programmers resources
  http://www.intel-assembler.it/  (c)2017 intel-assembler.it   info@intel-assembler.it
 
Search :  
Lingua Italiana    English Language   
Index
 
just an empty assembly space
just an arrow Intel Platform
just an arrow Article & Guides
just an arrow Download Software


23/01/2009 Featured Article: How to remove Buzus Virus (permalink)




:::3313190:::
Bottone Scambio Directory Pubblicitaonline.it
Home Page | Articles & Guides | Download | Intel Platform | Contacts

Google
 


Bookmark and Share
Download 
Tell a friend



Yodas Protector 1.02

An exe protector with antidebug, antidump

(by ashkbiz danehkar)

This software tries to do a good job in protecting executable files against debuggers and decoders. It has many features against Softice, PEditor, Procdump and others.
This article is online from 3056 days and has been seen 8453 times




-=[ yoda Protector ]=-

version: 1.2

Intro:
------
This is a small PE crypter with some nice protection options.
Send me a mail if u want 2 have the full MASM source code.
(I'll release the source if there's an unpacker for yC 1.2)

Protection features:
--------------------
- Polymorphic encryption
- Softice detection
- Anti Debug API's
- Erase PE Header
- Anti Dumping
- CRC checking
- Import Table encryption/destruction
- API Redirection

"Polymorphic encryption"
 Each file is en-/decrypted in a different way. Additionally the generated 
 decryption routines contain ~50% junk code 2 make reversing a bit more 
 difficult.

"Softice detection"-
 If the Softice will b detected then the protected exe will refuse 2 run.

"Anti Debug API's"-
 Protected files will refuse 2 run if it is debugged by the Debug API's
 ("WaitForDebugEvent" and "ContinueDebugEvent").

"Erase PE Header"-
 If u enable this option then the loader will destroy the whole PE Header
 on startup.
 B careful with this option !!! Test ur progs carefully after crypting a file
 with this option. There're especially on NT-based OS's probs.
 Generally it won't work correctly with bigger programs.

"Anti Process Dumping"-
 This will prevent lame dump engines like the ones of Procdump and PEditor
 (based on ReadProcessMemory) from dumping the whole process memory of the 
 protected exe.
 yC uses the same method as PEShield 2 prevent a full dump. Much thx goes 2
 ANAKiN 4 releasing the source of it.

"CRC checking"-
 With this option enabled the loader will calculate a CRC 4 the encrypted file
 which will b compared with the original 1. If the protected file has been 
 modified then the exe will refuse 2 run.

"Delete Import Information"-
 With this option enabled there won't b any Dll/Api names left in the file 
 memory after startup.
 (All ImageImportDescripters are alread on disk not present.)
 
"API Redirection"-
 This will place the Api address in some allocated memory and not in the 
 Import Table.



Top
Download 
Tell a friend
Bookmark and Share



Similar Articles

Applied Binary Code Obfuscation
Obfuscation in assembler
(by N.George, G.Charalambous)

Avoiding Windows Rootkit Detection
Bypassing PatchFinder 2
(by Edgar Barbosa)

Bifurcation of variables
An approach at protecting program functions
(by Lord Soth)

Binary Protection Schemes
Code Protection under Linux
(by Andrew Griffiths)

Copylok
Documento tecnico di analisi sul Copylok
(by Kilby)

Extending DOS Executables
How to modify a Windows executable relocating code
(by Digital Alchemist)

How to undongle
hardware key debugging with softice
(by Xoanon)

Xoanon-flags
A debugging session in some old protection scheme
(by Xoanon / Pinnacle)

Xoanon-timelock
A debugging session on an old protection scheme
(by Xoanon / Pinnacle)

 Tags: protection


webmaster jes
writers rguru, tech-g, aiguru, drAx

site optimized for IE/Firefox/Chrome with 1024x768 resolution

Valid HTML 4.01 Transitional


ALL TRADEMARKS ® ARE PROPERTY OF LEGITTIMATE OWNERS.
© ALL RIGHTS RESERVED.

hosting&web - www.accademia3.it

grossocactus
find rguru on
http://www.twitter.com/sicurezza3/
... send an email ...
Your name

Destination email

Message

captcha! Code