Who can talk about common shell and shelling technologies in the vertical and horizontal corner?

In the years when Shell programs have been surging, there have been countless excellent shells. CoDe_inJect once talked about several popular shells, I am afraid to use his remarks to describe the common protection cases:
ASProtect

The undisputed shell industry leader has created a new era of shell. SEH is used with various popular anti-tracking technologies and multi-state deformation engines (precisely borrowed from viruses) BPM breakpoint clearing and so on all come from this. The more famous is the use of the RSA algorithm, so that the DEMO version cannot be cracked into the full version; Code Dips also comes from this; the input table is still very powerful even now. The development shell should learn the skillful use of its various algorithms, and its most failed is that anti-tracking is too gentle, making it easy for hackers to study.

TELock

A well-known free protection software, with strong anti-tracking capabilities, uses SEH to control DRx and memory verification to block tools such as BPM breakpoint and SuperBPM. The BPE32 deformation engine generates a lot of abnormal code interference tracking. The repair of the input table has been a headache for a while. The irony is that the input table will appear in full form in the memory before redirection. It is worth mentioning that heXer took several months to reverse it and made an enhanced version called tELock X.

PELock

PELock should be a combination of many shells. It is used for input table processing, RSA algorithm, anti-tracking, breakpoint clearing, and SHE. It is also the first shell that can detect IceDump under Win98. The first time in this shell, the code is cleared, encrypted, and locked, making the encrypted program more difficult to dump.

DBPE

What is the secret of this shell in China? It is because anti-tracking is well done, it is a very early use of the driver shell, although the use of the driver is only to switch to the Ring-0 in WinNT, but opened a precedent for using the driver in the shell. The input table is generally processed, and the interrupt vector is modified and decoded. In some versions, the MMXE deformation engine dazzles the tracing. Unfortunately, due to the author's misunderstanding of RSA, the attacker can make a registration machine, and even if it is not registered, it can also shell.

SVKP

This shell has a profound background, that is, anticracking. sk is closely related to a large number of legendary figures such as DAEMON and EliCZ, but the anti-tracking and input table processing of this shell are not ideal. It may be related to the author's encoding ability. The driver is familiar with this program. Some systems will hide the process, which makes ImportREC and other tools encounter obstacles. The KME deformation engine is used to execute the code in the stack, which is difficult to trace.

Xtreme-Protector

Like its name, it seems to be the most powerful shell and the most skillful shell used by the driver. The driver has the function of decoding and anti-tracking, multi-threaded SMC makes the protection capability of the program rise. Many hackers without a hardware debugger are discouraged.

Star-Force

It is not a powerful shell similar to Xtreme-Protector. Its core is a pseudo-code interpreter, which greatly simplifies the research work on it; some code imported into the function is copied from the system library and modified. Some program code is decrypted only when executed. Protection also applies a lot of these methods: checks the CRC checksum of some memory segments, often clears DRx, and uses the RDTSC command to control the decoding time of different segments, the decoding of the last Code is even performed by intercepting Int 0 in Ring-0. However, it is mostly used for disc encryption, which is rare in shared software.

Armadillo

One of today's fierce shells, such as shells with heavy armor, has two shelling methods, one is the standard method, the other is CopyMem-II + Debug-Blocker, the standard shelling method is much easier. The repair of Dual-process shelling is really a headache.