EXETOOLS FORUM  

Go Back   EXETOOLS FORUM > General > Community Tools

Notices

Reply
 
Thread Tools Display Modes
  #46  
Old 11-09-2013, 22:14
ollydbg
 
Posts: n/a
ESET Smart security don’t allow me to run.
Reply With Quote
  #47  
Old 11-10-2013, 03:37
evlncrn8 evlncrn8 is offline
VIP
 
Join Date: Sep 2005
Posts: 139
Rept. Given: 26
Rept. Rcvd 53 Times in 23 Posts
Thanks Given: 20
Thanks Rcvd at 29 Times in 17 Posts
evlncrn8 Reputation: 53
strange, eset didnt show a thing in the virus total scan...
so ensure you downloaded it from the proper site (pid.gamecopyworld.com), if so then add an exclusion..
Reply With Quote
  #48  
Old 11-14-2013, 23:52
EHS4N EHS4N is offline
Family
 
Join Date: Feb 2012
Posts: 36
Rept. Given: 14
Rept. Rcvd 55 Times in 20 Posts
Thanks Given: 11
Thanks Rcvd at 18 Times in 5 Posts
EHS4N Reputation: 56
i have same problem for ESET !

BR
Attached Images
File Type: png Untitled.png‎ (8.4 KB, 17 views)
Reply With Quote
  #49  
Old 11-15-2013, 01:20
RedBlkJck RedBlkJck is offline
Family
 
Join Date: Oct 2011
Posts: 98
Rept. Given: 66
Rept. Rcvd 80 Times in 43 Posts
Thanks Given: 19
Thanks Rcvd at 6 Times in 5 Posts
RedBlkJck Reputation: 80
Quote:
Originally Posted by EHS4N View Post
i have same problem for ESET !

BR
Try submitting for false positive. Maybe if they see a few req for same exe, they will take more interest to correct it. None of the private beta builds are flagged, just the public release.
Reply With Quote
The Following 2 Users Gave Reputation+1 to RedBlkJck For This Useful Post:
EHS4N (11-18-2013), evlncrn8 (11-18-2013)
  #50  
Old 10-31-2014, 15:36
MarcElBichon MarcElBichon is offline
VIP
 
Join Date: Jan 2002
Posts: 184
Rept. Given: 156
Rept. Rcvd 154 Times in 55 Posts
Thanks Given: 31
Thanks Rcvd at 53 Times in 16 Posts
MarcElBichon Reputation: 100-199 MarcElBichon Reputation: 100-199
Thumbs up

New release:
Quote:
http://pid.gamecopyworld.com/
Quote:
v 6.6.6
i waited 11 years for this version number ;p
core additions / changes
tweaks, updates, fixes etc... oh and moved to masm v14 and linker v14
Reply With Quote
The Following 14 Users Gave Reputation+1 to MarcElBichon For This Useful Post:
chessgod101 (10-31-2014), Corsten (10-31-2014), emo (11-02-2014), evlncrn8 (11-06-2014), Ghost0507 (11-04-2014), Levis (11-03-2014), nikkapedd (11-01-2014), quygia128 (10-31-2014), Shub-Nigurrath (10-31-2014), Syoma (10-31-2014), uranus64 (10-31-2014), WildGoblin (11-05-2014), wilson bibe (10-31-2014), XorRanger (11-02-2014)
  #51  
Old 11-01-2014, 23:06
evlncrn8 evlncrn8 is offline
VIP
 
Join Date: Sep 2005
Posts: 139
Rept. Given: 26
Rept. Rcvd 53 Times in 23 Posts
Thanks Given: 20
Thanks Rcvd at 29 Times in 17 Posts
evlncrn8 Reputation: 53
6.6.7 coming soonish, working on a few updates.. maybe a week or so but i hope you all like v 6.6.6

any bugs, ideas, false positives etc please email me (if its a false positive or something not detected please email me a link to download the file too)...
Reply With Quote
The Following 10 Users Gave Reputation+1 to evlncrn8 For This Useful Post:
alephz (11-04-2014), argie (11-03-2014), copyleft (11-02-2014), deepzero (11-02-2014), Hypnz (11-03-2014), Levis (11-03-2014), Loki (11-01-2014), mr.exodia (11-03-2014), WildGoblin (11-05-2014), XorRanger (11-02-2014)
  #52  
Old 12-25-2014, 06:05
MarcElBichon MarcElBichon is offline
VIP
 
Join Date: Jan 2002
Posts: 184
Rept. Given: 156
Rept. Rcvd 154 Times in 55 Posts
Thanks Given: 31
Thanks Rcvd at 53 Times in 16 Posts
MarcElBichon Reputation: 100-199 MarcElBichon Reputation: 100-199
ProtectionID v6.6.7
2014-12-24


Changelog:
Quote:
Note: There is currently 1 false positive 'hit' from Microsoft, I will try and contact them to get this
whitelisted, but there is a high probability (like on the halloween release) that other
antiviruses will jump on the bandwagon and blacklist the file again shortly after release.

The only current 'solution' is to whitelist / exclude the folder you put ProtectionID into.

* updated - update system has been tweaked to work with the new file url format (direct links wont work anymore)
- this does mean that older versions wont be able to update to the latest version but thats
not really fixable unfortunately and i'll put information about this on the homepage
* bugfix - bugfix in the .net core scanner, I rounded pointers, instead of the actual length value, was quite
an obscure bug as it worked on all the exe's I tested before, but Hookahice found one exe
in the 24th october beta release, but I didnt get the info until after the public halloween
release, so i've added the fix in now (thanks Hookahice)
* tweak - msi / cab scanning reports to the status window now (cosmetic)
* new - added detection for epic games unreal development kit udk installers
* new - added fnv32 to hashing function list
* tweak - file hashing reports the time taken to complete the hashing and the count of hashing functions executed
and bytes / sec (not sure how accurate that is though and in some cases it'll show 0 bytes / sec
simply because the hashing took less than a second)
* new - added in data directory processing report (its in the configuration settings, and is disabled by default)
Scan configuration -> Show Data Directory Info (items reported in lower case mean they are present
but have either no size or no va)
* new - added in sentinel ldk detection, thanks to whoever posted the output log on pastebin, which helped me
to add this in (might have been easier though if you emailed me with a url ) as it was a lucky
find..
* new - added in timedatestamp review (idea was from this)
so I wrote a function for it (still work in progress)
* new - added in some new detections (work in progress)
* tweak - some more cosmetic output fixes
* new - added in fuzzy detection for a new protector (work in progress) (denuvo)
* tweak - steam api usage detection tweaked (mostly for x64 targets)
* tweak - ads (ntfs data streams) processing can now report the internet zone setting for the file
(if for example, it was downloaded) - this setting is in the configuration options
(and is disabled by default) - you would also need to enable the
'(ADS) Show ntfs stream info (if present)' setting as they are paired
* tweak - some cosmetic alterations on text and configuration settings
* tweak - .net stream names are now reported
* tweak - neolite detection got tweaked, one crap signature removed and code sped up a lot
* tweak - version info reporting now checks the buffer for white space and if the buffer is just
spaces or blank / empty then the output is suppressed
* update - .net core detections increased -> agiledotnetrt, eazfuscator, cryptoobfuscator, dotfuscator
* update - version info - reporting of version info vs_fixedfile info stuff (work in progress)
* update - .net core can report entropy of the #Strings (ansi) and #US (unicode) stream(s) (if present)
- this is in the configuration setting and is disabled by default
* new - added in detection for ubisoft 'ubx' packer
* update - pespin x64 detection updated
* update - yummy gameshield detection updated (thx CrAaAzzzyy)
* bugfix - appended data / overlay offset calculation had a bug on some rare exe's where the last section
physical size was greater than the virtual size, which threw off the calculation..
its also assumed that no overlay data can exist after the digital signature (if present)
as that would break the signature...
* new - pretty experimental (ie: not tested a lot) ssdeep hashing code added into the choices for file hashing
(check the configuration settings)
* tweak - windows 10 current preview builds recognised for the latest versions (windows defender still doesnt
like ProtectionID, so you'll have to add it to the exclusion lists for the meantime)..
* coming - taggant v2 support as/when I see some live samples to work from
* cosmetic - copyright year adjusted to 2015 (not having that old issue happen again)
* bugfix - bugfix / sanity check added in the crypto scanner, license scanner, and cdkey and serial functions,
i was sent some badly damaged executables from hypn0 (thanks), which reproduced the bugs
and allowed a relatively easy fix.. very much appreciated, as they were relatively obscure
* update - new setting - report all section entropies added, its off by default, if you enable it it will report
the entropy for each section present in the scanned file.. this can obviously cause a slowdown
in the scanning which is why I defaulted to make it disabled..
* bugfix - bugfix in reporting the version fixed file info..a register got trashed and should have been preserved
it is now.. thanks again to hypn0 - definitely getting his bugfinder achievement this month
* fix - some buffers were not always wiped, leading to crap output.. now fixed
* bugfix - installer_rtpatch_scan had a misbalanced stack (typo bug I think), which sometimes lead to a register
mismatch messagebox.. (thanks hypn0)
* bugfix - fixed bug in zipworx_scan which could lead to a crash (thanks hypn0)
* bugfix - fixed bug in hmimys_scan scan (thanks hypn0)
* bugfix - fixed bug in ea access scan that could lead to a crash (thanks hypn0)
* bugfix - sanity / range check added to imphash code.. (thanks hypn0)
* bugfix - fix in digital signature processing where a serial wasnt present
* bugfix - fixed bug in nullsoft installer scan (thanks hypn0)
* bugfix - installer_gkwaresfx_scan had a bug where edx and ecx werent preserved, leading to a 'register mismatch'
messagebox if detected (thanks hypn0)
* bugfix - range / sanity check added into safedisc scan code (thanks hypn0)
* bugfix - range / sanity check added into solidshield scan code (thanks hypn0)
* added - launch4j detection (also has extra info if you enabled that in the configuration) - have fun Chester Fritz
* tweak - revised code for appended data size and offset calculation.. need to monitor this one
* update - pecompact detection updated, it now reports the internal version of the protection (thanks for the files hypn0)
* bugfix - internal file version core could crash if the version info data size was incorrect (we use an internal routine and
to calculate the size if the windows api fails.. which happens sometimes).. this was a very rare and obscure
bug (hard to replicate) - thanks to hypn0 I found and patched it (successfully I hope)
* bugfix - added some range checking in the convert_* functions, as a crash could occour in some very damaged files (very rare)
* bugfix - check_gamehouse.asm had some range checking added, as it'd crash on particularly malformed files..
* bugfix - check_upx.asm had some range checking added, as it'd crash on particularly malformed files
Download:
Quote:
http://pid.gamecopyworld.com/dl.php?f=ProtectionId.667.December.2014.rar

Last edited by MarcElBichon; 12-25-2014 at 06:18.
Reply With Quote
The Following 11 Users Gave Reputation+1 to MarcElBichon For This Useful Post:
alephz (12-25-2014), chessgod101 (12-25-2014), computerline (12-25-2014), Molasar (12-27-2014), niculaita (12-26-2014), nikre (12-25-2014), TechLord (12-31-2014), VodoleY (12-25-2014), XorRanger (12-25-2014), zeuscane (12-25-2014)
  #53  
Old 12-25-2014, 08:12
evlncrn8 evlncrn8 is offline
VIP
 
Join Date: Sep 2005
Posts: 139
Rept. Given: 26
Rept. Rcvd 53 Times in 23 Posts
Thanks Given: 20
Thanks Rcvd at 29 Times in 17 Posts
evlncrn8 Reputation: 53
that was quick, i had only updated the site 5 minutes before your post... so i think you win the ninja award today
Reply With Quote
The Following 6 Users Gave Reputation+1 to evlncrn8 For This Useful Post:
chessgod101 (12-25-2014), copyleft (12-27-2014), JeRRy (12-27-2014), mr.exodia (12-25-2014), zeuscane (12-25-2014)
  #54  
Old 12-26-2014, 23:45
alephz alephz is offline
VIP
 
Join Date: May 2002
Location: Israel
Posts: 390
Rept. Given: 126
Rept. Rcvd 291 Times in 93 Posts
Thanks Given: 176
Thanks Rcvd at 61 Times in 18 Posts
alephz Reputation: 200-299 alephz Reputation: 200-299 alephz Reputation: 200-299
Quote:
Originally Posted by evlncrn8 View Post
6.6.7
Unfortunately, haven't yet command line support. No way to call as '> PrID victim.exe' or '> PrID *.dll'.
Reply With Quote
  #55  
Old 12-27-2014, 00:04
chessgod101's Avatar
chessgod101 chessgod101 is online now
Co-Administrator
 
Join Date: Jan 2011
Location: United States
Posts: 451
Rept. Given: 2,065
Rept. Rcvd 654 Times in 201 Posts
Thanks Given: 323
Thanks Rcvd at 324 Times in 65 Posts
chessgod101 Reputation: 500-699 chessgod101 Reputation: 500-699 chessgod101 Reputation: 500-699 chessgod101 Reputation: 500-699 chessgod101 Reputation: 500-699 chessgod101 Reputation: 500-699
Quote:
No way to call as '> PrID victim.exe' or '> PrID *.dll'.
It has command line support. You just need to add a '-scan' parameter to the command line.
>prid -scan victim.exe
__________________
"Real knowledge is to know the extent of one's ignorance." Confucius
Reply With Quote
The Following 2 Users Gave Reputation+1 to chessgod101 For This Useful Post:
alephz (12-27-2014), evlncrn8 (12-27-2014)
  #56  
Old 12-27-2014, 04:56
niculaita's Avatar
niculaita niculaita is online now
Family
 
Join Date: Jun 2011
Location: here
Posts: 739
Rept. Given: 756
Rept. Rcvd 81 Times in 53 Posts
Thanks Given: 1,105
Thanks Rcvd at 88 Times in 64 Posts
niculaita Reputation: 81
again same as last year version, antivirus does not like this

upload a not crypted version please
Reply With Quote
  #57  
Old 12-27-2014, 19:57
evlncrn8 evlncrn8 is offline
VIP
 
Join Date: Sep 2005
Posts: 139
Rept. Given: 26
Rept. Rcvd 53 Times in 23 Posts
Thanks Given: 20
Thanks Rcvd at 29 Times in 17 Posts
evlncrn8 Reputation: 53
what antivirus? and its documented in the nfo file about some antiviruses and false positvies.. simply add an exclusion until they get round to whitelisting..

"same as last year" .. there was more than one release in the past year m8

uploading a non crypted version isnt going to happen, its not my fault the av is a false positive on some av's and im not going to do multiple releases with stuff turned on / off, that makes maintainance a total pain

also, (this is highly ironic), if i remove the encryption (i've tested this, and indeed, this was one of the reasons crypto was added), some anti viruses see some signatures for detection and raise those as false positive.. so its a no win situation

Last edited by evlncrn8; 12-27-2014 at 20:40.
Reply With Quote
  #58  
Old 01-22-2015, 17:29
mcp mcp is online now
Friend
 
Join Date: Dec 2011
Posts: 56
Rept. Given: 4
Rept. Rcvd 12 Times in 11 Posts
Thanks Given: 4
Thanks Rcvd at 9 Times in 6 Posts
mcp Reputation: 12
Does anyone know what "WhiteLabel (SecuROM) protection Detected" means? What is this "Whitelabel" tag?
Reply With Quote
  #59  
Old 01-22-2015, 21:54
hypn0 hypn0 is offline
Friend
 
Join Date: Dec 2014
Posts: 19
Rept. Given: 18
Rept. Rcvd 13 Times in 6 Posts
Thanks Given: 0
Thanks Rcvd at 0 Times in 0 Posts
hypn0 Reputation: 13
Quote:
Originally Posted by mcp View Post
Does anyone know what "WhiteLabel (SecuROM) protection Detected" means? What is this "Whitelabel" tag?
Looks like variant of Securom.
Reply With Quote
  #60  
Old 01-22-2015, 22:05
Loki Loki is offline
Lo*eXeTools*rd
 
Join Date: Jan 2009
Posts: 117
Rept. Given: 146
Rept. Rcvd 65 Times in 30 Posts
Thanks Given: 43
Thanks Rcvd at 6 Times in 5 Posts
Loki Reputation: 65
Quote:
Originally Posted by hypn0 View Post
Looks like variant of Securom.
Just a hunch, but I think he might have guessed that bit :P
Reply With Quote
Reply

Tags
exeinfo, peid

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
IDA 6.8 Released N0P General Discussion 18 08-11-2015 00:39


All times are GMT +8. The time now is 03:26.


ICP05004977
vBulletin Security provided by vBSecurity v2.2.0 (Lite) - vBulletin Mods & Addons Copyright © 2017 DragonByte Technologies Ltd.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX