Change Log

Bugfixes, tweaked some code, and a few optimisations and new scans.

PEBrowse bugs are still there, the fixes were not ready for this release, they should be in for January, along with some other features. I also didn't find any taggant v2 samples, so that didn't make it into the release either. Other things did, though, so I hope this release brings some pleasure to previous users.

Note: At the time of release, there were 6 false positive 'hit'(s). Regarding the one from Microsoft, I will try and contact them to get this whitelisted, but there is a high probability (like on all the previous releases) that other antiviruses will jump on the bandwagon and blacklist the file again shortly after release.

The only current 'solution' is to whitelist / exclude the folder you put ProtectionID into.

The other 2 are generic and it's up to the AV people to sort it out. Sorry, but it happens all the time and contacting them doesn't do a damn thing.

Note: At the time of release, there were 5 false positive 'hit'(s). Regarding the one from Microsoft, I will try and contact them to get this whitelisted, but there is a high probability (like on all the previous releases) that other antiviruses will jump on the bandwagon and blacklist the file again shortly after release.

The only current 'solution' is to whitelist / exclude the folder you put ProtectionID into.

The other 2 are generic and it's up to the AV people to sort it out. Sorry, but it happens all the time and contacting them doesn't do a damn thing.

Note: At the time of release, there was 1 false positive 'hit' from Microsoft. I will try and contact them to get this whitelisted, but there is a high probability (like on all the previous releases) that other antiviruses will jump on the bandwagon and blacklist the file again shortly after release.

The only current 'solution' is to whitelist / exclude the folder you put ProtectionID into.

Win 8 / 10 users might find the application blocked by Windows Defender. This is something I am working to resolve, but until it is resolved, the only way to get it working is to add it to the exclusion list. Please make sure that you downloaded it from our home site before adding it to the exclusion list.

I plan to release the files and update the page publicly (within the next 10 minutes of me writing this), then we can see which AV companies jump on the bandwagon for blacklisting us (It's annoying sure).

[Update] Again, as with all the other releases, the antivirus people jump on the bandwagon again... 19/56 on VirusTotal now, this is pretty frustrating... especially when contacting them usually ends up going nowhere. So, here we are... November 1st... here's the updated table.

Oh and 5 'bad' (why?) votes and 35 good ones (thanks).

[Update - November 2nd 2015]

It would appear the antivirus people have actually realised their mistake. I checked VirusTotal again today, and a few things have changed - namely the detections (! detection now from Microsoft.. I can live with that) and the votes are also changed to 0 bad and 2 good... quite surprising.. the updated link is here

This still means Windows Defender will need the ProtectionID folder added to the exclusion list for Windows 8 / 10 users. I will see if I can get this sorted out, so please be patient.

Note: At the time of release, there was 1 false positive 'hit' from Microsoft. I will try and contact them to get this whitelisted, but there is a high probability (like on all the previous releases) that other antiviruses will jump on the bandwagon and blacklist the file again shortly after release.

The only current 'solution' is to whitelist / exclude the folder you put ProtectionID into.

Win 8 / 10 users might find the application blocked by Windows Defender. This is something I am working to resolve, but until it is resolved, the only way to get it working is to add it to the exclusion list. Please make sure that you downloaded it from our home site before adding it to the exclusion list.

I plan to release the files and update the page publicly (within the next 10 minutes of me writing this), then we can see which AV companies jump on the bandwagon for blacklisting us (It's annoying sure).

[Update] Again, as with all the other releases, the antivirus people jump on the bandwagon again... 19/56 on VirusTotal now, this is pretty frustrating... especially when contacting them usually ends up going nowhere. So, here we are... November 1st... here's the updated table.

Oh and 5 'bad' (why?) votes and 35 good ones (thanks).

[Update - November 2nd 2015]

It would appear the antivirus people have actually realised their mistake. I checked VirusTotal again today, and a few things have changed - namely the detections (! detection now from Microsoft... I can live with that) and the votes are also changed to 0 bad and 2 good... quite surprising... the updated link is here.

This still means Windows Defender will need the ProtectionID folder added to the exclusion list for Windows 8 / 10 users. I will see if I can get this sorted out, so please be patient.

Change Log

Some bugs fixed, some tweaks, some protection detections added. The next changelog will be more detailed, as it will give me time to catch up on what I changed, and to add other things and involve the beta testers again, but I wanted to get the release done for the traditional Halloween release.

Jump to the change log

Note: At the time of release, there was 1 false positive 'hit' from Microsoft. I will try and contact them to get this whitelisted, but there is a high probability (like on the Halloween release) that other antiviruses will jump on the bandwagon and blacklist the file again shortly after release.

The only current 'solution' is to whitelist / exclude the folder you put ProtectionID into.

* update * Now 2 more antiviruses have jumped on the bandwagon, ~8 hours after release... slow clap

Again, like with the Halloween release, I decided to test these antiviruses to see how they actually detected. So I simply recompiled the Christmas release executable and uploaded it to VirusTotal. Here are the results.

Predictably, the ONLY antivirus that detected (albeit a false positive) was Microsoft. TrendMicro-HouseCall and Qihoo-360 did NOT detect anything, which really inspires faith in their products, doesn't it? It looks like they just blacklisted the file by hash.

So, I decided to test a theory... I appended 1 byte (0xFF) to the Christmas public release executable and uploaded it to VirusTotal. Here are the results.

Obviously this broke the digital signature, which I guess is the reason AVG suddenly detected (which was unexpected to be honest), but Qihoo-360 and TrendMicro-HouseCall did NOT detect anything... so they clearly just blacklisted the file via its hash or equivalent.

Feel free to experiment yourself, but I think I've proven my point that some antiviruses are CLEARLY better than others.

* update * Sigh... now it's 7 / 55 on VirusTotal

Now... considering it's 'Generic' for a lot of these, how come they weren't detected on the 25th?

* update * Now 10/56 as ESET-NOD32 and McAfee now got on the bandwagon... bit late to the party guys...

Again, ESET-NOD32 showing a 'variant' of a 'generic'... if it's generic, how come it wasn't seen on the day of release? And are they using the same 'tables' as Baidu-International?

McAfee is essentially a 'dupe' as it's 2 variants of their scanner... and "Artemis (or McAfee 'Global Threat Intelligence' technology) is the enhanced heuristic detection component of McAfee SecurityCenter's virus protection module." It works by adding an extra layer to the detection engine, but instead of just detecting something it actually "calls home" to the virus database to double-check before labelling something as a possible threat.

So, it's pretty much a 'wisdom of the crowds' thing?

To test (again), I simply recompiled the exe and uploaded it, just to test things... and, well, the results are pretty damn predictable.

Quite honestly, I have to applaud Microsoft on being consistent in detection (albeit on a false positive), but they are the ONLY av on VirusTotal with consistent results.

So, (like before), if I did make ProtectionID a virus/malware (it isn't and it won't be), all I would have to do is keep the executable recompiling every hour or so, and it would only be seen by 1 of the 56 scanners on VirusTotal. That's actually a pretty frightening picture, isn't it?

And it would appear that a lot of the scanners seem to be working from file hashes or equivalent, which is a very WEAK method of 'detection'... as you might be aware, I did have similar results with the Halloween release, and it seems very little has changed... but I urge any of you with doubts to simply test for yourself on VirusTotal.

* update * As of the 28th December, it's now 17/54... It's getting quite comical in a really pathetic way

Now, for those "Generic" ones... how come (if it's Generic) it wasn't 'detected' on the 25th (day of release)? And could it be possible that some of those antiviruses are using the same 'detection tables'?

Either way, it's pretty lame, and would you have much faith in an antivirus that 'detects' 3 days after the fact? (which is more than sufficient time for something malicious to do its job) I certainly would not...

And I refer you to the previous test results of the recompiled exe (Here), it's still only got one 'hit' (from Microsoft) - that speaks volumes... (NONE of the 'Generic' results above are here)... as for "Generic" - you use the word but I think you do not know what it means

Sigh... 19/54 now... with 7 'good' votes and 1 bad (why?)...

Update (17th January 2015)

It would appear that the false positives from the antiviruses have really caused a problem. The host for the homepage set the homepage to a null route because of this, so the only option was to remove the file (I will put it somewhere else, or I will make a password protected release). I intend to do a new release soon anyway, but this situation is getting rather aggravating, so if you can, please report the false positive to whatever antivirus you are using that raises it. I don't have the resources at the moment to contact them all to get this resolved.

In the future, I think I will simply password protect the RAR file as that seems to be the best course of action at the moment. Sure, it's hardly ideal, but I don't have many other options. I am open to suggestions, but removing the encryption isn't an option as it was actually put in to reduce false positives at the beginning (ironic, I know).

Change Log

* Updated - update system has been tweaked to work with the new file URL format (direct links won't work anymore). This does mean that older versions won't be able to update to the latest version, but that's not really fixable unfortunately and I'll put information about this on the homepage.

* Bugfix - bugfix in the .NET core scanner. I rounded pointers, instead of the actual length value. It was quite an obscure bug as it worked on all the EXEs I tested before, but Hookahice found one EXE in the 24th October beta release, but I didn't get the info until after the public Halloween release, so I've added the fix in now (thanks Hookahice) :)

* Tweak - MSI/CAB scanning reports to the status window now (cosmetic).

* New - added detection for Epic Games Unreal Development Kit (UDK) installers.

* New - added FNV32 to hashing function list.

* Tweak - file hashing reports the time taken to complete the hashing and the count of hashing functions executed and bytes/sec (not sure how accurate that is though, and in some cases it'll show 0 bytes/sec simply because the hashing took less than a second).

* New - added in data directory processing report (it's in the configuration settings and is disabled by default). Scan configuration - Show Data Directory Info (items reported in lower case mean they are present but have either no size or no VA).

* New - added in Sentinel LDK detection, thanks to whoever posted the output log on pastebin, which helped me to add this in (might have been easier though if you emailed me with a URL :) ) as it was a lucky find...

* New - added in timedatestamp review (idea was from this), so I wrote a function for it (still work in progress).

* New - added in some new detections (work in progress).

* Tweak - some more cosmetic output fixes.

* New - added in fuzzy detection for a new protector (work in progress) (Denuvo).

* Tweak - Steam API usage detection tweaked (mostly for x64 targets).

* Tweak - ADS (NTFS data streams) processing can now report the internet zone setting for the file (if for example, it was downloaded) - this setting is in the configuration options (and is disabled by default). You would also need to enable the '(ADS) Show NTFS stream info (if present)' setting as they are paired.

* Tweak - some cosmetic alterations on text and configuration settings.

* Tweak - .NET stream names are now reported.

* Tweak - Neolite detection got tweaked, one crap signature removed and code sped up a lot.

* Tweak - version info reporting now checks the buffer for white space and if the buffer is just spaces or blank/empty then the output is suppressed.

* Update - .NET core detections increased -> AgileDotNetRT, Eazfuscator, CryptoObfuscator, Dotfuscator.

* Update - version info - reporting of version info VS_FIXEDFILEINFO stuff (work in progress).

* Update - .NET core can report entropy of the #Strings (ANSI) and #US (Unicode) stream(s) (if present). This is in the configuration setting and is disabled by default.

* New - added in detection for Ubisoft 'UBX' packer.

* Update - PESpin x64 detection updated.

* Update - Yummy Gameshield detection updated (thanks CrAaAzzzyy).

* Bugfix - appended data/overlay offset calculation had a bug on some rare EXEs where the last section physical size was greater than the virtual size, which threw off the calculation... It's also assumed that no overlay data can exist after the digital signature (if present) as that would break the signature...

* New - pretty experimental (i.e., not tested a lot) ssdeep hashing code added into the choices for file hashing (check the configuration settings). (Sorry... It's disabled atm, I didn't have time to finish it).

* Tweak - Windows 10 current preview builds recognized for the latest versions (Windows Defender still doesn't like ProtectionID, so you'll have to add it to the exclusion lists for the meantime)...

* Coming - taggant v2 support as/when I see some live samples to work from.

* Cosmetic - copyright year adjusted to 2015 (not having that old issue happen again) :)

* Bugfix - bugfix/sanity check added in the crypto scanner, license scanner, and CD key and serial functions. I was sent some badly damaged executables from hypn0 (thanks), which reproduced the bugs and allowed a relatively easy fix.. very much appreciated, as they were relatively obscure.

* Update - new setting - report all section entropies added, it's off by default. If you enable it, it will report the entropy for each section present in the scanned file... this can obviously cause a slowdown in the scanning which is why I defaulted to make it disabled... edit - this didn't make it into this build... sorry... it'll be in the next.

* Bugfix - bugfix in reporting the version fixed file info... a register got trashed and should have been preserved... it is now.. thanks again to hypn0 - definitely getting his bugfinder achievement this month :)

* Fix - some buffers were not always wiped, leading to crap output... now fixed.

* Bugfix - installer_rtpatch_scan had a misbalanced stack (typo bug I think), which sometimes led to a register mismatch messagebox... (thanks hypn0).

* Bugfix - fixed bug in zipworx_scan which could lead to a crash (thanks hypn0).

* Bugfix - fixed bug in hmimys_scan scan (thanks hypn0).

* Bugfix - fixed bug in ea access scan that could lead to a crash (thanks hypn0).

* Bugfix - sanity/range check added to imphash code... (thanks hypn0).

* Bugfix - fix in digital signature processing where a serial wasn't present.

* Bugfix - fixed bug in Nullsoft installer scan (thanks hypn0).

* Bugfix - installer_gkwaresfx_scan had a bug where edx and ecx weren't preserved, leading to a 'register mismatch' messagebox if detected (thanks hypn0).

* Bugfix - range/sanity check added into safedisc scan code (thanks hypn0).

* Bugfix - range/sanity check added into solidshield scan code (thanks hypn0).

* Added - launch4j detection (also has extra info if you enabled that in the configuration) - have fun Chester Fritz.

* Tweak - revised code for appended data size and offset calculation... need to monitor this one.

* Update - pecompact detection updated, it now reports the internal version of the protection (thanks for the files hypn0).

* Bugfix - internal file version core could crash if the version info data size was incorrect (we use an internal routine to calculate the size if the Windows API fails... which happens sometimes)... this was a very rare and obscure bug (hard to replicate) - thanks to hypn0 I found and patched it (successfully I hope) :).

* Bugfix - added some range checking in the convert_* functions, as a crash could occur in some very damaged files (very rare).

* Bugfix - check_gamehouse.asm had some range checking added, as it'd crash on particularly malformed files...

* Bugfix - check_upx.asm had some range checking added, as it'd crash on particularly malformed files.

v 6.6.6 (halloween 2014)

I waited 11 years for this version number ;p

core additions / changes
tweaks, updates, fixes etc... oh and moved to masm v14 and linker v14

v 6.5.5 (halloween 2013)

core additions / changes
honestly can't remember, just updates, some bugfixes etc... oh and moved to masm v12 and linker v12

v 6.4.0

core additions / changes

- new: added in whois capabilities to IP/Name resolver
- new: compiler detector updated to detect:
- more Borland Delphi
- more Visual C/C++
- more MinGW
- Visual Objects
       - Liberty BASIC
       - PureBASIC
       - REALbasic

- update: changed output for rar/zip etc. which is non protection related to be displayed in the log window only.
      (protection report will only display protected files like securom/starforce containers etc.)
- update: some tweaks for the shortcut creation system
- bugfix: possible digital signature check crash fixed
- bugfix: peid extension code tweaks & some fixes
- bugfix: fixed closing a bad handle

detection additions / changes

- new: check_cenega.asm - added in Cenega ProtectDVD detection (custom protection for cenega .pl games)
- new: check_protectdisc.asm - added in generic v9.27 (or higher) detection
- new: check_protectdisc.asm - added in exact Protect DiSC versions for v9.26, v9.28 v9.30
- new: check_steam.asm - added in Valve CEG - Custom Executable Generation detection for Steam exe's
- new: check_ubidrm.asm - added in UBISoft Online DRM detection
- new: check_armadillo.asm - added in Armadillo v7.20 (or newer) detection
- new: check_asprotect.asm - added in ASProtect v2.56 (or newer) detection
- new: check_boxedapppacker.asm - added in detection for BoxedAppPacker bundled files
- new: check_clisecure.asm - added in detection for CliSecure .NET Code Protector
- new: check_codewall.asm - added in detection of CodeWall Technologies .NET Protector
- new: check_dyamarobfuscator.asm - added in DYAMAR Obfuscator detection
- new: check_enigmaprotector.asm - detection of Enigma Protector v2.xx wrapped files
- new: check_obsidium.asm - added in Obsidium v1.4.0.0 (or newer) detection
- new: check_reflexivearcade.asm - added in Reflexive Arcade Wrapper version info for build 179, 180, 181, 182, 183 v184
- new: check_safeengine.asm - added Safengine Licensor v1.7.2.0 (or newer) detection
- new: check_salamandernet.asm - added in detection of Salamander .NET Protector the core.dll (incl. version)
- new: check_shoecakedrm.asm - added in detection of Shoecake Games Activation
- new: check_softanchor.asm - added in UniLoc SoftAnchor detection
- new: check_themida.asm - detection of Themida using a new variant of Hide from PE Scanner
- new: check_xenocode.asm - added in detection for Xenocode Postbuild 2009
- new: check_xenocode.asm - added in detection for XenoCode Virtual Application Studio 2010
- new: check_apecsoftswftoexe.asm - added in ApecSoft SWF2EXE Converter v1.0 module detection
- new: check_babelobfuscator.asm - added in Babel .Net Obfuscator v3.x (or higher) detection
- new: check_exedefender.asm - added in ExeDefender v1.0 detection
- new: check_larp.asm - added in LARP v2.x detection
- new: check_netspider.asm - added in NET.Spider v1.0 (or older) and v1.1 (or higher) detection
- new: check_noobyprotect.asm - updated to detect NoobyProtect v1.7.x.x
- new: check_refruncycrypter.asm - Refruncy Crypter detection added
- new: check_scobfuscator.asm - added in SC Obfuscator detection
- new: check_scpack.asm - added in SC Pack v0.1 v0.2 detection
- new: check_vprotect.asm - rewritten to detect VirtualizeProtect v1.0 (or newer)
- new: check_yincrypt.asm - added in YinCrypt v1 (Public) detection
- new: license_activelock.asm - added in ActiveLock Licensing Module for DotNET detection
- new: license_icelicense.asm - added in detection of IonWorx - ICE License
- new: license_iceni.asm - added Iceni Technology License Wrapper detection
- new: license_interlok.asm - added iLok USB device driver detection
- new: license_protectionplus.asm - added in detection of the Protection Plus v4.6 Wrapper
- new: dongle_marx.asm - now detects the MARX CryptoBox PE Envelope
- new: dongle_proteqcompact.asm - added in Proteq Compact-500 Dongle detection + driver version reporting
- new: dongle_sentry.asm - added in detection for the Sentry Hardware Lock USB driver + version
- new: dongle_softdog.asm - added in SoftDog driver check + version reporting
- new: installer_adobeextract.asm - added in Adobe Extractor detection
- new: installer_nanozip.asm - added NanoZip SFX Module detection

- improved: check_activemark.asm - ActiveMark is now detected properly in games with a digital signature
- improved: check_copyminder.asm - updated CopyMinder scan, does now detect on a game it didn't see before
- improved: check_dotnetreactor.asm - rewritten dotNet Reactor detection (more accurate)
- improved: check_ea_custom.asm - update cucko detection with another pattern using a new routine
- improved: check_execrytor2.asm - added in another generic check updated to detect on 2 files it didn't 'see' before
- improved: check_moleboxultra.asm - now detects on MoleBox Virtualization Solution v4.2321 too
- improved: check_pecompact.asm - added in two more generic checks
- improved: check_popcapdrm.asm - now detects on recent popcap games too
- improved: check_protectdisc.asm - better handling for newer versions
- improved: check_securom.asm - updated to detect SecuROM SLL files a bit better
- improved: check_securom.asm - improved paul.dll detection (where version info was removed)
- improved: check_solidshield.asm - added in another generic check for the core.dll
- improved: check_themida.asm - tweaked, detects now on a file it did not 'see' before
- improved: check_upx.asm - added in another check for unknown / modified UPX
- improved: check_vmprotect.asm - added in another generic check
- improved: check_cryptic.asm - added in another check for Cryptic v2.0
- improved: check_darkcrypt.asm - updated DarkCrypt 1.2 detection with heuristic check
- improved: check_gieprotector.asm - added in two more checks for Gie Protector v0.2
- improved: check_mpress.asm - updated to handle MPress v2.12 (and newer)
- improved: check_noobyprotect.asm - NoobyProtect code adjusted to handle 2 files it didn't 'see'
- improved: check_pearmor.asm - added in another check for a newer version
- improved: check_pecrypt.asm - tweaked code results in faster scanning
- improved: check_privateexe.asm - updated detection code for v3.x
- improved: check_rdgpolypack.asm - tweaked, now detects on an exe it did not see before (thx ReverseB00n)
- improved: check_safeengine.asm - updated Safengine Licensor with another check
- improved: check_yodacrypt.asm - tweaked YodaCrypt v1.3 detection (does now detect on an exe it didnt see before)
- improved: check_zprotect.asm - ZProtect signature updated + it detects unknown versions now
- improved: dongle_copylock.asm - added detection for another variant
- improved: dongle_dinkey.asm - now detects on an application it did not 'see' before
- improved: dongle_rockey.asm - updated to detect Rockey2 on an application it did not 'see' before
- improved: dongle_softdog.asm - updated with another check for SoftDog dongles
- improved: installer_7zip.asm - another variant of 7z SFX gets detected now
- improved: installer_bitrock.asm - rewritten BitRock InstallBuilder detection to be more generic
- improved: installer_install_anywhere - added another check for (newer) InstallAnywhere Self Extractor Modules

- bugfix: check_securom.asm - fixed matroschka detection in securom - the name output was corrupted on a recent exe
- bugfix: dongle_copylock.asm - fixed internal bug
- bugfix: installer_gkwaresfx.asm - fixed double output

- bugfix: check_starforce.asm - starforce 'crap output' bug fixed
- update feature - updated to show version number on update as well, instead of some 'strange' number

- enable/disable: go to Configuration - Allowed Scanning Types - PEiD / PETools (3rd party scan)
- once enabled, you can browse the signature files by clicking the 'Extensions' tab (second icon from the bottom right)
- note: in cases of multiple hits, the highest probability is automatically figured out and reported;

- new: work on compiler detection began
The compiler detection simply reports what compiler was used to make the executable. It can also sometimes report the programming language the executable was made with.

Current detections: dotnet, visual basic, visual basic.net, some visual c/c++, borland c++, delphi
enable/disable: Configuration - Allowed Scanning Types - Enable Compiler Detection Scan

- new: tooltip preview (configurable option in the settings - under the GUI portion)
- new: added drive type reporting in the misc tools section
- new: added an option in configuration to dedicate 1 CPU to the scanning core (if multiple CPUs are found on the system)
- new: added a little pause/resume button in the main dialog (green square when you load PiD)
- new: added activity reporting on HDD reads. PiD is so quick though, you may not notice it, but on large files, it's useful because it's an indicator PiD is doing something

- update: turned on scan inside Microsoft CAB files as default
- update: added more informative comments into PE stuff
- update: file queue now reports the amount of files it has processed
- update: updated detection routine to report DLL compiled in native mode
- update: folderwatch cleanup now works and reporting is handled correctly
- update: updated version info core to handle 'strange' EXEs with bad/corrupt version info or version information that version.dll does not 'see'
- update: fixed some imports so that PiD now loads on Windows NT 4.0 (and probably 3.x) without the system throwing an import missing error and exiting the process
- update: services now disable themselves if the OS is 9x/ME (9x/ME doesn’t have 'services')
shares also disable themselves if the OS is 9x/ME (API not present in these OSes)
- update: GUI -> CD/DVD tools and the folderwatch buttons are now automatically disabled if the operating system is Windows 9x/ME (i.e.: less than Windows 2000)
- update: folder location shell32 output now made 9x/ME compliant (old comctl32.dll listview issue)
- update: added minimize to systray if it’s set in the configuration. If set, PiD will minimize itself when it's loaded for the first time
- update: added another handler for SMBIOS, it's quicker, but only available in Vista or higher
- update: Windows product key updated code, now should be good for all Windows versions except NT 4.0
- update: Windows product key is now also reported for 9x/ME
- update: updated code so that Windows 95, Windows NT 3.x, and NT 4.x do NOT have owner-drawn menus (95 couldn't handle them properly anyway, and NT 3/4 had issues too)
- update: added battery reporting into misc tool window
- update: DEP reporting done in misc tools information section
- update: fixed icons in 9x looking too big (now PiD looks the same in 98, ME, 2K, XP, Vista)
- update: pause/resume is now properly functional
- update: added pause checking into the CAB file handler
- update: progress bar resets once scan is complete
- update: added an animated rect for sizing (work in progress)
- update: added tooltip to sizer window

- bugfix: fixed 9x/ME crash (BSOD) issue in PETools stuff
- bugfix: fixed crash issue when viewing reloc information on some x64 files
- bugfix: silent exit/crash issue fixed in Win2000 Server
- bugfix: fixed position saving bug (reported by Blazkowicz)
- bugfix: fixed OS detection (Win NT was detected as 2000)
- bugfix: fixed the strange drag -> drop, file added to queue but scanning not started bug
- bugfix: fix for buffer overrun error when saving a protection log containing lots and lots of files
- bugfix: folderwatch - fixed crash when trying to add more than 2 folders
- bugfix: dirty buffer used in folderwatch reporting code
- bugfix: 9x sizing issue fixed
- bugfix: fixed some problems with Windows 95 original (before 95A, 95B, and 95C...) where the versioninfoex struct is expected to be a different size, resulting in a failure in detecting the operating system
- bugfix: various other tweaks & fixes...

Detection additions/changes:

- new: check_protectdisc.asm - added ProtectDisc v9.5.0 detection & detection of ProtectDisc drivers
- new: check_byteshield.asm - added ByteShield Software Activation Client detection
- new: check_safedisc.asm - now also detects Safedisc 1 ICD file as being protected & secdrv.sys
- new: check_tages.asm - code updated to detect Tages protection drivers
- new: check_armadillo.asm - added Armadillo v6.24 (or newer) detection
- new: check_pcguard.asm - added PC Guard v5.03 detection
- new: check_themida.asm - added detection for Themida/Winlicense with Hide PE Scanner Option
- new: check_asprotect.asm - added exact detection of ASProtect v2.3 Build 05.14 & ASProtect v1.40 Build 11.20
- new: check_privateexe.asm - added Private EXE Protector v3.0 (or newer) detection
- new: check_stardock.asm - added Stardock Product Activation Module detection
- new: check_reflexivearcade.asm - added ReflexiveArcade Wrapper - Build 171 and newer detection
- new: check_realarcade_drm.asm - added RealArcade DRM Module detection
- new: check_popcapdrm.asm - added PopCap DRM Protect detection
- new: check_elefunwrapper.asm - added Elefun Trial Game Wrapper detection
- new: check_playfirst.asm - added PlayFirst DRM Module detection
- new: check_oberonmediatime.asm - added detection for Oberon Media Time Protection Module
- new: check_wildtangent.asm - added detection of the Wild Tangent Wrapper v2.1.2.26 (or newer)
- new: check_dotnetreactor.asm - added .NET Reactor v3.x Library mode (+ Necrobit) detection
- new: check_macrobjectnet.asm - added Macrobject Obfuscator.NET 2008 detection
- new: check_noobyprotect.asm - added NoobyProtect v1.0.x.x and v1.1.x.x - v1.4.x.x.
- new: check_spicesnet.asm - added Spices.Net Obfuscator detection
- new: check_pegasyscustom.asm - added PEGASYS Custom Layer detection
- new: check_serialshield.asm - added Ionworx SerialShield Core.dll & its version detection
- new: check_dotnetguard.asm - added detection of the DotNet Guard HVM Runtime Library Module
- new: check_eakey.asm - added EA Key Module detection
- new: check_sevlock.asm - added sevLock detection
- new: check_asscrypter.asm - added ass - crypter detection
- new: check_billarcrypter.asm - added Billar Crypter v2.0 detection
- new: check_bitfrostcrypter.asm - added Bifrost Crypter v1 detection
- new: check_cigicigi.asm - added Cigicigi File Crypter v1.0 detection
- new: check_cryptdmarnar.asm - added Crypt Dmar Nar v0.5 detection
- new: check_darkavengard.asm - added DarkAvengard Crypter detection
- new: check_dexcrypt.asm - added DeX-Crypt v2.0 detection
- new: check_dirtycrypt0r.asm - added DirTy CrYpt0r detection
- new: check_dhcripter.asm - added DH Cripter v0.1 detection
- new: check_etcv.asm - added ETCV v1.0 detection
- new: check_fishpacker.asm - added FishPacker v1.03 & v1.04 detection
- new: check_flashbackscrambler.asm - added Flashback Scrambler v1.3.x detection (all 3 modes :-))
- new: check_idapplicationprotector.asm - added ID Application Protector v1.2 detection
- new: check_freecryptor.asm - added FreeCryptor v0.3b Build 3 detection
- new: check_gentlemancrypter.asm - added Gentlemen Crypter v1 detection
- new: check_gkripto.asm - added GKripto v1.0 detection
- new: check_haccrewcrypter.asm - added Hac-Crew Crypter detection
- new: check_hipacryp.asm - added HipACryp v0.0.1 detection
- new: check_icrypt.asm - added ICrypt v1.0 detection
- new: check_keycrypter.asm - added KeyCrypter detection
- new: check_lordcrypter.asm - added L0rD Crypter v1.0 detection
- new: check_maskpe.asm - added MaskPE v2.0 detection
- new: check_ncode.asm - added N-Code v0.2 detection
- new: check_nidhogg.asm - added Nidhogg v1.0 Final, v1.1 Beta 1 and [unknown version] detection
- new: check_novacipher.asm - added NovaCipher 1.0 Beta detection
- new: check_npack.asm - added nPack v2.0.100.2008 detection
- new: check_pfecx.asm - added PFE CX v0.1 detection
- new: check_poherna.asm - added Pohernah v1.02, v1.03 & v1.07 detection
- new: check_pokescrambler.asm - p0ke Scrambler v1.2 detection added
- new: check_rdgtejoncrypter.asm - added RDG Tejon Crypter v0.6, v0.7 & v0.8 detection
- new: check_rewolfdllpackager.asm - added ReWolf DLLPackager v1.0 detection
- new: check_roguepack.asm - added RoguePack v4.1 detection
- new: check_scancryptic.asm - added ScanCryptic v2.0 detection
- new: check_securepe.asm - added SecurePE v1.6 detection
- new: check_supercrypt.asm - added Super Crypt v1.0 detection
- new: check_tgrcrypter.asm - added TGR Crypter v1.0 detection
- new: check_vegancrypter.asm - added Vegan-Crypter v0.7 detection
- new: check_yokohcrypter.asm - added Yokoh Crypter v1.3 detection
- new: license_adobelm.asm - Adobe Systems License Manager Module detection added
- new: license_deploylx.asm - added DeployLX Licensing for DotNet detection
- new: license_esellerate.asm - added eSellerate Activation System Core Module detection
- new: license_infralution.asm - Infralution Licensing System for DotNET detection added
- new: license_isquicklicense.asm - added Interactive Studios Quick License Manager detection
- new: license_mirage.asm - added detection for Mirage License Protector
- new: license_sentinelrms.asm - added SafeNet Sentinel RMS Core.dll detection
- new: license_xheolicensing.asm - added Xheo Licensing Module for DotNet detection
- new: dongle_biteboard.asm - added Bite-Board USB Dongle detection
- new: dongle_copylock.asm - added CopyLock Dongle detection
- new: dongle_marx.asm - MARX Crypto-BOX Dongle detection added
- new: dongle_rockey.asm - added Rockey2 / Rockey4 Dongle detection
- new: dongle_sentinel.asm - added detection of the NetSentinel Win32 Client DLL
- new: dongle_sentry.asm - added Sentry Hardware Lock detection
- new: dongle_wizzkey.asm - added Wizzkey Dongle detection

- new: installer_digital_river_downloader.asm - Digital River Download Manager detection
- new: installer_gpinstall.asm - added GP-Install Module detection
- new: installer_lymesfx.asm - added Lyme SFX Extractor Module detection
- new: installer_install_anywhere.asm - added InstallAnywhere detection
- new: installer_installshield.asm - added InstallShield v15 detection & Installshield PackageForTheWeb Installers
- new: installer_lindersoftsetup.asm - added Lindersoft Setup Builder Module detection
- new: installer_omnisetup.asm - added Omni Setup Module detection
- new: installer_popcap.asm - added PopCap Installer detection
- new: installer_realarcade_downloader.asm - added RealArcade Download Manager detection
- new: installer_reflexive_arcade.asm - added Reflexive Arcade Install Wrapper detection
- new: installer_smart_install_maker.asm - added Smart InstallMaker detection
- new: installer_visual_patch.asm - added detection for Visual Patch Installer

- improved: check_starforce.asm - updated to handle those strange StarForce 5.60 EXEs that didn't have version information
- improved: check_securom.asm - code updated to detect the DRM DYN data module
- improved: check_protectdisc.asm - added one more older version (v7.7.0)
- improved: check_codelok.asm - scanning speed optimizations
- improved: check_sysiphus.asm - optimized detection & scanning speed
- improved: check_solidshield.asm - update for those strange EXEs and DLLs with no version information
- improved: check_themida.asm - better version detection (v1.8.2.0 - v1.9.5.0, v1.9.7.0 - v1.9.9.0, v2.0.0.0 - v2.0.2.0, v2.0.3.0 - v2.0.4.0, v2.0.5.0 (or newer))
- improved: check_acprotect.asm - faster scanning results
- improved: check_armadillo.asm - Armadillo detection code updated
- improved: check_asprotect.asm - rewritten for better version detection
- improved: check_xenocode.asm - tweaked detection
- improved: check_thinstall.asm - updated with another detection method for v3.207
- improved: check_upx.asm - fixed UPX detection code so it detects UPX'ed DLLs too
- improved: check_xprotector.asm - added another check (this also fixed a possible wrong detection of Themida / WinLicense protected DotNet executables)
- improved: check_vmprotect.asm - made more generic, adjusted version info output
- improved: check_andpakk2.asm - rewritten, additionally we exactly detect the 2 versions now (v0.06 & v0.18)
- improved: check_anslympacker.asm - rewritten
- improved: check_cicompress.asm - tweaked & optimized
- improved: check_exestealth.asm - added another generic check
- improved: check_mew10.asm - tweaked Mew 10 detection
- improved: check_pebundle.asm - updated, now detects an EXE which didn't before
- improved: check_rdgtejoncrypter.asm - added a more generic detection method
- improved: check_telock.asm - tweaked TeLock v0.96 detection
- improved: license_elicense.asm - completely rewritten (better v3.2 & v4.0 detection)
- improved: license_flexlm.asm - optimized detection & scanning speed
- improved: license_flexnet.asm - optimized detection & scanning speed
- improved: license_haspsl.asm - added another check for HASP SL
- improved: license_interlok.asm - added another generic check
- improved: license_salesagent.asm - optimized detection & scanning speed
- improved: license_sentinellm.asm - optimized
- improved: generic speed improvements in almost all license scans
- improved: dongle_keylok2.asm - updated KeyLok2 Dongle detection for better detection
- improved: generic speed improvements in all dongle scans
- improved: installer_7zip.asm - code updated, now detects an EXE it never 'saw' before
- improved: installer_installaware.asm - updated to detect a custom version which was undetected before
- improved: installer_installshield.asm - InstallShield detection is now more generic and improved
- improved: installer_mscabsfx.asm - Microsoft CAB SFX format detection is now made better
- improved: installer_nullsoft.asm - updated to handle Nullsoft SFX EXEs with the data in the resource section
- improved: installer_rarsfx.asm - WinRAR SFX detection updated
- improved: installer_zylomgames.asm - detection of another variant of Zylom Games Setup

- bugfix: fixed bug in Cactus Data Shield file scan (discovered by Blazkowicz on acrobat.dll)
- bugfix: check_obsidium.asm - bugfix in Obsidium detection code
- bugfix: check_polyene.asm - fixed possible crash bug
- bugfix: installer_redshift.asm - fixed potential bug

Faster, more accurate, still better, and no more beta - Xmas release #2

Core Code changes

- new: width-resizable main window
- new: user can now choose what protection scans to skip
- new: added a new configuration item allowing the user to specify if ISO, CCD, MDS, etc. modules are to be treated as discs (and thereby subject to a sector scan)
- new: ability to scan inside Microsoft CAB files has been implemented

- update: we are now v0.6.1.3
- update: faster scanning core :)
- update: configuration window has a new look
- update: better 64-bit file handling support added
- update: appended data detection tweaked a little
- update: now if PiD is running and an EXE is scanned from the context menu, the main window will change to the log window (looks better, suggested by loki)
- update: LNK file resolving is now complete; if the user has selected to resolve links, the system handles this all automatically
- update: window position is now centered if a previous window location was not recorded
- update: adjusted IA64/x64 vs. machine check portion of code (thanks to Teddy Rogers)
- update: configuration - Windows product key showing is now a configuration item
- update: configuration - now 'themes' and 'flat mode' cannot be selected at the same time. This is how it should be as themes override flat mode, etc., so now only one can be selected, and the other is 'auto unselected' (suggested by Syk0)
- update: configuration - added code to enable/disable the 'protection report bubble' after a scan is completed
- update: Memory Optimizer - the progress bar should get to the start again when the user clicks on Optimize and Purge is successful
- update: Memory Optimizer - code heavily updated to work in chunks (if the largest size requested is not available), resulting in more reliable, faster, and optimized performance
- update: misc tools - added a quick uninstall tab
- update: misc tools - added a CD/DVD Filter Driver scanner tab
- update: misc tools - added a Windows Error Code Resolver tab
- update: misc tools - added a CPU Info tab
- update: misc tools - added Windows directory in the system info output
- update: misc tools - added a Folder Locations scanner
- update: misc tools - system information window now reports graphic device names (GeForce, etc.), username & computer name, and terminal services availability
- update: misc tools - Windows install date (from registry) is now reported in the misc tools 'system info part,' and Windows install date (from folder) is now also reported.
- update: misc tools - tweaked x64 OS detection code, so it’s a lot more reliable
- update: misc tools - Windows product key reporting now also handles x64 systems
- update: NFO viewer - extra checking now added - ZIP, RAR, and MZ executables will NOT be displayed. Instead, a warning message is displayed
- update: process view - added a check for terminate, dump, priority change. If the selected process is PiD, the menu items are disabled (for safety and security)
- update: SFV checking now reports the current offset on the line when processing
- update: SFV processing now works with quoted filenames
- update: winspy - process name is now also reported (if we could obtain it)
- update: log window in CD/DVD operations now has a context menu, allowing for:
- clear log
- copy selection to clipboard
- copy log to clipboard
- save selection (csv)
- save log (txt)
- save log (csv)

- bugfix: admin reflection/reporting was incorrect on 9x/ME systems
- bugfix: 'admin shield' icon is now moved; it looked out of place if the other progress bars showing CPU usage, etc., were turned off (reported by Loki)
- bugfix: Export as .txt doesn't work properly; only the first file gets saved
- bugfix: event bug fixed, which sometimes resulted in PiD sticking at about 35% CPU
- bugfix: pause/resume in the queue window was sometimes wrong for the text (reported by r!co)
- bugfix: Fixed SFV bug - click on make, don't select any files and press abort. You can't use the complete SFV feature as it's all grayed out (reported by Blazkowicz)
- bugfix: SFV output for large files (MB, GB, etc.) was VERY wrong; it’s now corrected
- bugfix: fixed 'disappearing window' problem
- bugfix: 'large icons' issue fixed in 9x
- bugfix: SFV - abort now works
- bugfix: SFV - output issue should be 110% fixed now (new buffering system used)
- bugfix: task manager - potential stack bug fixed
- bugfix: configuration - shortcut creation was broken
- bugfix: NFO viewer - fixed potential memory leak on drag/drop
- bugfix: bug in the code checking for digital signatures (found by Blazi). The code now performs a sanity check on accessed memory areas

Detection additions/changes

- new: check_activemark.asm - added version detection for v6.3.562
- new: check_alawar.asm - added Alawar Try & Buy Activation detection
- new: check_hexalock.asm - added HexaLock Copy Protection detection
- new: check_protectdisc.asm - added more Protect DiSC v8 subversions
- new: check_securom.asm - added detection for SLL modules + SecuROM Matroschka Package

- new: check_acprotect.asm - added ACProtect v2.1, v2.1.1, and v2.1.2 detection
- new: check_angelscrypter.asm - added Angel's Crypteur v0.2 detection
- new: check_antidote.asm - added AntiDote v1.4 SE detection
- new: check_armadillo.asm - added version detection v6.00 or newer
- new: check_atreprotector.asm - added AT4RE Protector v1.0 detection
- new: check_avlock.asm - added AVLock detection
- new: check_budcrypter.asm - added BUD Crypter detection
- new: check_coolcrypt.asm - added COOLcryptor 0.9 detection
- new: check_cryptwoz.asm - added CryptWOZ v1.0 detection
- new: check_darkcrypt.asm - added DarkCrypt v1.2 (Private Version) detection
- new: check_dcrypt.asm - added DCrypt Private v0.9b detection
- new: check_dotfixniceprotect.asm - added DotFix NiceProtect v1.0 detection
- new: check_dotnetreactor.asm - added dotNet Reactor v3.3 (or newer) detection
- new: check_enigmaprotector.asm - added version grabber for Enigma Protector
- new: check_execrypt.asm - added ExeCRyPT v1.0 [ReBirth] detection
- new: check_exefog.asm - added EXEFog v1.1 detection
- new: check_exewrapper.asm - added ExeWrapper v3.0 (533Soft) detection
- new: check_expressor.asm - added ExPressor v1.6 detection
- new: check_fakuscrypter.asm - added Fakus Crypter detection
- new: check_fastfilecrypt.asm - added FastFileCrypt v1.6 Public detection
- new: check_fatalzcrypt.asm - added Fatalz Crypt v2.14a detection
- new: check_flashbackprot.asm - added Flashback Protector v1.0 detection
- new: check_gieprotector.asm - added Gie Protector v0.2 detection
- new: check_imppacker.asm - added IMP-Packer v1.0 detection
- new: check_kcryptor.asm - added K!Cryptor v0.11 detection
- new: check_kgbcrypter.asm - added KGB Crypter v1.0a detection
- new: check_leetcryptor.asm - added 1337 Cryptor v2 detection
- new: check_lilithcrypter.asm - added Lilith Crypter detection
- new: check_maxtocode.asm - added MaxtoCode .Net Encryption detection
- new: check_minke.asm - added Minke v1.0.1 Executable Crypter detection
- new: check_moneycrypter.asm - added Money Crypter detection
- new: check_morphna.asm - added Morphna Beta 2 detection
- new: check_mortalteamcrypter.asm - added Mortal Team Crypter v2 detection
- new: check_mpress.asm - added MPRESS NET compressor detection
- new: check_mushroomcrypter.asm - added Mu$hr00M CryPtOR v1.0 detection
- new: check_nme.asm - added NME Executable Crypter v1.1 detection
- new: check_npack.asm - added nPack v1.1.500.2008 Beta detections
- new: check_obfuscatornet.asm - added Macrobject Obfuscator.NET detection
- new: check_privateexe.asm - added version detection for v2.00 - v2.25 and v2.30 - v2.70
- new: check_puricrypt.asm - added Puri Crypt v1.2 detection
- new: check_quickpacknt.asm - added QuickPack NT v0.1 detection
- new: check_rcryptor.asm - added RCryptor v1.6d detection
- new: check_rdgpack.asm - added RDG Pack Lite Edition v0.2 detection
- new: check_rdgtejoncrypter.asm - added RDG Tejon Crypter v0.3 detection
- new: check_rlp.asm - added ReversingLabs Protector v0.7.4 beta detection
- new: check_rlpack.asm - added RLPack v1.20 detection
- new: check_roguepack.asm - added RoguePack v3.3 detection
- new: check_russiancryptor.asm - added Russian Cryptor v1.0 detection
- new: check_securepe.asm - added SecurePE v1.5 detection
- new: check_secureshade.asm - added Secure Shade v1.8 detection
- new: check_snoopcrypt.asm - added SnoopCrypt detection
- new: check_thinstall.asm - added THInstall detection
- new: check_tstcrypter.asm - added TsT Crypter detection
- new: check_undergroundcrypter.asm - added UndergroundCrypter v1.0 detection
- new: check_unlimitedcrypter.asm - added UnLimited Crypter v1.0 detection
- new: check_unopix.asm - added UnoPiX v0.94 detection
- new: check_upxlock.asm - added UPX Lock v1.01 - v1.02 detection
- new: check_weruscrypter.asm - added Werus Crypter v1.0 detection
- new: check_wildtangent.asm - added Wild Tangent v2.1 Activation detection
- new: check_windofcrypt.asm - added WindOfCrypt detection
- new: check_wingscrypt.asm - added Wingscrypt v2.0 detection
- new: check_winutilitiesexeprot.asm - added WinUtilities EXE Protector v2.1 detection
- new: check_wlcrypt.asm - added WL-Crypt v1.0 detection
- new: check_xenocode.asm - added XenoCode .NET protector detection
- new: check_xenocode.asm - added XenoCode Postbuild 2007 + 2008 for .NET detection
- new: check_xhackercryptor.asm - added xHacker Cryptor detection
- new: check_xshell.asm - added XShell v1.5 detection
- new: check_zprotect.asm - added ZProtect v1.4.3 detection
- new: check_zylomwrapper.asm - added Zylom Wrapper Crypted Game.exe detection

- new: license_nalpeiron_scan.asm - added Nalpeiron Licensing Service detection

- new: installer_install4y.asm - added Install4j Wizard Module detection
- new: installer_installshield.asm - added InstallShield v12 BETA Version detection
- new: installer_squeezesfx.asm - added Squeeze Self Extractor Module detection
- new: installer_trymediadownload.asm - added Trymedia Systems Download Manager detection

- new: MSI and 7zip file type reporting is now done to the log window (similar to the .rar, zip, etc. reporting)
- new: added quick detection for starforce protected PDF file

- update: check_aspack.asm - added an additional check for ASPack 2.x to avoid a false positive when scanning a file wrapped by FlashBack with ASPack entry point signature
- update: check_codelok.asm - improved detection
- update: check_dotnetreactor.asm - some parts recoded to be more generic & faster
- update: check_execryptor2.asm - improved detection with heuristic checks
- update: check_laserlok.asm - updated to handle older (v3) versions of laserlok
- update: check_passlock2000.asm - improved detection
- update: check_reflexivearcade.asm - executables builds are now reported (if found)
- update: check_safedisc.asm - updated to detect Safedisc Lite
- update: check_securom.asm - updated to handle VERY old versions & updated to detect a modified paul.dll
- update: check_solidshield.asm - minor modifications, but results in better reporting
- update: check_starforce.asm - updated to handle the new variant (v5.5) and also report bitness of the EXE
- update: check_sysiphus.asm - optimized detection
- update: check_themida.asm - updated to handle DLL protected Themida files
- update: check_vmprotect.asm - added new generic detection code (catches DLLs we missed before)
- update: check_upx.asm - improved to be 'more generic'
- update: check_vob.asm.asm - updated to handle older version (4 or less)

- update: dongle_guardant.asm - added reporting of old Guardant Dongle Protections
- update: dongle_hasphlenvelope.asm - improved detection

- update: license_sentinellm - improved for better detection

- update: installer_7zip.asm - improved detection

- bugfix: check_telock.asm - fixed v1.0 detection
- bugfix: check_yzpack.asm - fixed bug resulting in non-detections
- bugfix: installer_installshield.asm - fixed possible non-detections

CD/DVD/Image file/sector scan

- new: b6i image added into the supported file list
- new: added 'Extract Boot Sector,' now the boot sector from the CD/DVD can be 'extracted' to a file for use with something else maybe :)

- new: cddvd_cactus.scan.asm - Cactus Audio detection added to file scan in the CD/DVD module
- new: cddvd_protectdisc.scan.asm - added sector scan module for ProtectDisc / ProtectCD

- update: if a disk is detected as being protected when making the ISO, the user will be prompted to continue or not
- update: sector stuff - updated handler to handle UDF format disks (BEA01 header instead of CD001)
- update: sector scan - tweaked sector scan for Tages a little
- update: sector scan - tweaked the Safedisc detection code
- update: sector scan - updated to now NOT stop if a sector 16 read failure happened
- update: sector scan - SecuROM scan updated to handle version 4.x (and probably lower), which used a different 'fingerprint' and some minor tweaks/fixes
- update: sector scan - Starforce + Starforce keyless scan was heavily updated, reducing the probability of false positives as well as catching some we missed before

- bugfix: sector scan - Codelok scan fixed

If you ever used an older version, you will experience a totally new tool with v6.0.
PiD got a major overhaul on its GUI for a new and very easy using experience.
Many protections have been added and tweaked for maximum detection speed
and as much accuracy as possible with the new core code additions.
Dongles, Licenses, polymorphic protectors and Installer detections are just some of the new additions...
Our goal is to release a very easy-to-use tool for detecting all kinds of protections.
PiD is easy to use for newbies due to the CD/DVD scan and drag & drop feature.
Reverse engineers will also benefit when using ProtectionID due to the detailed information
like multiple protections in one file, detection of nearly all protectors (commercial and freeware)
and more information like appended data etc...
We hope you will enjoy the new generation of our tool :-)
/cdkiller & x/xxx

Core Code changes

- added: new PE Entry Point verification code
- added: RVA - File Offset and vice versa converter
- added: checks if PE file is damaged
- added: checks if Executable is not designed for this CPU
- added: checks if Executable is not designed for this OS

- improved: many code optimizations which will result in a highly stable program (should be very stack safe now)

GUI changes

- added: Protection Report window showing a table with filename/protection
- added: File Queue window to GUI showing all the queued files (pause, remove, and clear function)
- added: Configuration window with a lot of options the user can choose from
- added: CD/DVD Util window to GUI
- added: filter log, where output in the status window can now be filtered to only report protected files
- added: right-click menus into the status window, so that output can be copied to clipboard or saved to file
- added: more servers for the update system
- added: folder drag & drop support
- added: ability to drag & drop the CD/DVD icon into PiD to scan all files on a CD/DVD

- changed: Log window size extended a bit

CD/DVD scanning

- added: sector scanning for Codelok (encryption key will be extracted)
- added: sector scanning for Safedisc v1, Safedisc v2/v3/v4
- added: sector scanning for SecuROM (if version is older than v4.84.84, it will be displayed)
- added: sector scanning for StarForce 3 keyless
- added: sector scanning for StarForce 3 DVD Games

New detections

- added: more CD/DVD-Checks
- added: more CD/DVD Key or Serial Checks
- added: ARM Protector v0.1, v0.2, v0.3 detection
- added: Alex Protector v1.0 Beta 2 detection
- added: BamBam v0.1 detection (+ Debug Info)
- added: Beria v0.0.7 detection (+ Debug Info)
- added: Bitshape PE Crypt v1.5 detection
- added: BJFNT v1.1 and v1.2 detection
- added: CICompress v1.0 detection
- added: CodeCrypt version detection for v0.15, v0.16 - v0.161, v0.163 - v0.164
- added: DBPE v2.33 detection
- added: Daemon Protect v0.6.7 detection
- added: DePack detection
- added: Dot Fix Fake Signer detection
- added: Duals Exe Encryptor v1.0 and v1.1b detection
- added: Encrypt PE v1.2003.5.18 and v2.2004.8.10 detection
- added: Enigma Protector v1.03 Build 3.10, v1.03 Build 4.00 detection, v1.11 and v1.12 detection
- added: EP Protector v0.3 detection
- added: EXE32Pack v1.42 detection
- added: EXE Guard v1.x detection
- added: EXE Locker detection
- added: EXE Password 2004 v1.111, v1.112, v1.114 detection
- added: EXE Protector v2.x detection
- added: EXE ReFactor v0.2 detection
- added: EXE Safe v2.0 detection
- added: EXE Shield [unknown version] detection
- added: EXE Shield version detection for v2.7a, v2.7b, v2.8a, v2.9
- added: EXE Stealth v2.75 and v2.75a (latest version) detection
- added: ExPressor v1.0, v1.1, v1.2, v1.3 and v1.4 detection
- added: Forgot v1.0 detection
- added: French Layor v1.81 detection
- added: Goat’s PE Mutilator v1.6 detection
- added: Hide PE v1.0 [ASPack New strain method] detection
- added: Hide PE v1.1 [ASPack New strain method] detection
- added: Hide PE v1.x [VBOX v4.3 MTE method] detection
- added: Hying’s PE-Armor v0.x detection
- added: Ion Ice EXE Lock v1.0 detection
- added: JD Pack v1.01 detection
- added: Krypton version detection for v0.2, v0.3, v0.4, v0.5
- added: License Checks
- added: MazePath EXELockout v3.0 detection
- added: Mew 5 EXE Coder v0.1 detection
- added: Mew 10 v1.x detection
- added: Mew 11 SE v1.0 and v1.1 / v1.2 detection
- added: Morphine v1.2, v1.3, v1.4 - v2.7 detection
- added: MSLRH v0.31a, v0.32 and [unknown version] detection
- added: Obsidium version detection for v1.0.0.61, v1.1.1.0, v1.1.1.4, v1.2.0.0, v1.2.5.0, v1.3.0.0 and v1.3.0.4
- added: Packanoid v1.0 and v1.1 detection
- added: Packman v0.0.0.1 detection
- added: Pack Master v1.6 detection
- added: PE Bundle v3.20 (latest version) detection
- added: PE Crypt v1.0x detection
- added: PE LockNT v2.01, v2.03 and v2.04 detection
- added: PE Pack v0.99 and v1.00 detection
- added: PE Spin v0.3, v0.41, v0.7, v1.0, v1.1 and v1.3 detection
- added: Petite version detection for v1.2, v1.3, v1.4, v2.2, v2.3 and unknown versions
- added: PEStubOEP v1.x detection
- added: PolyCrypt PE [generic] detection
- added: PolyEnE detection
- added: Protect v0.1.3 detection
- added: Protect EXE v0.4a Beta detection
- added: Private EXE v2.x detection
- added: Program Protector v1.x - v2.x detection
- added: SD Protector v1.12 and [unknown version] detection
- added: Shegerd EXE Protector & Anti-Debugger detection
- added: Shrinker v3.4 detection
- added: SLVc0deProtector v0.61 detection
- added: SoftSentry [generic] detection
- added: Softwrap (XtremeLok) detection
- added: Smoke’s ExeShield v0.5 detection
- added: Stealth PE v2.x detection
- added: Stone's PE Cryptor v1.13 detection
- added: SVKP version detection for v1.051, v1.11 and v1.3x - v1.4x
- added: TELock version detection for v0.42, v0.51, v0.60, v0.70, v0.80, v0.85f, v0.90, v0.92a, v0.95, v0.96, v0.98 and private versions
- added: Themida v1.0.0.1 - v1.0.0.5 detection
- added: Trial Master v2.x detection
- added: Upack v0.10b - v0.12, v0.20, v0.21, v0.22 - v0.23, v0.24 - v0.28, v0.29 - v0.33, v0.34 - v0.35 and v0.36 detection
- added: UPX Mutanter v0.2
- added: UPX Mutator detection
- added: UPX Protector v1.0e detection
- added: UPX$HiT 0.0.1 detection
- added: Visual Protect [generic] detection
- added: Vcasm-Protector detection
- added: Visual UPX v0.2 detection
- added: VMProtect v1.00 - v1.04 and v1.05 - v1.07 detection
- added: WinLicense v1.0.0.0 - v1.0.0.3 detection
- added: XCR v0.12 and v0.13 detection
- added: X-Treme Protector v1.07 Build 12-12-03, v1.08 Build 15-12-03 and v1.08 FINAL detection
- added: Yoda’s Crypter v1.1 and v1.3 detection
- added: Yodas Protector v1.0b, v1.02b, v1.02d, v1.02.05, v1.03.1 and v1.03.2 Beta 3 detection
- added: Z-Code v1.01 detection

- added: Dongle - Dinkey detection
- added: Dongle - Hardlock detection
- added: Dongle - HASP Hardware Lock detection
- added: Dongle - HASP4 Net detection
- added: Dongle - Key-Lok II detection
- added: Dongle - Sentinel detection
- added: Dongle - Sentinel Super Pro detection
- added: Dongle - WIBU detection

- added: License - CrypKey detection
- added: License - FlexLM detection
- added: License - FlexNET detection
- added: License - HASP SL detection
- added: License - InterLok detection
- added: License - nTitles Activator detection
- added: License - SalesAgent detection
- added: License - Sentinel LM detection
- added: License - ViaTech E-license detection

- added: Installer - 7-Zip SFX Module detection
- added: Installer - Aquarius Soft Self-Extractor detection
- added: Installer - Astrum Install Wizard detection
- added: Installer - AW Install Engine Module detection
- added: Installer - BinPatch Module detection
- added: Installer - Bit-Arts Install Wrap detection
- added: Installer - Blizzard PrePatch Module detection
- added: Installer - Clickteam Install Maker detection
- added: Installer - Clickteam Patchmaker detection
- added: Installer - Create Install 2003 detection
- added: Installer - Gentee Installer detection
- added: Installer - Ghost Installer detection
- added: Installer - GKWare SFX Setup Archive detection
- added: Installer - Inno Setup Archive detection
- added: Installer - Installer 2 Go detection
- added: Installer - InstallShield v5.53, v6.31.100.1221, v7.1.100.1248, v8.x, v9.1.0.429, v10 and v10.5 detection
- added: Installer - Install Zip detection
- added: Installer - IZarc Self Extractor Module detection
- added: Installer - Microsoft SFX CAB Module detection
- added: Installer - Nullsoft SFX Setup Archive detection
- added: Installer - Patch Wise Module detection
- added: Installer - Paquet Builder - Enhanced Self-Extracting Zip Module detection
- added: Installer - PKSFX Archive detection
- added: Installer - Power Archiver SFX 2003 detection
- added: Installer - QSetup SFX Kernel detection
- added: Installer - Red Shift Installation System Module detection
- added: Installer - RTPatch Module detection
- added: Installer - Setup Factory detection
- added: Installer - SFX Factory! detection
- added: Installer - Silicon Realms Install Module detection
- added: Installer - Sony Self-Extracting Packager Archive detection
- added: Installer - Spoon Installer Module detection
- added: Installer - Tarma Installer Module detection
- added: Installer - VISE Mindvision Wizard detection
- added: Installer - WinAce Self-Extractor Module detection
- added: Installer - WinRAR SFX Archive detection
- added: Installer - WinZip SFX Archive detection
- added: Installer - Wise Installation Wizard Module detection
- added: Installer - Zip Central SFX detection
- added: Installer - Zip SFX Module detection
- added: Installer - Z-Up Maker SFX Archive detection

Improved detections

- improved: Codelok detection (bye bye 'icd1' section check)
- improved: appended data size verification for a few exe crypters, resulting in an even more accurate detection
- improved: Air EXE Lock detection
- improved: DEF v1.0 detection rewritten
- improved: EXE32 pack detection rewritten
- improved: EXEProt detection
- improved: EXE Stealth detection which wouldn’t recognize crypted exes with the retail version (shareware messed up some EP bytes)
- improved: E-Zip detection (also speed increase)
- improved: Krypton detection rewritten (much faster and more accurate now)
- improved: LameCrypt detection
- improved: Neolite v1.x - v2.x detection
- improved: NFO detection
- improved: Noodle Crypt v2 detection
- improved: Obsidium detection rewritten to be more generic with all available versions till v1.2.5.0
- improved: PassLock 2000 detection
- improved: PE Diminisher v0.1 detection
- improved: PE Lock v1.06 detection
- improved: PE Nguincrypt detection
- improved: PE Ninja detection rewritten
- improved: PE Shield detection code optimized
- improved: PeX v0.99 detection
- improved: PKLite32 v1.1 detection
- improved: Shrinker detection
- improved: Software Defender detection rewritten
- improved: Special EXE Password Protector detection
- improved: SVKP detection recoded, much faster and more accurate
- improved: TELock detection code rewritten
- improved: Virogen Crypt v0.75 detection
- improved: WinKrypt v1.0 detection
- improved: WWPack32 v1.xx detection rewritten
- improved: Yoda’s Crypter v1.2 detection

Fixes

- fixed: possible crash bug when scanning a 'Zero Entrypoint DLL' (i.e. Ahead\Nero\Nerodeu.nls)
- fixed: EXE32Pack wasn’t detected in v5.0 due to a file size checking bug
- fixed: ExeProt crash bug when scanning files 1500h bytes
- fixed: cosmetic bug on status window, if mouse was over it when it was first created, the cursor was an hourglass
- fixed: a few detection strings with missing zero terminators (didn’t affect scanning, just a cosmetic fix)
- removed: PE Bundle generic detection (heh it could be fooled too easily)
- removed: Krypton [generic] detection (version checks will do a better job)
- plus many minor fixes and improvements I can’t remember anymore ;-)

[ -= NOTES = -]

Dongle detections: To check commercial applications for a Dongle protection, we recommend using the folder scan.
We know Dongle protections aren’t widely used in most apps but the usage of Dongles in 3D/CAD/CAM applications is growing.

Examples:
- AICON 3D Studio v3.6.00 - Hardlock
- Avisoft-SASLab Pro.4.36.22 - Hardlock
- Image Craft AVR ANSI C Tools v7.00b - DinKey
- BrainVoyager2000 v491 - HASP
- Canops ProCoder v2.0 - HASP PE Envelope
- Solidscape JewelCAD v5.12 - Key-Lok II
- Quark XPress v6.1 - Sentinel
- NewTek LightWave 3D v8.0 - Sentinel
- Electronic Image Animation System v5.5.1 - Sentinel Super Pro
- PointLineCAD Version 19 - WIBU

License detections: To detect if an application is protected by a License, we recommend using the folder scan and select the install dir.
Examples:
- DivX v5.2.1 is using 'nTitles Activator'. Scan the DivX folder and you will notice bgregister.exe in the Protection Report Window. The file will import the serial functions of a file called 'PSIKey.dll' which is present in your application dir or (like in this case) in C:\Windows\System32. Scan the dll and you’ll know the version.
- Avid Softimage XSI Advanced v4.0 - FlexLM v6.1 (ilImageTPF.dll)
- Intel C++ Compiler for Win.v8.0.046 - FlexLM v7.1 (codecov.exe, xilink.exe...)
- Gauss v6.0 - FlexLM v8.1 (gauss.exe, tgauss.exe)
- Pixar Renderman Artist Tools v6.0 - FlexLM v8.2 (rampEditor.exe, slim.exe...)
- Code Warrior v9.3 - FlexLM v8.4 (lmgr8c.dll)
- Digital Fusion Render Note v4.04c - FlexLM v9.0 (DFRNode.exe)
- Cambridge Animations Systems Animo v6.0 - FlexLM v9.2 (lots of *.dll files in \bin dir)
- Geoslope Geostudio 2004 v6.02 - FlexNET v10.0 (GeoStudio.exe and lots of *.dll files)
- Minnetonka Disc WELDER Bronze v1.01 - Sentinel LM
- IronCAD Inovate v7.0 - Sentinel LM v7.2.0.0
- CSI SAFE v8.0.4 - Sentinel LM v7.2.0.18
- DivX v5.2.1 - nTitles Activator v1.3.6.18 (bgregister.exe, PSIKey.dll)
- Corel Word Perfect Office v12 - nTitles Activator v1.3.4.89 (Prwin12.exe, PSIKey.dll...)
- Kaydara Motion Builder v5.5 - nTitles Activator v1.3.4.13 (klicense.dll, PSIKey.dll)
- PowerQuest Drive Image v7.03 - nTitles Activator v1.3.0.43 (PQV2iSvc.exe)

Safecast detections: Examples:
- Dreamweaver MX 2004 v7.0.1 - Safecast v2.42.000 (actlib.dll, MMxpt.dll)
- ArcSoft Media Card Companion v1.0 - Safecast v2.50.030 (Media Card Companion.exe)
- Autodesk Inventor Professional v9.0 - Safecast v2.51.000 (invadlm.dll, invaip09.dll)
- Data Becker Web To Date v3.1 - Safecast v2.60.030 (web2date.exe)
- Adobe Photoshop CS2 - Safecast v2.67.010 (Tw10122.dat)

v 5.1f

- added: SecuROM 7.27.xxxx detection
- added: Protect DiSC v7.5 (or newer) detection
- added: Starforce 4 protection level (Basic / Pro) detection
- added: Starforce ProActive v4 Protect.exe detection
- added: Safedisc detection for v4.70 in executables without version string
- added: PC Guard v5.01 detection
- added: SD Protector v1.12, v1.16 and [unknown version] detection
- added: TheMida v1.0.0.0 - v1.8.0.0 (or newer) detection
- added: License - eLicense v3.x, v3.20 and v4.0 detection
- added: License - Protection Plus v4.x detection
- improved: ActiveMark detection split into v4 v5
- improved: Xtreme Protector detection code improved
- improved: SecuROM 7.26.xxxx detection, added more detailed versions
- improved: Protect DiSC version detection, added support for most common versions
- fixed: crash during Tages scanning if entrypoint is between offset 2h to 4h

/cdkiller [x/xxx]

v 5.1e

- added: SecuROM 7.26 detection
- added: SecuROM 7.xx.xxxx subversions (tested on 90+ executables)
- added: Safedisc separated detection for v4.50 & v4.60 in executables without version string
- added: Laserlok build detection for v5
- added: Starforce v4 detection inside protect.exe
- added: NSPack v3.3 & v3.5 detection
- improved: Laserlok Marathon detection
- improved: CodeLok detection
- fixed: Protect DiSC v6.2 build number bug

/cdkiller & [x/xxx]

v 5.1d

- added: SecuROM version detection for v7.01, v7.02, v7.10, v7.11, v7.12, v7.20, v7.21, v7.24 and newer
- added: StarForce BASiC detection (no drivers included) (valid only for SF v3.x)
- added: StarForce ProActive v3 detection (you need to scan the protect.exe)
- added: Tages scanning if Device Driver is called (Disc Check)
- fixed: StarForce bug sometimes not reporting if VFS is used

finally a working SecuROM 7 version detection.
scanners just detecting v7.00.00.xxxx are simply wrong.

short game list:

Constantine SecuROM v7.01
GTA San Andreas SecuROM v7.02
F.E.A.R. SecuROM v7.11
Indigo Prophecy SecuROM v7.12
Stubbs The Zombie SecuROM v7.18
Serious Sam 2 SecuROM v7.19
Rogue Trooper SecuROM v7.20
Sensible Soccer 06 SecuROM v7.21
Hitman Bloodmoney SecuROM v7.24

/cdkiller [x/xxx]

v 5.1c

- added: Protect Disc v7.0 - v7.1 (or newer) detection
- added: Starforce Protect.exe v3.5.xx.xx and v3.6.10.06 - 3.7.16.04 detection
- added: ActiveMARK detection (+ check for unknown versions/cracked files)
- added: detection if Tages SDK or Tages BASiC is used in protected files
- added: Armadillo v4.44 detection
- added: PC Guard v5 detection
- improved: ASPack detection (detects v1.01b, v1.02b, v1.03b, v1.05b, v1.06b - v1.061b, v1.07b, v1.08x, v1.083, v1.084
v2.000, v2.001, v2.1, v2.11, v2.11c - v2.11d, v2.12 and v2.12b)
- improved: TeLock detection (detects v0.42, v0.51, v0.60, v0.70, v0.71, v0.880, v0.85f, v0.90
v0.92a, v0.95, v0.96, v0.98b1, v0.98b2, v0.99, v1.00 and v0.98 Special Build)

/cdkiller [x/xxx]

v 5.1b

this build is updated again to detect the latest protections and to squeeze a few bugs.

 - added: Tages v5.3.0.0 - v5.5.0.1 (or newer) detection
 - added: Laserlok build date detection if possible
 - added: StarForce protection infos (depending on what options were used to protect the game)
 - added: Armadillo v4.42 detection
 - added: ASprotect v2.1, v2.2 and v2.3 detection
 - added: ASProtect v2.x [unknown version] detection
 - added: MoleBox v2.x.x [generic] detection
 - added: MoleBox v2.2.3, v2.2.4, v2.2.5, v2.2.6, v2.2.8 and v2.3.0, v2.3.3, v2.4.0, v2.5.0, v2.5.5, v2.5.12 detection
 - added: NSPack v1.0 - v2.8, v2.9, v3.0, v3.1, v3.4, v3.6 and generic detection
 - added: UPX v2.00 detection
 - improved: ASProtect v2.0 detection
 - fixed: Armadillo v4.40 was detected as v4.10 - v4.20 in some files
 - fixed: annoying Starforce bug not reporting protected dlls anymore after executable scanning
 - fixed: Protect Disc detection (added a generic string search too)
 - fixed: SmartE detection is Softlocx6.ocx
  (this protection uses the same wrapper, except only 1 byte difference ;P)

expect a new build soon :-)
/cdkiller & [x/xxx]

v 5.1

The last public version (v5.0 Final c) was released on 14.12.2004.
Right after releasing it, the development of v6.0 began and still continues.
Now we release v5.1 to keep you up to date.
New protections were added, important ones got updated and improved, bugs got fixed...

- added: JoWood X-Prot detection
- added: Laserlok Marathon detection
- added: Ring-Protech detection
- added: SecuROM v7.xx.xx detection
- added: SmartE Copy Protection detection
- added: Starforce v3.x version is now displayed with build number
- added: Tages v5 detection
- added: VOB Protect CD/DVD v5.9x with build number detection instead of showing "VOB Protect CD/DVD [modified version] detected"
- added: ACProtect version detection for v1.09, v1.10, v1.20, v1.21, v1.22, v1.23, v1.3c, v1.32, v1.35 / v1.40, v1.41 and v2.0
- added: Armadillo version detection for v1.00 - v1.84, v2.00 - v2.40, v2.60 - v3.00, v3.05 - v3.20
  v3.30 - v3.61, v3.70 - v3.75, v3.76 - v3.77, v3.78, v4.00 - v4.05, v4.10 - v4.20, v4.30 and v4.40
- added: ASProtect version detection for v1.0, v1.1, v1.11, v1.2, 1.22 - v1.23 Beta, 1.23 RC4 - 1.3.08.24, 1.23 RC4 (Registered),
  v1.31, v1.32, v1.33, v2.0 Alpha and v2.1 - v2.11
- added: EXE Cryptor v2.0 - v2.1.xx, v2.2.0 - v2.2.4 and v2.3.0 - v2.3.7 detection
- added: FSG v1.0, v1.2, v1.3 - v1.31, v1.3.3, v1.33a and v2.0 detection
- added: PE Compact v2.xx generic detection
- added: PE Compact version detection for v1.00 - v1.3x, v1.40 - v1.50, v1.55, v1.56 - v1.65, v1.66 - v1.84,
  v2.0 Beta Build v52, v2.00 - v2.10 and v2.20 - v2.64
- added: some more CD/DVD-Check detections
- improved: Laserlok detection
- improved: Safedisc [generic v1, v2, v3, v4] verification code making it possible to detect a faked Safedisc protection were the SD string
  'BoG_ *90.0!! Yy;' was simply added to the PE header, also added another piece of code checking for 'real' Safedisc
- improved: Safedisc v3.20 - v4.xx [unknown version] is more accurate due new checks
  (i.e. NBA Live 2006, version is removed, PiD detects 'Safedisc v4.00.001 - v4.00.003)
- improved: Safecast detection in safecastacute;ed executables
- improved: SecuROM detection, added one more check to speed up scanning in non SecuROM´ed files
- improved: StarForce detection
- improved: UPX detection
- improved: VOB Protect CD/DVD detection completely rewritten

some notes about... SecuROM v7...

well you´ve probably seen SecuROM 7 "versions" displayed like 7.00.00.xxxx.
I don´t think it´s the "real" version, check out the following version and their release dates:

SecuROM 7.00.00.0005 (Crashday)  25.01.2006
SecuROM 7.00.00.0008 (Conflict Global Storm) -  17.08.2005 (!)
SecuROM 7.00.00.0008 (CSI-3 Dimensions of Murder  -  22.02.2006 (!)
SecuROM 7.00.00.0032 (Project Snowblind)  -  09.04.2005 (one of the first securom 7 titles)
SecuROM 7.00.00.0107 (F.E.A.R.)  -  05.09.2005
SecuROM 7.00.00.0129 (Star Wars Empire at War) -  20.01.2006

just my thoughts on securom... the string is decrypted, yes, but it doesn´t mean it´s part of the version.
if i´m wrong i´m going to correct it in the next release... but is there any proof ? ;-)

greetings
cdkiller & [x/xxx]

v 5.0c (Protection Update #1)

v6.0 is progressing very well and the changes are incredible but we thought
we should release v5.0c to keep you up to date because protections have changed...

