首页
社区
课程
招聘
[下载]ARM Protector_v0.3
发表于: 2005-12-21 13:46 2714

[下载]ARM Protector_v0.3

2005-12-21 13:46
2714
ARM Protector is a Windows Portable Executable (PE) file protector and cryptor
against reverse engineering (cracking, debugging and other illegal modifications).
It has some nice protection options (i'll keep adding them as much as i can)

Protection Options
------------------
- Anti Ring3 Debugger (Application Level)
- Anti SoftIce and Monitoring Tools
- Exit In Case Of Bad CRC
- Erase API/DLL Name Strings (Destroy IT)
- Anti API Breakpoint
- Anti In-Loader API BPX (Prevent Unpack)
- Anti In-Loader Code BPX
- Anti Hardware Breakpoint
- Password Protect
- Anti IceDump (Win9x only)

- Anti Ring3 Debugger (Application Level)
executable will refuse to run if it detects that the process is working under
application level (ring 3) debugger (debuggers that use debug APIs).

- Anti SoftIce and Monitoring Tools
executable will refuse to run if there is active SoftIce/Trw system debuggers
and plus some of well known Monitoring Tools (like RegMon and FileMon).

- Exit In Case Of Bad CRC
executable will refuse to run if it detects that the file is modified, changing
even one byte will make executable un-runable.

- Erase API/DLL Name Strings (Destroy IT)
if the file protected with this option, there wont be any API and DLL names in
the memory after startup. So the import table (IT) will be destroyed.

- Anti API Breakpoint
this option will fight against breakpoints on apis which executable uses (APIs from
import table). So if there will be any breakpoint executable will refuse to run.

- Anti In-Loader API BPX (Prevent Unpack)
and this option checks breakpoints for apis that in-mem loader uses (emulated APIs).

- Anti In-Loader Code BPX
this option will fight against software breakpoints, if there will be any breakpoint
in the loader body program will refuse to run.

- Anti Hardware Breakpoint
and this option will fight against hardware breakpoints, that system (ring0) debuggers
use to break on (hmm.. ring3 debuggers use hardware breakpoints aswell :)

- Password Protect
if you choose this option, protected file will ask for a password at run-time,
entering wrong password will crash program (read more in ABOUT PASSWORD PROTECTION)

- Anti IceDump (Win9x only)
executable refuse to run if there is active IceDump loaded.
From IceDump readme file "icedump performs exports renormalization on several system
DLLs which remains effective even after icedump has been unloaded"
so regarding to this fact, option will detect unloaded icedump too, means will detect
even if icedump is unloaded by user to bypass the protection

History
v0.3  - changed a lot...
        project was freezed for a several months... i was busy :/
        now... by lotta users request added edit boxes, to show some
        msg before exiting if smth is detected (just leave them blank
        if ya dont want to display msg), you can enter up to 100 chars
        for each message (think will be enough), added icedump detection
        (with abbility to display message ofcoz :)), did some pic with
        national flag colors to put on window :)
        by the way... try to put a breakpoint on messages and debug after
        it... do you see what i invent ?
        yes... i did some api call's emulations plus nested calls with
        emulation... i think this is a good protection mechanism :)
        ok and all this gets plus ~500 lines and one day :)
        and yes... changed icon



附件:_armp03.rar


[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)

收藏
免费 0
支持
分享
最新回复 (6)
雪    币: 242
活跃值: (30)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
2
ding...........
2005-12-21 14:59
0
雪    币: 243
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
3
THX,谢谢了!
2005-12-21 15:22
0
雪    币: 234
活跃值: (104)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
4
奇怪,加壳的软件运行不起来。
单选一个密码功能都运行不起来。
2005-12-21 18:12
0
雪    币: 817
活跃值: (1927)
能力值: ( LV12,RANK:2670 )
在线值:
发帖
回帖
粉丝
5
简单处理了下界面:



附件:HA_armp03.rar
2005-12-21 21:51
0
雪    币: 97697
活跃值: (200834)
能力值: (RANK:10 )
在线值:
发帖
回帖
粉丝
6
能看就行
2005-12-21 21:56
0
雪    币: 208
活跃值: (40)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
7
记事本都无法运行.
汗..
2005-12-23 12:44
0
游客
登录 | 注册 方可回帖
返回
//