|
BitShape PE Crypt is a is a powerful polymorphic Win32 applications protector.
Features
Polymorphic encryption
Each file is en-/decrypted in a different way. Additionally the generated decryption routines contain ~50% junk code to make reversing a bit more difficult.
SoftIce autodetection
If the Softice will be detected then the protected exe will refuse to run.
Anti Debug API (fix > v1.3)
Protected files will refuse to run if it is debugged by the Debug API's ("WaitForDebugEvent" and "ContinueDebugEvent").
Erase PE Header
In testing progress.
Anti Dumping
This will prevent lame dump engines like the ones of Procdump and PEditor (based on ReadProcessMemory) from dumping the whole process memory of the protected exe. PE Crypt uses the same method as PEShield to prevent a full dump. Much thanks goes to ANAKiN for releasing the source of it.
CRC checking
With this option enabled the loader will calculate a CRC for the encrypted file which will b compared with the original one. If the protected file has been modified then the exe will refuse to run.
Import Table encryption/destruction (+ relocation > v1.3)
With this option enabled there won't b any Dll/Api names left in the file memory after startup. (All ImageImportDescripters are alread on disk not present.)
API Redirection (+ add Win9x/NT specific > v1.4)
This will place the Api address in some allocated memory and not in the Import Table.
|
