-
Notifications
You must be signed in to change notification settings - Fork 8
/
Copy pathDUMPEXE.TXT
1000 lines (844 loc) · 45.1 KB
/
DUMPEXE.TXT
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
ÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜÜ
Û Û
Û <*> DumpExe version 2.5 <*> Û
Û Û
Û by ÜÄÜ Ü ÜÄÜ ÜÄÜ ÜÄÜ ÜÄÜ Ü ÜÄÜ ÜÄÜ Û
Û Û Û ÛÄÜ ßÄÜ ÛÄ ßÄÜ ßÄÜ Ü Û Û Û Û Û
Û Û Û Û Û Ü Û Û Ü Û Ü Û Û Û Û Û Û Û
Û ßßß ßßß ßßß ßßß ßßß ßßß ß ßßß ß ß 1998 Û
Û Û
ÛÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÛ
Û Handle Real name Age Profession E-Mail address Group activity Û
ÛÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÛ
Û Bugsy Benjamin Petersen 25 Programmer [email protected] Coder, organizer Û
Û Hendrix Patrick Enoch 22 Study Math [email protected] Coder, unpackers Û
Û Spawn Michael Skovslund 24 Programmer [email protected] Coder, gfx Û
Û Icicle Henrik Eiriksson 25 Study IFA [email protected] Music, art Û
ÛÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÛ
Û Û
Û PLEASE CHECK OUT OUR INTERNET HOMEPAGE AT : home.t-online.de/home/enoch Û
Û Û
ßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßßß
INDEX
History (New information, please take a look)
Introduction
Disclaimer
Keyboard layout
Program documentation
Configuration
SoftICE user notice (New information, please take a look)
GameTools user notice
EatMem utility
How to unpack an exefile
How to get in touch with us (New information, please take a look)
Distribution sites
Greetings (New information, please take a look)
þ History
Version Release Note
1.0 Never released to the public, only for our beta-testers (Darkman)
1.1 First public release
1.2 Now with SoftICE debugger support. Activate via INT FCh
2.0 Autodump from TD, S-ICE and GAMETOOLS. Detects a lot of things.
Uses UMB. Added Total Memory Dump feature, Show User Screen. Now it
swaps dos-stack so DumpExe can be activated at any time (re-entrant)
2.1 Fixed a bug in dos version check. (Damn)
2.2 Added support for overlay as requested by Jos‚ Navarro Mart¡nez
Fixed minor bugs in DumpExe. Added mail registration form
Added a utility called EATMEM that allocates 4 KB from within DOS.
Removed the WORD version of this doc file (Did anybody use it ?).
2.3 Added a configuration file. Added "Fastmode" in file 2.
Now you can choose between a rasterbar and a textmode bar.
Added the auto-fill from SoftICE as promised in v2.0, phew.
The PSP validation function have now 3 ways to demind if PSP
is valid. Added userdefined SoftICE/DumpExe interrupt. Now the
user can change the stacksize that DumpExe uses. Changed some
colors. Added a function that alows the user to specifye SoftICE
backdoor values. Added support for Turbo Debugger 4.x and 5.0.
SoftICE is now, by default, activated via INT 4C
2.5 DumpExe under SoftICE is now, by default, activated via INT 32.
Fixed a bug in MakeExe that caused it to be ONE relocation short.
Added an API interface to DumpExe, so you can make unpackers
yourself without to much trouble. Added an unpacker (UNPACKER.EXE)
and the source code for it to show how DumpExe API works. It can
unpack PKLite'ed files. Added suport for SoftICE version 3, under
windows 95
2.5 Now with Pentium safe code with Borland patch for runtime error 200
þ Introduction
This program is able to unpack ANY packed exefile. Many other programs,
such as cup, up, tron, unp and vgacbust give you the same ability. But those
programs can only expand/unpack files packed with known exepackers. By
using the OBSESSiON DumpExe toolpack, you can unpack any of those exefiles
that the above utilities give up on. Of course this can't be done by inserting
a quarter (kr.) into the crypt-o-mate. We have to do a little more than this.
This is where you, the OBSESSiON DumpExe toolpack, and your debugger come
into the picture.
All you have to do is this :
Load the exeprogram into your favourite debugger (eg. TD, S-ice, GameTools)
Debug the program until first original (unpacked) instruction
Dump the code/data, using the DumpExe program, via the FILE 1 option
Terminate the loaded program
Allocate a 4 Kb memory block via the DumpExe program (or use EATMEM.EXE)
Reload the program, and ensure that the entry point is different
Debug the program until first original (unpacked) instruction
Dump the code/data, using the DumpExe program, via the FILE 2 option
Terminate the loaded program
Deallocate the 4 Kb memory block via the DumpExe program (or use EATMEM.EXE)
Run MAKEEXE with the needed parameters.
Example : MAKEEXE.EXE ORIGINAL.EXE NEWFILE.EXE
And 'puf', your done.
To technically understand how this can be done, please refer to selection :
"How to unpack an exefile".
If this sounds easy, exit your doc reader now, if not, keep on reading. 8-)
þ Disclaimer
This software has been tested and found to work properly. OBSESSiON have no
responsbility whatsoever for any damages caused by use, or misuse of this
software.
IF YOU DISAGREE WITH ANY OF THOSE TERMS, PLEASE REMOVE THIS SOFTWARE NOW.
If you, after a 24 hour test period, still wish to continue using this
software, you NEED to send us a postcard with your name and address or
register at our homepage at HTTP://home.t-online.de/home/enoch. The reason is
that it's the ONLY way I can explain to my wife why I have invested MORE than
300 hours developing this software. This is the only way I can see that
someone is really using this software. If I don't receive anything by mail,
I won't update the program any more.
This means :
IF NOT (ReceivedAnyPostCardOrEMail) THEN
HALT (Programmer)
ELSE
ReleaseNextVersion
þ Keyboard layout
Left shift + right shift : Activate the resident part of DumpExe
TAB : Jump to next menu block
Shift TAB : Jump to previous menu block
Arrow up/down : Next/previous menu selection/block
Arrow left/right : Next/previous digit or menu block
ESC : Terminate DumpExe or return to previous state
Enter : Confirm selection/input
þ Program documentation
Install DumpExe into memory by starting the file DumpExe.EXE. The program
will now go resident (TSR) in memory. This means that it can be envoked at
any time and within any dos program (such as a debugger).If UMB is available,
the 'DOS stack' and 'Screen swap data' will be placed here. To activate
DumpExe, please press <LEFT SHIFT> and <RIGHT SHIFT> at the same time (also
called the hotkey). A menu like the one shown below, should appear. To return
to interrupted program, press <ESC>.
NOTICE : In versions 1.2 you couldn't start DumpExe by pressing the
hotkey within the dos command line (InDOS). This has now been
fixed by using the technique called 'DOS stack switching'.
FIG 1. The main picture of DumpExe
ÚÄÄÄÄÄÄ DumpExe v2.5 CARDWARE 1998 by BUGSY/OBSESSiON ÄÄ[1]Ä¿
³ Dos, ò80386, V86 mode, Turbo Debugger [2] ³
³ÄÄÄÄÄÄÄÄÄ First file ÄÄÄÄ[3]ÄÂÄÄÄÄÄÄÄÄÄ Second file ÄÄÄ[4]ij
³ CS : 0000 ³ CS : 0000 ³
³ IP : 0000 ³ IP : 0000 ³
³ SS : 0000 ³ SS : 0000 ³
³ SP : 0000 ³ SP : 0000 ³
³ PSP : 0000 ³ PSP : 0000 ³
³ Size : 00000 (0) ³ Size : 00000 (0) ³
³ Name : #NoName#.1 ³ Name : #NoName#.2 ³
³ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[5]ÄÅÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[6]ij
³ Dump exe-code ³ Dump exe-code ³
³ Autodetect name ³ Autodetect name ³
³ Autodetect size ³ Autodetect size ³
³ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[7]ÄÅÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[8]ij
³ Configuration ³ User screen ³
³ Memory snapshot ³ Allocate 4Kb ³
³ Reset menu ³ Auto config file 2 ³
³ Uninstall ³ Fill from debugger ³
³ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÁÄ Free 99 kb, Slack 0 kb [9]ij
³ [10] ³
ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ Hotkey : (U)ser screen ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ
Overview
[1] Copyright text.
[2] Information on the operating system and found debuggers.
[3] Data for first memory dump, set by the user.
[4] -"- for second memory dump.
[5] Menu concerning first memory dump.
[6] -"- for second memory dump.
[7] General purpose menu, concerning global use of DumpExe.
[8] Utility menu with functions, helps you get the job done faster.
[9] Information about the current memory status.
[10] Shows status messages from DumpExe and serves as an input prompt.
Explenation
[1] Copyright text.
Tells who made this brilliant program.
[2] Information on the operating system and found debuggers.
Shows if current session is a DOS, WINDOWS or OS/2 session.
Also shows which debuggers have been found active at the present
moment.
Can show a mixture of the following text strings :
[8086, 80286, ò80386],
[Real mode, V86 mode],
[Dos, Win Std, Win Enh, OS/2],
[No debugger, Turbo Debugger, SoftICE, GameTools]
Example : Dos, ò80386, Real mode, SoftICE, GameTools
As you can see, it is possible to have more than one debugger loaded
at the same time. This can be usefull when combining Turbo Debugger
and GameTools.
[3] Data for first memory dump, set by the user.
This subwindow is used to enter information about the program you
want to unpack. You have to fill out ALL fields to get a working
copy of the unpacked program.
CS : Current code segment
IP : Current instruction pointer
SS : Current stack segment
SP : Current stack pointer
PSP : Current program prefix segment, usually the same as ES
Size : Size of program in bytes
Name : Name of dump file
To change a value, move the selector to the decided item and press
<ENTER>. Enter the new value and press <ENTER> again.
REMARK : All numbers are shown and entered in hexadecimal values.
The filename can not be entered manuelly.
[4] -"- for second memory dump. ([3])
[5] Menu concerning first memory dump.
It is used for dumping the code/data block entered in [3] or [4].
Menu items available are :
Dump exe-code : Select this one to dump selected code/data block.
Autodetect name : Let DumpExe autodetect the name of the program
its processing, and use it as the dump filename.
Autodetect size : Let DumpExe autodetect the size of the code/data
block. There are two ways to autodetect this
size. It can be done by Stack or by PSP. The
most common way is 'By Stack', because this
usually gives a smaller, and more accurate image
of the original unpacked exefile.
[6] -"- for second memory dump. ([5])
[7] General purpose menu, concerning the global use of DumpExe.
Menu items available are :
Configuration : Use it to configure how DumpExe reacts in
different situations. See "Configuration"
Memory snapshot : Takes a snapshot of the first megabyte of memory,
and puts it in a file in the current directory;
called SNAPSHOT.MEM. Use it for whatever you may
like.
Reset menu : Sets all items to their initial value. Use it if
something, somehow goes bananas.
Uninstall : Removes the DumpExe software from the memory.
Use it if you want to remove the DumpExe from
memory.
[8] Utility menu with functions that helps you get the job done faster.
Menu items available are :
User screen : Shows the screen as it was before DumpExe was
started. Use this function instead of pressing
<ESC> and then the hotkey. This function can
also be called by pressing <U> while in view
mode.
(De)Allocate 4Kb : Used to allocate/deallocate a block of 0100h
paragraphs (4 Kb). This should be done after
the first dump and termination, and before you
reload the program. Please take a look at the
tutorial later in this document.
NOTICE : This function can ONLY be used within
Turbo Debugger and GameTools. So if
you are using SoftICE, please use
the utility called EATMEM.EXE instead.
Auto-Config : Adds 0101h to all segment registers in [2] and
store them in [3]. It is useful after
preparing for second dump. This works only on
9 out 10 packed files. Please notice that CS
in [3] matches the one shown by the debugger.
If not, enter all values manually. You only
have to use this function if
"Fill from debugger" fails.
Fill from debugger : Read the register shown by the debugger and
automatically place the values into first or
second dumpfile. This is a VERY useful
function, since it gives you the ability to
unpack the exefile FAST.
[9] Information about the current memory status.
Free : Amount of free basememory, in Kb.
Slack : Number of memory fragments in Kb, after allocating 4 Kb.
[10] Status messages from DumpExe and input prompt.
This line serves as an error message and input scratch.
Here are some of the error messages that can appear :
No size given.
You have to enter how much memory the program needs to dump.
No memory allocated.
You are trying to auto-config file 2, and you haven't used
"allocate 4KB". You must manually enter the data required to dump
Can't auto-config file 2, sorry.
You have to manually, enter the data required to dump a program.
Or you could use the function : "Fill from debugger"
The PSP-segment is not valid.
You are using a function that requires a valid PSP segment,
entered in [3] or [4].
The PSP-segment for file 1 is not valid.
See the above.
Can't find name.
DumpExe is not able to find the name of the program you want
to dump. The program is using a standard name instead.
Can't uninstall, vector hooked by another program.
You have loaded another program after DumpExe. Unfortunately the
two programs have both hooked onto the same interrupt. Unload the
other program first and try again.
Can't allocate necessary memory.
Boot your machine with fewer drivers, and try again. If this
doesn't help, you are f.....
Out of stack.
Your memory is fragmented too much. By default DumpExe has a 4 Kb
stack and in this case it doesn't seem to be enough. Make it bigger
in the config
Can't release memory.
This error is most likely caused by the program you are about to
dump, or the stack of this program has been destroyed. Dump the
code and boot your PC. (the dumpfile should be okay, I hope...)
Can't make file.
Oops, a disk error. Check your harddisk with "chkdsk /f" or
"scandisk"
Can't write file, disk full ?.
Free some disk space, and try again.
Can't deallocate memory.
The MCB (memory control block) has been destroyed. Dump the code
and don't think more about it. (again, the dumpfile should be okay,
I hope...)
þ Configuration
Below is a picture of the configuration menu :
ÚÄÄÄÄÄÄ DumpExe Configuration ÄÄ[1]Ä¿
³ Rasterbar : AUTO ³
³ Fast mode : ON ³
³ PSP validation level : MEDIUM ³
³ SoftICE SI value : 4647h ³
³ SoftICE DI value : 4A4Dh ³
³ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[2]ij
³ Activate via interrupt : 32h ³
³ DumpExe stack size : 1000h ³
³ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[3]ij
³ Reset to default values ³
³ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ[4]ij
³ ³
ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ
With this menu you can control how DumpExe reacts in different situations.
When you change a value, it will be saved to the binary file DumpExe.CFG.
If you change values in [1] it will affect the behavior of DumpExe instantly,
and if you change the values in [2], you have to reload DumpExe in order to
let them affect DumpExe.
Overview
[1] User parameters
[2] System parameters
[3] Reset the configuration to default values.
[4] Shows status messages from DumpExe.
Explenation
[1] User parameters
Menu items available are :
Rasterbar : When you activate this selection,
you switch between a rasterbar, and a
textmodebar. The difference between them
are that rasterbar looks nice, but are
slow and uses alot of processor time.
Textmodebar look ugly, but are fast and
uses almost no processor time. You can
cycle between OFF/ON/AUTO. In automode
DumpExe will determine if it should use
a raster- or textmodebar. It chooses
rasterbar in dos mode and textmodebar
while running under windows.
Fast mode : Fast mode is for people in a hurry. The
registeres in File 2 follows File 1. Well
at least IP, SP, size and name does. When
you enter the PSP in File 2, DumpExe will
calculate the rest of the values for you.
"Fast mode" can be set to ON or OFF. If
you choose OFF mode, DumpExe reacts like
it did in previous versions, and you have
to enter all informations by yourself (or
use the "Fill from debugger" selection).
PSP validation level : When DumpExe is detecting the name or the
the size of the program you are unpacking,
it uses the programs PSP. So in order to
do that, it need to know if the PSP is
valid or not. DumpExe performs 3 checks to
do that. When you activate this selection
it cycles between NONE/SOFT/MEDIUM/HARD.
In NONE mode no check is performed. In
SOFT mode, one out of three PSP checks must
be true. In MEDIUM mode, two out of three
PSP checks must be true. In HARD mode three
out of three PSP checks must be true, in
order to continue calculations. Some
packers change part of the static PSP data
to confuse unpackers, and therefor we
advice you to use MEDIUM or SOFT mode.
SoftICE SI value : When DumpExe trys to detect SoftICE, it
needs the so called backdoor values. These
values are always the same if you are
using the original version from Nu-Mega.
But if you are using a patched version,
DumpExe cannot demind if SoftICE is
installed or not without the new backdoor
values. So if you are using a patched
version, enter the values here and in
selection below.
SoftICE DI value : See "SoftICE SI value"
[2] System parameters
Menu items available are :
Activate via interrupt : Since SoftICE for Windows doesn't support
all interrupts (using the GENINT command)
you have the ability to choose one for
yourself. Please be sure that the
interrupt you have chosen isn't used.
Just to be clear : You cannot choose
INT 09h, 21h or FBh, and guess why not !
So if you are using SoftICE for windows
choose one below 5Fh.
DumpExe stack size : When you allocate a 4 kb memory block
DumpExe uses a lot of stack, and if you
get the error message "Out of stack",
try to increase this value by 800h. But
it is my guess that you will NEVER see
this error message, well at least I havn't
[3] Reset configuration to default values.
Resets the values in the configuration to there default values,
nothing more, nothing less.
[4] Shows status messages from DumpExe.
Read the above line ;-)
þ SoftICE user notice
NOTICE : In DumpExe version 2.3, Int 4ch was used to activate DumpExe,
please use Int 32h. If this doesn't work try another value ;-)
This is ONLY for SoftIce version 3 (under Win95) !
If you are using SoftIce for DOS, Int FCh and Int 4Ch are also ok.
If you are using SoftICE, the hotkey is disabled. This is because SoftICE
runs in protected mode and uses its own interrupt vector table. To activate
DumpExe, enter the following sequence at the SoftICE command line prompt :
BPX CS:IP : So we can return after INT 032h has terminated
GENINT 32 : Start the exe-dumper
GENINT 32 : Start the exe-dumper again (if you need it)
BC 0 : Clear the breakpoint set by BPX. The number (in this case
0) is the name of the breakpoint label.
Don't start DumpExe unless you are are at the very first instruction of
the unpacked exefile because your current location might be in the keyboard
handler or equal.
NOTICE : You cannot use the DumpExe menu called 'Allocate 4Kb' within
SoftICE. This function can ONLY be used within Turbo Debugger
and GameTools. Please use the utility called EATMEM.EXE insted.
(Look at selection 'EatMem utility' later)
NOTICE : In version 2.2 and below the SoftICE/DumpExe interrupt was FCh,
but since SoftICE for Windows can't handle interrupts above 5Fh
we changed the default value. But if you have any problem using
32h please send me a mail and choose an other in the Configuration
menu.
þ GameTools user notice
DumpExe only support GameTools version 3.40 properly.
If you are using GameTools, be SURE to load DumpExe BEFORE you load
GameTools. If you don't, you can't activate DumpExe within GameTools.
þ EatMem utility
EatMem is a program that from within dos allows you to allocate
a 4 KB memory block.
