History :


version 1.6 Ultra 2  [01-17-2000] - NT/NT2K fixup.

  CodeShot
  + Updated Task/Mod init code to run correctly under NT2K.        (01-13)
  + Fixed up an obvious bug that avoided to snapshot modules       (01-17)
    correctly ! Thanx to Elicz for spotting this (I was surely
    tired when i wrote this).

  Unpackers
  + Added Aspack 2000 support.				           (01-05)

  Documentations
  + Updated ProcDump user manual.                                  (01-17)
  + Updated Unpack.txt.						   (01-17)
  + Updated history.txt.                                           (01-17)

version 1.6 Ultra 0  [12-17-1999] - FINAL AND LAST VERSION.

  CodeShot 9x
 *+ Added a new dumper code with full memory range support         (09-20)
 *+ Updated dumper to support 95 OS.				   (09-26)

  Phoenix
  + Changed a bit the Rebuilder code... nothing u will see ;)      (09-16)
  + Added intelligent new import table stamper.                    (09-26)
  + Updated the import rebuilder code : no need anymore to run     (09-27)
    ProcDump32 from the target folder to have "perfect" Imports.
  + Enhanced Rebuild Import (Mode2) : Detect accurately old import (10-04)
    table if still present. No more using crappy heuristics ;).
  + Added a Zero fill in PE loader code... Solve some issues.      (10-04)
  + Fixed Merge Section code... Nobody noticed, hummmmm.	   (10-07)
  + Fixed bugs linked to new import table stamper.                 (10-18)
  + Fixed a stupid bug (a test !!) in forwarded API scanner.       (11-21)
    Thanx to bunter for spotting the pb :).
  + Enhanced Thunk scanner again... Reliability improved MUCH !!   (11-28)

  Shiva
  + Added Wildcard support in LOOK command			   (12-17)
    You can say big thanx to Groo for suggesting this :).
  + Added Un/Conditionnal jump commands				   (12-17)
  + Added Quit command due to above additions		           (12-17)

  Check Aspack 1.08.4 script for new command usage.
  BTW: Yes I know that a LOOK ?,C3 can be optinized to LOOK C3 :).

  PE Editor
  + Added & Modded AddSection Code to PE header from Lucifer48.    (10-04)

  Unpackers
  + Added PE Compact support                                       (09-18)
  + Checked PE-Diminisher - Use STANDARD unpacker.                 (09-18)
  + Added Petite 2.1 bhrama plugin (C) Kill33x                     (09-18)
  + Updated UPX script a bit, thanx To the Owl :).		   (11-13)
  + Added Unaspack 1.08.04 support.				   (xx-??)
  + Revamped some script...					   (12-17)

  GUI
  ! Fixed up some Dialogs to be 100% modal. Thanx to Muffin ;)     (10-04)

  Documentations
  + Added EndOfPd.txt explaining why it stops here.                (12-17)
  + Updated Unpack.txt.						   (09-18)
  + Updated Script.txt.						   (12-17)
  + Updated history.txt with a special care for dates format.      (12-17)
    Thanx to The Owl for this :)

* Ultra Only

version 1.5 build 0  [07-18-1999] - Public

  Bhrama
  + AutoFix PE is set by default.   			           (04-18)
  + Added C source code for client from CyndiG.		           (04-18)
  + Allowed Bhrama Name change on The Owl request ;).		   (07-13)
  + Auto detection of EIP style (RVA/VA) to help plugin writers.   (07-13)
    Hi Owl, Pedro, Zobel, & the others ;).
  + Added a new check box to override uploaded options.		   (07-16)
    Requested by The Owl :)

  Phoenix
  ! Fixed a copyright string ;).				   (04-05)
  + Enhanced Import Rebuilder - Name scanner enhanced.             (04-14)
  ! Added a data read checker in forward API scanner.		   (05-13)
  + Increased Attempts in Thunk Scanner                            (05-17)
  + Enhanced module detector.                                      (05-17)
  + Added a more efficient module scanner in Rebuild mode 1&2.     (06-16)
  + Revamped Import rebuilder for Mode 1&2			   (06-21)
    Thanx to Vtec & Beowulf for their massive testing ;).
  + Updated Header updater code to support some WATCOM PE	   (06-22)
    Thanx to Vtec [Laxity] for showing me those fucking PE !!
  + Fixed a lame crashing bug in Create New Import mode.           (06-27)
    Thanx to RiDDLER to spot me the bug ;)
  + Added unwrapping code when in Debug mode.			   (07-05)
    Change needed to support unVBOX42 from Zobel.

  Shiva
  + Now in case of PageFault, the Mem is saved to ur convenience.  (06-12)

  Unpackers
  + Added support for CodeSafe 3.X. Thanx to Ethan for his script! (04-07)
  + Added support for Neolite 2.0. Job made by Lorian		   (04-10)
  + Added support for Aspack 1.08. Job made by Lorian		   (04-10)
  + Added support for Aspack 1.08.02. Job made by Lorian           (04-18)
  + Added support for Petite 2.0.				   (04-25)
  + Modified WWPACK32 II to support 1.12 & above.                  (04-25)
    Hint for what to modify By beast.
  + Added Sentinel Unshell from SuperLuck [X-FoRCe]		   (04-05)
  + Added PKLiTE32 unpacker					   (05-24)
  + Added PETiTE 2.1 Preliminary "unpacker"			   (06-01)
  + Added PCShrink unpacker					   (06-14)
  + Added PCGuard 2.10 unpacker. Job made by Lorian		   (06-21)
  + Added Aspack 1.08.3 unpacker. Thanx to Alexander Kirillov	   (06-28)
  + Added Shrinker 3.4 FULL remover.				   (07-05)
  + Added unVBOX42 from Zobel [PC].                                (07-06)

  ProcDump
  + Added a new param in script.ini, can be usefull sometimes ;)   (05-03)
    Thanx to MrNop for pointing me out such "ADT" long time ago ;).
  + Fixed a small GUI bug in options dialog. Thanx To Beowulf ;).  (05-20)
  + Added even more features linked to new ini param.		   (07-01)
  + Randomized some names for some ProcDump mode.                  (07-04)

  Documentations
  + Updated a wanted text file.					   (07-17)
  + Updated ProcDump user manual.                                  (07-17)
  + Updated unpacker informations file.                            (07-17)
  + Updated Bhrama server documentation.                           (07-17)

version 1.4 build 0  [04-02-1999] - PUBLIC

  Shiva
  + Changed Internal Resume of Event.				   (02-28)

  Phoenix
  + Enhanced Import Rebuilder (DLL collision solved !)             (01-17)
  ! Fixed up that stupid ImageSize Increase ;).			   (01-21)
  + Added the possibility to force PE Header Restore.		   (03-20)
  + Forwarded API support added	(NT compliance is better ;)	   (03-20)

  Unpacker
  + Added SoftSentry unpacker 2.11                                 (01-22)
    Thanx to Duckling Duck for giving me uRL & his script for 2.1.
  + Updated Aspack unpacker (Thanx to Owl !!)			   (02-07)
  + Explained in unpack.txt how to nuke ISR2 "protection" scheme   (02-15)
    Awards 99 of the more stupid protection SCHEME.
  + Neolite/Hasiuk small update (header trick defeated).           (03-20)

  Bhrama Dumper Server
  + Initial Code Added (0.1)                                       (02-11)
    Another major evil thought from Stone and Added in ProcDump
    By G-RoM ;).
  + Enhanced server protocol (0.2)				   (02-14)
  + Client sample code is ready	by Stone/G-RoM			   (02-25)
  + External upload of options allowed & working ;).		   (03-09)
  + Enhanced server protocol (0.3)				   (03-09)
  + Added securom unwrapper plugin (C) Pedro [Laxity] 		   (03-20)
  + Updated securom unwrapper plugin (C) Pedro [Laxity] 	   (03-30)

  ProcDump
  ! Added a check for Support file (Thanx to Bunter).		   (02-08)

  Documentations
  + Added a wanted text file.					   (04-02)
  + Added a license agreement.					   (03-28)
  + Updated ProcDump user manual.                                  (04-02)
  + Updated unpacker informations file.                            (04-02)
  + Added "Bhrama server" documentation.                           (03-09)

version 1.3 build 0  [01-17-1999] - PUBLIC

  Process Monitor
  + Added Possibility to consult PE infos of a given Process       (12-23)
    Original Idea : NetWalker

  Phoenix
  ! Fixed a scan buffer routine when using Create new import.      (12-01)
  - Removed the use of Load/FreeLibrary.                           (11-30)
  + Added my own Code for loading/freeing library.                 (11-30)
  ! Fixed a bug in function name scanner.                          (12-02)
  ! Fixed a bug in GetProcOrd code (due to new LoadLibrary).       (12-08)
  + Added a new PE Optimizer code.				   (12-29)
  + Added a new method for banner stamping                         (12-29)
  + Added a Code Size Section optimizer.			   (12-29)
  ! Added an object virtual updater.... just in case ;)		   (12-31)
  + Added a message when Import table can't be handled		   (01-05)
  + Added a zero set in a certain location nobody cares really     (01-15)

  Shiva
  + Prepared VXD support.                                          (12-01)
  + Prepared External Helper support.                              (12-01)
  + Explicit error message when an error occured in script.	   (12-02)
  ! Ooppps, fixed the behaviour for Multilayer confirmation.       (12-07)
  + Added experimental Ring 0 Tracer (YEAHHHHH !!! ooopps sorry ;) (12-08)
    -> Trace WWPACK32 in a few SECs !!!
  + Added External Helper Support.                                 (12-08)
    -> Can do a specific task that can't be done with ProcDump or
       that will help unpacking process.
  + AutoConfiguration for well-known packers. Override is allowed. (12-10)
  ! Fixed NT fucking ContinueDebugEvent pb... Holly shit NT SUXX ! (12-21)
  + Added a routine for WIN9X to hide debugger to host ;)          (12-21)
    I had this idea since a while But I used bad method. Thanx to
    NetWalker for giving me the right one ;).
  + Enhanced PreDump security (There since 1.1.6, but ... ahem ;)  (12-21)
  + Changed the script error handler to be more explicit.	   (01-04)
  + External helper command line contains now path to INI file     (01-04)
    Requested by Pedro ;).
  + KMD tracer support added					   (01-13)
  + Changed first event handling				   (01-16)
  + Added BPC command                                              (01-16)
  + Added BPV command                                              (01-16)
  + Enhanced BPF command					   (01-16)

  Shiva II - WIN9x OS
  + Ring 0 preliminary tracer done by Stone.                       (12-08)
  ! Fixed Ring 0 tracer - Works fucking nice !!			   (01-04)
    Many many thanx to The Owl for the debugging !!!!!!
  + Added New Ring 0 dump criteria				   (01-06)
  + Added some code emulation					   (01-06)
  ! Fixed up the Segment shit                                      (01-10)

  Shiva II - WINNT OS
  + preliminary KMD tracer done by Lorian (thanx mate !!)	   (01-10)

  ProcDump
  + Changed the main code to use a randomized CLASS name ;)        (12-31)
    Many thanx to Fresh for infos and NetWalker for a NEAT code !!
  + Changed some code to allow Main title customizable ;)          (12-31)
  ! Fixed a lame dialog end loop routine 			   (01-13)
    (internal - You can't notice ;)
  ! Fixed internal Path handler (now Root is allowed ;)		   (01-16)

  Unpacker
  + SoftSentry is supported by unknown method (someone told me).   (12-06)
  + VGCrypt 0.6 is supported by unknown method with ignore faults. (12-07)
  + Added UPX unpacker (tested with 0.46)                          (01-02)
  + Updated NeoLite/Hasiuk unpacker (Neolite 1.04 fully supported) (01-02)
  + PE-PROT 0.9 is supported under W9X with R0 mode.		   (01-10)
  + PELOCKnt is traced under W9X with R0 mode 			   (01-10)
    (REAL support will come later !).
  + Added ASPACK unpacker					   (01-15)

  Documentation
  + Updated "How to Unpack" file				   (01-16)
  + Updated "Script reference" file				   (01-16)
  + Updated "ProcDump user manual" file				   (01-14)

version 1.2 build 0  [11-29-1998] - PUBLIC

  Phoenix
  + Added an header optimizer code to avoid some non paged area.   (11-25)
  + Enhanced a bit the code style ;).                              (11-25)
  + Enhanced Import Table rebuilder criterea			   (11-29)

  Shiva
  + Added WALK command.                                            (11-28)
  + Added EIP command.                                             (11-28)

  Unpackers
  + Added Petite second version support.                           (11-29)

  PE Header editor
  + Added the possibilty to save a section to disk.		   (11-29)
  + Added the possibilty to load a section from disk.		   (11-29)

  ProcDump
  + Changed some resources ordering.                               (11-29)

  Documentation
  + Added comments about check header sections		           (11-29)
  + Updated "How to Unpack" file				   (11-29)
  + Updated "Script reference" file				   (11-29)

version 1.1 build 6  [11-03-1998] - PUBLIC

  ProcDump
  + Changed some resources ordering.                               (10-18)
  + Fixed the syslist column resizing pb			   (10-27)

  CodeShot
  + Enhanced dump security.					   (10-31)

  Shiva
  + Added Ignore of faults (Stone found how to do it!)   	   (11-03)
  - Removed breakpoint hit (Ignore faults does the same & more)    (11-03)
  + Enhanced Dump security after unpack.			   (11-03)

  Unpacker
  + 100% support of VBOX any version & build			   (11-03)
  + TimeLock 3.x support. Same as VBOX ;)			   (11-03)
  + Shrinker 3.2 supported [Ignore faults required !]              (11-03)
  + May be some others... Ignore faults rulez ;)   		   (11-03)
  + PE-Pack support....                                            (11-03)

  Documentation
  + Comments about Ignore Faults                                   (11-03)
  + Unpack file updated						   (11-03)

version 1.1 build 5  [10-17-1998] - PUBLIC

  Documentation
  ! Fixed a small mistake.                                         (10-17)
  + Changed File_ID.DIZ so that some SITEOPs can't use BUILD 	   (10-17)
    NUKE reason (some are really stupid !!!). Pffff.. They are too
    lazy to do a real DUPE check.

  ProcDump
  + Added some check about windows centering.                      (10-17)
  + Added some screen refresh.   				   (10-18)

  CodeShot
  + Module Dumper reactivated ;).				   (10-17)
  + Module Partial Dumper added.				   (10-17)

version 1.1 build 4  [10-11-1998] - PUBLIC

  Phoenix
  + Enhanced IAT detector criterea				   (10-11)

  Shiva
  + On error while reading process memory in final step, Display   (10-11)
    the original EIP we fetched and Error Code.

  Unpacker
  + VBOX problem analyzed. Seems the wrapper is tricky : It tries  (10-11)
    to use Int 3 backdoor to detect SoftICE. Seems to coz a part of
    the code layer (including EIP code start) to not be decrypted
    while tracing code to get Original EIP & Clean Data section.
  => Make a dump and stamp the crypted part... Suxxxx but Works ;).

version 1.1 build 3  [10-06-1998]

  Shiva
  + Added OBJR command						   (10-06)
  + Added BPREG command						   (10-06)
  - Removed range checking option (useless)			   (10-06)
  + Added Breakpoint Hit checking option.			   (10-06)

  Unpacker
  ! Modified VBOX script					   (10-06)
    But still doesn't work with dialog VBOX.

version 1.1 build 2  [10-04-1998]

  PE header editor
  + Now you can choose between Header only and File modifications. (10-04)

  Phoenix
  ! Changed internal module snapshot.                              (10-03)
  ! Fixed a small bug in DLL detector.                             (10-04)
  + New rebuilder code works.                                      (10-02)
  + Create a brand new import section for trashed PE.              (10-02)

  Unpackers
  + Added FAST support for VBOX appz.                              (09-28)
    I will look for TimeLock fast support soon.
  + Added WWPACK32 universal remover [Type I & II].                (09-22)

version 1.1 build 1  [09-21-1998]

  Team - ProcDump Coders
  + Added Riz La+ in interface coding section

  PE Header editor
  + Added a PE infos editor.					   (09-11)
  + Added a Directory editor.                                      (09-11)
  + Added a section editor.                                        (09-11)

  CodeShot - Task/module handler Translated in ASM32. 		   (05-19)
  + Added a snapshot descriptor free				   (07-23)
  + Cleaned up the code         				   (08-18)
  + Raw/Partial dump						   (09-12)
  + Auto Refresh on task kill					   (09-21)
  > ProcList external tool is 100% asm.

  Phoenix - PE Rebuilder Code converted in ASM32.          	   (05-24)
  + Added the possibility of using actual import dir infos.        (06-18)
  + Added a global most secure error handling.  		   (06-18)
  + Added a valid header check (for already Working PE file).      (06-25)
  + Added a PE Structure compactor.     			   (06-25)
  + Added a new Signature stamper.      			   (06-25)
  + Added a PE loader, now any PE file should load ! not only the  (06-28)
    memory dump you should have done.
  + Added a Merge Section Code.					   (07-10)
  + Added a new IAT table Start & Size detector.		   (07-16)
  + Added an "intelligent" dummy thunk skipper.			   (07-29)
  + Added an Import DLL directory builder.      		   (07-16)
  + Added a Reloc check & fix in MZ header for IDA STUPID LOADER.  (08-03)
  + Enhanced the PE/RAW file detector.				   (08-03)
  + TLS section autoskip					   (08-21)
  + Enhanced the PE loader [virtual/physical size auto choice]     (08-23)
  + Fixed a small bug in PE Loader code				   (09-19)
  + Fixed a bug in Section RVA detector				   (09-19)
  + Enhanced the import table rebuilder (Name completion)          (09-19)
  > MakePE external tool done for GTR95 project.

  Shiva - Script & Trace engine translated in ASM32.              (06-14)
  + Skip of Script errors (Secured System).     		   (06-14)
  + Code Tracer Works                                              (07-31)
  + More Debug Output						   (09-12)
  + External Predump reenabled.					   (09-19)
    You can even supply the Target file to rip import infos ;).
  > UnpackPE 1.02 is 100% working, and better than ProcDump B2R3   (08-28)

  ProcDump - Interface Translated in ASM32. 			   (09-07)
  + Syslist fill.                                                  (09-12)
  + Syslist module auto refresh on click                           (09-16)
  + Graying Cancel button when Unpack is canceled		   (09-17)
  + Auto Center for File dialog enhanced			   (09-21)

  Reorganized internal data structures.			   (06-08)

  Unpackers
   + Added Universal support for WWPACK32 x.xx including 1.11.     (09-18)
   + Added special support for WWPACK32 1.10 release.              (09-18)
   + Neolite support tested on 1.01. Still work ;)		   (09-18)


 OLD Generation - Delphi + Inline ASM code - No more really updated.

version 1.0 Beta 2r3[xx-xx-1998] (quick update).

  NT4 compliant again - r2 wasn't :( 				   (08-23)
  Added CleanUp for SnapShot (internal code)			   (08-23)
  Fixed a small script parser bug.				   (08-23)
  Changed a command name : SUB -> DEC                             (07-01)
  Added a TLS section autoskip					   (08-21)
  Added support for Petite x.xx				   (08-18)
  Added support for NeoLite 0.xx				   (08-18)
  Added support for Manolo 					   (07-01)
  Added support for HASIUK Packed file (activision use it).	   (06-18)
  Added support for Securom "protected file" (Sony dreams ;).     (06-18)
  Securom support works too with Louis Cryptor ;) Hiho bunter ;)  (06-18)
  Added a new option for import table rebuild.			   (06-18)
  Enhanced Tracer dump criterea.				   (06-18)

version 1.0 Beta 1  [05-26-1998] - Public

  Added Script Tracer (95%).					   (04-23)
  Finished the script tracer ;)                                   (05-05)
   Check script.[ini|txt] for details.
  Added support for PESHiELD due to script tracer ;)		   (05-05)
  Added NT<5.0 support (not exactly the same as 95,98&NT5)        (05-07)
  Added some unpacking options for experts.	         	   (05-07)
  Added an option manager (option button). [for expert !]	   (05-03)
   Actually it means me ;) U should never change advanced options !
  Added IAT recomputer and Improved Import Scanner                (05-24)
  Changed the way of unpacking (trace & fast). More convenient.   (04-28)
   check doc about trace & fast unpacking.
  Changed About box activation - by click on Logo now.   	   (05-03)
  Disabled the maximize button (thanx Nop ;)			   (05-04)
  Disabled all button for all dialogbox.			   (05-16)
  Started the anti SEH things.					   (04-30)
  Optimized some functions calls and code.			   (05-21)
  Fixed a little bug in import rebuilder.      		   (05-22)
  Fixed an index in name scanner (OOOooooppps !!!)		   (05-26)
  Fixed the Process Termination after trace/unpacking.		   (05-07)
  Fixed the Process Kill Command (now we wait full death)  	   (05-07)
  Fixed Process Display after a KILL				   (05-20)
  Fixed a Code Fault that may have occurred (never got it anyway) (05-07)
  Fixed the temporary dump delete if unpack failed		   (05-16)
  Fixed in module view a cosmetic bug				   (05-20)
  Fixed the Write error pb when Trace was canceled		   (05-20)
  Fixed the kill message (app name was missing)		   (05-20)
  Cleaned up resource file					   (05-26)
  Updated the whole documentation due to many changes.  	   (05-05)
  Updated the script documentation. Someone Asked me ;)           (04-27)

version 1.0 Alpha 9 [04-20-1998] - Public (04-23).

  Added some sanity check about non PE header.                    (04-10)
  Added Module lister for a given process.                        (04-12)
  Added Module Dumper.                                            (04-12)
  Added Header Full rebuilder when destroyed.                     (04-13)
  Added Fast unpacker for a few packers.                          (04-15)
  Import Rebuilder 100% working [many things fixed]               (04-20)
   Rebuild ordinal for crashed import table at runtime.
  On successfull unpack, display EIP before Jump.                 (04-15)
  Some cosmetic changes.			                   (04-13)
  Source code cleaned up a little.                                (04-13)
   I know, I know : u don't care ;)
  Optimized a little the code size.                               (04-12)
  Helped a little the garbage collector...ooopps ;)               (04-20)
  Updated the documentations			                   (04-20)

version 1.0 Alpha 8 [04-06-1998] - Public

  "Public" version ;) For those who knows how/why to use this.
  Changed a bit the object size updater.
  On failure, Display EIP we where.
  Terminate correctly in all cases now (Trace)... except if Win crash ;)
  Exe Size reduced.
  New GFX added ;)

version 1.0 Alpha 7 [03-27-1998]

  Changed the debug tracing interception mode.
  Eip no more destroyed in dump & reload mode.
  First version WITH a working PE unpacker !!
  Fixed a little bug in import rebuilder.
  Removed "always on top" feature... was annoying.

version 1.0 Alpha 6v[03-26-1998]

  Visual Progression of the tracer so that u can know if we are killed or
   not.
  Some others minor things.

version 1.0 Alpha 6 [03-24-1998]

  Tracer Code fixed and more secure - no more Reboot32 code ;).
  Traps for ACCESS_VIOLATION
  Traps when Process is out of itself !!

version 1.0 Alpha 5 [03-23-1998]

  Tracer Code added [TO DEBUG] !!Don't use if u don't know what u do!!
   Means : Only if u are called Stone or G-RoM ;).
   Actually it is nearly a Reboot32 Code ;).

version 1.0 Alpha 4 [03-20-1998]

  DLL export analyzer enhanced.
   -> ordinal export supported in import rebuilder [Ex: kernel32.1 allowed].
  Memory leak fixed.
  Load External option fixed (ahem....forgot a boolean test !).
  Mangled import function restore. See Special Section.

version 1.0 Alpha 3 [03-19-1998]

  DLL name autorestore.
  IAT special entry pb solved.

version 1.0 Alpha 2 [03-18-1998]

  New import section detector (generic).
  Header rebuild 100% okay now [bss always 0 !]
  Some checks were added just in case.

version 1.0 Alpha   [03-13-1998]

  Import loader now rebuild a valid import table, import by Name is always
   tried before by ordinals.

version prealpha    [03-08-1998]

  External Buffer conversion added.

version 0           [03-03-1998]

  Interface done
  Translated my win32 asm prototype in inline asm under delphi.
  File dump at exact size works now.
