Name      : script.ini for Procdump 

Version   : 1.6.x

Target    : script.ini

Tools     : Brain
            
Cracker   : LW2000

Tutorial  : No.60



---
DISCLAIMER
For educational purposes only!
I hold no responsibility of the mis-used of this material!
---



Ok, i was asked a dozen of times after script.ini. I mailed, dcc and send it
in the last days a couple of times, too. So if it is for general interest,
here is my script.ini =)

I hope u are all lucky now =)  ... and no one asks for it any more!




========= Begin of script.ini ==========


;ﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄ
; ProcDump Specifics Packers/Protectors Definitions.
;
; (C) G-RoM iN 1998, 1999
;ﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄ
; Implemented :
;
; ADD  : ADD a value to temporary address
; BP   : Set a Breakpoint at temporary address.
; BPX  : Set a Breakpoint at given address.
; BPREG: Set a Breakpoint with register value [EAX/EBX/EDX/ECX/EDI/ESI].
; BPF  : Break until flag is set/unset.
; BPC  : Break until Counter is reached.
; BPV  : Break until Register [EAX/EBX/EDX/ECX/EDI/ESI] is equal.
; DEC  : DEC a value to temporary address
; EIP  : Use next EIP as Original EntryPoint.
; HELP : Launch external file with PARAMS.
; OBJR : Set Object search start with current EIP.
; LOOK : Scan a signature. Address found is stored temporary.
; MOVE : Set eip to eip + param. Be carefull with it !!
; POS  : Set Local Address Value
; REPL : Replace at temporary address by string.
; STEP : Single step mode (end of batch).
; WALK : Execute the next instruction.
;ﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄ
; All parameters will be interpreted As hexadecimal values.
; For parameters Don't use prefix, postfix like 0x or h. They will cause 
; to stop parameters interpretation.
;ﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄ
;                   -->> LW2000 [CiA] script.ini <<--
;ﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄﾄ



[OPTIONS]
CAPTION=ProcDump32 (C) 1998, 1999 G-RoM, Lorian & Stone
BHRAMA=ProcDump32 - Dumper Server
OPTL1=00000000
OPTL2=01000101
OPTL3=01010001
OPTL4=00010000
OPTL5=00000000

[INDEX]
P1=Hasiuk/NeoLite
P2=PESHiELD
P3=Standard
P4=Shrinker 3.3
P5=Wwpack32 I
P6=Manolo
P7=Petite<1.3
P8=Wwpack32 II
P9=Vbox Dialog
PA=Vbox Std
PB=Petite 1.x
PC=Shrinker 3.2
PD=PEPack
PE=UPX
PF=Aspack<108
P10=SoftSentry
P11=CodeSafe 3.X
P12=Aspack108
P13=Neolite2
P14=Aspack108.2
P15=Petite 2.0
P16=Sentinel
P17=PKLiTE
P18=Petite 2.1
P19=PCShrink
P1A=PCGUARD v2.10
P1B=Aspack108.3
P1C=Shrinker 3.4
P1D=PECompact 0.971 b
P1E=PECompact 0.975 b
P1F=Aspack108.4
P20=UPX 0.7X-0.8X
P21=UPX 0.89.6
P22=STNPE Encrypter 1.xx
P23=PE Compact
P24=PC Shrink II
P25=VGCrypt 0.75
P26=Shrinker 3.x
P27=Wwpack32
P28=Aspack2000


[Aspack<108]
L1=OBJR
L2=LOOK 75,00,E9
L3=BP
L4=WALK
L5=WALK
L6=OBJR
L7=LOOK 61,FF,E0
L8=ADD 1
L9=BP
LA=STEP
OPTL1=00000000
OPTL2=01010001
OPTL3=01010001
OPTL4=00030000
OPTL5=00000000

[Aspack108]
L1=OBJR
L2=LOOK E9
L3=BP
L4=WALK
L5=OBJR
L6=LOOK AC,AA,58
L7=BP
L8=STEP
OPTL1=00000000
OPTL2=01010001
OPTL3=01010001
OPTL4=00030000
OPTL5=00000000

[Aspack108.2]
L1=OBJR
L2=LOOK E9
L3=BP
L4=WALK
L5=OBJR
L6=LOOK E8,8A,02,00,00,E8
L7=BP
L8=MOVE 0F
L9=STEP
OPTL1=00000000
OPTL2=01010001
OPTL3=01010001
OPTL4=00030000
OPTL5=00000000

[Aspack108.3]
L1=OBJR
L2=LOOK 6A,00,50
L3=JZ 5
L4=QUIT
L5=BP
L6=OBJR
L7=LOOK 50,C3
L8=ADD 1
L9=BP
LA=WALK
LB=OBJR
LC=LOOK 50,C3
LD=ADD 1
LE=BP
LF=STEP
OPTL1=00000000
OPTL2=01000001
OPTL3=01010001
OPTL4=00030000
OPTL5=00000000

