CrackStop 1.01

Crackstp.zip 60k 
------------------------------------------
CS þ Ver 1.01 þ 16-November-97 þ Protector
CrackStop - .EXE security envelope that
resists all available tracers/unpackers
Yet unhackable? Included in this package:
COM2EXE converter, Relocation table packer
------------------------------------------

In cs.doc, you can find:
      CrackStop is the only protector I know,   which cannot be unpacked
      by all the tools that are spreaded trough the Internet.  CrackStop
      resists even the very best tracer:  GTR, which is now a product of
      the United Cracking Force. Needless to say,  that CrackStop cannot
      be removed by CUP386 or TR by Liu Taotao.
                              ----------------
TR cannot crack CrackStop only because CrackStop is new.
Certainly new TR will crack it:


		How to Crack!

1. When I use TR 1.95 trace it, my PC hung! It took me twenty minutes
   before I find whats wrong. In CrackStop,
    SUB       DI,17          ;di=12b1
    MOV       AL,83                    ;2B46:0754  B083            
    XOR       AL,22          ;al=a1 
    CMP       [DI],AL        ;First Check: 12b1
    NOP                                ;2B46:075A  EB010F          
    JNE       0787                     ;2B46:075D  7528            
    INC       AL                       ;2B46:075F  FEC0            
    INC       DI                       ;2B46:0761  47              
    INC       AL                       ;2B46:0762  FEC0            
    CMP       [DI+0002],AL   ;Second Check: 12b4
    NOP                                ;2B46:0767  EB010F          
    JNE       0787                     ;2B46:076A  751B            
    DEC       DI                       ;2B46:076C  4F              
    CMP       [DI+0006],AL   ;Third Check: 12b7         
    NOP                                ;2B46:0770  EB01B8          
    JNE       0787                     ;2B46:0773  7512            
    DEC       DI                       ;2B46:0775  4F              
    CMP       [DI+000A],AL   ;Fourth Check 12ba          
    NOP                                ;2B46:0779  EB01B8          
    JNE       0787                     ;2B46:077C  7509            
    XOR       AX,AX                    ;2B46:077E  33C0            
    PUSH      AX                       ;2B46:0780  50              
    POP       DS                       ;2B46:0781  1F              
    MOV       ES,AX                    ;2B46:0782  8EC0            
    MOV       SS,AX                    ;2B46:0784  8ED0            
    RETF                     ;DeaD !!!

This is check if CS is traced in TR. It checks if parent PSP's
offset 12b1 is a1, and 12b4 is a3, and 12b7 is a3, and 12ba is a3.
If all these are true, it is sure TR is here!

I swap two precedure's position in TR 1.96 to aviod this check....

This is not technology! Please, Stefan Esser, please do not anti TR
in this way! There so many bugs in TR, and CPU is so complicated,
how could I know all these! Everytime you want to make new version of
CS, you are easy to find a TR bug and do it.

2. CrackStop 1.01 did do sth help me.
	mov ah,7a
	sahf
	lahf
   After this, AH should be 52h or sth else, but it will not be 7ah.
   Old TR makes a mistake here. Now its fixed.

3. After this, and some other bugs fixed, we have TR v1.96. Lets unpack
   CrackStop here:

	TR cs.exe
		getexe 2	;means get out of 2 shells
	mkexe

   This will make file 'mem.exe' which is out of 2 shells. I think this
   is the real cs.exe.

   Maybe you will ask me, Why I cannot find CS's message in mem.exe?
   you can continue if you like,

	TR mem.exe
		exe1
		reload
		g 1e0e
		wexe1
		exe2
		reload
		g 1e0e
		wexe2
		q
	mkexe

   Everything is OK!

4. To unpack EXE files protected by CrackStop 1.01, usually only one
   GETKNL will work,

	TR youfile.exe
		getknl
	mkexe