Post Description
Bitsum PECompact v2 97 beta1
PECompact is a next generation Windows executable compressor designed for software developers and vendors. Commonly termed an 'executable packer', such utilities compress executables and modules (i.e. *.EXE, *.DLL, *.OCX, *.SCR). At runtime the compressed modules are rapidly decompressed in memory.
Executable compressors work by compressing selected portions of executables. At runtime, compressed executables are decompressed and reconstructed directly into their virtual image (memory) so that no data is ever written to the disk. The executable can therefore be run exactly as it was before without the user even knowing it was compressed.
Why would one want to compress an executable module?
There are many reasons. One of the most common is that compression offers an inherent degree of tamper resistance and obfuscation. Another is that since the usual compression ratio is greater than 70% (that is, the compressed file is 30% of the original), larger executables and modules may load much quicker from the network or disk hosting them. It also means the downloaded file size is smaller, which is an advantage as it optimizes the file for those with different speeds of broadband connection. Additionally, once downloaded, it will take up less space on the target drive. Since storage medium is often the largest bottleneck in overall system performance, the time spent decompressing can be much less than the time saved by not having to transfer as much data from the storage medium or network.
*
Add tamper resistance.
*
Obfuscate and help deter reverse engineering.
*
Compression is typically 70% or greater on large files, far better than popular file compression software. This is because compression is targeted to a specific file/data format.
*
Load time can be improved by having a smaller image to load from the storage medium (disk, network, etc..).
But there are some other tricks that PECompact can do, aren't there?
Yes, PECompact has been built to be very extensible. Using advanced plug-ins by, PECompact is able to be enhanced and extended by third parties.
PECompact includes plug-ins to perform CRC checks, password based encryption, message box prompt for permission to execute, and much-much more. And since these plugins can all be combined in any order and quantity, each compressed file can be very unique.
For absolute uniqueness, the loader itself (decompression stub) is also a plug-in type and so can be changed or extended.
CODEC Plug-ins:
LZMA - FFCE - aPLib - JCALG1 - BriefLZ
Non-compression CODEC Plug-ins:
Password Protect - MessageBox - Invert - Copy - Expand
API Hook Plug-ins:
Fast-Import - Redirect - IsDebuggerPresent
Loader Plug-ins:
Anti-Debug - Debug - Enhanced Anti-debug - No-RWX - Reduced
Many plug-ins are distributed ONLY in the registered build of PECompact. We do this to prevent abuse. Additional plug-ins included in the registered version are indicated on the purchasing page. There are many plug-ins not listed here.
You can also create your own plug-in. PECompact can be extended in an infinite number of ways. You can truly control how your executable is compressed.
Compatibility and features:
MANY of these features are found in NO other product.
* Complete Windows platform support, from Windows 95 to Windows 7
* Supports EXE, DLL, SCR, and all other Win32 PE formats except device drivers (SYS)
* Extensive plug-in support, allowing almost anything to be done to a compressed module
* Supports modern Vista and Windows 7 features
* Supports software and hardware DEP (Data Execution Prevention)
* Supports debug directories, allowing compressed executables to be matched to debug symbols by debuggers
* Supports strict memory page attribute rules used by some third-party security tools
* IsDebuggerPresent plug-in allows for great detection of debuggers and
Comments # 0