When you start EATMEM.EXE the first time it starts DumpExe (if resident) and
allocates a 4 KB memory block. The next time you start EATMEM.EXE it will
free the 4 KB memory block.
Use this utility if you can't allocate a 4 KB memory block within DumpExe.
So insted of using the menu (in DumpExe) 'Allocate 4 KB', just return to dos,
and run EATMEM.EXE. When you are finished with the second dump, just run
EATMEM.EXE again, or release the 4 KB memory block via DumpExe.
þ How to unpack an exefile
The file named TESTEXE.EXE is a packed exefile. It is used to illustrate
how to use this tool, and nothing more. The file is packed with pklite
version 2.01 using normal compression.
I will use Turbo Debugger for this example, because if you know how to use
the ultimate debugger SoftICE, you probably don't need this introduction
anyway, do you ?
If you don't know anything about using a debugger, I advise you to consult
your debuggers manual.
Try to execute the tutorial program TESTEXE.EXE and look at the text it
displays. The program will tell you if it's packed or not.
REMEMBER : Start DumpExe.EXE before proceeding with the next step.
Start debugging TESTEXE.EXE by writing : TD.EXE TESTEXE.EXE
The picture shown, by TD (Turbo Debugger), should look something like
this :
ÉÍ[þ]ÍCPU 80486ÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÑÍÍÍÍÍÍÍ1Í[][]Í»
º cs:010050 push ax
ax 0000 ³c=0º
º cs:0101 B83106 mov ax,0631 þ bx 0000 ³z=0º
º cs:0104 BA8501 mov dx,0185 ± cx 0000 ³s=0º
º cs:0107 054C84 add ax,844C ± dx 0000 ³o=0º
º cs:010A 3B060200 cmp ax,[0002] ± si 0000 ³p=0º
º cs:010E 722A jb 013A ± di 0000 ³a=0º
º cs:0110 B409 mov ah,09 ± bp 0000 ³i=1º
º cs:0112 BA1C01 mov dx,011C ± sp 0200 ³d=0º
º cs:0115 CD21 int 21 ± ds 843C ³ º
º cs:0117 B8014C mov ax,4C01 ± es 843C ³ º
º cs:011A CD21 int 21 ± ss 85F7 ³ º
º cs:011C 4E dec si ± cs 843C ³ º
º cs:011D 6F outsw ± ip 0100 ³ º
º cs:011E 7420 je 0140 ± ³ º
º cs:0120 656E outsb gs: ³ º
Çþ±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±ÅÄÄÄÄÄÄÄÄÄÄÄÄÁÄÄĶ
º ds:0000 CD 20 A7 8A 00 9A C0 00 Í §Š šÀ ³ ss:0208 2020 º
º ds:0008 00 00 E4 01 32 4B AE 01 ä2K® ³ ss:0206 2020 º
º ds:0010 32 4B 80 02 8D 45 FB 36 2K€Eû6 ³ ss:0204 2020 º
º ds:0018 01 01 01 00 02 FF FF FF ÿÿÿ ³ ss:0202 2020 º
º ds:0020 FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿ ³ ss:02003130 º
ÈÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÏÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÄÙ
NOTICE : Due to the nature of the PC-memory, the segment registers
(CS, DS, ES, SS) might show different values than the one
shown.
Start executing the code until cs:0153, by pressing <F4> at location cs:0153,
shown below. (Press <PAGEDOWN> 2 or 3 times)
ÉÍ[þ]ÍCPU 80486ÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÑÍÍÍÍÍÍÍ1Í[][]Í»
º cs:0147 B9C500 mov cx,00C5
ax 8A44 ³c=0º
º cs:014A 33FF xor di,di þ bx 0000 ³z=1º
º cs:014C 57 push di ± cx 0000 ³s=0º
º cs:014D BE5401 mov si,0154 ± dx 0185 ³o=0º
º cs:0150 FC cld ± si 02DE ³p=1º
º cs:0151 F3A5 rep movsw ± di 018A ³a=0º
º cs:0153CB retf ± bp 0000 ³i=1º
º cs:0154 FD std ± sp 01FA ³d=0º
º cs:0155 8CDB mov bx,ds ± ds 843C ³ º
º cs:0157 53 push bx ± es 8A44 ³ º
º cs:0158 83C32E add bx,002E ± ss 8A5D ³ º
º cs:015B 90 nop ± cs 843C ³ º
º cs:015C 03DA add bx,dx ± ip 0153 ³ º
º cs:015E 8CCD mov bp,cs ± ³ º
º cs:0160 8BC2 mov ax,dx ³ º
Çþ±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±ÅÄÄÄÄÄÄÄÄÄÄÄÄÁÄÄĶ
º ds:0000 CD 20 A7 8A 00 9A C0 00 Í §Š šÀ ³ ss:0202 0004 º
º ds:0008 00 00 E4 01 32 4B AE 01 ä2K® ³ ss:0200 0000 º
º ds:0010 32 4B 80 02 8D 45 FB 36 2K€Eû6 ³ ss:01FE 0000 º
º ds:0018 01 01 01 00 02 FF FF FF ÿÿÿ ³ ss:01FC 8A44 º
º ds:0020 FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿ ³ ss:01FA0000 º
ÈÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÏÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÄÙ
The unpacker has copied itself to a location, which is just after the
(not yet) unpacked code location. Singlestep one instruction (<F7>), and
you'll hopefully see this :
ÉÍ[þ]ÍCPU 80486ÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÑÍÍÍÍÍÍÍ1Í[][]Í»
º cs:0000FD std
ax 8A44 ³c=0º
º cs:0001 8CDB mov bx,ds þ bx 0000 ³z=1º
º cs:0003 53 push bx ± cx 0000 ³s=0º
º cs:0004 83C32E add bx,002E ± dx 0185 ³o=0º
º cs:0007 90 nop ± si 02DE ³p=1º
º cs:0008 03DA add bx,dx ± di 018A ³a=0º
º cs:000A 8CCD mov bp,cs ± bp 0000 ³i=1º
º cs:000C 8BC2 mov ax,dx ± sp 01FE ³d=0º
º cs:000E 80E40F and ah,0F ± ds 843C ³ º
º cs:0011 B104 mov cl,04 ± es 8A44 ³ º
º cs:0013 8BF2 mov si,dx ± ss 8A5D ³ º
º cs:0015 D3E6 shl si,cl ± cs 8A44 ³ º
º cs:0017 8BCE mov cx,si ± ip 0000 ³ º
º cs:0019 D1E9 shr cx,1 ± ³ º
º cs:001B 4E dec si ³ º
Çþ±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±ÅÄÄÄÄÄÄÄÄÄÄÄÄÁÄÄĶ
º ds:0000 CD 20 A7 8A 00 9A C0 00 Í §Š šÀ ³ ss:0206 0002 º
º ds:0008 00 00 E4 01 32 4B AE 01 ä2K® ³ ss:0204 0003 º
º ds:0010 32 4B 80 02 8D 45 FB 36 2K€Eû6 ³ ss:0202 0004 º
º ds:0018 01 01 01 00 02 FF FF FF ÿÿÿ ³ ss:0200 0000 º
º ds:0020 FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿ ³ ss:01FE0000 º
ÈÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÏÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÄÙ
Press <F4> at location cs:0161 (the retf instruction), found by pressing
<PageDown> 13 - 14 times; and then <F7>. That's it. You have now unpacked
the TESTEXE program. If you have done it right, TD shows something like this :
ÉÍ[þ]ÍCPU 80486ÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÑÍÍÍÍÍÍÍ1Í[][]Í»
º cs:01179A00005985 call 8559:0000
ax 0000 ³c=0º
º cs:011C 9A0D00F784 call 84F7:000D þ bx 0000 ³z=1º
º cs:0121 9A97077B84 call 847B:0797 ± cx 0000 ³s=0º
º cs:0126 55 push bp ± dx 0000 ³o=0º
º cs:0127 89E5 mov bp,sp ± si 0000 ³p=1º
º cs:0129 B80001 mov ax,0100 ± di 0000 ³a=0º
º cs:012C 9ACD025985 call 8559:02CD ± bp 0000 ³i=1º
º cs:0131 81EC0001 sub sp,0100 ± sp 4000 ³d=0º
º cs:0135 9ACC01F784 call 84F7:01CC ± ds 843C ³ º
º cs:013A BFB800 mov di,00B8 ± es 843C ³ º
º cs:013D 1E push ds ± ss 868D ³ º
º cs:013E 57 push di ± cs 844C ³ º
º cs:013F 8DBE00FF lea di,[bp-0100] ± ip 0117 ³ º
º cs:0143 16 push ss ± ³ º
º cs:0144 57 push di ³ º
Çþ±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±±ÅÄÄÄÄÄÄÄÄÄÄÄÄÁÄÄĶ
º ds:0000 CD 20 A7 8A 00 9A C0 00 Í §Š šÀ ³ ss:4008 0000 º
º ds:0008 00 00 E4 01 32 4B AE 01 ä2K® ³ ss:4006 0001 º
º ds:0010 32 4B 80 02 8D 45 FB 36 2K€Eû6 ³ ss:4004 0002 º
º ds:0018 01 01 01 00 02 FF FF FF ÿÿÿ ³ ss:4002 0001 º
º ds:0020 FF FF FF FF FF FF FF FF ÿÿÿÿÿÿÿÿ ³ ss:40000002 º
ÈÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÏÍÍÍÍÍÍÍÍÍÍÍÍÍÍÍÄÙ
As you can see there are three far calls. These are direct calls. This means
that it will make a call to a certain location in memory. If we dump the
memory used by TESTEXE, we'll have an image of the program. But this is not
enough to make a new exefile. This is because an exefile is not just an image
of the memory, unlike COM files. We need a second dump from a different
memory location. This is because of the direct calls. By comparing the two
dumps, we can find the relocations (direct calls) needed to build a new
exefile. Information like min/max memory usage is taken from the original
exefiles header, but let's get on with the tutorial.
There are serval ways to enter the values of SP, DS, ES, SS, CS and IP into
DumpExe. Since we are using one of the supported debuggers, we can use
the "Fill from debugger" function. This function takes register values, shown
by the debugger, and automatically puts them into DumpExe. Start DumpExe
by pressing the hotkey, and then <ENTER> at the "Fill from debugger"
function. Answer <1> to whatever the values should be places in first or
second dump file. Another way is to remember the values of SP, DS, ES, SS,
CS and IP before pressing the hotkey, and enter the values at their
corresponding locations in [2]. If you decide to do so, you will probably
notice that there is no field for ES. This is because the initial value of
ES, points to the PSP, so write the value of ES in the PSP field instead.
It's now time to tell DumpExe the size of the memory block we want to dump.
Use TAB until you get to [4]. Press <ENTER> at "Autodetect size". There are
two ways of getting the size of the program. One is by using the stack, the
other is by using PSP. 99 % of all cases, you should use "by stack". Press
<S>, and the size will be put into size field. If DumpExe somehow fails to
calculate the right value, you have the option of entering a size that you
decide. Press <ENTER> at "Autodetect name", and the name of the executeable
file will be put into the name field. The last thing we have to do is to
dump the program to a file. This is done by pressing <ENTER> at
"Dump exe-code". DumpExe will probably do it so fast that you won't notice
the "process message" that appears.
Below is a picture of DumpExe after the first dump. Again, remember that
values vary from dump to dump.
ÚÄÄÄÄÄÄ DumpExe v2.5 CARDWARE 1998 by BUGSY/OBSESSiON ÄÄÄÄÄÄ¿
³ Dos, ò80386, Real mode, Turbo Debugger, Soft-Ice ³
³ÄÄÄÄÄÄÄÄÄ First file ÄÄÄÄÄÄÄÄÂÄÄÄÄÄÄÄÄÄ Second file ÄÄÄÄÄÄij
³ CS : 844C ³ CS : 0000 ³
³ IP : 0117 ³ IP : 0000 ³
³ SS : 868D ³ SS : 0000 ³
³ SP : 4000 ³ SP : 0000 ³
³ PSP : 843C ³ PSP : 0000 ³
³ Size : 02410 (9232) ³ Size : 02410 (9232) ³
³ Name : TESTEXE.1 ³ Name : TESTEXE.2 ³
³ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÅÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄij
³ Dump exe-code ³ Dump exe-code ³
³ Autodetect name ³ Autodetect name ³
³ Autodetect size ³ Autodetect size ³
³ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÅÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄij
³ Configuration ³ User screen ³
³ Memory snapshot ³ Allocate 4Kb ³
³ Reset menu ³ Auto config file 2 ³
³ Uninstall ³ Fill from debugger ³
³ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÁÄ Free 75 kb, Slack 0 kb ÄÄÄij
³ ³
ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ Hotkey : (U)ser screenÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ
Press <ESC> (in DumpExe) and then <F9> in TD. The program has now terminated,
and it's time to allocate a 4KB memory block.
Start DumpExe again, and press enter at "Allocate 4Kb". The menu item will
change to "Deallocate 4Kb". Press <ESC>, and reload the program by pressing
<CTRL F2>. Start debugging like you did the first time. When you have reached
the first instruction of the original code, enter all the information, like CS,
SS.... in [3]. Autodetect size and name. Dump the code, and we are almost
done. Again terminate your program, by pressing <F9> in TD. Start DumpExe
again, and press <ENTER> at 'Deallocate 4Kb'. Exit your debugger.
Run the MAKEEXE program with parameters : TESTEXE.EXE UNPACKED.EXE
or like this : MAKEEXE.EXE TEXTEXE.EXE UNPACKED.EXE
The MAKEEXE program compares the two memory dump and builds a new exefile
out of the information found there and in the original exefiles header.
After MAKEEXE has built the new exefile, the screen should look like this :
ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿
³ ÄÅÄÄ MakeExe v2.5 CARDWARE 1998 by BUGSY/OBSESSiON ÄÅÄÄ ³
³ ³
³ ³
³Unpacking TESTEXE.EXE into UNPACKED.EXE ³
³ ³
³þ Read dump info ³
³þ Read exe info ³
³þ Create new file ³
³þ Create tempfile ³
³þ Write relocations ³
³þ Write zero data ³
³þ Write code ³
³þ Write new header ³
³þ Number of relocations 00C2h ³
³ ³
³All done! ³
³ ³
ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ
Try to execute UNPACKED.EXE (it is now unpacked) and see how it reacts.
I think this would be enough for you to continue on your own.
þ How to get in touch with us
If you have any questions about the use of these programs, feel free to
contact us.
You can get in touch with us by :
Writing a letter to : Benjamin Petersen
Skovburren 271
4700 Naestved
Denmark
E-Mail us at : [email protected]
World Wide Web (WWW) : http://home.t-online.de/home/enoch
þ Distribution sites
BBS Name : Final Fantasy BBS
Contact : Mr. Zenix Yang (Mr. Yang Shiuh-Phong)
Address : 11F-2, No. 107-3,
Chung-Yung Road,
Taichung, Taiwan,
Republica Of China
BBS/Fax : +886 4 - 383 1006
Voice : +886 4 - 384 8298
Email : [email protected]
BBS Name : SelF Destruction BBS
Contact : BloOD aNGeL
Address : France
BBS : +33.01-69893603 (near Paris) (remove the zero after +33 ??)
Email : [email protected]
You can always find the newest version at :
www.simtel.net/pub/simtelnet/msdos/execomp/dmpexe??.zip
or
ftp.simtel.net/pub/simtelnet/msdos/execomp/dmpexe??.zip
Where ?? is the version number without the dot. Eg. dmpexe23.zip
þ Greetings
Our greetings goes to (A-Z order) :
Ache
Akhmad F. S.
Alexey Timofeev
alfonso
Alif
Anders
Andi Jahja
Andre Yoube
Andrea Laforgia
Andrew Bali
Andrew Nagy
arturo villaviscencio
Asperity-Ant
BADBOY
Barry
bAUDbANDiT^KlF^HidEOUT bbS
benchen
Benny
Bill Borwell
Bob Vandersteen
Bulent Eren
Bunter
CALiGO
Carlos Miguel Viales Solórzano
Chaotic/SDS/HIT/N*P
Che Ming
Chi@n
Chou Yu
CHRIS VALLINGA
Cinogen hellord
Cox
Daniel Fazekas
Dariush Safari
DaRk sTAlKeR 97 [UCf]
David Bourgeois
David Lightman
Denid
Dennis Misener
DiGiTaL NiNJa
Djuro Relic
Dogan ozdemir
Dr.Crow-Bar
Dubravko
Eddie Hulsey
eMX
Ernest Herrera
Eugene
Figge
Franz
Fred Bosick
G-MaN
G-RoM [CRaCKeR/CoDeR]
GENLOG
George Master
Geraldo Figueiredo
H.P.J. Kwakernaak
Hackerjack! [PC]
Hades Wu
Hajlam sz Zsolt
Hakan Olofsson
Heiko Laternicht
Helge Ruddat
Hendrix
Horst Hackenbruch
Ingo Fischer
Jakub Dzierzbicki
James Thompson
Jan Wolters
Jason
Jason Sun
JauMing Tseng
Javier Kohen
Jean-Stephane PERRI
Jestrz
JFL
Jonas Hunziker
Jonathan Gijsen
Jong Tain
jose navarro martinez
Jung-ho Ryu
K K KONG
Ken Lin
Kevin Tseng
Kyle Mitchell
Lam Man Leong
Lam Tony
LiBaTiOn
Lord Caligo
LordByte
Luigi Cerasoli
Luis Manuel P M Bento
LuZiFeR
M. Blanchet
Maarten Schroeders
Mad Scientist
madmax!
MaNaGeR
Marcelo Alvarez
Mariusz Kowalczyk aka -KoVi-
Mark Curtis
Mark M Janecki
Matt Crump
Matthias Walther
MaX
Mega Warrior [hAcx'97]
merjan
Michael Pedersen
Michele Minorello
Michi Frech
mihran ekmekci
Mike
Ming Lei Wu
MR WiCKED
MS!
Murilo Rodrigues
Niels de Wit
Norberto
Olaf Wolna
Oliver Bartosik
Orion / Twist
Pasquale Abagnale
Patrick Enoch
Paul Simpson
PengQing
Philippe Ahles
Ralf Liebold
Random [uCf]
Raniero Bonelli
Raymond Yeung
Razvan Irimia
Richard Noordhof
Rothen Roland
Russell Davis
Salvatore Meschini
Sascha Burghause
Scootchie McGoo
Seth Tenenbaum
Staven Sanders
Steve Tolliver
Stewart Moss
Sune Marcher
sUPERhENRY [pHC]
Sven Meinhardt
Tae- jin Bang
TBD/FeR
Terry Fry
TeSdT
Thassana Suksawat
The Poltergeist
tHEpHARAo^mSH [cRACKER]
Thilo-Alexander Ginkel
Thorben Sandner
Thorsten Nicolay
Tobias Sager
Tom Liberman
Tommy Kurniawan
V Engineering
VeGeTTa
willem kloosterhuis
William Lee
Wilson Wen
X Logic
YOUNG SUNG KIM
Zenix Yang
zeph
Zielu
zLANz
Zozo
Have fun, and remember there are still some people who DON'T take money
for making _good_ programs.
[BUGSY/OBSESSiON]