📄 feature.cpp
字号:
//===================================================================
/** \file
* Filename : CFeature.cpp
* Desc :
* His : Windy create @2006-3-6 9:55:30
*/
//===================================================================
#include "StdAfx.h"
#include "Feature.h"
#include "assert.h"
//!加壳信息全局表
CONST Feature g_ShellInfoTab[] =
{
{"01020304050607090B0C","8B4424085683E8744875","Microsoft Visual C++ Private Version 2",0},
{"010203040508","8B4424088374","Microsoft Visual C++ Private Version 1",0},
{"0102030408090D","6A00FF1500A300","FASM 1.3x",0},
{"01020307080C","6A00E800A300","MASM32 / TASM32",0},
{"0102030405060708090E0F10111213","558BEC83EC4456FF156A018BF0FF15","Microsoft Visual C++ 6.0 SPx Method 2",0},
{"0102030405060708090E0F101213","558BEC83EC4456FF158BF08A3C22","Microsoft Visual C++ 6.0 SPx Method 1",0},
{"010203040708090A0B0C0D0E15161718191A1B1C1D1E1F20","EB16A8544741424C4B43474352495300FC684C704000FF15","WARNING -> VIRUS -> I-Worm HYBRIS",0},
{"010203040506070809","60E8000000005DEB26","PE-Crypter -> Zero Coder",0},
{"0102030405121314151617181D1E1F","E912000000E9FBFFFFFFC36864FF35","ZCode 1.01 -> Giuliano Bertoletti",0},
{"0102030405060708090E11121314191A1B","60E8000000005D81EDB900008DBD8BF7AC","yoda's cryptor 1.x / modified",0},
{"0102030C0D0E0F1415161B1C1D222324252628292A2B2C2D2E2F34353A3B3C3D424344","9371088BD878E29C33C36079CEE80100000083C404E8ABFFFFFF2BE803C5FF30C600EB","XCR 0.13 -> X-Lock",0},
{"0102030405060708090A0B0C1112","609CE8000000008BDD5D81ED899D","XCR 0.12 -> X-Lock",0},
{"0102030405060708090B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324252628292A2B","558BEC83EC4456FF151000018BF08A063C2275148A46014684C074043C2275F4803E22750DEB0A3C20","Microsoft CAB SFX module",0},
{"0102030708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292E2F","53FF1500B3223818740380C3FE8A48014033D23ACA740A3ACB74068A480140EBF23810740140FF15","WinZip 32-bit SFX 8.x module",0},
{"0102060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262B2C","FF1500B12238087402B120408038007410380874064080380075F680380074014033C9FF15","WinZip 32-bit SFX 6.x module",0},
{"0102030405090A0B0F101112131415161718191A1B1C1D1E1F202122232425262728","33C08BB8008B900485FF741B33C950EB0C8A0439C0C804341B880439413BCA72F058","Winkript 1.0 -> Mr. Crimson/WKT",0},
{"01060B0C0D0E0F101112131415161718191A1B1C1D1E1F2021","B8B933D2EB010F56EB010FE803000000EB010FEB010F5EEB01","UPX + ECLiPSE layer -> TEAM ECLiPSE",0},
{"0102030405060708090A0B0C0D0E0F1011131415161718191A1B1C1D1E1F202122242526272B","79070FB707475047B95748F2AE55FF9684000009C07407890383C304EBD8FF9688000061E9FF","UPX modified stub -> SAC/uNPACKinG gODS",0},
{"01020405060708090A0B0C0D0F1011121314151618191A1B1C1D1E1F202122232425","01DB078B1E83EEFC11DB8A07EBB80100000001DB078B1E83EEFC11DB11C001DB73EF","UPX 1.03 - 1.04 modified -> Markus & Lazlo",0},
{"01020405060708090A0B0D0E0F1011121314161718191A1B1C1D1E1F20212224","01DB078B1E83EEFC11DBEDB80100000001DB078B1E83EEFC11DB11C001DB7375","UPX 0.89.6 - 1.02 / 1.05 - 1.22 modified -> Markus & Lazlo",0},
{"01020405060708090A0B0D0E0F1011121314161718191A1B1C1D1E1F20212223","01DB078B1E83EEFC11DBEDB80100000001DB078B1E83EEFC11DB11C001DB77EF","UPX 0.81 - 0.84 modified -> Markus & Lazlo",0},
{"010207080D0E1718191A1B1C2122232425262728292A2B","60BE8DBEC7875783CDFFEB0E8A064688074701DB75078B","UPX 0.89.6 - 1.02 / 1.05 - 1.22 (Delphi) stub -> Markus & Lazlo",0},
{"191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F303132333435363738393A3B3C3D3E3F40414244464748494A","8A064688074701DB75078B1E83EEFC11DB8A0772EBB80100000001DB75078B1E83EEFC11DB11C001DB73758B1E83EEFC","UPX 1.03 - 1.04 -> Markus & Lazlo",0},
{"191A1B1C1D1E1F202122232425262728292A2B2C2D3132333435363738393A3B3C3D3E3F40424445464748","8A064688074701DB75078B1E83EEFC11DB72EDB80101DB75078B1E83EEFC11DB11C001DB73758B1E83EEFC","UPX 0.89.6 - 1.02 / 1.05 - 1.22 -> Markus & Lazlo",0},
{"191A1B1C1D1E1F202122232425262728292A2B2C2D3132333435363738393A3B3C3D3E3F404142434445464748","8A064688074701DB75078B1E83EEFC11DB72EDB80101DB75078B1E83EEFC11DB11C001DB77EF75098B1E83EEFC","UPX 0.80 - 0.84 -> Markus & Lazlo",0},
{"010203040506070B0C0D121318191A1B","807C2408010F850060BE8DBE5783CDFF","UPX 0.89.6 - 1.02 / 1.05 - 1.22 DLL -> Markus & Lazlo",0},
{"01020708090A0B0C0D0E0F10","EBEC8A064688074701DB7507","UPX Protector 1.0x -> BlindAngel/TMG",0},
{"010207080D0E0F","50BE8DBE5783CD","UPX MODifier 0.1x -> snaker",0},
{"01020308090E0F1011","9061BE8DBE5783CDFF","UPX-Scrambler RC1.x -> ",0},
{"0102030405060708090A0B0C0D0E0F12131415161D1E1F202324292A2B2C2D2E2F303132","60E80000000083CDFF31DB5E8DBEFAFF5766818781C6B301EB0A8A064688074701DB7507","UPX 0.71 - 0.72 -> Markus & Lazlo",0},
{"0102030405060708090A0B0C0D11121314151C1D1E1F22232425262728292A2B2C2D2E2F30313233","60E8000000005883E83D508DB8FF576681878DB0EC0183CDFF31DBEB07908A064688074701DB7507","UPX 0.70 -> Markus & Lazlo",0},
{"0102030405060708090A0B0C0D11121314151C1D1E1F22232425262728292A2B2C2D2E2F3031323334353637","60E8000000005883E83D508DB8FF576681878DB0F00183CDFF31DB909090EB0890908A064688074701DB7507","UPX 0.62 -> Markus & Lazlo",0},
{"0102030405060708090A0B0C0D111213141516191A1B1C1D22232425262728292A2B2C2D2E2F3031323334353637","60E8000000005883E83D508DB8FF578DB0D80183CDFF31DB01DB75078B1E83EEFC11DB730B8A0646880747EBEB90","UPX 0.51 -> Markus & Lazlo",0},
{"010203040510131C","E97EE9FFFFC80018","tElock 0.92 -> tE!",0},
{"030405060708090A0B0C0F101112131415161718191A","E802000000E800E800005E2BC9587402CD20B9FF1000","tElock 0.90 -> tE!",0},
{"010205060708","60E80000C383","tElock 0.7x - 0.84 -> tE!",0},
{"0102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B2C2D2E2F30","E90000000060E8000000005883C008F3EBFFE083C02850E8000000005EB3338D460E8D76312818F87300C38BFEB9BE01","tElock 0.60 -> tE!tElock 0.61 -> tE!tElock 0.6x -> tE!tElock 0.70 -> tE!",0},
{"0102030405060708090A0B0C0D0E0F1011121314151618191A1B1C1F2021","C1EE00668BC9EB01EB60EB01EB9CE8000000005E83C68BFE68790159EB01","tElock 0.4x - 0.5x -> tE!",0},
