Lock USB driver + version
- new: dongle_softdog.asm - added in SoftDog driver check + version reporting

- new: installer_adobeextract.asm - added in Adobe Extractor detection
- new: installer_nanozip.asm - added NanoZip SFX Module detection

- improved: check_activemark.asm - ActiveMark is now detected properly in games with a digital signature
- improved: check_copyminder.asm - updated CopyMinder scan, does now detect on a game it didn't see before
- improved: check_dotnetreactor.asm - rewritten dotNet Reactor detection (more accurate)
- improved: check_ea_custom.asm - update cucko detection with another pattern using a new routine
- improved: check_execryptor2.asm - added in another generic check & updated to detect on 2 files it didn't 'see' before
- improved: check_moleboxultra.asm - now detects on MoleBox Virtualization Solution v4.2321 too
- improved: check_pecompact.asm - added in two more generic checks
- improved: check_popcapdrm.asm - now detects on recent popcap games too
- improved: check_protectdisc.asm - better handling for newer versions
- improved: check_securom.asm - updated to detect SecuROM SLL files a bit better
- improved: check_securom.asm - improved paul.dll detection (were version info is removed)
- improved: check_solidshield.asm - added in another generic check for the core.dll
- improved: check_themida.asm - tweaked, detects now on a file it did not 'see' before
- improved: check_upx.asm - added in another check for unknown / modified UPX
- improved: check_vmprotect.asm - added in another generic check

- improved: check_cryptic.asm - added in another check for Cryptic v2.0
- improved: check_darkcrypt.asm - updated DarkCrypt 1.2 detection with heuristic check
- improved: check_gieprotector.asm - added in two more checks for Gie Protector v0.2
- improved: check_mpress.asm - updated to handle MPress v2.12 (and newer)
- improved: check_noobyprotect.asm - NoobyProtect code adjusted to handle 2 files it didn't 'see'
- improved: check_pearmor.asm - added in another check for a newer version
- improved: check_pecrypt.asm - tweaked code results in faster scanning
- improved: check_privateexe.asm - updated detection code for v3.x
- improved: check_rdgpolypack.asm - tweaked, now detects on an exe it did not see before (thx ReverseB00n)
- improved: check_safeengine.asm - updated Safengine Licensor with another check
- improved: check_yodacrypt.asm - tweaked YodaCrypt v1.3 detection (does now detect on an exe it didn’t see before)
- improved: check_zprotect.asm - ZProtect signature updated + it detects unknown versions now

- improved: dongle_copylock.asm - added detection for another variant
- improved: dongle_dinkey.asm - now detects on an application it did not 'see' before
- improved: dongle_rockey.asm - updated to detect Rockey2 on an application it did not 'see' before
- improved: dongle_softdog.asm - updated with another check for SoftDog dongles

- improved: installer_7zip.asm - another variant of 7z SFX gets detected now
- improved: installer_bitrock.asm - rewritten BitRock InstallBuilder detection to be more generic
- improved: installer_install_anywhere - added another check for (newer) InstallAnywhere Self Extractor Modules

- bugfix: check_securom.asm - fixed matroschka detection in securom - the name output was fucked on a recent exe
- bugfix: dongle_copylock.asm - fixed internal bug
- bugfix: installer_gkwaresfx.asm - fixed double output


[Only registered and activated users can see links. ]

Chữ kư cá nhân của pnta

To view links or images in signatures your post count must be 0 or greater. You currently have 0 posts.

To view links or images in signatures your post count must be 0 or greater. You currently have 0 posts.

To view links or images in signatures your post count must be 0 or greater. You currently have 0 posts.

Last edited by pnta; 14-01-2012 at 06:24 PM.
  Reply With Quote
The Following 12 Users Say Thank You to pnta For This Useful Post:
Old 18-02-2011, 10:53 AM   #3
User Profile

al0nex's Avatar
Join Date: Sat Aug 2010
Posts: 36

Cấp bậc: 4 [cin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1team]
Sức sống: 0 / 94
Hoạt động: 12 / 2320
Kinh nghiệm: 76%

Thanks: 63
Thanked 113 Times in 26 Posts

password là ǵ cậu ơi
  Reply With Quote
Old 01-11-2013, 05:57 PM   #4
User Profile

Dreamer's Avatar
Join Date: Fri Feb 2012
Posts: 728

Cấp bậc: 24 [cin1teamcin1teamcin1teamcin1teamcin1teamcin1team]
Sức sống: 0 / 586
Hoạt động: 242 / 11913
Kinh nghiệm: 44%

Thanks: 357
Thanked 476 Times in 149 Posts
Default ProtectionID 6.5.5 - halloween public release 31/10/2013

ProtectionID 6.5.5 - halloween public release 31/10/2013

Hi, heres the 6.5.5 public release, a lot of bugfixes and tweaks (incl the win 7 one which i still get emails for), and some new additions,
hopefully you'll like it... the last final version is probably going to be on christmas, where i will add anything missed, and fix any outstanding
bugs, then its a switch to developing pid 7 which will be quite different (and various flavors for people who just want the scanning etc)

so, please send the bug reports in for this version to the usual email address and i'll make sure to include them to the next public release (most likely 24/12/2013)

and as usual, thanks to the beta team and those who supplied files, you helped make protection id what it is today...

cdkiller - if you see this, get in touch please m8

below is the long list of the fixes / updates some were lost but this is about all i can remember doing

[virus total results]

[Only registered and activated users can see links. ]

SHA256: 58863c3654db45df49444fafde26ef03a2411ba305dee858cd 8c9ae36c4ad415
File name: protection_id.exe
Detection ratio: 2 / 46
Analysis date: 2013-10-31 20:11:10 UTC ( 0 minutes ago )

* Microsoft VirTool:Win32/Obfuscator.AX
* Bkav HW32.TsCabk.cyiu

both of the detections are false positives...

the microsoft one i've known for a while (windows 8 windows defender blocked protection id during some tests, and i had 1 email about this), so
please add it to be excluded (provided the sha256 hash matches the above one

Bkav i had never heard of until today...

have fun, hope to hear back,




- updated and tweaked VProtect detection code (thx to white for the files)


- added in unity detection (turn on compiler detection)
- updated rar detection for rar5 archives
- upgraded build environment to use masm 12, linker 12 etc... had no problems this time
- played a little with tls on pid
- updated pace interlok detection (thanks HooK)


- updated compiler detect to detect visual basic as p-code or native (requested by Jerry)


- changed starforce detection to handle a false positive with an exe protected with ea access v4 or something...
- updated ea detection to handle a new variant
- bugfix in find_import_module_owner function in handling x64 imports...

2013.04.10 (never went live beta, just my own personal build)

- change to build text, originally it was in mm/dd/yy format (masm did this.. ), so now i've converted to european format.. dd/mm/yy - cosmetic but i wanted it done


- bugfix on exe crytor 2 scan (nested call was not handled correctly.. .old buggy code) - found by Jerry
- bugfix (seh handler output junk in function names if crash happened pre scan) - found by cowsheep
- bugfix - range checking failed on the code to check if a dll was an ocx or not - found by cowsheep (seh handler bug was related to this)
- bugfix - check_cactus.asm - range checking failed on code to check dll exports - found indirectly from cowsheeps bug find above...

note: next beta will have some new routines reporting if the import tables etc are bad pre-scan.. which might help things a little

- changed armadillo detection code atm to not use the decompression routines as they sometimes crashed, this is temporary until i find a work around
- updated armadillo detection code to detect version 8 or higher on an exe (havent had a dll with this to test yet)

thx to deepzero for the new files

- cosmetic - all icons are now fine in windows 8, windows 8 seems to not like 16 color icons, which some were... so they got changed
- cosmetic / bug - the order of the tab windows in the misc tools portion somehow got messed up, now they're in the right order again
- manifest updated in resources (compiled in differently now)

- tweak - browse for folders (and sub folders) dialog now uses the new style dialogs (if available)
this can also be disabled in the configuration (old style browse folders)
- shell version is now autodetected
- cosmetic - all icons now show up properly in the pid main window under windows 8

- bugfix in check_unknown.asm - crashed when checking exports of a malware'd dll (exports were really bad) - thanks NikolayD

- updated windows version detection + product type descriptions - now detects win 8 properly
- we work in ubuntu (with wine) with no prolems (wine detection reporting added into misctools in the text window on the right)

- updated rlpack detection code, now detects on a file that was previously undetected - thanks to NikolayD
- recoded entropy code, now doesnt use crt, and is completely 100% asm, and a little bit faster because of it
this should hopefully resolve the crt issues, and xp issue with api usage (EncodePointer and so on)
- cleaned up some code, and tweaked some other code, end result, the exe is a tiny bit smaller
- sorted out the beta os issues... the tool now runs under win9x again (and higher obviously)... joy

- updated deep sea obfuscator detection code, sightly changed a search pattern which then resulted in it detecting a previously undetected file
- moved over to using the latest vs2012 compilers etc, wasnt an easy task as it worked on one pc at home, broke making pdb's on my laptop and my
office pc.... so i had a lot of tracking to do... solved it eventually though, so now we're using the latest compiler, libs and so on as
well as being built with /safeseh stuff and other goodies


- bugfix in environment info in folder locations dialog, i changed a main function, knowing it would probably break something probably, but it needed changing,
end result was it broke this code.. so environment stuff is reported correctly again now (1 line fix)
- added in code to erase the richedit undo buffer (this ate some memory up, sometimes a lot more than it should have) - perhaps this was the memory leak
in the cab stuff?, now it seems a lot better, and we never use the undo feature anyway... i only recently noticed the memory usage jumps (about 6mb)
that happen when using the fileopen (scan file / multiple) and the folder browser gui portions - this memory usage is from the system, and unfortunately
can not be freed directly by me (apparently its retained for performance reasons), so using those menu items (even if you click cancel) can result in the
memory usage really fluctuating, first time its run, its about 6mb, 2nd time and more, its about a few kb...
- bugfix for 2 scanning functions that crashed under very rare circumstances on some hand crafted exe's (good for testing)
- switched to masm 11.00.51106.1 and linker 11.00.51106.1


- agiledotnet detection tweaked a bit further, now reports a lot more
- smartassembly detection code got tweaked, it detected versions previously undetected and uses a 1 pass instead of (previously) a 2 pass scan method
- cab file handler code got rewritten / tweaked
- enigma detection got updated for newer version detection (version 3.90+) has a different version number style (build version...) - thanks argie


- detection for fastpack added
- bug fix in scanning code, where a range check was the wrong value, resukting in some (123 maximum) scans from not detecting.. doh
- detection for agiledotnet (formerly clisecure)


- bugfix in check_unknown.asm - added in code to safely calculate entrypoint section memory ranges and size, crash avoidance
- zprotect scan tweaked


- updated reporting to show the amount of scans actually executed in the file scan
- updated vmprotect scan code, using a new algo to detect it, it detected it on all the files i had which were not detected before
including dll's and one x64 executable


- mpress scan updated to detect even more files
- private exe detection updated to detect an older version
- added in some more heuristic values / detections
- pespin scan updated to detect another version
- nooby protect scan updated to detect a version that used tls callbacks to decrypt the stub code (possibly to defeat scanners)
- enigma scan updated to detect more versions
- ea access code updated to detect latest version and report 'extra' information
- igorlock dongle detection added
- bigfish game client scanning detection bug fixed (registers not preserved)
- steam scan updated to detect newer versions, also reports extra ceg info (if present)
- gamehouse scan code adjusted to reduce a slowdown when processing imports (now significantly faster)
- rocky dongle scan updated with a new signature (one of cdkillers last code commits)
- codefort scan bugfix (one of cdkillers last code commits)
- cli secure scan code updated and tweaked
- cryptkey sdk scan code updated
- vmprotect scan code updated, a weak detection was removed (it lead to a lot of false positives, reporting v2.06 or higher was found)
- pklite scan code signatures updated to detect older versions (even though the packer is kind of 'dead')
- upack code updated, heuristics check removed which caused the scan to skip if appended data / overlay was present
- entrypoint entropy reported (might come in useful to someone)
- some new configuration settings added (be sure to check them out)
- updated rar detection to (semi) validate the header so Rar!lolololololololollo type files would be falsely deteted (thanks alex)

special thanks to hors for providing files and ideas


- now detects SolidShield core.dll v2.0.4.0 and newer (Assassins.Creed.Brotherhood-SKIDROW)
- since ZEIT2-RELOADED (01/2011) SolidShield 2 activation.exe is upx'ed - gets detected now too
- updated for SolidShield v2 DLL Wrapper (i.e. Crysis 2 Multiplayer Demo)
- Protect DiSC v10 core module detection
- added in PC Guard v5.06 (or newer) detection
- Spices .NET Obfuscator detection tweaked, does now detect on Grapheditplus v1.40
- Gameguard v2010.11.11 (or newer) gets detected (9 Dragons German Client (2011-02-28))
- ZProtect tweaked to detect on 2 files it did not see before
- VMProtect 2.06 (or newer) gets detected on an unpackme it did not see before (thx JeRRy)
- VProtect detection tweaked, does now detect on an unpackme it did not see before (thx JeRRy)
- does now detect StarForce 32 Bit v3.06.010.008 on PsyOps Patch #1 (russian) (thx ReverseB00n)
- Shielden v2.x detection
- GameGuard Scan Module gets detected
- VMProtect detection tweaked, (thx JeRRy)
- SmartAssembly version gets reported if possible
- added in one more string check for Crypto Obfuscator for .NET,
reduces false positives wich were reported (thx kao)
- BUGFIX FOR THE WIN 7 STARTUP CRASH ISSUE (thx to redblkjck), probably happened in win 8 too, should now be resolved