[Aspack108.4]
L1=OBJR
L2=LOOK ?,C3
L3=JZ 5
L4=QUIT
L5=BP
L6=OBJR
L7=LOOK 5B,0B,DB
L8=BP
L9=OBJR
LA=LOOK C3
LB=BP
LC=STEP
OPTL1=00000000
OPTL2=01010001
OPTL3=01010001
OPTL4=00030000
OPTL5=00000000

[CodeSafe 3.X]
L1=LOOK 89,04,8A
L2=ADD 5
L3=BP
L4=LOOK FF,E1,C3
L5=BP
L6=STEP
OPTL1=00000000
OPTL2=01010001
OPTL3=01010001
OPTL4=00010000
OPTL5=00000000

[Hasiuk/NeoLite]
L1=LOOK 50,FF,25
L2=BP
L3=BPR EAX
L4=EIP
L5=STEP
OPTL1=00000000
OPTL2=01000001
OPTL3=01010001
OPTL4=00010100
OPTL5=00000000

[Manolo]
L1=BPX 181
L2=STEP
OPTL1=00000000
OPTL2=01000001
OPTL3=01000001
OPTL4=00010000
OPTL5=00000000

[Neolite2]
L1=OBJR
L2=LOOK FF,E0,80,3D
L3=BP
L4=STEP
OPTL1=00000000
OPTL2=01010001
OPTL3=01010001
OPTL4=00030000
OPTL5=00000000

[PCGUARD v2.10]
; Layer1
L1=LOOK 86,07,47,C3
L2=BP
L3=WALK
L4=LOOK 86,07,47,C3
L5=BP
L6=WALK
L7=OBJR
L8=LOOK FC,8D
L9=BP
; Layer2
LA=LOOK 86,07,47,C3
LB=BP
LC=WALK
LD=LOOK 86,07,47,C3
LE=BP
LF=WALK
L10=OBJR
L11=LOOK FC,8D
L12=BP
; Layer3
L13=LOOK 86,07,EB,01
L14=BP
L15=WALK
L16=LOOK 86,07,EB,01
L17=BP
L18=WALK
L19=OBJR
L1A=LOOK FC,8D
L1B=BP
; Layer4
L1C=LOOK 86,07,EB,01
L1D=BP
L1E=WALK
L1F=LOOK 86,07,EB,01
L20=BP
L21=WALK
L22=OBJR
L23=LOOK FC,8D
L24=BP
; Layer5
L25=LOOK 86,07,EB,01
L26=BP
L27=WALK
L28=LOOK 86,07,EB,01
L29=BP
L2A=WALK
L2B=OBJR
L2C=LOOK FC,60
L2D=BP
; GET RID OF DEBUG API CHECK
L2E=LOOK 0F,84,07,01,00,00
L2F=REPL 90,E9
; FIND CLEARUP
L30=LOOK F3,AA,8B,85
L31=ADD 2
L32=BP
L33=OBJR
; FIND JUMP BACK
L34=LOOK 61,C3
L35=BP
L36=STEP
OPTL1=00000000
OPTL2=01010001
OPTL3=01010001
OPTL4=00020000
OPTL5=00000000

[PCShrink]
L1=LOOK FF,E2
L2=BP
L3=STEP
OPTL1=00000000
OPTL2=01000101
OPTL3=01010001
OPTL4=00030000
OPTL5=00000000

[PCShrink II]
L1=LOOK 5F,FF,E7
L2=JZ 4
L3=QUIT
L4=ADD 1
L5=BP
L6=WALK
L7=OBJR
L8=LOOK 5F,F3,A4,E9
L9=ADD 3
LA=BP
LB=WALK
LC=LOOK 61,9D,BA
LD=BP
LE=STEP
OPTL1=00000000
OPTL2=01010001
OPTL3=01010001
OPTL4=00030000
OPTL5=00000000

[PE Compact]
L1=LOOK 5A,FF,E2
L2=JZ 4
L3=QUIT
L4=ADD 1
L5=BP
L6=WALK
L7=OBJR
L8=LOOK 5F,F3,A4,E9
L9=ADD 3
LA=BP
LB=WALK
LC=LOOK 61,9D,68
LD=BP
LE=STEP
OPTL1=00000000
OPTL2=01010001
OPTL3=01010001
OPTL4=00030000
OPTL5=00000000

[PECompact 0.971 b] 
L1=LOOK 5A,FF,E2 
L2=WALK 
L3=WALK 
L4=BP 
L5=LOOK F3,A4,E9
L6=WALK
L7=WALK
L8=BP
L9=STEP 
OPTL2=01010001
OPTL3=01010001
OPTL4=00030000
OPTL5=00000000

[PECompact 0.975 b]
L1=LOOK 5F,FF,E7
L2=WALK
L3=WALK
L4=BP
L5=LOOK F3,A4,E9
L6=WALK
L7=WALK
L8=BP
L9=STEP
OPTL2=01010001
OPTL3=01010001
OPTL4=00030000
OPTL5=00000000

[PEPack]
L1=LOOK 61,FF,E0
L2=BP
L3=STEP
OPTL1=00000000
OPTL2=01000001
OPTL3=01010001
OPTL4=00030000
OPTL5=00000000

[PESHiELD]
L1=LOOK 0F,85
L2=BPF Z
L3=LOOK FF,E0,00
L4=BP
L5=STEP
OPTL1=00000000
OPTL2=01000001
OPTL3=01000001
OPTL4=00010000
OPTL5=00000000

[PESHiELD Secure]
L1=LOOK 0F,85
L2=BPF Z
L3=LOOK CB,8D,B5
L4=ADD 1
L5=BP
L6=STEP
OPTL1=00000000
OPTL2=01000001
OPTL3=01000001
OPTL4=00010000
OPTL5=00000000

[Petite<1.3]
L1=LOOK 5E,5B,C9,C3,E8
L2=JN 7
L2=ADD 4
L3=BP
L4=WALK
L5=OBJR
L6=LOOK 61,66,9D
L7=JZ 9
L8=QUIT
L9=BP
LA=STEP
OPTL1=00000000
OPTL2=01000001
OPTL3=01010001
OPTL4=00030000
OPTL5=00000000

[Petite 1.x]
L1=LOOK 5E,5B,C9,C3,E8
L2=ADD 4
L3=BP
L4=WALK
L5=OBJR
L6=LOOK 61,66,9D
L7=ADD 3
L8=BP
L9=WALK
LA=EIP
LB=STEP
OPTL1=00000000
OPTL2=01010001
OPTL3=01010001
OPTL4=00030000
OPTL5=00000000

[Petite 2.0]
L1=OBJR
L2=LOOK 83,3A,00,0F,84
L3=ADD 3
L4=BPF z
L5=WALK
L6=WALK
L7=WALK
L8=OBJR
L9=LOOK 83,3E,00,0F,84
LA=ADD 3
LB=BPF Z
LC=LOOK F3,AA,FD,33,C0,B9
LD=BP
LE=OBJR
LF=STEP
OPTL1=00000000
OPTL2=01010001
OPTL3=01010001
OPTL4=00030000
OPTL5=00000000

[Petite 2.1]
L1=STEP
OPTL1=00000000
OPTL2=01010001
OPTL3=01010001
OPTL4=00030000
OPTL5=00000000

[PKLiTE]
L1=LOOK 68,00,00,00,00,E8
L2=ADD 0A
L3=BP
L4=STEP
OPTL1=00000000
OPTL2=01010001
OPTL3=01010001
OPTL4=00010000
OPTL5=00000000

[Sentinel]
L1=LOOK 8B,44,24,1C,8B,4C,24,18,8B,54,24,14,50,51,52
L2=BP
L3=WALK
L4=WALK
L5=WALK
L6=WALK
L7=STEP
OPTL1=00000000
OPTL2=01010001
OPTL3=01010001
OPTL4=00030000
OPTL5=00000000

[Shrinker 3.x]
L1=LOOK 8D,4D,E4,51,6A,02,FF,35
L2=JN 5
L3=ADD 14
L4=REPL 90,90
L5=LOOK FF,75,10,FF,75,0C,FF,75,08,FF,55
L6=JZ 8
L7=QUIT
L8=BP
L9=STEP
OPTL1=00000000
OPTL2=01010001
OPTL3=01010001
OPTL4=00020000
OPTL5=00000000

[Shrinker 3.2]
L1=BPX 2672
L2=STEP
OPTL1=00000000
OPTL2=01010001
OPTL3=01010001
OPTL4=00020000
OPTL5=00000000

[Shrinker 3.3]
L1=LOOK FF,75,10,FF,75,0C,FF,75,08,FF,55
L2=BP
L3=STEP
OPTL1=00000000
OPTL2=01010001
OPTL3=01010001
OPTL4=00010000
OPTL5=00000000