{"0102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1F202122232425262A2B2C","668BC08D2424EB01EB60EB01EB9CE8000000005E83C6508BFE68780159EB01EBAC54E8035CEB08","tElock 0.41x -> tE!",0},
{"01020308090A0B0C0D10111215161718191A1F202122232425262728292A2B","648B05558BEC6AFF6840006840005064892583EC08505356578965E8C745FC","Symantec Visual Cafe 3.0",0},
{"0102030405060708090A0B0C0D0E0F10111314151617191A1B1C1E1F2021222324262728292A2C","535152565755E8000000005D81ED423040FF95323540B837304003C52B851B3440898527344083","Stone's PE Encryptor 2.0",0},
{"0102030405060708090A0B0C0D0E0F1011121315161718191B1C1D1E1F20212224252627282A2B2C","555756525153E8000000005D8BD581ED633A402B95C23A4083EA0B8995CB3A408DB5CA3A400FB636","Stone's PE Encryptor 1.0",0},
{"0102030405060708090A0B0C0D0E131415161718191A1B1C","9C608B442424E8000000005D81ED50E8ED0200008CC00F84","Spalsher 1.0 - 3.0 Tola/Amok",0},
{"010206070B0C0D0E0F10121314151617191A","60B800B8008A140880F28814084183F975F1","SmokesCrypt 1.2 -> Smoke",0},
{"01020308090A0B0C0D0E0F1011121314161718191A1B1C1D1E1F202425262728292A2B2C2D2E2F","833DB4558BEC5657756B6800010000E80B000083C4048B7508A3B485F67423837D0C03771D68FF","Shrinker 3.4 -> Blink Inc.",0},
{"0102060708090A0B0C0D0E0F1011121314","833D0000558BEC565775656800010000E8","Shrinker 3.3 -> Blink Inc.",0},
{"010208090A0B0C0D0E0F101114161718191A1B1C1D1E1F242526272829","833D558BEC56577565680001E8E6FFFF83C4048B7508A385F6741D68FF","Shrinker 3.2 -> Blink Inc.",0},
{"0102030405060708090A0B0C0D0E0F1011121315161718191B1C1D1E1F2021222425262728292A2B2C","5B535045435DE8000000005D8BC581ED4124402B8589264083E80B89858D26400FB6B5912640008BFD","SPEC b3 -> Hayras",0},
{"0102030405060708090A0B0C0D0E1314191A1B1C1D2223","55575153E8000000005D8BC581ED2B8583E80989850FB6","SPEC b2 -> Hayras",0},
{"0102030405060708090A0C0D0E0F10111213141516","4020FF00000000000000BE006040008DBE00B0FFFF","RatPacker (glue) stub",0},
{"01020304090A0B0C0D0E0F101112131415161718191A1B1C1D1E","558BECA185C07409B8010000005DC20C008B450C5756538B5D10","PKLITE32 1.1 -> PKWARE Inc.",0},
{"01020304050608090A0B0C0D0E0F1112","60E80100000083C404E8010000005D81","PEX 0.99 -> baRT^CrackPl",0},
{"01060B0C0D0E0F101112131415161718191A1B1C","B86864FF350000000064892500000000669C6050","PEtite 2.2 -> Ian Luck",0},
{"010607080D0E0F101112131415161718191A1B1C1D1E","B86A006864FF350000000064892500000000669C6050","PEtite 2.1 -> Ian Luck",0},
{"01060708090A0B0C0E0F10131415161718191A1B1C1D20212223242528","B8669C60508BD8036854BC6A00FF50188BCC8DA054BC8BC38D90E01568","PEtite 2.0 -> Ian Luck",0},
{"060708090A0B0C0D0E0F10111213141516171819","669C60508BD803006854BC00006A00FF50148BCC","PEtite 1.4 -> Ian Luck",0},
{"01060B0C0D0E0F1011131415161A","B8B983F9007E06803040E2F5E9FF","PEShit -> snaker",0},
{"060708090A0B0C0D0E0F101112131415161718191A1F20212223242526272829","669C60508D8800F000008D90041600008BDC8BE1685350800424085080042442","PEtite 1.3 -> Ian Luck",0},
{"01020304051C1D1E1F2021","E800000000B91B010000D1","PESHiELD 0.1b MTE -> ANAKiN",0},