- added: Safedisc v3.20 - 4.xx detection with removed version
i.e. Need For Speed Underground 2, Flatout, The Lord of The Rings The Battle For Middle-Earth, Knight Rider 2
- added: 3PLock detection (i.e. Kreed, RTL Ski Jump 2005, RTL Ski Alpine 2005)
(consider our protection as the most proper one because we dont simply scan for the section names, we are analysing the exe ;-)
- improved: totally rewritten Safedisc detection (much faster and highly accurate)

Our goal is to keep you up to date. While continuing work on v6.0 we might put out some more minor updated v5.0x versions,
depends on how much PC Game protections will change.

cdkiller [x/xxx]

sorry for the fixed version... but there were some minor annoying bugs in the FiNAL ;-)

- added: Auto Update feature to support ProtectionID´s new website (protectionid.gamecopyworld.com)
- added: Server selection when doing an Auto Update
- added: VOB Protect CD [modified version] detection (i.e. Sacred *german* )
- added: 2 more CD-Checks to scan for (MVP Baseball 2004, Battle Mages)
- fixed: Win9x system lock
- fixed: corrupt path names in log window when scanning a rar file
- fixed: [!] Unknown Protection issue when file is non executable or too small to be executable
- fixed: CDCheck bug displaying 'No Protection found' when certain CDCheck strings were found
- fixed: SecuROM detection when no version (crypted or unencrypted) was found
- fixed: LogWindow cursor now shown as normal cursor and not like the I-bar one

thx again x/xxx for all your help !

---------------------------------------------------------------------------------------------------------

Don't get me wrong, I labeled it 'FiNAL' because I released a public Beta some weeks ago.
Nor does it mean I'll stop developing this popular tool ;-)

During the development of v5.0 many things have been added, improved, changed, bugfixed and tweaked.
ProtectionID got a totally new core with lots of enhancements, so I don't write every fix etc
into the changelog because they will make it explode...

Also, may I say, our tool is the only one with a 99% Tagés detection.
Other tools sometimes have trouble in detecting Tagés or detect Tagés wrong on a CD/DVD where another protection is used.
The Tagés scanning feature is only available on Win2k / WinXP / Win2k3 without the need of ASPI drivers.
Soon it will be Win9x compatible, also without any additional drivers!

* added: aggressive scan (read notes) for a more powerful detection
* added: CD/DVD sector scanning for ISO protections (Tagés only in v5.0, more will follow)
* added: CD/DVD file scanning for all possible protections if executable is present in an uncompressed state
* added: context scan menu for all files (can be enabled / disabled in the GUI) (read notes)
* added: drag & drop support for the GUI, simply select as many files as you want and drop them into ProtectionID
* added: folder scanning
* added: glowing buttons to GUI
* added: log window showing all detected protections
* added: online update (systray menu -> support -> check for updates)
* added: progress bar showing total progress of scan to be completed
* added: queue window, displaying the files in queue when doing a multiscan or drag & drop of more than one file
* added: status window displaying the current operations
* added: systray icon / menu (single / multi scan, folder / cd / dvd scan, drop me a mail, check website, download update, visit cdmediaworld.com)
* added: updater which will download the latest version for you (systray menu -> support -> check for updates) (read notes)
* added: detailed information about a program crash
* added: detection for Laserlock version (if detection is possible...)
* added: detection for Settec Alpha ROM (used in Korean games, will hit Europe soon... thx mate for the exe!)
* added: detection for VOB Protect CD version
* added: detection for Air ExeLock
* added: detection for Crypto-Lock
* added: detection for E-Zip
* added: detection for latest EXEStealth v2.74
* added: detection for Perplex PE Protector
* added: detection for UPX Scrambler
* added: detection for latest X-treme Protector v1.07
* added: detection if a CD-Key is required (i.e Call of Duty, Savage, Quake 3 Arena...)
* added: more CD/DVD-Check detection strings to database (i.e. Fire Starter, Massive Assault, Apache Longbow Assault...)
* added: scanning in all files which are valid PE files (i.e. in Lords of Everquest, the Lords.ree is protected with SecuROM)

* improved: totally new scanning routines (much faster and more stable)
* improved: ASPack detection
* improved: FSG detection
* improved: Krypton detection
* improved: Neolite detection
* improved: PE Compact detection
* improved: PE Lock detection
* improved: PE Shield detection
* improved: Softdefender version checking
* improved: Special EXE Password Protector detection
* improved: Stealth PE detection
* improved: UPX detection (to detect fakes and modified versions)
* improved: VBO Watch detection
* improved: VGCrypt detection
* improved: X-treme Protector v1.00 - v1.07 detection (i.e. Spellforce exe is protected with v1.06)
* improved: checks if a file was cracked by an iso / dox / rip group
* removed: checks for possible CD-Check API Calls (I got enough CD-Check strings which should find the checks)
* removed: scanning exefiles for Tagés (use the proper detection with the cd/dvd sector scan feature)
* fixed: 4 KB file scanning crash

Aggressive Scan [default: on]

A very useful feature which enables you to check if a file is protected by more than one protection.

Games: i.e. you can check if a SecuROM protected exe also has CD/DVD-Checks
Apps: some crypters are faking / hiding the real protection like Stealth PE.
i.e. if you scan an ASPack protected file where Stealth PE is used to hide the real protection, both will be detected by ProtectionID

Context Menu

Once enabled in the GUI you are able to scan every (!) file with a right click 'Scan with ProtectionID...'
CD/DVD scanning

Sector scanning only supports Tagés in v5.0 (for other protections simply scan the programs exe)
File scanning supports all kind of protections.

Once ProtectionID is started it will pop up a tray icon.
Click on it and select 'Scan File(s) / Folders / CD/DVD' -> 'CD/DVD drive file/ sector' -> your drive letter

Auto - Updates

Tray icon -> support -> check for updates
Will check if a new update is available and it will be downloaded

* added: detection for encrypted SecuROM versions newer than 4.87.00 (thx to CirKutz)
* added: detection for more Armadillo versions
* added: detection for more TeLock versions
* added: detection for Akala EXELock
* added: detection for Stealth PE
* added: more CD/DVD-Check detection strings to database (i.e. Secret Weapons over Normandy)

* improved: SecuROM detection code
* improved: VOB Protect CD detection
* improved: ACProtect detection
* improved: BJFnt detection
* improved: Exe Bundle detection
* improved: ExeStealth detection
* improved: FSG detection
* improved: Pex detection
* improved: PE Bundle detection
* improved: PKLite32 detection
* improved: Shrinker detection

* added: more CD/DVD-Check detection strings to database (i.e. Chaos Legion, Kelly Slater's Pro Surfer, NHL 2004, Reel Deal Poker...)
* added: detection for more UPX versions

* improved: CD/DVD-Check detection
* improved: scanning speed of Multiscan function
* improved: SecuROM detection (hopefully fixed the 'was protected with SecuROM but has been unwrapped' bug in a few non-cracked files)

* fixed: Bug when scanning more than 2 unwrapped Safedisc files which always showed 'No additional CD/DVD-Checks'
* fixed: Bug in unwrapped SecuROM files which says 'Protected with additional CD-Checks' when a certain string was found
* fixed: crash bug when scanning files < 4 KB
* fixed: SecuROM version bug (i.e. PiD v4.0 detected SecuROM 4.84.85.0017, but real version is 4.84.85 only, because it's zero terminated)

* removed: detection if a game was cracked by RAZOR 1911 due to a request

* added: new logo by Eboy [SAC]
* added: check if the scanned file is a valid Executable
* added: message when scanning files > 20 MB
* added: scanning for CD-Checks in cracked SecuROM files
* added: detection for ASProtect
* added: detection for BJFnt
* added: detection for Def v1.0
* added: detection for Exe Bundle
* added: detection for ExeProt
* added: detection for Krypton
* added: detection for PE Mangle
* added: detection for PE Pack/Crypt
* added: detection for PhrozenCrew PE Shrinker
* added: detection for PKLite32
* added: detection for Simple PE Crypter
* added: detection for Stone's PE Encrypter
* added: detection for TeLock
* added: detection for hacked UPX versions
* added: detection for VBO Watch
* added: detection for VGShrink
* added: detection for WWPack32
* added: more CD-Check detection strings to database
* added: detection if ASPack was unwrapped with ASPackDie

* improved: Armadillo detection
* improved: ASPack detection (v2.11, v2.12)
* improved: CD-Check API detection
* improved: CodeLock detection
* improved: FSG detection speed
* improved: Neolite detection
* improved: NFO detection
* improved: Noodle Crypt detection
* improved: Obsidium Software Protection
* improved: PEnguincrypt detection
* improved: PeX detection
* improved: Petite detection scanning speed
* improved: VGCrypt detection for both encryption modes (added section, installed code into cave)
* improved: SecuROM detection code optimised

* fixed: UPX detection bug
* fixed: ProtectionID cannot be started more than once at the same time
* fixed: some grammar issues (thx BountyWarrior)
...and finally the easter egg became a picture...