 [ PECRYPT32 ]

  PECRYPT32 is a Packer/Encrypter for (P)ortable (E)xecutable Files.
  With it you can encrypt and pack PE Files & PE Dynamic Link Libraries.
  Furthermore, anti-debugging and anti-unpacking routines provide a good
  way to prevent *lame* people from spying your code!

  PECRYPT32 (C) by random and killa and acpizer in 1997/1998.

  Foreword: I have never claimed that PECRYPT32 is uncrackable :)
            It is just another attempt to master a bugfree and compatible
            Win32 Packer / Encrypter / Protector!

  PECRYPT32 now uses the GREAT Compression / Decompression routines of :

  aPLib v0.10b  -  the smaller the better :)
  Copyright (c) 1998 by  Jibz  All Rights Reserved

 [ Table of Contents ]

  1 - PECRYPT32
  2 - Table of contents
  3 - Features
  4 - Future ideas & possible improvements
  5 - Option information
  6 - Limitations
  7 - Tips for protecting your stuff.
  8 - Help/suggestions/bugs etc.
  9 - Greetings


 [ Features of Pecrypt ]

  - Code, Data, Resource, Relocation, Import Encryption.
  - Code, Data, Resource, Relocation, Import Compression.
  - Enhanced Relocation Loader.
  - Anti-Debugging compatible with WINDOWS NT , WINDOWS 95 and WINDOWS 98.
  - Dynamic Link Library support (DLL files).
  - Routines against memory patches / loaders.
  - Anti-API-Breakpoint routines.
  - Detection of nude supermodels sitting in front of the monitor.
  - A (hopefully) working Import-Loader.
  - Anti-Unpacking procedures.
  - Lame Heuristic Virus File Check.

 [ Future Ideas/Improvements ]

  - Bugfixes.
  - More Anti-Debugging.

 [ Option Information ]


  []  Create Backup File (*.sav)
       --------------------------

        Generates a backup file of the Win32 Executable you want to encrypt.
        If an error occurs, the original will be restored.

  []  Virus Heuristic
       ---------------

        Adds some heuristic file checks to the Win32 Executable so that it is
        almost impossible for a virus to infect it without making the user
        aware of it.

        NOTE: If this option is enabled, it is not possible to apply any
              further Win32 Executable protectors (they would be detected
              as a possible virus)

  []  Resource Compression / Encryption / Ignoring
       --------------------------------------------

     - Compression

        Packs the Resource section of a Win32 Executable with LZW compression.
        Saves the ICONS and also supports VERSION_INFO resources.

     - Encryption

        Encrypts the Resource section of a Win32 Executable.
        Supports ICONS and VERSION_INFO resources.

     - Ignoring

        With this option enabled, PECRYPT32 ignores the Resource section.
        This option might be required, if PECRYPT32 fails encrypting your
        file or if some weird protector was unable to handle the ICONS
        correctly.

  []  Relocation Encryption 12Bit / 16Bit / Relocation Packing
       --------------------------------------------------------
     
      - Relocation Encryption 12bit/16bit
         This option encrypts the Relocations (Fix-up Table) of a Win32
         Executable File and also adds a Relocation-Loader.

      - Relocation Packing
         This option packs the Relocations (Fix-up Table) of a Win32
         Executable File with DELTA Packing and a LZW Routine.

  []  Anti-Debugging procedures
       -------------------------

        Adds Anti-Debugging procedures compatible with WINDOWS NT ,
        WINDOWS 95 and WINDOWS 98. Those are mainly routines to screw
        people who use the infamous Soft-ice debugger (C) Numega.

  []  Enable Hooking of API functions
       -------------------------------

        Used as a protection against run-time memory patches like in trainers.
        In the past, some people tried to bypass PECRYPT32 with a loader that
        patched your program's memory instead of unpacking the file and then
        patching it...therefore I decided to come up with some methods
        against such loaders.

        In case you want to additionally protect your Program with this
        option, PECRYPT32 displays a dialogbox showing all API functions your
        program uses. Select any API functions you want (max allowed: 500);
        in the encryption process PECRYPT32 will then add CRC Checking and
        some internal encryption to them.

      IN SHORT: API-Hooking checks the CRC of your Code section, and only if
                this checksum test is successful, your program will run
                correctly.


      NOTE: Don't select API functions that are executed often.
            Don't select API functions that are part of time critical
            routines.


 IMPORTANT NOTE: This option has problems with multithreading, try to avoid
                 the selection of apis which are used in the main process
                 and in the threads.

  []  Erase PE Header
       ---------------

        Tries to delete the header of your Win32 Executable File
        at run-time. 
       
      NOTE: This does not work in a Windows NT environment and on some
            compilers. Therefore, test your Program carefully!

  []  Disable TLS Support
       -------------------

        Disables the internal TLS Support of PECRYPT32.

      NOTE: Enable it only if your program does not run anymore after
            it is protected (one example is winword.exe).

  []  Import Hiding
       -------------

        Adds protection by confusing generic unpackers like PROCDUMP
        and GTR95.

      NOTE: Again, test your program carefully, because some files do not
            like this option!

  []  Anti Memory Patch
       -----------------

        Similar to API function Hooking, this option protects against
        run-time memory patches like trainers. Differently to API Hooking,
        this protection is thread-oriented.
        For maximum protection against runtime-memory-patches, enable
        both options, API function Hooking & Anti Memory Patch.

  []  Anti Breakpoints
       ----------------

        Designed as a protection against API BREAKPOINTS as you can set
        them in SOFTICE (again this sacred name, didn't I mention this
        wonderful tool before? :)). This option tries to disable BPX <api>
        and BPM <api>. Again, you can select the APIS you want to protect.
        A good example is: GetWindowTexta, GetDlgTextItem.....

      NOTE: If a breakpoint for your chosen APIS is detected, your program
            will hang itself on purpose.

 IMPORTANT NOTE: This option has problems with multithreading, try to 
                 avoid the selection of apis which are used in the 
                 main process and in the threads.

  []  CRC Warnings
       ------------

     - Display window on CRC error
        In case of a CRC failure and with this option selected, a messagebox
        will report the CRC error and afterwards tell your program to exit.

     - Hangup on CRC error
        In case of a CRC failure and with this option selected, it will
        fuckup/hangup your task.


 [ Limitations ]

  Files that cannot be protected with PECRYPT32:

  * Files containing overlays, e.g.
    - Winzip Self-Extractable Archives.
    - Shrinker-Packed Files.

  Internal Limitations:

   * Files with icons above 1MB in size.
   * Special Dynamic Link Libraries like MFC40.DLL (limitation only under NT).
   * Files that write in the exectuable.
   * Files that need overlays at a specific fileoffset.
   * The Api Hooking can handle up to 500 hooked Apis.
   * The Anti Breakpoint option can handle up to 500 hooked Apis.


 [Protection Notes/Option Notes  ]

   PECRYPT32 offers some Options against crackers, here I want to give 
   you some Notes and maybe ideas on how to use them better.
 
  
  Anti-Debugging procedures:
  --------------------------

   This option makes it a little bit harder to unpack the file, if you don't
   want your program easily be cracked then i suggest you to use it.

 Enable Hooking of API functions:
 --------------------------------

   This option should provide a protection against those runtime tsr patches.
   I suggest you to use it with some Apis which don't get called often.
   You could also generate a little DLL with some useless functions and call
   these functions at some parts in your prog, then you could select these Apis
   of your own DLL. That would make it a little bit more difficult to break.
   Use this option carefully, especially if your program uses multithreading.

 Import Hiding:
 -------------

   This option provides some protection against generic unpackers. But I'm
   sure that it will be bypassed in some time by PROCDUMP.

 Anti Breakpoints:
 ----------------

   This option should provide some protection against lame cracker who do
   not know how it works exactly. Every real cracker can bypass it without any
   problems. Use it carefully, especially if your program uses multithreading.

 [ Help/Suggestions/Bugs ]

  In case you encounter a file that cannot be protected with PECRYPT32 or
  that does not properly work after it is protected, please send a detailed
  bug report to: random__@hotmail.com

  Also, feel free to email me any suggestions or questions about PECRPYPT32;
  I might find the time to answer you.

  However, DO NOT send me any email concerning crap like "hey pecrypt
  sucks,", or "here is the unpacked pe-crypt.exe" because I simply
  do not care ;)

  Message to all protector coders out there :

   Take the challenge - start with WIN32!


 [ Greetings ]

  Some greetings in no fucking order :

  mezzo   - i know you have a new nick, but i still think this one is better ;)
 treach   - don't know what to write ;) you rule bla..bla..bla.laber.huepf.spring
riddler   - thanks for all your great help in developing this little program.
            I enjoy all those leet conversations we have ;)
 Iceman   - Hope to cya soon..and don't .... too much :)
  killa   - you did a great job in developing PECRYPT32 with me...
  G-ROM   - Before i deleted the real greets you had about 5 lines of stupid text
            but now i'm soooo lazy to write something inteligent ;)
            Thanks for all your help, thanks for bugfixing the gui many times
            and thanks for your nice ideas...PROCDUMP rocks.
  Stone   - Thanks for your great support and also thanks for the many nice
            protection ideas you had, i'm sure PROCDUMP will unpack PECRYPT32 soon.
Possible  - I'm sure one day you will be as great as killa and me :)
 Marquis  - You are doing a great job with your PELOCKnt stuff....
            and bla..bla..bla.. :)
 Miramax  - Continue your great trainer work....and don't idle too much mate ;)
  Hetero  - Your intros are nice..but you don't have any sk111lllzz ;)
  Wiesel  - You are a viech ;)
 Dimdood  - Comeback to the cracking scene.....btw i don't look like jabba the hut ;)
   Quine  - Continue your great cracking work...i'm sure we are going to meet soon
            in XXXXXXXXXX ;)
  DrRhui  - Continue your great work with CORE.
   Katie  - Continue your great great great great kewl work with CORE :))
   Devil  - We surely did a great work with our little cracking channel :)
Sharpish  - Thanks for your help in correcting my lame english and thnx for the
            webspace on cracking.net :)
   Drone  - You danes rock...not much to say..bored..bla..bla....
     Zip  - You rock..of coz not as me..but maybe one day....
  Sledge  - X-FORCE rocks.
Stingray  - Thanks for your help with the ibm accounts ;)
  Slimer  - You are the bot GOD :)
     Mrc  - Thanks for your help in our little channel...
 MRSAINT  - Thanks alot for the webspace...and X-FORCE rocks.
   Censo  - What's up you siteop without a Site? :))
   Sirax  - Continue your great cracking work for CORE!
    Pain  - Return to cracking instead of idling arround in the IRC. :)
  Vizion  - You rule, continue your kewl cracking work for CORE!
  JackyX  - Thanks for all the nice PECRYPT32 pictures you did, you really helped alot.
Radiators - Thanks alot for the nice support :)
    Ivan  - DSI is also a nice group, of coz not as great as CORE..but nice :))
ThePharao - Continue your kickass work for X-FORCE! ....
     Lgb  - Continue your great work for l33t CORE
     Jes  - Hope 2 meet you at the BBQ :)
FBorally  - Hope 2 meet you too at the BBQ...
   Sting  - You are doing a great work within DSI
Justarius - Thanks for reporting the hopefully last icon bug in this lame program :)
Alm_Deth  - You are doing a great great work within DSI too :)
 Netguru  - You rock of cozzzzzzz
  Phenox  - Comeback more often to the IRC....
 Foxfire  - We rock :)
    Mars  - Arf is nice trlalaaa.
  Mixter  - Stop spreading trojaners ;)
 acpizer  - I still don't know if you were the guy who wanted to sell the source
            I hope you weren't this lame motherfucker.. I you were it, i wish you
            nothing but just pain and nightymares the whole night long...otherwise
            good luck in the future....
Netwalker - Come into the irc more often :)
    Lomax - Continue your great cracking work and maybe one day you will be as l33t as me ;)
     Xcrk - Continue your nice work against SECUROM :)
     Vtec - Thanks for testing PECRYPT32...
     and all i have forgotten, sorry...this greetz were done in a hurry...

some greetings of killa:

Jovi: i wish you much luck with your 3422334 site projects :))
Possible: Maybe one day you'll become such a leet win32asm coder as me ;>
Lopu: Alta wird zeit das wir uns mal wieder treffen und so richtig die birne zudroehnen ;]
MadAlex: Thank you for your patience with me and your perfect work with core =)
Grom: Many thx for your help against the strangest, most unbelievable nt bugs :)
Stone: Nice unpacker, nice webpage, nice guy :)
Flite: Thx for your nice pictures :)



Special Greets to :

  PHATFACE - HE IS DA FATTEST NIGGA I HAVE EVER SEEN!!!!
KASPERWOLF - HE 0WNZ MY FAVOURITE BITCHESSSSSS.

Some Advertising :

Da KeWlEsT BB-Dial0r 4 l1nuX in t0wn: http://www.narc.fi/faciebox/index.html

 Greetings to the following groups.
   X-FORCE - UNION - CORE - DSI - REBELS - BACKLASH - RAZOR 1911 - CLASS

 Greetings to all my friends in.
  #core, #x-force, #dsi, #bs, #pheared, #rc