- fixed bug in DotNetGuard detection
- Goliath .NET Obfuscator detection
- Xheo DeployLX 4.x detection
- InstallAware Setup Module detection does now detect on FireDaemon.Trinity.v2.4.2669-iNViSiBLE
- Switlle Games Registrator Scan (detects game.exe signature + registrator.exe)
- StarForce v5.xx (or newer) for .NET detection
- HASP SRM Protection System Module for dotNET detection
- HASP SRM Protection Envelope for dotNET detection
- updated ProtectDiSC detection for recent Black Mirror 3 v1.01 PCGame (another build of PCD v10.2.0)
- tweaked Settec Alpha ROM detection on some korean game (released in back in 2009)
- detection of more Sentinel RMS references (Systat.SigmaPlot.v11.2-RECOiL)
- new Sentinel RMS v8.x Core.dll detection
- Rainbow Technologies USB Security Device Driver detection detection (i.e. Electric.Image.Animation.Studio.EIAS.v8.0-Lz0)
- added in specific detection of the Intel C++ 5.0 Compiler - (Football Superstars v2.1 game.exe)
- make shortcuts and desktop shortcut, and safemode shortcut now disabled by default..
user can turn on if wanted..

[Only registered and activated users can see links. ]


Last edited by Dreamer; 26-02-2014 at 09:50 PM.
  Reply With Quote
The Following 10 Users Say Thank You to Dreamer For This Useful Post:
Old 31-10-2014, 08:47 PM   #5
User Profile
>>> CiN1-TeAm <<<

quygia128's Avatar
Join Date: Fri Dec 2010
Location: Somewhere
Posts: 539

Cấp bậc: 21 [cin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1team]
Sức sống: 0 / 509
Hoạt động: 179 / 12068
Kinh nghiệm: 38%

Địa chỉ: Somewhere

Thanks: 2,900
Thanked 2,506 Times in 574 Posts

ProtectionID v6.6.6 halloween Released.

[Only registered and activated users can see links. ]

v 6.6.6

i waited 11 years for this version number ;p
core additions / changes
tweaks, updates, fixes etc... oh and moved to masm v14 and linker v14

Chữ kư cá nhân của quygia128

To view links or images in signatures your post count must be 0 or greater. You currently have 0 posts.
.::Mới bắt đầu trên con đường dài!::.
.::Super Newbiez::.

  Reply With Quote
The Following 5 Users Say Thank You to quygia128 For This Useful Post:
Old 25-12-2014, 08:01 PM   #6
User Profile

Kjacky's Avatar
Join Date: Sat Sep 2013
Location: India
Posts: 1,028

Cấp bậc: 28 [cin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1teamcin1team]
Sức sống: 68 / 683
Hoạt động: 342 / 10699
Kinh nghiệm: 32%

Địa chỉ: India
Sở thích: RCE
Nghề nghiệp: i am a graduate and also i am a Hardware Admin as a freeLancer

Thanks: 3,405
Thanked 3,709 Times in 866 Posts

Updated Version: Protection Id 6.6.7
[Only registered and activated users can see links. ]

Chữ kư cá nhân của Kjacky Learn Before Earn

Kjacky Online   Reply With Quote
The Following 7 Users Say Thank You to Kjacky For This Useful Post:
Old 06-04-2015, 05:05 PM   #7
User Profile

viettien's Avatar
Join Date: Fri Jan 2015
Posts: 10

Cấp bậc: 2 [cin1teamcin1teamcin1teamcin1teamcin1teamcin1team]
Sức sống: 0 / 25
Hoạt động: 3 / 292
Kinh nghiệm: 0%

Thanks: 15
Thanked 14 Times in 5 Posts
Default Protection ID v667

Protection ID
PROTECTiONiD features
- detection of every major PC ISO Game / Application protection
- currently covers 573 detections, including win32/64 exe protectors & packers, .net protectors, dongles, licenses & installers
- sector scanning CDs / DVDs for Copy Protections
- files / folders can simply be dragged & dropped into PiD
- strong scanning routines allowing it to detect multiple protections
- easy scanning via shell context menu
- useful additional misc tools included
- coded 100% in Win32 assembly language
- fully 32bit & 64bit compliant
- working from Win9x to Windows 10 (technical preview)

Download :
  Reply With Quote
The Following 3 Users Say Thank You to viettien For This Useful Post:
Old 27-05-2018, 07:05 AM   #8
User Profile

luger's Avatar
Join Date: Thu Apr 2018
Posts: 11

Cấp bậc: 2 [cin1teamcin1teamcin1teamcin1teamcin1teamcin1team]
Sức sống: 0 / 28
Hoạt động: 3 / 64
Kinh nghiệm: 12%

Thanks: 19
Thanked 1 Time in 1 Post

Updated Version: Protection Id 6.9.0
  Reply With Quote

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

All times are GMT +8. The time now is 03:25 PM.

Powered by vBulletin® Version 3.xx
Copyright ©2000 2019, Jelsoft Enterprises Ltd. Help
Licensed to: