Reverse Engineering b10g | REM

v6.1.6

Core Code changes:

- new: enabled the PE Stuff dialog (still in early stages)
- new: smbios reporting added (misc tools portion)
- update: pid entrypoint code optimised
- update: updated resizing core, and squashed a few bugs
- update: false positive with some anti virus programs is now fixed (gdata and avast)
- update: folderwatch, task manager, cd/dvd filter driver report, services report and folder
locations all have right click context menus allowing the data to be saved to file
- update: uninstaller code tweaked – various fixes on some entries that would not uninstall
- update: update portion is now tweaked, a bit better and more futureproof
- update: windows 7 is now detected right and everything is functional (we are windows 7 compatible)

- bugfix: gui issue when run from context menu (log window will be shown)
- bugfix: file open doing nothing bug fixed – happened on WinXP with no service packs
- bugfix: folderwatch – bugfix in window handler, could have caused a lockup in 9x/me systems

detection additions / changes

- new: check_protectdisc.asm – added ProtectDisc exact v9.0.0, v9.1.0 & v9.2.0 detection
- new: check_g4wl.asm – added Games for Windows Live detection (xlive)
- new: check_steam.asm – added Steam (basic stub) detection
- new: check_activemark.asm – added ActiveMARK v6.50.767 detection

- new: check_breakpointcrypter.asm – added Breakpoint Crypter v0.0.79 detection
- new: check_expressor.asm – added exPresor v1.6.1 (Pro) detection
- new: check_fearzcrypter.asm – added fEaRz Crypter v2.2.0 detection
- new: check_hellcrypter.asm – added HellCrypter v1 detection
- new: check_kratoscrypter.asm – added Kratos Crypter detection
- new: check_npack.asm – added nPack v1.1.800.2008 + unknown version detection
- new: check_obsidium.asm – added Obsidium v1.3.6.1 detection
- new: check_pespin.asm – added PeSpin v0.1 (x64) detection
- new: check_rdgpack.asm – added RDG Pack Lite Edition v0.4 detection
- new: check_roguepack.asm – added RoguePack v4.0 Beta 1 detection
- new: check_rlpack.asm – added RLPack v1.21 detection
- new: check_simplecrypter.asm – added Simpl3 CrYpT3R detection
- new: check_xcrypter.asm – added X-Crypter v2.01 detection
- new: check_zprotect.asm – added in *generic* ZProtect detection

- new: dongle_softdog.asm – added SoftDog Dongle detection

- update: check_protectdisc.asm – removed protection level output (basic/pro) when detecting v9
(this version is all ‘Pro’, no more ‘Basic’ v9 games)
- update: check_activemark.asm – ActiveMark v6.1.335 detection rewritten
(thx Nacho_dj for reporting a bug in American McGee’s Grimm Bundle)

CD/DVD/Image file/sector scan

- update: sector scan updated to handle various movie protections
(css/cpmm, cprm, aacs hddvd, aacs bd), this code is still in the experimental stage,
and needs testing, but seems to work

[i] Init cd/dvd sector scan for Drive O
[i] Detected CSS / CPMM Protection! (0×00000001)
[i] Region Lock Detected -> RegionBitMask: 00000002
[.] Region(s) allowed : 2 (Drive region will need to be changed, you have 2 changes remaining,
your current region is : 1)
- Scan Took : 0.828 Second(s)

- bugfix: fixed bug in cddvd sector scanning code (register got trashed) – not critical..
http://vip-file.com/download/f8fbbf77849/ProtectionID-v6.1.6-2k9.rar.html

faster, more accurate, still better and no more beta – xmas release #2

Core Code changes:

- new: width-RESIZEABLE main window
- new: user can now choose what protection scans to skip
- new: added in new configuration item allowing the user to specify if iso, ccd, mds
etc modules are to be treated as discs (and therby subject to a sector scan)
- new: ability to scan inside microsoft cab files has been implimented

- update: we are now v0.6.1.3
- update: faster scanning core
- update: configuration window has a new look
- update: better 64 bit file handling support added
- update: appended data detection tweaked a little
- update: now if pid is running and an exe is scanned from the context menu, the main
window will change to the log window (looks better.. suggested by loki)
- update: lnk file resolving is now complete, if user has selected to resolve links,
the system handles this all automatically
- update: window position is now centred if a previous window location was not recorded
- update: adjusted ia64/x64 vs. machine check portion of code (thx to teddy rogers)
- update: configuration – windows product key showing is now a configuration item
- update: configuration – now ‘themes’ and ‘flat mode’ can not be selected at the same time,
this is how it should be as themes override flatmode etc… so now only one can
be selected, and the other is ‘auto unselected’ (suggested by syk0)
- update: configuration – addedin code to enable/disable the ‘protection report bubble’ after a scan is completed
- update: Memory Optimiser – the progress bar should get to the start again when user
clicked on Optimize and Purge was successful
- update: Memory Optimiser – code heavily updated, to work in chunks (if largest size requested is not available),
so, end result – more reliable, faster and optimised
- update: misc tools – added in quick uninstall tab
- update: misc tools – added in CD/DVD Filter Driver scanner tab
- update: misc tools – added in Windows Error Code Resolver tab
- update: misc tools – added in CPU Info tab
- update: misc tools – added in windows directory in the system info output
- update: misc tools – added in Folder Locations scanner
- update: misc tools – system information window now reports graphic device names (geforce, etc),
username & computername and terminal services availability also reported
- update: misc tools – windows install date (from registry) is now reported in the misc tools ’system info part’,
windows install date (from folder) is now also reported.
- update: misc tools – tweaked x64 os detection code, so its a lot more reliable
- update: misc tools – windows product key reporting now also handles x64 systems
- update: nfo viewer – extra checking now added – zip, rar and mz executables will NOT be displayed,
instead, a warning message is displayed
- update: process view – added in check for terminate, dump, priority change..
if selected process is pid, the menu items are disabled (for safety and security)
- update: svf checking now reports current offset on the line when processing
- update: sfv processing now works with quoted filenames
- update: winspy – process name is now also reported (if we could obtain it.. )
- update: log window in cd/dvd operations now has a context menu, allowing for…
clear log
copy selection to clipboard
copy log to clipboard
save selection (txt)
save selection (csv)
save log (txt)
save log (csv) – bugfix: admin reflection / reporting was incorrect on 9x/ME systems
- bugfix: ‘admin shield’ icon is now moved, it looked out of place if the other progress bars
showing cpu usage etc were turned off.. (reported by loki)
- bugfix: Export as .txt doesn’t work properly, only the first file does get saved
- bugfix: event bug fixed, which sometimes resulted in pid sticking at about 35% cpu
- bugfix: pause/resume in the queue window was sometimes wrong for the text (reported by r!co)
- bugfix: Fixed SFV bug – Click on make, don’t select any files and press abort.
You can’t use the complete SFV feature as it’s all greyed out (reported by Blazkowicz)
- bugfix: sfv output for large files (mb, gb etc) was VERY wrong, its since corrected
- bugfix: fixed ‘disappearing window’ problem
- bugfix: ‘large icons’ issue fixed in 9x
- bugfix: sfv – abort now works
- bugfix: sfv – output issue should be 110% fixed now (new buffering system used)
- bugfix: task manager -> potential stack bug fixed
- bugfix: configuration – shortcut creation was broken
- bugfix: nfo viewer – fixed potential memory leak on drag/drop
- bugfix: bug in the code checking for digital signatures (found by blazi)
code now performs a sanity check on accessed memory areas

detection additions / changes

- new: check_activemark.asm – added version detection for v6.3.562
- new: check_alawar.asm – added Alawar Try & Buy Activation detection
- new: check_hexalock.asm – added HexaLock Copy Protection detection
- new: check_protectdisc.asm – added more Protect DiSC v8 subversions
- new: check_securom.asm – added in detection for sll modules + SecuROM Matroschka Package
- new: check_acprotect.asm – added ACProtect v2.1, v2.1.1 and v2.1.2 detection
- new: check_angelscrypter.asm – added Angel’s Crypteur v0.2 detection
- new: check_antidote.asm – added AntiDote v1.4 SE detection
- new: check_armadillo.asm – added version detection v6.00 or newer
- new: check_atreprotector.asm – added AT4RE Protector v1.0 detection
- new: check_avlock.asm – added AVLock detection
- new: check_budcrypter.asm – added BUD Crypter detection
- new: check_coolcrypt.asm – added COOLcryptor 0.9 detection
- new: check_cryptwoz.asm – added CryptWOZ v1.0 detection
- new: check_darkcrypt.asm – added DarkCrypt v1.2 (Private Version) detection
- new: check_dcrypt.asm – added DCrypt Private v0.9b detection
- new: check_dotfixniceprotect.asm – added DotFix NiceProtect v1.0 detection
- new: check_dotnetreactor.asm – added dotNet Reactor v3.3 (or newer) detection
- new: check_enigmaprotector.asm – added version grabber for Enigma Protector
- new: check_execrypt.asm – added ExeCRyPT v1.0 [ReBirth] detection
- new: check_exefog.asm – added EXEFog v1.1 detection
- new: check_exewrapper.asm – added ExeWrapper v3.0 (533Soft) detection
- new: check_expressor.asm – added ExPressor v1.6 detection
- new: check_fakuscrypter.asm – added Fakus Crypter detection
- new: check_fastfilecrypt.asm – added FastFileCrypt v1.6 Public detection
- new: check_fatalzcrypt.asm – added Fatalz Crypt v2.14a detection
- new: check_flashbackprot.asm – added Flashback Protector v1.0 detection
- new: check_gieprotector.asm – added Gie Protector v0.2 detection
- new: check_imppacker.asm – added IMP-Packer v1.0 detection
- new: check_kcryptor.asm – added K!Cryptor v0.11 detection
- new: check_kgbcrypter.asm – added KGB Cypter v1.0a detection
- new: check_leetcryptor.asm – added 1337 Cryptor v2 detection
- new: check_lilithcrypter.asm – added Lilith Crypter detection
- new: check_maxtocode.asm – added MaxtoCode .Net Encryption detection
- new: check_minke.asm – added Minke v1.0.1 Executable Crypter detection
- new: check_moneycrypter.asm – added Money Crypter detection
- new: check_morphna.asm – added Morphna Beta 2 detection
- new: check_mortalteamcrypter.asm – added Mortal Team Crypter v2 detection
- new: check_mpress.asm – added MPRESS NET compressor detection
- new: check_mushroomcrypter.asm – added Mu$hr00M CryPtOR v1.0 detection
- new: check_nme.asm – added NME Executable Crypter v1.1 detection
- new: check_npack.asm – added nPack v1.1.500.2008 Beta detections
- new: check_obfuscatornet.asm – added Macrobject Obfuscator.NET detection
- new: check_privateexe.asm – added version detection for v2.00 – v2.25 and v2.30 – v2.70
- new: check_puricrypt.asm – added Puri Crypt v1.2 detection
- new: check_quickpacknt.asm – added QuickPack NT v0.1 detection
- new: check_rcryptor.asm – added RCryptor v1.6d detection
- new: check_rdgpack.asm – added RDG Pack Lite Edition v0.2 detection
- new: check_rdgtejoncrypter.asm – added RDG Tejon Crypter v0.3 detection
- new: check_rlp.asm – added ReversingLabs Protector v0.7.4 beta detection
- new: check_rlpack.asm – added RLPack v1.20 detection
- new: check_roguepack.asm – added RoguePack v3.3 detection
- new: check_russiancryptor.asm – added Russian Cryptor v1.0 detection
- new: check_securepe.asm – added SecurePE v1.5 detection
- new: check_secureshade.asm – added Secure Shade v1.8 detection
- new: check_snoopcrypt.asm – added SnoopCrypt detection
- new: check_thinstall.asm – added THInstall detection
- new: check_tstcrypter.asm – added TsT Crypter detection
- new: check_undergroundcrypter.asm – added UndergroundCrypter v1.0 detection
- new: check_unlimitedcrypter.asm – added UnLimited Crypter v1.0 detection
- new: check_unopix.asm – added UnoPiX v0.94 detection
- new: check_upxlock.asm – added UPX Lock v1.01 – v1.02 detection
- new: check_weruscrypter.asm – added Werus Crypter v1.0 detection
- new: check_wildtangent.asm – added Wild Tangent v2.1 Activation detection
- new: check_windofcrypt.asm – added WindOfCrypt detection
- new: check_wingscrypt.asm – added Wingscrypt v2.0 detection
- new: check_winutilitiesexeprot.asm – added WinUtilities EXE Protector v2.1 detection
- new: check_wlcrypt.asm – added WL-Crypt v1.0 detection
- new: check_xenocode.asm – added XenoCode .NET protector detection
- new: check_xenocode.asm – added XenoCode Postbuild 2007 + 2008 for .NET detection
- new: check_xhackercryptor.asm – added xHacker Cryptor detection
- new: check_xshell.asm – added XShell v1.5 detection
- new: check_zprotect.asm – added ZProtect v1.4.3 detection
- new: check_zylomwrapper.asm – added Zylom Wrapper Crypted Game.exe detection
- new: license_nalpeiron_scan.asm – added Nalpeiron Licensing Service detection
- new: installer_install4y.asm – added Install4j Wizard Module detection
- new: installer_installshield.asm – added InstallShield v12 BETA Version detection
- new: installer_squeezesfx.asm – added Squeeze Self Extractor Module detection
- new: installer_trymediadownload.asm – added Trymedia Systems Download Manager detection
- new: msi and 7zip file type reporting is now done to the log window (similar to the .rar, zip etc reporting)
- new: added in quick detection for starforce protected pdf file
- update: check_aspack.asm – added additional check for ASPack 2.x to avoid a false positive
when scanning a file wrapped by FlashBack with ASPack entrypoint signature
- update: check_codelok.asm – improved detection
- update: check_dotnetreactor.asm – some parts recoded to be more generic & faster
- update: check_execryptor2.asm – improved detection with heuristic checks
- update: check_laserlok.asm – updated to handle older (v3) versions of laserlok
- update: check_passlock2000.asm – improved detection
- update: check_reflexivearcade.asm – executables builds are now reported (if found)
- update: check_safedisc.asm – updated to detect safedisc lite
- update: check_securom.asm – updated to handle VERY old versions & updated to detect a modified paul.dll
- update: check_solidshield.asm – minor modifications, but results in better reporting
- update: check_starforce.asm – updated to handle the new variant (v5.5) and also report bitness of the exe
- update: check_sysiphus.asm – optimized detection
- update: check_themida.asm – updated to handle dll protected Themida files
- update: check_vmprotect.asm – added new generic detection code (catches now dlls we missed before)
- update: check_upx.asm – improved to be ‘more generic’
- update: check_vob.asm.asm – updated to handle older version (4 or less)
- update: dongle_guardant.asm – added reporting of old Guardant Dongle Protections
- update: dongle_hasphlenvelope.asm – improved detection
- update: license_sentinellm – improved for better detection
- update: installer_7zip.asm – improved detection
- bugfix: check_telock.asm – fixed v1.0 detection
- bugfix: check_yzpack.asm – fixed bug resulting in non detections
- bugfix: installer_installshield.asm – fixed possible non detections
CD/DVD/Image file/sector scan

- new: b6i image added into the supported file list
- new: added in ‘Extract Boot Sector’, now the boot sector from the cd/dvd can
be ‘extracted’ to a file.. for use with something else maybe
- new: cddvd_cactus.scan.asm – Cactus Audio detection added to file scan in cddvd module
- new: cddvd_protectdisc.scan.asm – added in sector scan module for protectdisc / protectcd

- update: if a disk is detected as being protected when making the iso, the user will be prompted to continue or not
- update: sector stuff – updated handler to handle udf format disks (BEA01 header instead of CD001)
- update: sector scan – tweaked sector scan for tages a little
- update: sector scan – tweaked the safedisc detection code
- update: sector scan – updated to now NOT stop if a sector 16 read failure happened
- update: sector scan – securom scan updated to handle version 4.x (and probably lower),
which used a different ‘fingerprint’ and some minor tweaks / fixes
- update: sector scan – starforce + starforce keyless scan was heavily updated..
reducing probability of false positives as well as catching some we missed before
- bugfix: sector scan – codelok scan fixed
Download here:

http://pid.gamecopyworld.com/ProtectionID_v6.1.3_2k8_xmas.rar