Solved

Win32 executable packing

Posted on 1997-08-05
9
385 Views
Last Modified: 2013-12-03
I would like to know if it is possible to code an exe-packer for win32 PE-files. What I mean is a packer like PKLite or XPack for DOS which compress an executable and when starting the packed program it is unpacked into memory and started.
I know there are some problems, e.g. Win32 takes a lot of resources out of the exe like icons and so on. But is it possible to only compress the real code and leave the rest as it is? What else do I have to pay attention to? Is there maybe already a packer?
0
Comment
Question by:tier
  • 5
  • 3
9 Comments
 
LVL 4

Accepted Solution

by:
davmarc earned 100 total points
ID: 1403078
In the old days I used exe-packers for DOS programs too - LZEXE, PKLite, WWPack, Diet.
Under Windows 3.1 I couldn't find any porting of those useful utilities, but I had bought Symantec C++ 7.x too and it had a nice linker feature that did mostly the same thing.

I made several researches on the Internet but I couldn't find anything similar for Win32. It is probably caused by the complexity implied by writing such an advanced loader for PE files, and by the absence of a strong demand for such a feature.

The best pointers I can give you are the following:
- "Portable Executables File Manipulation", MSDN (under Windows Base Services - Executables);
- "The Portable Executable File Format from Top to Bottom" by R. Kath, MSDN technical articles
- Knowledge Base article Q100636

If you are going to write one yourself, I wish you much luck. I'm sure that if you'll succeed, many developers will be glad to evaluate your product - me included.

Davide Marcato.
0
 
LVL 3

Expert Comment

by:vinniew
ID: 1403079
In the old days, DM?  When you were what, 3?  You're only 15, right?

hahaha.  I started when I was 8.  It pays the bills now....


As for the question:
1. MS used packing in their original Word product.  They also had that feature in VC 1.52
2. If you just want to compress resources, like strings, etc., you can find a simple thing to do that on SimTel.net.  It's a library.  I don't recall the name...
0
 
LVL 4

Expert Comment

by:davmarc
ID: 1403080
Hahaha! I expected such an answer sooner or later :-)

Yes, I am 15...I used those programs in the old good days, they were indeed good but not so old ;-)
I started programming when I was 6 on C=64, hey I'll be programming for 10 years in a month! :)

As for the question:
1 - The original Word, as well as VC 1.5x, run under Windows 3.1, while the real problem is Win32 and its associated PEs.
2 - Compressing resources is useful to prevent users from modifying them, but it generally doesn't save much space (unless you have a lot of resources and few code).

Davide Marcato.
0
 
LVL 1

Author Comment

by:tier
ID: 1403081
So you are sure that it is possible to write such a program but it won't be easy?
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 1

Author Comment

by:tier
ID: 1403082
Davmarc, could you tell me the exact URLs for the PE docs you mentioned?
I think for 100 points this would be fair...
0
 
LVL 4

Expert Comment

by:davmarc
ID: 1403083
I looked for it in the MSDN Library CD coming with VC++ 5.0, but I assume you don't have it since you ask me for URLs.

Here they are (reported by hand):
 http://premium.microsoft.com/msdn/library/sdkdoc/imgehlp1_9832.htm
 http://premium.microsoft.com/msdn/library/techart/F365/F36B/D37D/SABE3.htm

http://www.microsoft.com/kb/articles/q100/6/36.htm

To access the first two you must be a registered MSDN Online user. If you are not yet, do it immediately: it is free and gives access to a lot of up-to-date techical documentation.

Davide Marcato.
0
 
LVL 1

Author Comment

by:tier
ID: 1403084
Once again:
You are sure that it is possible?

0
 
LVL 4

Expert Comment

by:davmarc
ID: 1403085
To be fair I cannot answer that I am 100% sure since I've never done it nor I've seen anyone doing it, but I am reasonably sure that actually it *is* possible...say 95% sure.
Not an easy task, but possible.

I hope the docs I pointed out will help you. A great source of info about the internal structure of Windows 95 is Matt Pietrek's book "Windows 95 System Programming Secrets" (well his articles are great as well), it might help you for the most hard parts.

Davide Marcato.
0
 
LVL 4

Expert Comment

by:davmarc
ID: 1403086
A new pointer that might help you, tier.
KB article Q127904 "How to Modify Executable Code in Memory".

Davide Marcato.
0

Featured Post

What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

Join & Write a Comment

zlib is a free compression library (a DLL) on which the popular gzip utility is built.  In this article, we'll see how to use the zlib functions to compress and decompress data in memory; that is, without needing to use a temporary file.  We'll be c…
What my article will show is if you ever had to do processing to a listbox without being able to just select all the items in it. My software Visual Studio 2008 crystal report v11 My issue was I wanted to add crystal report to a form and show…
This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA. http://www.experts-exchange.com/videos/1478/Excel-Error-Handlin…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now