[Shrinker 3.4]
L1=LOOK 8D,4D,E4,51,6A,02,FF,35
L2=ADD 14
L3=REPL 90,90
L4=LOOK FF,75,10,FF,75,0C,FF,75,08,FF,55
L5=BP
L6=STEP
OPTL1=00000000
OPTL2=01010001
OPTL3=01010001
OPTL4=00010000
OPTL5=00000000

[SoftSentry]
L1=LOOK FF,D7,6A,00,68
L2=BP
L3=STEP
OPTL1=00000000
OPTL2=01010001
OPTL3=01010001
OPTL4=00020000
OPTL5=00000000

[Standard]
L1=LOOK FF,E0
L2=BP
L3=STEP
OPTL1=00000000
OPTL2=01000001
OPTL3=01010001
OPTL4=00010000
OPTL5=00000000

[STNPE Encrypter 1.xx]
L1=LOOK FF,E0
L2=BP
L3=STEP
OPTL1=00000000
OPTL2=01010001
OPTL3=01010001
OPTL4=00030000
OPTL5=00000000

[UPX]
L1=LOOK 61,E9
L2=BP
L3=STEP
OPTL1=00000000
OPTL2=01010001
OPTL3=01010001
OPTL4=00030000
OPTL5=00000000

[UPX 0.7X-0.8X]
L1=OBJR
L2=LOOK EB,10
L3=BP
L4=WALK
L5=OBJR
L6=LOOK 61,E9
L7=BP
L8=STEP
OPTL1=00000001
OPTL2=01010101
OPTL3=01010001
OPTL4=00030000
OPTL5=00000000

[UPX 0.89.6]
L1=OBJR
L2=LOOK EB,0E
L3=BP
L4=WALK
L5=OBJR
L6=LOOK 61,E9
L7=BP
L8=STEP
OPTL1=00000001
OPTL2=01010101
OPTL3=01010001
OPTL4=00030000
OPTL5=00000000

[VBOX Std]
L1=LOOK FF,D0
L2=BP
L3=STEP
OPTL1=00000000
OPTL2=01010001
OPTL3=01010001
OPTL4=00030000
OPTL5=00000000

[VBOX Dialog]
L1=LOOK FF,D0
L2=BP
L3=BPR EAX
L4=OBJR
L5=LOOK FF,D0
L6=BP
L7=STEP
OPTL1=00000000
OPTL2=01010001
OPTL3=01010001
OPTL4=00030000
OPTL5=00000000

[VGCrypt 0.75]
L1=LOOK E9,E4,00,00,00
L2=JZ 4
L3=QUIT
L4=BP
L5=LOOK E8,4B,FF,FF,FF
L6=BP
L7=LOOK 00,FF,E3
L8=ADD 1
L9=BP
LA=STEP
OPTL1=00000000
OPTL2=01010001
OPTL3=01010001
OPTL4=00010000
OPTL5=00000000

[Wwpack32]
L1=LOOK 3E,32,65,00,45,E2,F9
L2=JN B
L3=ADD 7
L4=BP
L5=DEC 7
L6=REPL 80,F4,CC,80,F4,66,90
L7=MOVE FFFFFFF9
L8=LOOK E2,F9,EB
L9=ADD 2
LA=BP
LA=LOOK 5D,5B,E9
LB=JZ D
LC=QUIT
LD=BP
LE=STEP
OPTL1=00000000
OPTL2=01000001
OPTL3=01010001
OPTL4=00010000
OPTL5=00000000

[Wwpack32 I]
L1=LOOK 5D,5B,E9
L2=BP
L3=STEP
OPTL1=00000000
OPTL2=01000001
OPTL3=01010001
OPTL4=00010000
OPTL5=00000000

[Wwpack32 II]
L1=LOOK 3E,32,65,00,45,E2,F9
L2=ADD 7
L3=BP
L4=DEC 7
L5=REPL 80,F4,CC,80,F4,66,90
L6=MOVE FFFFFFF9
L7=LOOK E2,F9,EB
L8=ADD 2
L9=BP
LA=LOOK 5D,5B,E9
LB=BP
LC=STEP
OPTL1=00000000
OPTL2=01000001
OPTL3=01010001
OPTL4=00010000
OPTL5=00000000

[Aspack2000] 
L1=OBJR 
L2=LOOK 68,?,?,?,?,C3 
L3=JZ 5 
L4=QUIT 
L5=BP 
L6=STEP 
OPTL1=00000000 
OPTL2=01010001 
OPTL3=01010001 
OPTL4=00030000 
OPTL5=00000000


============ End of script.ini =============



Congratulation! You have my script.ini.

FINISH! Easy, or?

cu LW2000
Any comments? Mail me LW2000@gmx.net or go to http://www.LW2000.cjb.net
----
tKC, thx for your tutors!
I started with tutor 1 and i still read them... they are the best!