EXETOOLS FORUM  

Go Back   EXETOOLS FORUM > General > Community Tools

Notices

Reply
 
Thread Tools Display Modes
  #61  
Old 01-22-2015, 22:33
hypn0 hypn0 is offline
Friend
 
Join Date: Dec 2014
Posts: 19
Rept. Given: 18
Rept. Rcvd 13 Times in 6 Posts
Thanks Given: 0
Thanks Rcvd at 0 Times in 0 Posts
hypn0 Reputation: 13
Quote:
Originally Posted by Loki View Post
Just a hunch, but I think he might have guessed that bit :P
I'm understand, he groaned for my post. I'm guilty, really sorry.
Reply With Quote
  #62  
Old 01-24-2015, 22:33
niculaita's Avatar
niculaita niculaita is offline
Family
 
Join Date: Jun 2011
Location: here
Posts: 739
Rept. Given: 756
Rept. Rcvd 81 Times in 53 Posts
Thanks Given: 1,104
Thanks Rcvd at 88 Times in 64 Posts
niculaita Reputation: 81
Quote:
Originally Posted by evlncrn8 View Post
what antivirus? and its documented in the nfo file about some antiviruses and false positvies.. simply add an exclusion until they get round to whitelisting..

"same as last year" .. there was more than one release in the past year m8

uploading a non crypted version isnt going to happen, its not my fault the av is a false positive on some av's and im not going to do multiple releases with stuff turned on / off, that makes maintainance a total pain

also, (this is highly ironic), if i remove the encryption (i've tested this, and indeed, this was one of the reasons crypto was added), some anti viruses see some signatures for detection and raise those as false positive.. so its a no win situation
then upload a crypted version made by other cryptor
Reply With Quote
  #63  
Old 01-26-2015, 20:25
evlncrn8 evlncrn8 is offline
VIP
 
Join Date: Sep 2005
Posts: 139
Rept. Given: 26
Rept. Rcvd 53 Times in 23 Posts
Thanks Given: 20
Thanks Rcvd at 29 Times in 17 Posts
evlncrn8 Reputation: 53
which cryptor would you suggest?
Reply With Quote
  #64  
Old 01-26-2015, 20:27
evlncrn8 evlncrn8 is offline
VIP
 
Join Date: Sep 2005
Posts: 139
Rept. Given: 26
Rept. Rcvd 53 Times in 23 Posts
Thanks Given: 20
Thanks Rcvd at 29 Times in 17 Posts
evlncrn8 Reputation: 53
Quote:
Originally Posted by mcp View Post
Does anyone know what "WhiteLabel (SecuROM) protection Detected" means? What is this "Whitelabel" tag?
whitelabel means it was renamed and could be 'rebranded' (dss was one of the common names), whitelabel like on records etc

http://en.wikipedia.org/wiki/White-label_product
Reply With Quote
The Following User Gave Reputation+1 to evlncrn8 For This Useful Post:
mcp (01-26-2015)
  #65  
Old 01-27-2015, 01:00
niculaita's Avatar
niculaita niculaita is offline
Family
 
Join Date: Jun 2011
Location: here
Posts: 739
Rept. Given: 756
Rept. Rcvd 81 Times in 53 Posts
Thanks Given: 1,104
Thanks Rcvd at 88 Times in 64 Posts
niculaita Reputation: 81
repack

Quote:
Originally Posted by evlncrn8 View Post
which cryptor would you suggest?
enigma or vmprotect are ok but private cause public licenceses are antivirus blacklisted
Reply With Quote
  #66  
Old 10-31-2015, 22:42
Corsten Corsten is offline
Family
 
Join Date: Aug 2010
Location: oren
Posts: 23
Rept. Given: 32
Rept. Rcvd 39 Times in 10 Posts
Thanks Given: 4
Thanks Rcvd at 24 Times in 8 Posts
Corsten Reputation: 39
ProtectionID v6.7.0
31-10-2015

Quote:
Some bugs fixed, some tweaks, some protection detections added, next changelog will be more detailed, as it will give me time to catch up on what i changed, and to add other things and involve the beta testers again but i wanted to get the release done for the traditional halloween release
Download:
Code:
http://pid.gamecopyworld.com/dl.php?f=ProtectionId.670.halloween.2015.rar

Last edited by Corsten; 10-31-2015 at 22:49.
Reply With Quote
The Following 4 Users Say Thank You to Corsten For This Useful Post:
alekine322 (12-17-2015), daqstar (12-16-2015), MarcElBichon (11-01-2015), uranus64 (11-01-2016)
  #67  
Old 10-31-2015, 23:38
niculaita's Avatar
niculaita niculaita is offline
Family
 
Join Date: Jun 2011
Location: here
Posts: 739
Rept. Given: 756
Rept. Rcvd 81 Times in 53 Posts
Thanks Given: 1,104
Thanks Rcvd at 88 Times in 64 Posts
niculaita Reputation: 81
repack with else packer cause it is blocked as virused
Reply With Quote
  #68  
Old 11-01-2015, 00:34
evlncrn8 evlncrn8 is offline
VIP
 
Join Date: Sep 2005
Posts: 139
Rept. Given: 26
Rept. Rcvd 53 Times in 23 Posts
Thanks Given: 20
Thanks Rcvd at 29 Times in 17 Posts
evlncrn8 Reputation: 53
no, i havent changed the crypt used on it in years, and im not planning to
and i mentioned the av is a false positive
so simple solution - add the folder to exclusions, or simply dont use it
simple as that, raising the same thing over and over is really boring

and if you see the virus total link i supplied on the home page, you'll see its 1 hit, from microsoft, which always falsely detect that, it will be whitelisted soon hopefully, but for now, the only way to get around it is add the exe to the exclusion list

also, its is NOT fucking virused... if it is, please show me the viral code oh wise one
Reply With Quote
The Following 2 Users Say Thank You to evlncrn8 For This Useful Post:
alephz (11-02-2015), Corsten (11-04-2015)
  #69  
Old 11-02-2015, 18:16
evlncrn8 evlncrn8 is offline
VIP
 
Join Date: Sep 2005
Posts: 139
Rept. Given: 26
Rept. Rcvd 53 Times in 23 Posts
Thanks Given: 20
Thanks Rcvd at 29 Times in 17 Posts
evlncrn8 Reputation: 53
new virustotal report -> https://www.virustotal.com/en/file/544cdc44c9cb8b9eb0043ccbd89309e88a380a1aacbcd3fb342297bd27626226/analysis/

so only a few hours after release it went to 19/55 'hits' (which i documented on the pid home page), 5 bad votes and 35 good ones, and then some attempt of a hack on the home page too, by someone looking for the source code (or anything related), looking for /jenkins folders etc... which is comical as the source isnt on the home site

now, as you can see, i hide nothing... the only av currently flagging pid as 'bad' is microsoft (windows defender etc), which is a false positive, and has happened for a long time, so adding the protectionid exe to the exclusion list is the only way to solve that

i've had no feedback of crashing or anything currently, so i hope that implies the release was a success
Reply With Quote
  #70  
Old 12-16-2015, 22:09
daqstar's Avatar
daqstar daqstar is offline
Family
 
Join Date: Jun 2006
Posts: 92
Rept. Given: 32
Rept. Rcvd 59 Times in 22 Posts
Thanks Given: 33
Thanks Rcvd at 19 Times in 9 Posts
daqstar Reputation: 59
Excellent Release but can't get Context Menu to function!


What a host of wonderful features you have injected into Protection ID,
but for some reason I can't get the
'Context Menu'
configuration to work.
(Configuration > Main Configuration > Context Menu)
Sure enough I can apply a tick to the relevant box,
but after 'Applying', Closing and Restarting,
the tick has gone,
and the 'Context Menu' item does not appear.
I have it set to 'run as admin',
so what am I doing wrong?

__________________
bit.ly/AmaZone
Reply With Quote
  #71  
Old 12-19-2015, 00:46
evlncrn8 evlncrn8 is offline
VIP
 
Join Date: Sep 2005
Posts: 139
Rept. Given: 26
Rept. Rcvd 53 Times in 23 Posts
Thanks Given: 20
Thanks Rcvd at 29 Times in 17 Posts
evlncrn8 Reputation: 53
turn off the fucking colors for a start.. it looks dumb
i guess you did it for attention, it almost worked in the opposite way...

if the context menu doesnt work, then try running protectionid as administrator and doing it then.. it should work and stick.. im guessing you're on windows 10 or similar.. which doesnt let the context menu stuff happen unless admin access is given.. also the code hasnt changed for that part in many many years, so its not a 'new' bug..

1. run as admin
2. turn on context menu
3. exit
4. dont run as admin.. should all be fine then, and pid doesnt really benefit from having admin privs anyway
Reply With Quote
The Following User Says Thank You to evlncrn8 For This Useful Post:
giv (12-20-2015)
  #72  
Old 12-24-2015, 23:42
Corsten Corsten is offline
Family
 
Join Date: Aug 2010
Location: oren
Posts: 23
Rept. Given: 32
Rept. Rcvd 39 Times in 10 Posts
Thanks Given: 4
Thanks Rcvd at 24 Times in 8 Posts
Corsten Reputation: 39
Protection ID v6.7.5

Protection ID v6.7.5
24-12-2015

Quote:
I fixed some bugs and tweaked more code making things a bit more stable, I plan to add in taggant v2 support soon,
but im having trouble obtaining sample files to work from (i dont use the taggant lib), so if anyone wants to help with
that please do so.

I plan to wind down this version and start on v7 as soon as possible, most will port over relatively easily and
the goal is to make an x64, x86, gui and console versions, with most of the code being in c/c++ for portability
(asm doesnt port too easily).. and will focus on it having a scanning core initially, and some pe
(perhaps elf etc too) tools built in

If you'd like to contribute to v7 please get in touch at the email above, same goes if anyone wants to donate anything
Download:
Code:
http://pid.gamecopyworld.com/dl.php?f=ProtectionId.675.December.2015.rar
Reply With Quote
The Following 7 Users Say Thank You to Corsten For This Useful Post:
alephz (12-26-2015), an0rma1 (12-25-2015), giv (12-26-2015), niculaita (12-25-2015), pnta (01-20-2016), sirius (04-03-2016), zeuscane (12-25-2015)
  #73  
Old 11-01-2016, 19:48
TechLord TechLord is offline
VIP
 
Join Date: Mar 2005
Location: PlanetTech
Posts: 438
Rept. Given: 363
Rept. Rcvd 174 Times in 75 Posts
Thanks Given: 470
Thanks Rcvd at 866 Times in 217 Posts
TechLord Reputation: 100-199 TechLord Reputation: 100-199
Protection ID v6.8.0 ( Halloween 2016) Released.
31-10-2016

Quote:
"Change Log :

I fixed some bugs and tweaked more code making things a bit more stable, and added some new detections.
Some bugs (like the pestuff ones) still exist, as they didnt make it to the 'fixed' list but should hopefully be addressed for the christmas / holiday season release

I also didnt find any taggant v2 samples, so that didnt make it into the release either, other things did though so i hope this release brings some pleasure to previous users."
Download Here :

Code:
http://pid.serveexchange.com/dl.php?f=ProtectionId.680.halloween.2016.rar
Reply With Quote
The Following User Gave Reputation+1 to TechLord For This Useful Post:
mdj (11-02-2016)
The Following 9 Users Say Thank You to TechLord For This Useful Post:
deepzero (11-02-2016), Hypnz (11-01-2016), kienmanowar (11-02-2016), Kla$ (11-02-2016), Spiderz_Soft (11-02-2016), Tomy73 (11-01-2016), tonyweb (11-01-2016), TQN (11-04-2016), uranus64 (11-01-2016)
  #74  
Old 11-01-2016, 21:18
evlncrn8 evlncrn8 is offline
VIP
 
Join Date: Sep 2005
Posts: 139
Rept. Given: 26
Rept. Rcvd 53 Times in 23 Posts
Thanks Given: 20
Thanks Rcvd at 29 Times in 17 Posts
evlncrn8 Reputation: 53
wow, someone noticed
Reply With Quote
The Following 3 Users Gave Reputation+1 to evlncrn8 For This Useful Post:
Loki (11-02-2016), TechLord (11-02-2016), tonyweb (11-01-2016)
The Following 7 Users Say Thank You to evlncrn8 For This Useful Post:
deepzero (11-02-2016), Loki (11-02-2016), mdj (11-02-2016), TechLord (11-02-2016), tonyweb (11-01-2016), uranus64 (11-02-2016), wilson bibe (11-02-2016)
  #75  
Old 11-02-2016, 07:40
TechLord TechLord is offline
VIP
 
Join Date: Mar 2005
Location: PlanetTech
Posts: 438
Rept. Given: 363
Rept. Rcvd 174 Times in 75 Posts
Thanks Given: 470
Thanks Rcvd at 866 Times in 217 Posts
TechLord Reputation: 100-199 TechLord Reputation: 100-199
Quote:
Originally Posted by evlncrn8 View Post
wow, someone noticed
I am sure that just like me, the entire reversing community would have been waiting for this release

Great job , I must say !
Reply With Quote
The Following User Says Thank You to TechLord For This Useful Post:
evlncrn8 (11-02-2016)
Reply

Tags
exeinfo, peid

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
IDA 6.8 Released N0P General Discussion 18 08-11-2015 00:39


All times are GMT +8. The time now is 03:23.


ICP05004977
vBulletin Security provided by vBSecurity v2.2.0 (Lite) - vBulletin Mods & Addons Copyright © 2017 DragonByte Technologies Ltd.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX