If size and compression & decompression time doesn't matter, what is a good combination of settings to increase security and/or detect file modifications without loss of functionality?
/CodeIntegrityCheck:Yes ?
/StripDebug:Yes ?
/EnableMemoryProtection:Yes ? (Sounds good, but to be honest, I don't understand the description or background of it)
Hi Ruhe,
In answer to above, /CodeIntegrityCheck:Yes (Crc32 of memory image), /StripDebug:Definately ..
Also you will have full functionality unless you use the Thin/Reduced loader.
/EnableMemoryProtection means that the sections of the original file (Code, data, Imports etc) will have the same access rights in the compressed file, which basically means that if the Code section was originally READ/WRITE/EXECUTE access, then it still will have this same protection once packed.
This is useful for compatability reasons mostly, but also will make patching a compressed file slightly harder, as the cracker would have to alter the memory protection of the range of pages that they want to patch.
pec2ldr_antidebug or pec2ldr_default ?
For security, pec2ldr_antidebug, otherwise they have same functionality.
Inclusion of pec2codec_crc32.dll ?
I'm not sure if this is included when code-integrity check is enabled, but it won't break anything to include it.
CODEC Ordering / Sequence ?
Codec ordering is unimportant, unless you have some special codec that you want to ensure is not patched. For better security you can make your own codec and hook plugins using the SDK provided.
For instance, you could make a single codec plugin that contains 3 codecs; 1st to checksum the data, 2nd to decrypt the data, 3rd to check for debuggers or whatever. Then your protection code is encrypted and crc protected.
BoB