{"01020308090A0B","7400E900000000","PE Pack 1.0 -> ANAKiN",0},
{"0102030405060708090A0B0C0D0E131415161719","525155576467A1300085C0780DE85883C007C6C3","PE Protect 0.9 -> Christoph Gabler",0},
{"0102030405060708090A0B0C0D0E0F101112131415161B1C1D1E1F20212224252627282A2B2C2D2E3031","E8040000008BEC5DC333C05D8BFD81ED3326400081EF83EF0589AD8827408D9D0729408DB56228404680","PE Password 0.2 SMT/SMF",0},
{"0102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F20212223","5D8BC581EDB22C40002B85943E40002D710200008985983E40000FB6B59C3E40008BFD","PENinja modified -> +DZA",0},
{"0102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F2021222324","909090909090909090909090909090909090909090909090909090909090909090909090","PENinja -> +DZA Kracker/TNT!",0},
{"01020708090A0B0C0D0E0F10111213141516","60E9EF4003A7078F071C375D43A704B92C3A","PENightMare 2 Beta -> FreddyK",0},
{"01020304050607080D0E0F101112","60E8000000005DB98031154181F9","PENightMare 1.3 -> FreddyK",0},
{"0105060708","E900F00FC6","PEncrypt 3.1 -> junkcode",0},
{"0102030405060708090A0B0C0D0E0F101112131415161718191A1F20212223","E8000000005D81ED051040008DB5241040008BFEB90F000000BBAD33C3E2FA","PEncrypt 3.0 -> junkcode",0},
{"01020308090A0F10111213141516","609CBE8BFEB9BB44524F4CAD33C3","PEMangle -> Lord Julus",0},
{"0102030405060708090A0B0C0D0E0F101112131415161718191A1B1C","EB03CD20C71EEB03CD20EA9CEB02EB01EB01EB60EB03CD20EBEB01EB","PE Lock NT 2.04 -> :MARQUiS:",0},
{"01020308090A0B0C0D0E0F101112131415161718191A1B1C1D1E222324","9C60BD01AD543A4000FFB5503A40006A40FF95883A400050502D008985","PC Shrinker 0.71 -> Virogen",0},
{"020708090A0B0C0D0E0F1011","BD01AD553940008DB5353940","PC Shrinker 0.29 -> Virogen",0},
{"0102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E","5D8BD581EDA23040002B959133400081EA0B00000089959A33400080BD99","PEDiminisher 0.1 -> Teraphy",0},
{"01020308090A0B0C101112131415161718191A1B1C1D","EB0668C39C60E80233C08BC483C004938BE38B5BFC81","PECompact 1.4x or above -> Jeremy Collake",0},
{"01020308090A0B0C101112131415161718191A1B1C1D1E1F2021232425262728292B2C2D2E2F313233353638393A3B3C3D3E4041424344464748494A4C4D4E","EB0668C39C60E80233C08BC483C004938BE38B5BFC81EB3F904087DD8B85E69040018533904066C785904090900185DA90400185DE90400185E29040BB5B11","PECompact 1.66 -> Jeremy Collake",0},
{"01020308090A0B0C101112131415161718191A1B1C1D1E1F2021232425262728292B2C2D2E2F31323334353638393A3B3C3D3E404142","EB0668C39C60E80233C08BC483C004938BE38B5BFC81EB0F804087DD8B85A68040018503804066C785008040909001859E8040BBE80E","PECompact 1.33 -> Jeremy Collake",0},
{"01020308090A0B0C101112131415161718191A1B1C1D1E1F2021232425262728292B2C2D2E2F313233353638393A3B3C3D3E404142","EB0668C39C60E80233C08BC483C004938BE38B5BFC81EB0F704087DD8B85A67040018503704066C7857040909001859E7040BBF308","PECompact 1.22 -> Jeremy Collake",0},
{"01020308090A0B0C101112131415161718191A1B1C1D1E1F202123242526272829","EB0668C39C60E80233C08BC483C004938BE38B5BFC81EB0F704087DD8B859A7040","PECompact 1.20 - 1.20.1 -> Jeremy Collake",0},
