ProtectionID HomePage



(c) ProtectionID CDKiLLER & TippeX [02/2003 - ??/2018]

Contact Email : p...@outlook.com

“ProtectionID - we innovate, we don’t replicate”

Download (current) ProtectionId.690.December.2017.rar

Download (older) ProtectionId.685.December.2016.rar

Download (older) ProtectionId.680.halloween.2016.rar

Download (older) ProtectionId.675.December.2015.rar

Download (older) ProtectionId.670.halloween.2015.rar

Download (older) ProtectionId.667.December.2014.rar

Download (older) ProtectionId.666.halloween.2014.rar

Download (older) ProtectionId.655.halloween.2013.rar

Download (older) : ProtectionID_v6.4.0.rar

New Version Coming Very soon (guess when)

You seem to have disabled javascript, you might have problems downloading





Hi there and welcome to the home of ProtectionID - the best just got better!

As you probably know, we are always trying to put our best into ProtectionID and to keep it up to date for all

YOU users, this is of course very time consuming, and is purely a hobby.

It all started as a simple pc game protection scanner back in 2003 - look what it has become now :-)

If you are using ProtectionID on a regular basis and you like the quality and work we have put into it

(and will continue to put in), why not consider giving a donation as a reward ?



If you want to donate money click the paypal button above

If you want to donate (time, games, code, etc), contact us at the usual email address (above)

If you want to help with the project (code / test / do the web page etc) please feel free to email as well



Note

CDKiLLER recently emailed, but never replied to my reply, so the project is still being developed only by me (TippeX),

and times are tough, hence the paypal button.. the project will still remain free, if you do donate, thankyou..



(Older Notes)

CDKiLLER has not been involved in the project since 09/09/2011, and has been totally uncontactable,

I hope he’s safe and well, and that he will get in touch. As a result the development paused for a while

as I had other things to deal with too, but I then thought that CDKiLLER would want the project continued, so

as / when / if he comes back he’ll be able to continue, and we always wanted to keep our user base happy….



So, I restarted the project relatively recently, as a result I also lost the contact information on the beta

testers, and had to try and find them, if I missed any, or indeed, if you want to beta test

then please use the email address below.

You can contact me at the email address at the top of the page

News

(Current News - 30th oct 2018)



Halloween release will be slightly late, im ill and something else came up :(

I will try and get it out as soon as I can, it does have some of the crashy bugs (like the imports stuff) fixed :) which should make some of you happy... And i'll also document some stuff like how to enable the yara stuff and other things :)(Older News - 26th dec 2017)Fixed the links temporarially to point to the right place, nobody emailed me about it So I was a bit late in checking.. I am currently experimenting with using cuda in the scans, bit its early days, but the main framework is done :) And I have also begun work on adding in yara scanning (Older News - 24th dec 2017)Well, here is the christmas release, enjoy, bugfixes and new additions and less false positives..New scans, some tweaks, some bugfixes (pebrowse fixes are coming in the next release)More to come, possibly new yearThanks to the 5 people (and one company) who donated.. yes.. 3 people, 1 company..See you all in the new year.(older News)Well, here is the christmas release, enjoy, bugfixes and new additions and less false positives..New scans, some tweaks, some bugfixes (pebrowse fixes are coming in the next release)Other new features are also planned in the next release (probably march 2017)Thanks to the 3 people (and one company) who donated.. yes.. 3 people, 1 company..See you all in the new year.

Download problems

Any download problems are generally server side, which is out of my control..

All the files are rar version 5 format (which means you need rar 5 to unrar them which you can find at RarLabs)

The update feature inside ProtectionID is broken atm, it'll report that a new version exists but

it'll download the index.html (this page) instead due to a url mishap so just download it from the

link above (i will try and fix this later.. i only noticed it now)



To-do's

* User manual needs to be done, I dont have time at the moment, so if anyone would like to

write one, then I would be happy to publish it (credit will obviously be given)



False Positives in scans and Undetected Protections

I always try and keep ProtectionID up to date, but there are lots of protections

out there, and I can't cover every single one, so if you find one that ProtectionID

does not detect, email me and send me a link of where to get the file and I will see

what I can do..



If you find a file that ProtectionID detects incorrectly, please email me and send me a

link of where to get the file and I will try and fix the detection code



Friends of ProtectionID GameCopyWorld

Big thanks to Empire for hosting and helping on the web site stuff... much appreciated

Licensing If you are a personal user, educational user or no profit organisation you can use ProtectionID for free.



If you are a corporate or a company (with 20 or more people), then you are expected to

contact us for licensing terms and are not permitted to use ProtectionID until we

come to some agreement. (exclusions apply for AV companies, VirusTotal and Microsoft obviously)



The software is supplied AS IS, with no warranty (implied or otherwise)..

while we strive to make it bug free, you run it entirely at your own risk,

we are not liable for any damages arising from It's use.



Support and updates are entirely on an on demand basis, while we try and ensure that

we are up to date, and offer support to those who email us, we do not guarantee a reply.



Note: ProtectionID is not malware, virused or anything else, for safety you should only

download from the Home site, and verify the file hash matches the

one in the VirusTotal scan I include in the rar file, and It's url (so tampering with

the text file would be pointless)... It's a simple pe scanner, it has some other tools

sure, but nothing malicious or viral...



PROTECTiONiD features - detection of every major PC ISO Game / Application protection

- currently covers 576 detections, including win32/64 exe protectors & packers, .net protectors, dongles, licenses & installers

- sector scanning CDs / DVDs for Copy Protections

- files / folders can simply be dragged & dropped into PiD

- strong scanning routines allowing it to detect multiple protections

- easy scanning via shell context menu

- useful additional misc tools included

- coded 100% in Win32 assembly language

- fully 32bit & 64bit compliant

- working from Win9x to Windows 10

- can use peid and petools signature databases



v 6.9.0 (december 2017)

Antivirus Detection DataBase Date Note Cylance Unsafe - It's a false positive Endgame malicious (high confidence) - well, i have no confidence... Ikarus Trojan.Win32.Pepatch - Considering that ProtectionID does not alter files... this is amazing Kaspersky HEUR:Trojan.Win32.Generic - Heuristic.. sigh SUPERAntiSpyware HEUR/QVM20.1.0000.Malware.Gen - It's a false positive, 'generic'.. sigh ZoneAlarm HEUR:Trojan.Win32.Generic - Heuristic.. sigh

Note: At the time of release, there were 6 false positive 'hit'(s) out of 67. I will try and contact them to get this whitelisted, but there is a high probability (like on all the previous releases) that other antiviruses will jump on the bandwagon and blacklist the file again shortly after release.The only current 'solution' is to whitelist / exclude the folder you put ProtectionID into.

Change Log

Bugfixes, tweaked some code, and a few optimisations and new scansPEBrowse bugs are still there, the fixes were not ready for this release, they should be in for january, along with some other featuresI also didnt find any taggant v2 samples, so that didnt make it into the release either, other things didthough so i hope this release brings some pleasure to previous users.---------------------------------------------------------------------------------------------------------

v 6.8.5 (december 2016)

Antivirus Detection DataBase Date Note Baidu Win32.Trojan.WisdomEyes.16070401.9500.9764 20161207 It's a false positive Invincea virus.win32.parite.b 20161216 It's a false positive Kaspersky not-a-virus:HEUR:WebToolbar.Win32.SoftonicDownloader.gen 20161224 It's a false positive, it has no toolbars, softronic or otherwise Microsoft VirTool:Win32/Obfuscator.AX 20161224 It's a false positive, but at least Microsoft is consistent Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20161224 It's a false positive, 'generic'.. sigh SUPERAntiSpyware Trojan.Agent/Generic 20161223 It's a false positive, 'generic'.. sigh

Note: At the time of release, there were 6 false positive 'hit'(s) Regarding the one from Microsoft, I will try and contact them to get this whitelisted, but there is a high probability (like on all the previous releases) that other antiviruses will jump on the bandwagon and blacklist the file again shortly after release.The only current 'solution' is to whitelist / exclude the folder you put ProtectionID into.The other 2 are generic and its up to the av people to sort it out.. sorry, but it happens all the timeand contacting them doesnt do a damn thing

Change Log

Bugfixes, tweaked some code, and a few optimisations and new scansPEBrowse bugs are still there, the fixes were not ready for this release, they should be in for january, along with some other featuresI also didnt find any taggant v2 samples, so that didnt make it into the release either, other things didthough so i hope this release brings some pleasure to previous users.---------------------------------------------------------------------------------------------------------

v 6.8.0 (halloween 2016)

Antivirus Detection DataBase Date Note Baidu Win32.Trojan.WisdomEyes.16070401.9500.9612 20161031 It's a false positive Invincea virus.win32.parite.b 20161018 It's a false positive Microsoft VirTool:Win32/Obfuscator.AX 20161031 It's a false positive, but at least Microsoft is consistent Qihoo-360 HEUR/QVM20.1.0000.Malware.Gen 20161031 It's a false positive, 'generic'.. sigh SUPERAntiSpyware Trojan.Agent/Generic 20161031 It's a false positive, 'generic'.. sigh

Note: At the time of release, there were 5 false positive 'hit'(s) Regarding the one from Microsoft, I will try and contact them to get this whitelisted, but there is a high probability (like on all the previous releases) that other antiviruses will jump on the bandwagon and blacklist the file again shortly after release.The only current 'solution' is to whitelist / exclude the folder you put ProtectionID into.The other 2 are generic and its up to the av people to sort it out.. sorry, but it happens all the timeand contacting them doesnt do a damn thing

Change Log

I fixed some bugs and tweaked more code making things a bit more stable, and added some new detectionssome bugs (like the pestuff ones) still exist, as they didnt make it to the 'fixed' list but shouldhopefully be addressed for the christmas / holiday season releaseI also didnt find any taggant v2 samples, so that didnt make it into the release either, other things didthough so i hope this release brings some pleasure to previous users.---------------------------------------------------------------------------------------------------------

v 6.7.5 (december 2015)

Antivirus Detection DataBase Date Note Microsoft VirTool:Win32/Obfuscator.AX 20151224 It's a false positive, but at least Microsoft is consistent Rising PE:Malware.XPACK/RDM!5.1 [F] 20151224 It's a false positive, most likely from a crappy signature SUPERAntiSpyware Trojan.Agent/Generic 20151224 It's a false positive, 'generic'.. sigh

Note: At the time of release, there were 3 false positive 'hit'(s) Regarding the one from Microsoft, I will try and contact them to get this whitelisted, but there is a high probability (like on all the previous releases) that other antiviruses will jump on the bandwagon and blacklist the file again shortly after release.The only current 'solution' is to whitelist / exclude the folder you put ProtectionID into.The other 3 are generic and its up to the av people to sort it out.. sorry, but it happens all the timeand contacting them doesnt do a damn thing

Change Log

I fixed some bugs and tweaked more code making things a bit more stable, I plan to add in taggant v2 support soon,but im having trouble obtaining sample files to work from (i dont use the taggant lib), so if anyone wants to help withthat please do so.I plan to wind down this version and start on v7 as soon as possible, most will port over relatively easily andthe goal is to make an x64, x86, gui and console versions, with most of the code being in c/c++ for portability(asm doesnt port too easily).. and will focus on it having a scanning core initially, and some pe(perhaps elf etc too) tools built inIf you'd like to contribute to v7 please get in touch at the email above, same goes if anyone wants to donate anything---------------------------------------------------------------------------------------------------------

v 6.7.0 (halloween 2015)

Antivirus Detection DataBase Date Note Microsoft VirTool:Win32/Obfuscator.AX 20151031 It's a false positive, but at least Microsoft is consistent

Antivirus Detection DataBase Date Note AVware Trojan.Win32.Generic!BT 20151029 It's a false positive Agnitum Trojan.Agent!Bz5aCfs+wnI 20151029 It's a false positive Antiy-AVL Trojan/Win32.TSGeneric 20151029 It's a false positive Avast Win32:Trojan-gen 20151029 It's a false positive CAT-QuickHeal Trojan.Dyname.ga 20151029 It's a false positive Cyren W32/Trojan.AYIN-1503 20151029 It's a false positive Fortinet W32/Generik.BCAXNDB!tr 20151029 It's a false positive Ikarus Win32.PePatch 20151029 It's a false positive K7AntiVirus Riskware ( 0040eff71 ) 20151029 It's a false positive K7GW Riskware ( 0040eff71 ) 20151029 It's a false positive McAfee Antivirus Artemis!8B23B9F8E358 20151029 It's a false positive McAfee-GW-Edition Artemis!Trojan 20151029 It's a false positive Microsoft VirTool:Win32/Obfuscator.AX 20151029 It's a false positive, but at least Microsoft is consistent SUPERAntiSpyware Trojan.Agent/Generic 20151030 It's a false positive Symantec Trojan.Gen.2 20151029 It's a false positive TheHacker Trojan/Generik.BCAXNDB/td> 20151028 It's a false positive TrendMicro TROJ_GEN.R08OC0DHF15/td> 20151029 It's a false positive VIPRE Trojan.Win32.Generic!BT5/td> 20151029 It's a false positive ViRobot Trojan.Win32.S.Agent.1192344[h] /td> 20151029 It's a false positive

Antivirus Detection DataBase Date Note Microsoft VirTool:Win32/Obfuscator.AX 20151101 It's a false positive, but at least Microsoft is consistent

Note: At the time of release, there was 1 false positive 'hit' from Microsoft, I will try and contact them to get this whitelisted, but there is a high probability (like on all the previous releases) that other antiviruses will jump on the bandwagon and blacklist the file again shortly after release.The only current 'solution' is to whitelist / exclude the folder you put ProtectionID into.Win 8 / 10 users might find the application blocked by windows defender, this is something i am working to resolvebut until it is resolved the only way to get it working is to add it to the exclusion listPlease make sure that you downloaded it from our home site before adding it to the exclusion listI plan to release the files and update the page publically (within the next 10 minutes of me writing this)then we can see which av companies jump on the bandwagon for blacklisting us (It's annoying sure)[Update] Again, as with all the other releases the antivirus people jump on the bandwagon again... 19/56 on virustotal now, this is pretty ftustrating.. especially when contacting them usually ends up going nowhere.. So, here we are.. November 1st .. here's the updated tableOh and 5 'bad' (why?) votes and 35 good ones (thanks)[Update - November 2nd 2015]It would appear the antivirus people have actually realised their mistake, I checked virustotal again today, and a fewthings have changed - namely the detections (! detection now from microsoft.. i can live with that) and the votes are alsochanged to 0 bad and 2 good... quite surprising.. the updated link is here This still means windows defender will need the ProtectionID folder added to the exclusion list for windows 8 / 10 users, I will see if i can get this sorted out, so please be patient.

Change Log

Some bugs fixed, some tweaks, some protection detections added, next changelog will be more detailed,as it will give me time to catch up on what i changed, and to add other things and involve the beta testers againbut i wanted to get the release done for the traditional halloween release---------------------------------------------------------------------------------------------------------

v 6.6.7 (December 2014)

Antivirus Detection DataBase Date Note Microsoft VirTool:Win32/Obfuscator.AX 20141225 It's a false positive, but at least Microsoft is consistent Qihoo-360 HEUR/QVM20.1.Malware.Gen 20141225 It's a false positive "More than Security, Lightening your PC".. umm yeh - the detection also 'disappeared' on the 26th TrendMicro-HouseCall Suspicious_GEN.F47V1224 20141225 It's a false positive

Antivirus Detection DataBase Date Note Baidu-International Trojan.Win32.Generik.BBCAXNDB 20141226 It's a false positive, and they're a bit late to the party Ikarus Trojan.SuspectCRC 20141226 It's a false positive "SuspectCRC" really? K7AntiVirus Trojan ( 004b30581 ) 20141226 It's a false positive K7GW Trojan ( 004b30581 ) 20141226 It's a false positive Sophos Mal/Generic-S 20141226 It's a false positive

Antivirus Detection DataBase Date Note ESET-NOD32 a variant of Generik.BCAXNDB 20141226 It's a false positive, and they're a bit late to the party (only showed up on the 27th) McAfee Artemis!8B23B9F8E358 20141226 It's a false positive, and they're a bit late to the party (only showed up on the 27th) McAfee-GW-Edition Artemis 20141226 It's a false positive, and they're a bit late to the party (only showed up on the 27th)

Antivirus Detection DataBase Date Note AVWare Trojan.Win32.Generic!BT 20141227 It's a false positive, and "Generic" Ad-Aware Trojan.Generic.12433802 20141227 It's a false positive, and "Generic" BitDefender Trojan.Generic.12433802 20141227 It's a false positive, and "Generic" MicroWorld-eScan Trojan.Generic.12433802 20141227 It's a false positive, and "Generic" Symantec WS.Reputation.1 20141227 It's a false positive, this is symantecs "wisdom of crowds thing" VIPRE Trojan.Win32.Generic!BT 20141227 It's a false positive, and "Generic"

Antivirus Detection DataBase Date Note Emsisoft Trojan.Generic.12433802 (B) 20141228 It's a false positive, and "Generic" F-Secure Trojan.Generic.12433802 20141228 It's a false positive, and "Generic" GData Trojan.Generic.12433802 20141228 It's a false positive, and "Generic"

Note: At the time release, there was 1 false positive 'hit' from Microsoft, I will try and contact them to get thiswhitelisted, but there is a high probability (like on the halloween release) that otherantiviruses will jump on the bandwagon and blacklist the file again shortly after release.The only current 'solution' is to whitelist / exclude the folder you put ProtectionID into.* update * now 2 more antiviruses have jumped on the bandwagon, ~8 hours after release.. slow clapAgain, like with the halloween release I decided to test these antiviruses to see how they actually detectedso I simply recompiled the christmas release executable and uploaded it to VirusTotal Here are the results.Predictably, the ONLY antivirus that detected (albeit a false positive) was Microsoft.. TrendMicro-HouseCall and Qihoo-360 did NOT detect anything,which really inspires faith in their products doesnt it? It looks like they just blacklisted the file by hashSo, I decided to test a theory.. I appended 1 byte (0xFF) to the christmas public release executable and uploaded it to VirusTotal Here are the results.Obviously this broke the digital signature, which I guess is the reason AVG suddenly detected (which was unexpected to be honest) but Qihoo-360 and TrendMicro-HouseCall did NOT detect anything... so they clearly just blacklisted the file via It's hash or equivalentFeel free to experiment yourself, but I think i've proven my point that some antiviruses are CLEARLY better than others* update * sigh.. now It's 7 / 55 on VirusTotalnow... considering It's 'Generic' for a lot of these, how come they weren't detected on the 25th?* update * - now 10/56 as ESET-NOD32 and McAfee now got on the bandwagon... bit late to the party guys...Again, ESET-NOD32 showing a 'variant' of a 'generic' ... if It's generic, how come it wasnt seen on the day of release?and are they using the same 'tables' as Baidu-International?McAfee is essentially a 'dupe' as It's 2 variants of their scanner... and "Artemis (or McAfee 'Global Threat Intelligence' technology) is the enhanced heuristic detection component of McAfee SecurityCenter's virus protection module." It works by adding an extra layer to the detection engine, but instead of just detecting something it actually "calls home" to the virus database to double-check before labellingsomething as a possible threat.So, It's pretty much a 'wisdom of the crowds' thing ?..To test (again), I simply recompiled the exe and uploaded it, just to test things.. and, well, the results are pretty damn predictable.Quite honestly I have to applaud Microsoft on being consistent in detection (albeit on a false positive, but they are the ONLY av on VirusTotal with consistent results)So, (like before), if I did make ProtectionID a virus / malware (It isn't and it won't be), all I would have to do is keep the execuable recompiling every hour or so, and it would only be seen by 1 of the 56 scanners on VirusTotal, thats actually a pretty frightening picture isn't it?And it would appear that a lot of the scanners seem to be working from file hashes or equivalent, which is a very WEAK method of 'detection'.. as you might be aware I did have similar results with the halloween release, and it seems very little has changed.. but I urge any of you with doubts to simply test for yourself on VirusTotalupdate - as of the 28th December It's now 17/54.. It's getting quite comical in a really pathetic wayNow, for those "Generic" ones.. how come (if It's Generic) it wasnt 'detected' on the 25th (day of release) ?and could it be possible that some of those antiviruses are using the same 'detection tables' ?Either way, It's pretty lame, and would you have much faith in an antivirus that 'detects' 3 days after the fact ?(which is more than sufficient time for something malicious to do It's job)I certaintly would not...And i refer you to the previous test results of the recompiled exe ( Here ), It's still only got one 'hit'(from Microsoft) - that speaks volumes... (NONE of the 'Generic' results above are here)..as for "Generic" - you use the word but i think you do not know what it meansSigh.. 19/54 now.. with 7 'good' votes and 1 bad (why?)...

update (17th January 2015)



It would appear that the false positives from the antiviruses has really caused a problem, the host for thehomepage set the homepage to a null route because of this, so the only option was to remove the file (i will putit somewhere else, or i will make a password protected release).. I intend to do a new release soon anyway, butthis situation is getting rather aggrivating, so if you can, please report the false positive to whatever anti virusyou are using that raises it, I dont have the resources at the moment to contact them all to get this resolved...In the future I think i will simply password protect the rar file as that seems to be the best course of action at the moment, sure, It's hardly ideal but I don't have many other options...I am open to suggestions, but removing the encryption isnt an option as it was actually put in to reduce false positives at the beginning (ironic i know)..

Change Log

* updated - update system has been tweaked to work with the new file url format (direct links wont work anymore)- this does mean that older versions wont be able to update to the latest version but thatsnot really fixable unfortunately and i'll put information about this on the homepage* bugfix - bugfix in the .net core scanner, I rounded pointers, instead of the actual length value, was quitean obscure bug as it worked on all the exe's I tested before, but Hookahice found one exein the 24th october beta release, but I didn't get the info until after the public halloweenrelease, so i've added the fix in now (thanks Hookahice) :)* tweak - msi / cab scanning reports to the status window now (cosmetic)* new - added detection for epic games unreal development kit udk installers* new - added fnv32 to hashing function list* tweak - file hashing reports the time taken to complete the hashing and the count of hashing functions executedand bytes / sec (not sure how accurate that is though and in some cases it'll show 0 bytes / secsimply because the hashing took less than a second)* new - added in data directory processing report (It's in the configuration settings, and is disabled by default)Scan configuration -> Show Data Directory Info (items reported in lower case mean they are presentbut have either no size or no va)* new - added in sentinel ldk detection, thanks to whoever posted the output log on pastebin, which helped meto add this in (might have been easier though if you emailed me with a url :) ) as it was a luckyfind..* new - added in timedatestamp review (idea was from this so I wrote a function for it (still work in progress)* new - added in some new detections (work in progress)* tweak - some more cosmetic output fixes* new - added in fuzzy detection for a new protector (work in progress) (denuvo)* tweak - steam api usage detection tweaked (mostly for x64 targets)* tweak - ads (ntfs data streams) processing can now report the internet zone setting for the file(if for example, it was downloaded) - this setting is in the configuration options(and is disabled by default) - you would also need to enable the'(ADS) Show ntfs stream info (if present)' setting as they are paired* tweak - some cosmetic alterations on text and configuration settings* tweak - .net stream names are now reported* tweak - neolite detection got tweaked, one crap signature removed and code sped up a lot* tweak - version info reporting now checks the buffer for white space and if the buffer is justspaces or blank / empty then the output is suppressed* update - .net core detections increased -> agiledotnetrt, eazfuscator, cryptoobfuscator, dotfuscator* update - version info - reporting of version info vs_fixedfile info stuff (work in progress)* update - .net core can report entropy of the #Strings (ansi) and #US (unicode) stream(s) (if present)- this is in the configuration setting and is disabled by default* new - added in detection for Ubisoft 'ubx' packer* update - pespin x64 detection updated* update - yummy gameshield detection updated (thx CrAaAzzzyy)* bugfix - appended data / overlay offset calculation had a bug on some rare exe's where the last sectionphysical size was greater than the virtual size, which threw off the calculation..It's also assumed that no overlay data can exist after the digital signature (if present)as that would break the signature...* new - pretty experimental (ie: not tested a lot) ssdeep hashing code added into the choices for file hashing(check the configuration settings) (sorry.. It's disabled atm, I didn't have time to finish it)* tweak - windows 10 current preview builds recognised for the latest versions (windows defender still doesntlike ProtectionID, so you'll have to add it to the exclusion lists for the meantime)..* coming - taggant v2 support as/when I see some live samples to work from* cosmetic - copyright year adjusted to 2015 (not having that old issue happen again) :)* bugfix - bugfix / sanity check added in the crypto scanner, license scanner, and cdkey and serial functions,i was sent some badly damaged executables from hypn0 (thanks), which reproduced the bugsand allowed a relatively easy fix.. very much appreciated, as they were relatively obscure* update - new setting - report all section entropies added, It's off by default, if you enable it it will reportthe entropy for each section present in the scanned file.. this can obviously cause a slowdownin the scanning which is why I defaulted to make it disabled..edit - this didnt make it into this build.. sorry.. it'll be in the next* bugfix - bugfix in reporting the version fixed file info..a register got trashed and should have been preservedit is now.. thanks again to hypn0 - definitely getting his bugfinder achievement this month :)* fix - some buffers were not always wiped, leading to crap output.. now fixed* bugfix - installer_rtpatch_scan had a misbalanced stack (typo bug I think), which sometimes lead to a registermismatch messagebox.. (thanks hypn0)* bugfix - fixed bug in zipworx_scan which could lead to a crash (thanks hypn0)* bugfix - fixed bug in hmimys_scan scan (thanks hypn0)* bugfix - fixed bug in ea access scan that could lead to a crash (thanks hypn0)* bugfix - sanity / range check added to imphash code.. (thanks hypn0)* bugfix - fix in digital signature processing where a serial wasnt present* bugfix - fixed bug in Nullsoft installer scan (thanks hypn0)* bugfix - installer_gkwaresfx_scan had a bug where edx and ecx werent preserved, leading to a 'register mismatch'messagebox if detected (thanks hypn0)* bugfix - range / sanity check added into safedisc scan code (thanks hypn0)* bugfix - range / sanity check added into solidshield scan code (thanks hypn0)* added - launch4j detection (also has extra info if you enabled that in the configuration) - have fun Chester Fritz* tweak - revised code for appended data size and offset calculation.. need to monitor this one* update - pecompact detection updated, it now reports the internal version of the protection (thanks for the files hypn0)* bugfix - internal file version core could crash if the version info data size was incorrect (we use an internal routine andto calculate the size if the windows api fails.. which happens sometimes).. this was a very rare and obscurebug (hard to replicate) - thanks to hypn0 I found and patched it (successfully I hope) :)* bugfix - added some range checking in the convert_* functions, as a crash could occour in some very damaged files (very rare)* bugfix - check_gamehouse.asm had some range checking added, as it'd crash on particularly malformed files..* bugfix - check_upx.asm had some range checking added, as it'd crash on particularly malformed files---------------------------------------------------------------------------------------------------------

v 6.6.6 (halloween 2014)

i waited 11 years for this version number ;pcore additions / changestweaks, updates, fixes etc... oh and moved to masm v14 and linker v14---------------------------------------------------------------------------------------------------------

v 6.5.5 (halloween 2013)

core additions / changeshonestly can't remember, just updates, some bugfixes etc... oh and moved to masm v12 and linker v12---------------------------------------------------------------------------------------------------------

v 6.4.0

core additions / changes- new: added in whois capabilities to IP/Name resolver- new: compiler detector updated to detect:- more Borland Delphi- more Visual C/C++- more MinGW- Visual Objects- Liberty BASIC- PureBASIC- REALbasic- update: changed output for rar/zip etc. which is non protection related to be displayed in the log window only.(protection report will only display protected files like securom/starforce containers etc.)- update: some tweaks for the shortcut creation system- bugfix: possible digital signature check crash fixed- bugfix: peid extension code tweaks & some fixes- bugfix: fixed closing a bad handledetection additions / changes- new: check_cenega.asm - added in Cenega ProtectDVD detection (custom protection for cenega .pl games)- new: check_protectdisc.asm - added in generic v9.27 (or higher) detection- new: check_protectdisc.asm - added in exact Protect DiSC versions for v9.26, v9.28 & v9.30- new: check_steam.asm - added in Valve CEG - Custom Executable Generation detection for Steam exe's- new: check_ubidrm.asm - added in UBISoft Online DRM detection- new: check_armadillo.asm - added in Armadillo v7.20 (or newer) detection- new: check_asprotect.asm - added in ASProtect v2.56 (or newer) detection- new: check_boxedapppacker.asm - added in detection for BoxedAppPacker bundled files- new: check_clisecure.asm - added in detection for CliSecure .NET Code Protector- new: check_codewall.asm - added in detection of CodeWall Technologies .NET Protector- new: check_dyamarobfuscator.asm - added in DYAMAR Obfuscator detection- new: check_enigmaprotector.asm - detection of Enigma Protector v2.xx wrapped files- new: check_obsidium.asm - added in Obsidium v1.4.0.0 (or newer) detection- new: check_reflexivearcade.asm - added in Reflexive Arcade Wrapper version info for build 179, 180, 181, 182, 183 & v184- new: check_safeengine.asm - added Safengine Licensor v1.7.2.0 (or newer) detection- new: check_salamandernet.asm - added in detection of Salamander .NET Protector & the core.dll (incl. version)- new: check_shoecakedrm.asm - added in detection of Shoecake Games Activation- new: check_softanchor.asm - added in UniLoc SoftAnchor detection- new: check_themida.asm - detection of Themida using a new variant of Hide from PE Scanner- new: check_xenocode.asm - added in detection for Xenocode Postbuild 2009- new: check_xenocode.asm - added in detection for XenoCode Virtual Application Studio 2010- new: check_apecsoftswftoexe.asm - added in ApecSoft SWF2EXE Converter v1.0 module detection- new: check_babelobfuscator.asm - added in Babel .Net Obfuscator v3.x (or higher) detection- new: check_exedefender.asm - added in ExeDefender v1.0 detection- new: check_larp.asm - added in LARP v2.x detection- new: check_netspider.asm - added in NET.Spider v1.0 (or older) and v1.1 (or higher) detection- new: check_noobyprotect.asm - updated to detect NoobyProtect v1.7.x.x- new: check_refruncycrypter.asm - Refruncy Crypter detection added- new: check_scobfuscator.asm - added in SC Obfuscator detection- new: check_scpack.asm - added in SC Pack v0.1 & v0.2 detection- new: check_vprotect.asm - rewritten to detect VirtualizeProtect v1.0 (or newer)- new: check_yincrypt.asm - added in YinCrypt v1 (Public) detection- new: license_activelock.asm - added in ActiveLock Licensing Module for DotNET detection- new: license_icelicense.asm - added in detection of IonWorx - ICE License- new: license_iceni.asm - added Iceni Technology License Wrapper detection- new: license_interlok.asm - added iLok USB device driver detection- new: license_protectionplus.asm - added in detection of the Protection Plus v4.6 Wrapper- new: dongle_marx.asm - now detects the MARX CryptoBox PE Envelope- new: dongle_proteqcompact.asm - added in Proteq Compact-500 Dongle detection + driver & version reporting- new: dongle_sentry.asm - added in detection for the Sentry Hardware Lock USB driver + version- new: dongle_softdog.asm - added in SoftDog driver check + version reporting- new: installer_adobeextract.asm - added in Adobe Extractor detection- new: installer_nanozip.asm - added NanoZip SFX Module detection

- improved: check_activemark.asm - ActiveMark is now detected properly in games with a digital signature

- improved: check_copyminder.asm - updated CopyMinder scan, does now detect on a game it didn't see before

- improved: check_dotnetreactor.asm - rewritten dotNet Reactor detection (more accurate)

- improved: check_ea_custom.asm - update cucko detection with another pattern using a new routine

- improved: check_execrytor2.asm - added in another generic check & updated to detect on 2 files it didn't 'see' before

- improved: check_moleboxultra.asm - now detects on MoleBox Virtualization Solution v4.2321 too

- improved: check_pecompact.asm - added in two more generic checks

- improved: check_popcapdrm.asm - now detects on recent popcap games too

- improved: check_protectdisc.asm - better handling for newer versions

- improved: check_securom.asm - updated to detect SecuROM SLL files a bit better

- improved: check_securom.asm - improved paul.dll detection (where version info was removed)

- improved: check_solidshield.asm - added in another generic check for the core.dll

- improved: check_themida.asm - tweaked, detects now on a file it did not 'see' before

- improved: check_upx.asm - added in another check for unknown / modified UPX

- improved: check_vmprotect.asm - added in another generic check

- improved: check_cryptic.asm - added in another check for Cryptic v2.0

- improved: check_darkcrypt.asm - updated DarkCrypt 1.2 detection with heuristic check

- improved: check_gieprotector.asm - added in two more checks for Gie Protector v0.2

- improved: check_mpress.asm - updated to handle MPress v2.12 (and newer)

- improved: check_noobyprotect.asm - NoobyProtect code adjusted to handle 2 files it didn't 'see'

- improved: check_pearmor.asm - added in another check for a newer version

- improved: check_pecrypt.asm - tweaked code results in faster scanning

- improved: check_privateexe.asm - updated detection code for v3.x

- improved: check_rdgpolypack.asm - tweaked, now detects on an exe it did not see before (thx ReverseB00n)

- improved: check_safeengine.asm - updated Safengine Licensor with another check

- improved: check_yodacrypt.asm - tweaked YodaCrypt v1.3 detection (does now detect on an exe it didn’t see before)

- improved: check_zprotect.asm - ZProtect signature updated + it detects unknown versions now

- improved: dongle_copylock.asm - added detection for another variant

- improved: dongle_dinkey.asm - now detects on an application it did not 'see' before

- improved: dongle_rockey.asm - updated to detect Rockey2 on an application it did not 'see' before

- improved: dongle_softdog.asm - updated with another check for SoftDog dongles

- improved: installer_7zip.asm - another variant of 7z SFX gets detected now

- improved: installer_bitrock.asm - rewritten BitRock InstallBuilder detection to be more generic

- improved: installer_install_anywhere - added another check for (newer) InstallAnywhere Self Extractor Modules



- bugfix: check_securom.asm - fixed matroschka detection in securom - the name output was corrupted on a recent exe

- bugfix: dongle_copylock.asm - fixed internal bug

- bugfix: installer_gkwaresfx.asm - fixed double output



---------------------------------------------------------------------------------------------------------



v 6.3.5

Hello folks!We are proud to present you the next and most up to date version of ProtectionID.it was about time to bring this to the public, as the last version was released back in march.During development of this version we ported it over to MASM v10,using the latest compiler & linker available at the moment.This version of PiD features highly optimised scanning routines, resulting in very fast detections.ie: a 2 GB setup.exe in processed in less than 1 second (smart mode kicks in).

We tweaked nearly all scans to benefit from our new procs.



core additions / changes



- new: compiled using masm v10 compiler & linker

- new: added in new and optimised scanning routines

- new: ProtectionID is now able to scan inside msi files

- new: clean temp tool (Extensions -> Clean Temp)

- new: added in our own fast internal zlib decompression routines

- new: compiler detector updated to detect:

- more Visual C++

- appended flash files

- Power Basic

- Watcom C/C++

- MinGW

- GoASM



- update: reporting part on file type, now reports bitness & file subsystem

- update: added in recovery system - if a crash happens when scanning a file/cd/dvd and the crash is in the scanning thread,

the seh system will 'recover' the crash, skipping all other scan modules and simply clean things up.

So a crash when scanning does NOT take ProtectionID down (the crash is reported to the log)

- update: windows error code resolver dialog got a face lift and some added functionality

- update: initial modification to report cpu usage on ALL available cores

- update: shortcuts are now not made if PiD is run from a removable drive

- update: added in reporting for uac setting in vista or higher

- update: scan size threshold increased to 50mb

- update: added in the nfo association configuration

- update: compiler detection enabled by default now

- update: adjusted the way the systray worked

- double left click on the PiD icon will cause the PiD window to be shown / hidden

- right click on the PiD icon will cause the right click systray context menu to appear

- bugfix: cab file handler bug fixed

- bugfix: scan file on cd/dvd did not work

- bugfix: fix for shortcuts getting corrupted

- bugfix: fixed bug in the seh system, which lead to a crash

- bugfix: file queue stuff (pause, remove, clear all) fully operational again

- bugfix: logic fix, checking section count could technically be wrong if exe was x64

- bugfix: selecting scan folder 2x resulted in it messing up

- bugfix: minor adjustment to avoid closing an invalid handle

- bugfix: fixed output bug on small files

- bugfix: fixed a possible win9x issue

- bugfix: minor gui fixes



detection additions / changes

- new: check_activemark.asm - added exact version detection & more detailed output for v4, v5 & v6 of ActiveMark

- new: check_byteshield.asm - ByteShield detection got heavily updated, now it contains a lot extra more info

- new: check_ea_custom.asm - added in detection for EA Custom Protection (used in The Sims 3)

- new: check_gameguard.asm - GameGuard Launcher Module & it's version got reported

- new: check_hackshield.asm - AhnLab HackShield detection added

- new: check_impulse.asm - Impulse DRM (+ core module) detection added

- new: check_protectdisc.asm - added in new versions: v9.11.0, v9.20.0, v9.25.0 & latest v9.26.0

- new: check_protectdisc.asm - added in detection of how many trial days a Protect Disc exe is allowed to run

- new: check_safedisc.asm - updated to detect clcd32.dll, dplayerx.dll, drvmgt.dll from old safedisc 1 games

- new: check_secureebook.asm - added in Secure eBook Wrapper detection

- new: check_securom.asm - added SecuROM DFA v1 and v2 detection

- new: check_securom.asm - added SecuROM 7 dfa.dll detection

- new: check_securom.asm - added detection for SecuROM 5 and 4 (or lower) dll modules (cms*.dll sintf*.dll)

- new: check_solidshield.asm - added in Tages Setup version detection in solidshield core.dll (if found)

- new: check_solidshield.asm - SolidShield wrapped dlls will be detected now

- new: check_starforce.asm - added in detection of StarForceFileSystem containers (SFFS)

- new: check_steam.asm - added in detection of the Steam Client API Module & report Steam api usage in exe

- new: check_themida.asm - updated to show watermarking on some versions

- new: check_playfirst.asm - added in detection of the Playfirst Game Library

- new: check_playrixwrapper.asm - added Playrix Game Wrapper detection

- new: check_reflexivearcade.asm - added in detection of build 177 & build 178 of the ReflexiveArcade Wrapper

- new: check_robingameswrapper.asm - added in Robin Games Wrapper detection

- new: check_spintop.asm - added SpinTop DRM Module detection

- new: check_mfortress.asm - added MetaFortress detection

- new: check_upx.asm - added in more informative upx info

- new: check_aase.asm - added Aase detection

- new: check_adnexeprotector.asm - added ADN Exe Protector v0.5 detection

- new: check_aliencryptor.asm - added Alien Cryptor v1.0 detection

- new: check_armadillo.asm - added Armadillo v6.40 and v6.60 - v7.00 (or newer) detection

- new: check_aspack.asm - added ASPack v2.2 detection

- new: check_asprotect.asm - added ASProtect v1.4 build 04.01 Beta detection

- new: check_aurastompercrypter.asm - added AuraStomper Crypter detection

- new: check_babelobfuscator.asm - Babel .Net Obfuscator detection added

- new: check_blindspot.asm - BlindSpot File Binder v1.0 detection added

- new: check_deepseaobfuscator.asm - added in DeepSea .Net Obfuscator detection

- new: check_dotfixniceprotect.asm - added version detection for v1.0 - v2.x, v2.8 - v2.9, v3.0 - v3.6

- new: check_dotnetreactor.asm - added in detection of dotNET Reactor v4.0 (or newer)

- new: check_dsrfileprotector.asm - added dSR File Protector detection

- new: check_eprot.asm - added !EProt detection

- new: check_epprotector.asm - added EP Protector v0.1 detection

- new: check_fishnet.asm - added Fish.NET packer detection

- new: check_flyskysoftware.asm - added Fly Sky Software Custom Protector detection

- new: check_hackhoundbinder.asm - added in Hack Hound File Binder detection

- new: check_ionworxidentifier.asm - added Ionworx Identifier SDK Module detection

- new: check_leetcryptor.asm - added LeetCryptor v1 detection

- new: check_moleboxultra.asm - added in MoleBox Ultra v4.x detection

- new: check_pcguard.asm - added detection of latest PC-Guard v5.04

- new: check_alloy.asm - added PGWARE Alloy [generic] detection

- new: check_rdgpolypack.asm - added RDG PolyPack v1.1 detection

- new: check_simbioz.asm - added in SimbiOZ v2.1 detection

- new: check_skycrypt.asm - added in Sky Crypt v2.0 detection

- new: check_stultrapack2.asm - added ST Ultra Pack 2 v0.6s detection

- new: check_themisbinder.asm - added in Themis Binder v0.2 detection

- new: check_upack.asm - added detection of more detailed versions

- new: check_vprotect.asm - added VProtect detection

- new: check_zipworx.asm - added ZipWorx detection

- new: license_bentleyieg.asm - added Bentley IEG License Service detection

- new: license_crypkeysdk.asm - added CrypKey v7.0 (or newer) detection

- new: license_crypkeysdk.asm - added detection of the CrypKey License Service Installer

- new: license_desawarelicensing.asm - added Desaware Licensing System for .NET Module detection

- new: license_elicense.asm - now detecting on a dll it didn't see before

- new: license_interlok.asm - updated to detect PACE InterLok System File

- new: license_reprise.asm - added Reprise License Manager detection

- new: license_sentinelrms.asm - added SafeNet Sentinel RMS v8.x detection

- new: dongle_hasp.asm - NetHASP Network Dongles are detected

- new: dongle_hasp.asm - added in detection of the Aladdin HASP SRM Run-time Environment Installer

- new: dongle_ilok.asm - added in iLok USB Hardware Dongle detection

- new: dongle_matrix.asm - added Matrix Dongle detection

- new. dongle_microdog.asm - added SafeNet MicroDog Driver installer detection

- new: dongle_sentinel.asm - added in detection of Rainbow NetSENTiNEL SUPER PRO Dongle

- new: dongle_syncrosoft.asm - added in SyncroSoft USB Dongle detection

- new: installer_advancedinstaller.asm - added Advanced Installer detection

- new: installer_autoplay_media_studio.asm - added Indigorose - AutoPlay Media Studio

- new: installer_bitrock.asm - added BitRock InstallBuilder Module detection

- new: installer_fenomen.asm - added Fenomen Downloader detection

- new: installer_gamehouse.asm - added GameHouse Installer detection

- new: installer_setupfactory.asm - added detection of Setup Factory v8.x modules

- new: installer_uharcsfx.asm - added UHARC SFX Archive detection



- improved: check_3plock.asm - added in another generic check

- improved: check_enigmaprotector - now detects on an Enigma version it didn't 'see' before

- improved: check_hexalock.asm - optimised HexaLock detection

- improved: check_laserlok.asm - optimised Laserlok scanning speed

- improved: check_protectdisc.asm - tweaked output

- improved: check_safedisc.asm - optimised Safedisc v1 scanning speed

- improved: check_smarte.asm - added in two new checks

- improved: check_starforce.asm - improved scanning speed

- improved: check_steam.asm - updated detection on another steam variant on assassins creed and r6 vegas

- improved: check_tages.asm - improved detection of the Tages protection driver

- improved: check_vob.asm - added one more generic check

- improved: check_execryptor2.asm - code tweaked to reduce false positives

- improved: check_alawar.asm - scanning speed optimizations

- improved: check_elefunwrapper.asm - scanning speed optimizations & reports offset / size of virgin executable

- improved: check_popcapdrm.asm - scanning speed optimizations

- improved: check_reflexivearcade.asm - optimised ReflexiveArcade Wrapper detection

- improved: check_abccryptor.asm - added in a new check

- improved: check_armprotector.asm - added in one more generic check

- improved: check_asdpack.asm - scanning speed optimizations

- improved: check_aspack.asm - scanning speed improvements

- improved: check_asprotect.asm - tweaked version output

- improved: check_atreprotector.asm - added in another generic check

- improved: check_bambam.asm - added in two more checks to tighten detection

- improved: check_beria.asm - improved Beria detection

- improved: check_dalcrypt.asm - added in two new checks

- improved: check_dotfuscator.asm - optimised scanning speed

- improved: check_dotnetprotector.asm - optimised scanning speed

- improved: check_enigmaprotector.asm - added in another generic check

- improved: check_epprotector.asm - code adjusted, made faster

- improved: check_exestealth.asm - optimised scanning speed

- improved: check_ezip.asm - scanning speed optimizations

- improved: check_exestealth.asm - improved scanning speed

- improved: check_gieprotector.asm - optimised the signature scan

- improved: check_kkrunchy.asm - added in detections for old kkrunchy (2003)

- improved: check_mew5.asm - Mew 5 EXE Coder v0.1 detection tweaked

- improved: check_mpress.asm - mpress for dot.net - tweaked detection

- improved: check_mslrh.asm - added in two more generic checks

- improved: check_mucruncher.asm - rewritten MuCruncher detection

- improved: check_mz0ope.asm - added in another check

- improved: check_nidhogg.asm - optimised Nidhogg scanning speed

- improved: check_packitbitch.asm - added in two new checks

- improved: check_polyene.asm - added in more generic checks for PolyEne

- improved: check_punisher.asm - added in three new checks

- improved: check_sevlock.asm - tweaked sevLock detection

- improved: check_simplepack.asm - now detects all the simplepack exe's it didn't detect before

- improved: check_softsentry.asm - added in more checks + optimised scanning speed

- improved: check_spicesnet.asm - added in another check

- improved: check_telock.asm - improved TeLock v1.0 detection

- improved: check_upack.asm - added more detailed version checks, tweaked some detections

- improved: check_upx.asm - fixed possible wrong detection

- improved: check_vbowatch.asm - updated with a better signature

- improved: check_visualprotect.asm - added in one more check

- improved: check_vmprotect.asm - now it detects on a dll it didn't 'see' before

- improved: check_wildtangent.asm - scanning speed optimisations

- improved: check_wlcrypt.asm - optimised WL-Crypt detection

- improved: check_xprotector.asm - added in two heuristic checks

- improved: check_yzpack.asm - tweaked

- improved: dongle_hasphlenvelope.asm - now detects on wrapped sys files too

- improved: dongle_keylok2.asm - improved Key-Lok II Dongle scan speed

- improved: dongle_marx.asm - added in another check

- improved: dongle_sentinel.asm - detects Sentinel on x64 executables

- improved: dongle_wibu.asm - added in another check

- improved: minor tweaks for all license detections

- improved: license_crypkeyinstant.asm - improved scanning speed in files wrapped with CrypKey Instant

- improved: license_crypkeysdk.asm - updated / tweaked CrypKey detection

- improved: license_elicense.asm - improved eLicense scanning speed

- improved: license_haspsl.asm - speed up HASP SL Licensing System scans

- improved: license_interlok.asm - scan speed improvements + added in detection for another 'variant' of InterLok

- improved: license_ntitles.asm - scanning speed improvements



- improved: installer_akinstaller.asm - scanning speed optimisations

- improved: installer_clickteam.asm - improved generic detection

- improved: installer_createinstall.asm - scanning speed optimizations

- improved: installer_gkwaresfx.asm - improved generic detection

- improved: installer_patchwise.asm - now detects a module it did not 'see' before

- improved: installer_rarsfx.asm - updated to handle new winrar sfx



- bugfix: check_starforce.asm - fixed possible crash bug

- bugfix: check_dotnetguard.asm - fixed non register preservation

- bugfix: check_vmprotect.asm - fixed generic detection

- bugfix: check_forgot.asm - fixed non detection

- bugfix: check_quickpacknt.asm - fixed non-detection bug

- bugfix: check_shrinkwrap.asm - fixed non-detection bug

- bugfix: check_upx.asm - fixed a possible wrong detection



CD/DVD/Image file/sector scan



- added in SecuROM v7.40 (or newer) detection via sector scan

- some more updates on the iso making code, and the cddvd_api core

- tweaking the cd/dvd dialog portion, now detects and reports errors better, along with better sector calculations

(will now abort if it detects a css encrypted sector when making an iso)



---------------------------------------------------------------------------------------------------------



v 6.2.3

- bugfix: check_starforce.asm - starforce 'crap output' bug fixed- update feature - updated to show version number on update as well, instead of some 'strange' number---------------------------------------------------------------------------------------------------------

v 6.2.2

core additions / changes- new: incorporated PEiD / PE Tools database usage-> additionally displays the protection found via the user databases-> peid database is expected to be in the same folder as ProtectionIDand should be called peid_database.txt-> petools database is expected to be in the same folder as ProtectionIDand should be called petools_signs.txt

- enable/disable: go to Configuration -> Allowed Scanning Types -> peid / petools (3rd party scan)

- once enabled you can browse the signature files when

clicking the 'Extensions' tab (second icon from the bottom right)

- note: in cases of multiple hIt's, the highest probability is automatically figured out and reported

- new: work on compiler detection began

-> The compiler detection simply reports what compiler was used to make

the executable, It can also sometimes report the programming language

the executable was made with.

current detections: dotnet, visual basic & visual basic.net, some visual c/c++, borland c++, delphi

enable/disable: Configuration -> Allowed Scanning Types -> Enable Compiler Detection Scan



- new: tooltip preview (configurable option in the settings - under the gui portion)

- new: added in drive type reporting in the misc tools section

- new: added in option in configuration to dedicate 1 cpu to scanning core (if multiple cpu's are found on the system)

- new: added in little pause/resume button in the main dialog (green square when you load PiD)

- new: added in activity reporting on hdd reads, PiD is so quick though, you may not notice it,

but on large files, It's useful because it’s an indicator PiD is doing something



- update: turned on scan inside Microsoft cab files as default

- update: added more informative comments into pe stuff

- update: file queue now reports the amount of files it has processed

- update: updated detection routine to report dll compiled in native mode

- update: folderwatch cleanup now works and reporting is handled correctly

- update: updated version info core to handle 'strange' exes with bad / corrupt version info,

or version information that version.dll does not 'see'

- update: fixed some imports so that PiD now loads on windows nt 4.0 (and probably 3.x)

without the system throwing an import missing error and exiting the process

- update: services now disables It'self if the os is 9x/me (9x/me doesn’t have 'services')

shares also disables It'self if the os is 9x/me (api not present in these os'es)

- update: gui -> cd/dvd tools and the folderwatch buttons are now automatically disabled if

the operating system is windows 9x/me (i.e.: less than windows 2000)

- update: folder location shell32 output now made 9x/me compliant(old comctl32.dll listview issue)

- update: added in minimize to systray if it’s set in the configuration

if set, PiD will minimize It'self when It's loaded for the first time

- update: added in another handler for smbios, It's quicker, but only available in vista or higher

- update: windows product key updated code, now should be good for all windows versions except nt 4.0

- update: windows product key is now also reported for 9x/me

- update: updated code so that windows 95, windows nt 3.x and nt 4.x do NOT have ownerdrawn menus

(95 couldn't handle them properly anyway, and nt 3/4 had issues too)

- update: added battery reporting into misc tool window

- update: dep reporting done in misc tools information section

- update: fixed icons in 9x looking too big (now PiD looks the same in 98, me, 2k, xp, vista)

- update: pause / resume is now properly functional

- update: added in pause checking into the cab file handler

- update: progress bar resets once scan is complete

- update: added in animated rect for sizing (work in progress)

- update: added tooltip to sizer window



- bugfix: fixed 9x/me crash (bsod) issue in petools stuff

- bugfix: fixed crash issue when viewing reloc information on some x64 files

- bugfix: silent exit / crash issue fixed in win2000 server

- bugfix: fixed position saving bug (reported by Blazkowicz)

- bugfix: fixed os detection (win nt was detected as 2000)

- bugfix: fixed the strange drag -> drop, file added to queue but scanning not started bug

- bugfix: fix for buffer overrun error when saving a protection log containing lots and lots of files

- bugfix: folderwatch - fixed crash when trying to add more than 2 folders

- bugfix: dirty buffer used in folderwatch reporting code

- bugfix: 9x sizing issue fixed

- bugfix: fixed some problems with windows 95 original (before 95a, 95b and 95c...) where the versioninfoex struct

is expected to be a different size, this resulted in a failure in detecting the operating system

- bugfix: various other tweaks & fixes...



detection additions / changes



- new: check_protectdisc.asm - added ProtectDisc v9.5.0 detection & detection of ProtectDisc drivers

- new: check_byteshield.asm - added ByteShield Software Activation Client detection

- new: check_safedisc.asm - now also detects Safedisc 1 icd file as being protected &secdrv.sys

- new: check_tages.asm - code updated to detect Tages protection drivers

- new: check_armadillo.asm - added Armadillo v6.24 (or newer) detection

- new: check_pcguard.asm - added PC Guard v5.03 detection

- new: check_themida.asm - added detection for Themida / Winlicense with Hide PE Scanner Option

- new: check_asprotect.asm - added exact detection of ASProtect v2.3 Build 05.14 & ASProtect v1.40 Build 11.20

- new: check_privateexe.asm - added Private EXE Protector v3.0 (or newer) detection

- new: check_stardock.asm - added Stardock Product Activation Module detection

- new: check_reflexivearcade.asm - added ReflexiveArcade Wrapper - Build 171 and newer detection

- new: check_realarcade_drm.asm - added in RealArcade DRM Module detection

- new: check_popcapdrm.asm - added PopCap DRM Protect detection

- new: check_elefunwrapper.asm - added Elefun Trial Game Wrapper detection

- new: check_playfirst.asm - added PlayFirst DRM Module detection

- new: check_oberonmediatime.asm - added detection for Oberon Media Time Protection Module

- new: check_wildtangent.asm - added detection of the Wild Tangent Wrapper v2.1.2.26 (or newer)

- new: check_dotnetreactor.asm - added .Net Reactor v3.x Library mode (+ Necrobit) detection

- new: check_macrobjectnet.asm - added Macrobject Obfuscator.NET 2008 detection

- new: check_noobyprotect.asm - added NoobyProtect v1.0.x.x and v1.1.x.x - v1.4.x.x.

- new: check_spicesnet.asm - added Spices.Net Obfuscator detection

- new: check_pegasyscustom.asm - added PEGASYS Custom Layer detection

- new: check_serialshield.asm - added Ionworx SerialShield Core.dll & it´s version detection

- new: check_dotnetguard.asm - added detection of the DotNet Guard HVM Runtime Library Module

- new: check_eakey.asm - added in EA Key Module detection

- new: check_sevlock.asm - added sevLock detection

- new: check_asscrypter.asm - added ass - crypter detection

- new: check_billarcrypter.asm - added Billar Crypter v2.0 detection

- new: check_bitfrostcrypter.asm - added Bifrost Crypter v1 detection

- new: check_cigicigi.asm - added Cigicigi File Crypter v1.0 detection

- new: check_cryptdmarnar.asm - added Crypt Dmar Nar v0.5 detection

- new: check_darkavengard.asm - added DarkAvengard Crypter detection

- new: check_dexcrypt.asm - added DeX-Crypt v2.0 detection

- new: check_dirtycrypt0r.asm - added DirTy CrYpt0r detection

- new: check_dhcripter.asm - added DH Cripter v0.1 detection

- new: check_etcv.asm - added ETCV v1.0 detection

- new: check_fishpacker.asm - added FishPacker v1.03 & v1.04 detection

- new: check_flashbackscrambler.asm - added Flashback Scrambler v1.3.x detection (all 3 modes :-))

- new: check_idapplicationprotector.asm - added ID Application Protector v1.2 detection

- new: check_freecryptor.asm - added FreeCryptor v0.3b Build 3 detection

- new: check_gentlemancrypter.asm - added Gentlemen Crypter v1 detection

- new: check_gkripto.asm - added GKripto v1.0 detection

- new: check_haccrewcrypter.asm - added Hac-Crew Crypter detection

- new: check_hipacryp.asm - added HipACryp v0.0.1 detection

- new: check_icrypt.asm - added ICrypt v1.0 detection

- new: check_keycrypter.asm - added KeyCrypter detection

- new: check_lordcrypter.asm - added L0rD Crypter v1.0 detection

- new: check_maskpe.asm - added MaskPE v2.0 detection

- new: check_ncode.asm - added N-Code v0.2 detection

- new: check_nidhogg.asm - added Nidhogg v1.0 Final, v1.1 Beta 1 and [unknown version] detection

- new: check_novacipher.asm - added NovaCipher 1.0 Beta detection

- new: check_npack.asm - added nPack v2.0.100.2008 detection

- new: check_pfecx.asm - added PFE CX v0.1 detection

- new: check_poherna.asm - added Pohernah v1.02, v1.03 & v1.07 detection

- new: check_pokescrambler.asm - p0ke Scrambler v1.2 detection added

- new: check_rdgtejoncrypter.asm - added RDG Tejon Crypter v0.6, v0.7 & v0.8 detection

- new: check_rewolfdllpackager.asm - added ReWolf DLLPackager v1.0 detection

- new: check_roguepack.asm - added RoguePack v4.1 detection

- new: check_scancryptic.asm - added ScanCryptic v2.0 detection

- new: check_securepe.asm - added SecurePE v1.6 detection

- new: check_supercrypt.asm - added Super Crypt v1.0 detection

- new: check_tgrcrypter.asm - added TGR Crypter v1.0 detection

- new: check_vegancrypter.asm - added Vegan-Crypter v0.7 detection

- new: check_yokohcrypter.asm - added Yokoh Crypter v1.3 detection

- new: license_adobelm.asm - Adobe Systems License Manager Module detection added

- new: license_deploylx.asm - added DeployLX Licensing for DotNet detection

- new: license_esellerate.asm - added eSellerate Activation System Core Module detection

- new: license_infralution.asm - Infralution Licensing System for DotNET detection added

- new: license_isquicklicense.asm - added Interactive Studios Quick License Manager detection

- new: license_mirage.asm - added detection for Mirage License Protector

- new: license_sentinelrms.asm - added SafeNet Sentinel RMS Core.dll detection

- new: license_xheolicensing.asm - added Xheo Licensing Module for DotNet detection

- new: dongle_biteboard.asm - added Bite-Board USB Dongle detection

- new: dongle_copylock.asm - added CopyLock Dongle detection

- new: dongle_marx.asm - MARX Crypto-BOX Dongle detection added

- new: dongle_rockey.asm - added Rockey2 / Rockey4 Dongle detection

- new: dongle_sentinel.asm - added detection of the NetSentinel Win32 Client DLL

- new: dongle_sentry.asm - added Sentry Hardware Lock detection

- new: dongle_wizzkey.asm - added Wizzkey Dongle detection



- new: installer_digital_river_downloader.asm - Digital River Download Manager detection

- new: installer_gpinstall.asm - added GP-Install Module detection

- new: installer_lymesfx.asm - added Lyme SFX Extractor Module detection

- new: installer_install_anywhere.asm - added InstallAnywhere detection

- new: installer_installshield.asm - added InstallShield v15 detection & Installshield PackageForTheWeb Installers

- new: installer_lindersoftsetup.asm - added Lindersoft Setup Builder Module detection

- new: installer_omnisetup.asm - added Omni Setup Module detection

- new: installer_popcap.asm - added PopCap Installer detection

- new: installer_realarcade_downloader.asm - added RealArcade Download Manager detection

- new: installer_reflexive_arcade.asm - added Reflexive Arcade Install Wrapper detection

- new: installer_smart_install_maker.asm - added Smart InstallMaker detection

- new: installer_visual_patch.asm - added detection for Visual Patch Installer



- improved: check_starforce.asm

- updated to handle those strange starforce 5.60 exe's that didn't have version information

- updated to handle Gothic 3 Forsaken Gods (russian)

- improved: check_securom.asm - code updated to detect the drm dyn data module

- improved: check_protectdisc.asm - added one more older version (v7.7.0)

- improved: check_codelok.asm - scanning speed optimizations

- improved: check_sysiphus.asm - optimised detection & scanning speed

- improved: check_solidshield.asm - update for those strange exe's and dll's with no version information

- improved: check_themida.asm - better version detection (v1.8.2.0 - v1.9.5.0, v1.9.7.0 - v1.9.9.0,

v2.0.0.0 - v2.0.2.0, v2.0.3.0 - v2.0.4.0, v2.0.5.0 (or newer))

- improved: check_acprotect.asm - faster scanning results

- improved: check_armadillo.asm - armadillo detection code updated

- improved: check_asprotect.asm - rewritten for better version detection

- improved: check_xenocode.asm - tweaked detection

- improved: check_thinstall.asm - updated with another detection method for v3.207

- improved: check_upx.asm - fixed UPX detection code so it detects upx'ed dlls too

- improved: check_xprotector.asm - added in another check (this also fixed a possible wrong detection

of Themida / WinLicense protected DotNet executables)

- improved: check_vmprotect.asm - made more generic, adjusted version info output

- improved: check_andpakk2.asm - rewritten, additionally we exactly detect the 2 versions now (v0.06 & v0.18)

- improved: check_anslympacker.asm – rewritten

- improved: check_cicompress.asm - tweaked & optimizsed

- improved: check_exestealth.asm - added in one more generic check

- improved: check_mew10.asm - tweaked mew 10 detection

- improved: check_pebundle.asm - updated, now detects on an exe which didn´t before

- improved: check_rdgtejoncrypter.asm - added in a more generic detection method

- improved: check_telock.asm - tweaked TeLock v0.96 detection

- improved: license_elicense.asm - completely rewritten (better v3.2 & v4.0 detection)

- improved: license_flexlm.asm - optimised detection & scanning speed

- improved: license_flexnet.asm - optimised detection & scanning speed

- improved: license_haspsl.asm - added another check for HASP SL

- improved: license_interlok.asm - added in one more generic check

- improved: license_salesagent.asm - optimised detection & scanning speed

- improved: license_sentinellm.asm – optimised

- improved: generic speed improvements in almost all license scans

- improved: dongle_keylok2.asm - updated KeyLok2 Dongle detection for better detection

- improved: generic speed improvements in all dongle scans

- improved: installer_7zip.asm - code updated, now detects an exe it never 'saw' before

- improved: installer_installaware.asm - updated to detect a custom version wich was un-detected before

- improved: installer_installshield.asm - installshield detection is now more generic and improved

- improved: installer_mscabsfx.asm - Microsoft cab sfx format detection is now made better

- improved: installer_nullsoft.asm - updated to handle nullsoft sfx exe's with the data in the resource section

- improved: installer_rarsfx.asm - WinRAR SFX detection updated

- improved: installer_zylomgames.asm - detection of another variant of Zylom Games Setup



- bugfix: fixed bug in Cactus Data Shield file scan (discovered by Blazkowicz on acrobat.dll)

- bugfix: check_obsidium.asm - bugfix in obsidium detection code

- bugfix: check_polyene.asm - fixed possible crash bug

- bugfix: installer_redshift.asm - fixed potential bug



---------------------------------------------------------------------------------------------------------



v 6.1.3

faster, more accurate, still better and no more beta - xmas release #2Core Code changes

- new: width-RESIZEABLE main window

- new: user can now choose what protection scans to skip

- new: added in new configuration item allowing the user to specify if iso, ccd, mds

etc modules are to be treated as discs (and thereby subject to a sector scan)

- new: ability to scan inside Microsoft cab files has been implemented



- update: we are now v0.6.1.3

- update: faster scanning core :)

- update: configuration window has a new look

- update: better 64 bit file handling support added

- update: appended data detection tweaked a little

- update: now if PiD is running and an exe is scanned from the context menu, the main

window will change to the log window (looks better.. suggested by loki)

- update: lnk file resolving is now complete, if user has selected to resolve links,

the system handles this all automatically

- update: window position is now centred if a previous window location was not recorded

- update: adjusted ia64/x64 vs. machine check portion of code (thx to teddy rogers)

- update: configuration - windows product key showing is now a configuration item

- update: configuration - now 'themes' and 'flat mode' can not be selected at the same time,

this is how it should be as themes override flatmode etc... so now only one can

be selected, and the other is 'auto unselected' (suggested by syk0)

- update: configuration - added in code to enable/disable the 'protection report bubble' after a scan is completed

- update: Memory Optimiser - the progress bar should get to the start again when user

clicked on Optimize and Purge was successful

- update: Memory Optimiser - code heavily updated, to work in chunks (if largest size requested is not available),

so, end result - more reliable, faster and optimised

- update: misc tools - added in quick uninstall tab

- update: misc tools - added in CD/DVD Filter Driver scanner tab

- update: misc tools - added in Windows Error Code Resolver tab

- update: misc tools - added in CPU Info tab

- update: misc tools - added in windows directory in the system info output

- update: misc tools - added in Folder Locations scanner

- update: misc tools - system information window now reports graphic device names (geforce, etc),

username & computer name and terminal services availability also reported

- update: misc tools - windows install date (from registry) is now reported in the misc tools 'system info part',

windows install date (from folder) is now also reported.

- update: misc tools - tweaked x64 os detection code, so it’s a lot more reliable

- update: misc tools - windows product key reporting now also handles x64 systems

- update: nfo viewer - extra checking now added - zip, rar and mz executables will NOT be displayed,

instead, a warning message is displayed

- update: process view - added in check for terminate, dump, priority change..

if selected process is PiD, the menu items are disabled (for safety and security)

- update: sfv checking now reports current offset on the line when processing

- update: sfv processing now works with quoted filenames

- update: winspy - process name is now also reported (if we could obtain it.. )

- update: log window in cd/dvd operations now has a context menu, allowing for...

clear log

copy selection to clipboard

copy log to clipboard

save selection (txt)

save selection (csv)

save log (txt)

save log (csv)

- bugfix: admin reflection / reporting was incorrect on 9x/ME systems

- bugfix: 'admin shield' icon is now moved, it looked out of place if the other progress bars

showing cpu usage etc were turned off.. (reported by loki)

- bugfix: Export as .txt doesn't work properly, only the first file does get saved

- bugfix: event bug fixed, which sometimes resulted in PiD sticking at about 35% cpu

- bugfix: pause/resume in the queue window was sometimes wrong for the text (reported by r!co)

- bugfix: Fixed SFV bug - Click on make, don't select any files and press abort.

You can't use the complete SFV feature as it's all grayed out (reported by Blazkowicz)

- bugfix: sfv output for large files (mb, gb etc) was VERY wrong, it’s since corrected

- bugfix: fixed 'disappearing window' problem

- bugfix: 'large icons' issue fixed in 9x

- bugfix: sfv - abort now works

- bugfix: sfv - output issue should be 110% fixed now (new buffering system used)

- bugfix: task manager -> potential stack bug fixed

- bugfix: configuration - shortcut creation was broken

- bugfix: nfo viewer - fixed potential memory leak on drag/drop

- bugfix: bug in the code checking for digital signatures (found by blazi)

code now performs a sanity check on accessed memory areas



detection additions / changes



- new: check_activemark.asm - added version detection for v6.3.562

- new: check_alawar.asm - added Alawar Try & Buy Activation detection

- new: check_hexalock.asm - added HexaLock Copy Protection detection

- new: check_protectdisc.asm - added more Protect DiSC v8 subversions

- new: check_securom.asm - added in detection for sll modules + SecuROM Matroschka Package

- new: check_acprotect.asm - added ACProtect v2.1, v2.1.1 and v2.1.2 detection

- new: check_angelscrypter.asm - added Angel's Crypteur v0.2 detection

- new: check_antidote.asm - added AntiDote v1.4 SE detection

- new: check_armadillo.asm - added version detection v6.00 or newer

- new: check_atreprotector.asm - added AT4RE Protector v1.0 detection

- new: check_avlock.asm - added AVLock detection

- new: check_budcrypter.asm - added BUD Crypter detection

- new: check_coolcrypt.asm - added COOLcryptor 0.9 detection

- new: check_cryptwoz.asm - added CryptWOZ v1.0 detection

- new: check_darkcrypt.asm - added DarkCrypt v1.2 (Private Version) detection

- new: check_dcrypt.asm - added DCrypt Private v0.9b detection

- new: check_dotfixniceprotect.asm - added DotFix NiceProtect v1.0 detection

- new: check_dotnetreactor.asm - added dotNet Reactor v3.3 (or newer) detection

- new: check_enigmaprotector.asm - added version grabber for Enigma Protector

- new: check_execrypt.asm - added ExeCRyPT v1.0 [ReBirth] detection

- new: check_exefog.asm - added EXEFog v1.1 detection

- new: check_exewrapper.asm - added ExeWrapper v3.0 (533Soft) detection

- new: check_expressor.asm - added ExPressor v1.6 detection

- new: check_fakuscrypter.asm - added Fakus Crypter detection

- new: check_fastfilecrypt.asm - added FastFileCrypt v1.6 Public detection

- new: check_fatalzcrypt.asm - added Fatalz Crypt v2.14a detection

- new: check_flashbackprot.asm - added Flashback Protector v1.0 detection

- new: check_gieprotector.asm - added Gie Protector v0.2 detection

- new: check_imppacker.asm - added IMP-Packer v1.0 detection

- new: check_kcryptor.asm - added K!Cryptor v0.11 detection

- new: check_kgbcrypter.asm - added KGB Cypter v1.0a detection

- new: check_leetcryptor.asm - added 1337 Cryptor v2 detection

- new: check_lilithcrypter.asm - added Lilith Crypter detection

- new: check_maxtocode.asm - added MaxtoCode .Net Encryption detection

- new: check_minke.asm - added Minke v1.0.1 Executable Crypter detection

- new: check_moneycrypter.asm - added Money Crypter detection

- new: check_morphna.asm - added Morphna Beta 2 detection

- new: check_mortalteamcrypter.asm - added Mortal Team Crypter v2 detection

- new: check_mpress.asm - added MPRESS NET compressor detection

- new: check_mushroomcrypter.asm - added Mu$hr00M CryPtOR v1.0 detection

- new: check_nme.asm - added NME Executable Crypter v1.1 detection

- new: check_npack.asm - added nPack v1.1.500.2008 Beta detections

- new: check_obfuscatornet.asm - added Macrobject Obfuscator.NET detection

- new: check_privateexe.asm - added version detection for v2.00 - v2.25 and v2.30 - v2.70

- new: check_puricrypt.asm - added Puri Crypt v1.2 detection

- new: check_quickpacknt.asm - added QuickPack NT v0.1 detection

- new: check_rcryptor.asm - added RCryptor v1.6d detection

- new: check_rdgpack.asm - added RDG Pack Lite Edition v0.2 detection

- new: check_rdgtejoncrypter.asm - added RDG Tejon Crypter v0.3 detection

- new: check_rlp.asm - added ReversingLabs Protector v0.7.4 beta detection

- new: check_rlpack.asm - added RLPack v1.20 detection

- new: check_roguepack.asm - added RoguePack v3.3 detection

- new: check_russiancryptor.asm - added Russian Cryptor v1.0 detection

- new: check_securepe.asm - added SecurePE v1.5 detection

- new: check_secureshade.asm - added Secure Shade v1.8 detection

- new: check_snoopcrypt.asm - added SnoopCrypt detection

- new: check_thinstall.asm - added THInstall detection

- new: check_tstcrypter.asm - added TsT Crypter detection

- new: check_undergroundcrypter.asm - added UndergroundCrypter v1.0 detection

- new: check_unlimitedcrypter.asm - added UnLimited Crypter v1.0 detection

- new: check_unopix.asm - added UnoPiX v0.94 detection

- new: check_upxlock.asm - added UPX Lock v1.01 - v1.02 detection

- new: check_weruscrypter.asm - added Werus Crypter v1.0 detection

- new: check_wildtangent.asm - added Wild Tangent v2.1 Activation detection

- new: check_windofcrypt.asm - added WindOfCrypt detection

- new: check_wingscrypt.asm - added Wingscrypt v2.0 detection

- new: check_winutilitiesexeprot.asm - added WinUtilities EXE Protector v2.1 detection

- new: check_wlcrypt.asm - added WL-Crypt v1.0 detection

- new: check_xenocode.asm - added XenoCode .NET protector detection

- new: check_xenocode.asm - added XenoCode Postbuild 2007 + 2008 for .NET detection

- new: check_xhackercryptor.asm - added xHacker Cryptor detection

- new: check_xshell.asm - added XShell v1.5 detection

- new: check_zprotect.asm - added ZProtect v1.4.3 detection

- new: check_zylomwrapper.asm - added Zylom Wrapper Crypted Game.exe detection

- new: license_nalpeiron_scan.asm - added Nalpeiron Licensing Service detection

- new: installer_install4y.asm - added Install4j Wizard Module detection

- new: installer_installshield.asm - added InstallShield v12 BETA Version detection

- new: installer_squeezesfx.asm - added Squeeze Self Extractor Module detection

- new: installer_trymediadownload.asm - added Trymedia Systems Download Manager detection

- new: msi and 7zip file type reporting is now done to the log window (similar to the .rar, zip etc reporting)

- new: added in quick detection for starforce protected pdf file

- update: check_aspack.asm - added additional check for ASPack 2.x to avoid a false positive

when scanning a file wrapped by FlashBack with ASPack entrypoint signature

- update: check_codelok.asm - improved detection

- update: check_dotnetreactor.asm - some parts recoded to be more generic & faster

- update: check_execryptor2.asm - improved detection with heuristic checks

- update: check_laserlok.asm - updated to handle older (v3) versions of laserlok

- update: check_passlock2000.asm - improved detection

- update: check_reflexivearcade.asm - executables builds are now reported (if found)

- update: check_safedisc.asm - updated to detect safedisc lite

- update: check_securom.asm - updated to handle VERY old versions & updated to detect a modified paul.dll

- update: check_solidshield.asm - minor modifications, but results in better reporting

- update: check_starforce.asm - updated to handle the new variant (v5.5) and also report bitness of the exe

- update: check_sysiphus.asm - optimised detection

- update: check_themida.asm - updated to handle dll protected Themida files

- update: check_vmprotect.asm - added new generic detection code (catches now dlls we missed before)

- update: check_upx.asm - improved to be 'more generic'

- update: check_vob.asm.asm - updated to handle older version (4 or less)

- update: dongle_guardant.asm - added reporting of old Guardant Dongle Protections

- update: dongle_hasphlenvelope.asm - improved detection

- update: license_sentinellm - improved for better detection

- update: installer_7zip.asm - improved detection

- bugfix: check_telock.asm - fixed v1.0 detection

- bugfix: check_yzpack.asm - fixed bug resulting in non detections

- bugfix: installer_installshield.asm - fixed possible non detections

CD/DVD/Image file/sector scan



- new: b6i image added into the supported file list

- new: added in 'Extract Boot Sector', now the boot sector from the cd/dvd can

be 'extracted' to a file.. for use with something else maybe :)

- new: cddvd_cactus.scan.asm - Cactus Audio detection added to file scan in cddvd module

- new: cddvd_protectdisc.scan.asm - added in sector scan module for protectdisc / protectcd

- update: if a disk is detected as being protected when making the iso, the user will be prompted to continue or not

- update: sector stuff - updated handler to handle udf format disks (BEA01 header instead of CD001)

- update: sector scan - tweaked sector scan for tagés a little

- update: sector scan - tweaked the safedisc detection code

- update: sector scan - updated to now NOT stop if a sector 16 read failure happened

- update: sector scan - securom scan updated to handle version 4.x (and probably lower),

which used a different 'fingerprint' and some minor tweaks / fixes

- update: sector scan - starforce + starforce keyless scan was heavily updated..

reducing probability of false positives as well as catching some we missed before

- bugfix: sector scan - codelok scan fixed



---------------------------------------------------------------------------------------------------------



v 6.0

if you ever used an older version you will experience a totally new tool with v6.0.PiD got a major overhaul on It's GUI for a new and very easy using experience.many protections have been added and tweaked for maximum detection speedand as much accuracy as possible with the new core code additions.Dongles, Licenses, polymorphic protectors and Installer detections are just some of the new additions...our goal is to release a very easy to use tool for detecting all kinds of protections.PiD is easy to use for newbies due to the cd/dvd scan and drag & drop feature.Reverse engineers will also benefit when using ProtectionID due the detailed informationslike multiple protections in one file, detection of nearly all protectors (commercial and freeware)and more informations like appended data etc...we hope you will enjoy the new generation of our tool :-)/cdkiller & x/xxxCore Code changes

- added: new PE Entry Point verification code

- added: RVA - File Offset and vice versa converter

- added: checks if PE file is damaged

- added: checks if Executable is not designed for this CPU

- added: checks if Executable is not designed for this OS

- improved: many code optimizations wich will result in a highly stable program (should be very stack safe now)



GUI changes



- added:Protection Report window showing a table with filename / protection

- added: File Queue window to GUI showing all the queued files (pause, remove and clear function)

- added: Configuration window with a lot of options the user can choose from

- added: CD/DVD Util window to GUI

- added: filter log, where output in the status window can now be filtered to only report protected files

- added: right click menus into the status window, so that output can be copied to clipboard or saved to file

- added: more servers for the update system

- added: folder drag & drop support

- added: ability to drag & drop the cd/dvd icon into PiD to scan all files on a cd/dvd

- changed: Log window size extended a bit



CD/DVD scanning

- added: sector scanning for Codelok (encryption key will be extracted)

- added: sector scanning for Safedisc v1, Safedisc v2 / v3 / v4

- added: sector scanning for SecuROM (if version is older than v4.84.84, it will be displayed)

- added: sector scanning for StarForce 3 keyless

- added: sector scanning for StarForce 3 DVD Games



New detections

- added: more CD/DVD-Checks

- added: more CD/DVD Key or Serial Checks

- added: ARM Protector v0.1, v0.2, v0.3 detection

- added: Alex Protector v1.0 Beta 2 detection

- added: BamBam v0.1 detection (+ Debug Info)

- added: Beria v0.0.7 detection (+ Debug Info)

- added: BIt'shape PE Crypt v1.5 detection

- added: BJFNT v1.1 and v1.2 detection

- added: CICompress v1.0 detection

- added: CodeCrypt version detection for v0.15, v0.16 - v0.161, v0.163 - v0.164

- added: DBPE v2.33 detection

- added: Daemon Protect v0.6.7 detection

- added: DePack detection

- added: Dot Fix Fake Signer detection

- added: Duals Exe Encryptor v1.0 and v1.1b detection

- added: Encrypt PE v1.2003.5.18 and v2.2004.8.10 detection

- added: Enigma Protector v1.03 Build 3.10, v1.03 Build 4.00 detection, v1.11 and v1.12 detection

- added: EP Protector v0.3 detection

- added: EXE32Pack v1.42 detection

- added: EXE Guard v1.x detection

- added: EXE Locker detection

- added: EXE Password 2004 v1.111, v1.112, v1.114 detection

- added: EXE Protector v2.x detection

- added: EXE ReFactor v0.2 detection

- added: EXE Safe v2.0 detection

- added: EXE Shield [unknown version] detection

- added: EXE Shield version detection for v2.7a, v2.7b, v2.8a, v2.9

- added: EXE Stealth v2.75 and v2.75a (latest version) detection

- added: ExPressor v1.0, v1.1, v1.2, v1.3 and v1.4 detection

- added: Forgot v1.0 detection

- added: French Layor v1.81 detection

- added: Goat´s PE Mutilator v1.6 detection

- added: Hide PE v1.0 [ASPack New strain method] detection

- added: Hide PE v1.1 [ASPack New strain method] detection

- added: Hide PE v1.x [VBOX v4.3 MTE method] detection

- added: Hying´s PE-Armor v0.x detection

- added: Ion Ice EXE Lock v1.0 detection

- added: JD Pack v1.01 detection

- added: Krypton version detection for v0.2, v0.3, v0.4, v0.5

- added: License Checks

- added: MazePath EXELockout v3.0 detection

- added: Mew 5 EXE Coder v0.1 detection

- added: Mew 10 v1.x detection

- added: Mew 11 SE v1.0 and v1.1 / v1.2 detection

- added: Morphine v1.2, v1.3, v1.4 - v2.7 detection

- added: MSLRH v0.31a, v0.32 and [unknown version] detection

- added: Obsidium version detection for v1.0.0.61, v1.1.1.0, v1.1.1.4, v1.2.0.0, v1.2.5.0, v1.3.0.0 anf v1.3.0.4

- added: Packanoid v1.0 and v1.1 detection

- added: Packman v0.0.0.1 detection

- added: Pack Master v1.6 detection

- added: PE Bundle v3.20 (latest version) detection

- added: PE Crypt v1.0x detection

- added: PE LockNT v2.01, v2.03 and v2.04 detection

- added: PE Pack v0.99 and v1.00 detection

- added: PE Spin v0.3, v0.41, v0.7, v1.0, v1.1 and v1.3 detection

- added: Petite version detection for v1.2, v1.3, v1.4, v2.2, v2.3 and unknown versions

- added: PEStubOEP v1.x detection

- added: PolyCrypt PE [generic] detection

- added: PolyEnE detection

- added: Protect v0.1.3 detection

- added: Protect EXE v0.4a Beta detection

- added: Private EXE v2.x detection

- added: Program Protector v1.x - v2.x detection

- added: SD Protector v1.12 and [unknown version] detection

- added: Shegerd EXE Protector & Anti-Debugger detection

- added: Shrinker v3.4 detection

- added: SLVc0deProtector v0.61 detection

- added: SoftSentry [generic] detection

- added: Softwrap (XtremeLok) detection

- added: Smoke´s ExeShield v0.5 detection

- added: Stealth PE v2.x detection

- added: Stone's PE Cryptor v1.13 detection

- added: SVKP version detection for v1.051, v1.11 and v1.3x - v1.4x

- added: TELock version detection for v0.42, v0.51, v0.60, v0.70, v0.80, v0.85f, v0.90, v0.92a, v0.95, v0.96, v0.98 and private versions

- added: Themida v1.0.0.1 - v1.0.0.5 detection

- added: Trial Master v2.x detection

- added: Upack v0.10b - v0.12, v0.20, v0.21, v0.22 - v0.23, v0.24 - v0.28, v0.29 - v0.33, v0.34 - v0.35 and v0.36 detection

- added: UPX Mutanter v0.2

- added: UPX Mutator detection

- added: UPX Protector v1.0e detection

- added: UPX$HiT 0.0.1 detection

- added: Visual Protect [generic] detection

- added: Vcasm-Protector detection

- added: Visual UPX v0.2 detection

- added: VMProtect v1.00 - v1.04 and v1.05 - v1.07 detection

- added: WinLicense v1.0.0.0 - v1.0.0.3 detection

- added: XCR v0.12 and v0.13 detection

- added: X-Treme Protector v1.07 Build 12-12-03, v1.08 Build 15-12-03 and v1.08 FiNAL detection

- added: Yoda´s Crypter v1.1 and v1.3 detection

- added: Yodas Protector v1.0b, v1.02b, v1.02d, v1.02.05, v1.03.1 and v1.03.2 Beta 3 detection

- added: Z-Code v1.01 detection



- added: Dongle - Dinkey detection

- added: Dongle - Hardlock detection

- added: Dongle - HASP Hardware Lock detection

- added: Dongle - HASP4 Net detection

- added: Dongle - Key-Lok II detection

- added: Dongle - Sentinel detection

- added: Dongle - Sentinel Super Pro detection

- added: Dongle - WIBU detection



- added: License - CrypKey detection

- added: License - FlexLM detection

- added: License - FlexNET detection

- added: License - HASP SL detection

- added: License - InterLok detection

- added: License - nTitles Activator detection

- added: License - SalesAgent detection

- added: License - Sentinel LM detection

- added: License - ViaTech E-license detection



- added: Installer - 7-Zip SFX Module detection

- added: Installer - Aquarius Soft Self-Extractor detection

- added: Installer - Astrum Install Wizard detection

- added: Installer - AW Install Engine Module detection

- added: Installer - BinPatch Module detection

- added: Installer - Bit-Arts Install Wrap detection

- added: Installer - Blizzard PrePatch Module detection

- added: Installer - Clickteam Install Maker detection

- added: Installer - Clickteam Patchmaker detection

- added: Installer - Create Install 2003 detection

- added: Installer - Gentee Installer detection

- added: Installer - Ghost Installer detection

- added: Installer - GKWare SFX Setup Archive detection

- added: Installer - Inno Setup Archive detection

- added: Installer - Installer 2 Go detection

- added: Installer - InstallShield v5.53, v6.31.100.1221, v7.1.100.1248, v8.x, v9.1.0.429, v10 and v10.5 detection

- added: Installer - Install Zip detection

- added: Installer - IZarc Self Extractor Module detection

- added: Installer - Microsoft SFX CAB Module detection

- added: Installer - Nullsoft SFX Setup Archive detection

- added: Installer - Patch Wise Module detection

- added: Installer - Paquet Builder - Enhanced Self-Extracting Zip Module detection

- added: Installer - PKSFX Archive detection

- added: Installer - Power Archiver SFX 2003 detection

- added: Installer - QSetup SFX Kernel detection

- added: Installer - Red Shift Installation System Module detection

- added: Installer - RTPatch Module detection

- added: Installer - Setup Factory detection

- added: Installer - SFX Factory! detection

- added: Installer - Silicon Realms Install Module detection

- added: Installer - Sony Self-Extracting Packager Archive detection

- added: Installer - Spoon Installer Module detection

- added: Installer - Tarma Installer Module detection

- added: Installer - VISE Mindvision Wizard detection

- added: Installer - WinAce Self-Extractor Module detection

- added: Installer - WinRAR SFX Archive detection

- added: Installer - WinZip SFX Archive detection

- added: Installer - Wise Installation Wizard Module detection

- added: Installer - Zip Central SFX detection

- added: Installer - Zip SFX Module detection

- added: Installer - Z-Up Maker SFX Archive detection



Improved detections

- improved: Codelok detection (bye bye 'icd1' section check)

- improved: appended data size verification for a few exe crypters, resulting in an even more accurate detection

- improved: Air EXE Lock detection

- improved: DEF v1.0 detection rewritten

- improved: EXE32 pack detection rewritten

- improved: EXEProt detection

- improved: EXE Stealth detection wich wouldn´t recognize crypted exe´s with the retail version (shareware messed up some EP bytes)

- improved: E-Zip detection (also speed increase)

- improved: Krypton detection rewritten (much faster and more accurate now)

- improved: LameCrypt detection

- improved: Neolite v1.x - v2.x detection

- improved: NFO detection

- improved: Noodle Crypt v2 detection

- improved: Obsidium detection rewritten to be more generic with all available versions till v1.2.5.0

- improved: PassLock 2000 detection

- improved: PE Diminisher v0.1 detection

- improved: PE Lock v1.06 detection

- improved: PE Nguincrypt detection

- improved: PE Ninja detection rewritten

- improved: PE Shield detection code optimised

- improved: PeX v0.99 detection

- improved: PKLite32 v1.1 detection

- improved: Shrinker detection

- improved: Software Defender detection rewritten

- improved: Special EXE Password Protector detection

- improved: SVKP detection recoded, much faster and more accurate

- improved: TELock detection code rewritten

- improved: Virogen Crypt v0.75 detection

- improved: WinKrypt v1.0 detection

- improved: WWPack32 v1.xx detection rewritten

- improved: Yoda´s Crypter v1.2 detection



Fixes



- fixed: possible crash bug when scanning a 'Zero Entrypoint DLL' (i.e. Ahead\Nero\Nerodeu.nls)

- fixed: EXE32Pack wasn´t detected in v5.0 due a file size checking bug

- fixed: ExeProt crash bug when scanning files < 1500h bytes

- fixed: cosmetic bug on status window, if mouse was over it when it was first created, the cursor was an hour glass

- fixed: a few detection strings with missing zero terminators (didn´t affect scanning, just a cosmetic fix)

- removed: PE Bundle generic detection (heh it could be fooled too easily)

- removed: Krypton [generic] detection (version checks will do a better job)

- plus many minor fixes and improvements I can´t remember anymore ;-)



[ -= NOTES = -]

: To check commercial applications for a Dongle protection, we recommend to use the folder scan.we know Dongle protections aren´t widely used in most apps but the usage of Dongles in 3D/CAD/CAMapplications is growing.examples - AICON 3D Studio v3.6.00 - Hardlock- Avisoft-SASLab Pro.4.36.22 - Hardlock- Image Craft AVR ANSI C Tools v7.00b - DinKey- BrainVoyager2000 v491 - HASP- Canops ProCoder v2.0 - HASP PE Envelope- Solidscape JewelCAD v5.12 - Key-Lok II- Quark XPress v6.1 - Sentinel- NewTek LightWave 3D v8.0 - Sentinel- Electronic Image Animation System v5.5.1 - Sentinel Super Pro- PointLineCAD Version 19 - WIBU: To detect if an application is protected by a License, we recommend to use the folder scan and select the install dir.i.e. DivX v5.2.1 is using 'nTitles Activator'. Scan the DivX folder and you will notice bgregister.exe in the Protection ReportWindow. The file will import the serial functions of a file called 'PSIKey.dll' wich is present in your application dir or(like in this case) in C:Windows\System32. Scan the dll and you´ll know the version.examples 1 - Avid Softimage XSI Advanced v4.0 - FlexLM v6.1 (ilImageTPF.dll)- Intel C++ Compiler for Win.v8.0.046 - FlexLM v7.1 (codecov.exe, xilink.exe...)- Gauss v6.0 - FlexLM v8.1 (gauss.exe, tgauss.exe)- Pixar Renderman Artist Tools v6.0 - FlexLM v8.2 (rampEditor.exe, slim.exe...)- Code Warrior v9.3 - FlexLM v8.4 (lmgr8c.dll)- Digital Fusion Render Note v4.04c - FlexLM v9.0 (DFRNode.exe)- Cambridge Animations Systems Animo v6.0 - FlexLM v9.2 (lot´s of *.dll files in \bin dir)- Geoslope Geostudio 2004 v6.02 - FlexNET v10.0 (GeoStudio.exe and lots of *.dll files)examples 2 - Minnetonka Disc WELDER Bronze v1.01 - Sentinel LM- IronCAD Inovate v7.0 - Sentinel LM v7.2.0.0- CSI SAFE v8.0.4 - Sentinel LM v7.2.0.18examples 3 - DivX v5.2.1 - nTitles Activator v1.3.6.18 (bgregister.exe, PSIKey.dll)- Corel Word Perfect Office v12 - nTitles Activator v1.3.4.89 (Prwin12,exe, PSIKey.dll...)- Kaydara Motion Builder v5.5 - nTitles Activator v1.3.4.13 (klicense.dll, PSIKey.dll)- PowerQuest Drive Image v7.03 - nTitles Activator v1.3.0.43 (PQV2iSvc.exe)examples: - Dreamweaver MX 2004 v7.0.1 - Safecast v2.42.000 (actlib.dll, MMxpt.dll)- ArcSoft Media Card Companion v1.0 - Safecast v2.50.030 (Media Card Companion.exe)- Autodesk Inventor Professional v9.0 - Safecast v2.51.000 (invadlm.dll, invaip09.dll)- Data Becker Web To Date v3.1 - Safecast v2.60.030 (web2date.exe)- Adobe Photoshop CS2 - Safecast v2.67.010 (Tw10122.dat)---------------------------------------------------------------------------------------------------------

v 5.1f





- added: SecuROM 7.27.xxxx detection- added: Protect DiSC v7.5 (or newer) detection- added: Starforce 4 protection level (Basic / Pro) detection- added: Starforce ProActive v4 Protect.exe detection- added: Safedisc detection for v4.70 in executables without version string- added: PC Guard v5.01 detection- added: SD Protector v1.12, v1.16 and [unknown version] detection- added: TheMida v1.0.0.0 - v1.8.0.0 (or newer) detection- added: License - eLicense v3.x, v3.20 and v4.0 detection- added: License - Protection Plus v4.x detection- improved: ActiveMark detection split into v4 & v5- improved: Xtreme Protector detection code improved- improved: SecuROM 7.26.xxxx detection, added more detailed versions- improved: Protect DiSC version detection, added support for most common versions- fixed: crash during Tages scanning if entrypoint is between offset 2h to 4h/cdkiller & [x/xxx]---------------------------------------------------------------------------------------------------------

v 5.1e





- added: SecuROM 7.26 detection- added: SecuROM 7.xx.xxxx subversions (tested on 90+ executables)- added: Safedisc separated detection for v4.50 & v4.60 in executables without version string- added: Laserlok build detection for v5- added: Starforce v4 detection inside protect.exe- added: NSPack v3.3 & v3.5 detection- improved: Laserlok Marathon detection- improved: CodeLok detection- fixed: Protect DiSC v6.2 build number bug/cdkiller & [x/xxx]---------------------------------------------------------------------------------------------------------

v 5.1d

short game list:







- added: SecuROM version detection for v7.01, v7.02, v7.10, v7.11, v7.12, v7.20, v7.21, v7.24 and newer- added: StarForce BASiC detection (no drivers included) (valid only for SF v3.x)- added: StarForce ProActive v3 detection (you need to scan the protect.exe)- added: Tages scanning if Device Driver is called (Disc Check)- fixed: StarForce bug sometimes not reporting if VFS is usedf