{"01020308090A0B0C101112131415161718191A1B1C1D1E1F2021232425262728292B2C2D2E2F313233353638393A3B3C3D3E4041","EB0668C39C60E80233C08BC483C004938BE38B5BFC81EB0F604087DD8B859A6040018503604066C785604090900185926040BB14","PECompact 1.10b7 -> Jeremy Collake",0},
{"01020308090A0B0C101112131415161718191A1B1C1D1E1F2022232425262728292B2C2D2E2F313233353638393A3B3C3D3E4041","EB0668C39C60E80233C08BC483C004938BE38B5BFC81EB0F600087DD8B859A6040018503604066C785604090900185926040BBB7","PECompact 1.10b6 -> Jeremy Collake",0},
{"01020308090A0B0C101112131415161718191A1B1C1D1E1F2021232425262728292B2C2D2E2F313233353638393A3B","EB0668C39C60E80233C08BC483C004938BE38B5BFC81EB0F604087DD8B85956040018503604066C78560409090BB95","PECompact 1.10b3 -> Jeremy Collake",0},
{"01020308090A0B0C101112131415161718191A1B1C1D1E1F2021232425262728","EB0668C39C60E80233C08BC483C004938BE38B5BFC81EBA0864087DD8B852A87","PECompact 0.977 -> Jeremy Collake",0},
{"01020308090A0B1011121314191A1F20252627","EB0668C39C60E85D555881ED2B85018550B902","PECompact 0.94 -> Jeremy Collake",0},
{"01020308090A0B101115161718191A1B1D1E1F202122232526","EB0668C39C60BDB902B0908DBDA54F40F3AA01AD045140FFB5","PECompact 0.92 -> Jeremy Collake",0},
{"0102030405060708090A0B0C0D0E0F10111213141516191A1B1C1D1E2324","9C60E80200000033C08BC483C004938BE38B5BFC81EB400087DD01AD01AD","PEBundle 2.0b5 - 2.0x -> Jeremy Collake",0},
{"0102030405060708090A0B0C0D0E0F10111213141516191A1B1C1D1E1F202122232425262728292A2B2C","9C60E80200000033C08BC483C004938BE38B5BFC81EB400087DD6A04680010000068000200006A00FF95","PEBundle 0.2 - 2.0x -> Jeremy Collake",0},
{"0102030405060708090A0B0C0D0E0F1011121315161718191A1B1C1D1E1F20212224252627282A2B2C","535152565755E8000000005D8BCD81ED3330402B8DEE32400083E90B898DF2324080BDD13240010F84","PC PE Encryptor alpha preview -> The +Q, Plushmm & Mr. Nop",0},
{"0102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F202122232425262728292A2B","60E801000000E883C404E801000000E95D81EDD3224000E804020000E8EB08EB02CD20FF24249A66BE4746","Pack Master 1.0 -> WebtoolMaster (PEX Clone)",0},
{"0102030405060708090D","83EC5C53555657FF1500","Nullsoft PiMP 1.x",0},
{"010203040508090A0B0C0E131415","558BEC81EC000056576ABE598DBD","Nullsoft PiMP 1.3x",0},
{"0102030405060708090A0B0C0D0E0F101112","8D50122BC9B11E8A023477880242E2F7C88C","NFO 1.0 -> Bart^CrackPL",0},
{"0102030405","E9A6000000","Neolite 2.0 -> Neoworx Inc.",0},
{"01020304090A0B0C0D0E0F101112131415161718","60669CBB80B300104000904B83FBFF75F3669D61","LameCrypt -> LaZaRus",0},
{"0102030405060708090A0B0C0D0F1011121315161718","54E8000000005D8BC581ED6134002B8560370083E806","Krypton 0.4 -> Yado/Lockless",0},
{"0102030405060708090A0B0C0D0E0F10","8B0C24E90A7C0100AD4240BDBE9D7A04","Krypton 0.2 -> Yado/Lockless",0},
{"0102030405060708090A0B0C","E803000000E9EB6C5840FFE0","kryptor 5 -> r!sc",0},
{"010203040508090A0B0C0D","558BEC81EC00005356576A","GLBS Install Stub 32-bit -> Wise",0},
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -