Problems starting PECompact v3

[Dark]

Hello,
My operating system Windows 2000, i download PECompact V3 from your site, install and run my output window that the application is not 32-bit. I can not understand why so.
I think you cut the files and now they give out error here is.

I beg you, please respond and help me in this issue.

[Dark]

The latest versions of PECompact do not work on operating systems Windows 2000 (SP4) and Windows XP (SP2).
EXE files won't run, probably not correctly cut off, I do not understand why it was necessary to something to do with the source code of the files?


Maybe what I wrote poorly understood, in fact, that I use the translator, and they are different and it is not excluded that there may be errors.

[Jeremy Collake]

This is because I switched to Visual Studio 2010 and Microsoft dropped support for Windows 2000 from it. However, I can restore support by switching to the older CRT (while still using the VS2010 IDE). I will do so in the next beta release. Thanks.

[Dark]

Thank you very much, I will wait for the new beta version.
But it would be interesting to know when it will be released.

Also I am interested in another question.
Previously I compress the files by PECompact v2.79, and believed that the compressed files it already does not restore to the former view, but nevertheless found one scoundrel, who dug up Unpacker PECompact and could decrypt the files, although on the manufacturer's site I read somewhere that compressed the program through PECompact already cannot be returned in kind of old.
Because of this my program is decrypted and then modify it to fit your needs.

So, the question is:
Program, compressed with PECompact v3 also it is possible to return to the previous view?

[Jeremy Collake]

Although there is no native decompression feature of PECompact, it can be decompressed using third-party utilities. It was intentionally made easy to 'peek inside' so that anti-virus software could scan inside compressed executables. Without this, they would false positive on more executables. That said, the client can use plug-ins like the IsDebuggerPresent plug-in to aid in their protection. The more protection they aid, the greater the risk that an anti-virus scanner will not be able to scan inside and may flag the file as suspicious by default ;o. So, it is a delicate balancing act.

I do not know when the new beta will be released. As a side note, PECompact has been relocated to a different server since my consumer products are so different from my developer products. Consumers were being confused, some of them even thinking they needed PECompact ;o. To prevent their confusion I moved it to http://www.pecompact.com .

[Dark]

Which plug-in you want to use, that it was impossible to unpack the compressed file?
I just need to make so that it was possible to compress and optimize the file, and the main thing is that it in no way can not be decrypted.

[Jeremy Collake]

First, keep in mind that they are used ONLY for software protection. I say this because malware authors who read this might think they can get around scanners using them. That is not the case. These have been made available to anti-virus vendors. That said, there is/was the Enhanced Anti-Debug Loader while sold for $799. It is still for sale, but only provides limited protection such as anti-dumping techniques. It is only available privately now to existing customers, but I have not yet set up that mechanism (the fewer people who use it the better).

A cheaper and better solution (or combination) is the IsDebuggerPresent plug-in from BobSoft. Again, existing customers are given access to purchase through through BobSoft (Neil on these forums). It has several more protections against common unpackers and debuggers. The author is also more likely to update it quicker.

[BoB]

*BoB on these forums

@Dark: Nothing is totally secure, but there are ways to make things harder for crackers.  You can encrypt your data, strings and code yourself also as an added layer of protection.
Also adding lots of useless code will make the job of analysing your program take too long for most beginner crackers.
These tricks along with the anti-debug protection of the IsDebuggerPresent plugin will make decrypting your program a lot harder.

[Dark]

The packer can be easily unpack, it is not difficult, and plug-ins biggest hindrance to this is not will be. It would be better to make the protector.

[teo]

This is because I switched to Visual Studio 2010 and Microsoft dropped support for Windows 2000 from it. However, I can restore support by switching to the older CRT (while still using the VS2010 IDE). I will do so in the next beta release. Thanks.

Please tell me, when will this version?

[Jeremy Collake]

Eventually.. I am not sure when exactly. Hopefully not long.

[teo]

The compression of resources, and specifically icons, after processing the icon is not displayed, if they were suppose 3-in-1, then in the task bar will be visible icon is 16x16, and other campaign deleted or something so correctly happens. At least in the version 2.79 is.

[Jeremy Collake]

Try "/UncompressibleRT:groupicon"  or  "/UncompressibleRT:14"

If that fails:

Try "/UncompressibleRT:groupicon,icon"

In the competitive race to save every little byte, group icons not thought to be needed were compressed. The shell's decision as to which icon to use is a bit complex, depending on what is available, the color depth of the display, and the desired size. Sometimes this causes such an error, though rarely in later versions of PECompact like that.

[teo]

All the same will return to this topic as time goes on, and support for Windows 2000 so no, when will the new version PECompact?

[Jeremy Collake]

I can restore Windows 2000 support by going back to CRT v9, as VS2010 (CRT v10) dropped support. I can still use VS2010, as you can specify an alternate build tools set to use. I am surprised anyone is still using W2K on one hand, though on the other it was a reliable Windows platform. I'm curious, what is it being used for?

Readers should note that compressed EXEs will work fine in Windows 2000, we are talking about PECompact itself. Microsoft dropped support for W2K in VS2010 and made it so any EXE built with VS2010 and CRT v10 simply won't run in W2K.

PECompact is getting some maintenance, finally, real soon. I am working on a separate issue and will be cleaning up the remaining things I can.

The lost shell icon is a little troubling though, I really hate to muck with that portion of the code -- but will see what I can do. The issue is that it was carefully tuned, and I fear breaking other cases while fixing yours. You MIGHT want to try adding some random other icons to the resources, or re-arranging them, OR changing the available color depths and sizes of that group icon... and see what effect this has.

[teo]

So if you can restore support, so why not restore, it's time to. 2k, this operating system is quite good, not buggy and does not hinder, quite nice and easy to work on it, that I can't say about XP, Vista and 7.
By the way, if you like to configure Windows 2000, it will be no worse than other operating systems Windows in terms of security. Many people still use an 2k, including Chris Kasperski.

[teo]

About the icons so far nothing to take, as the problem on the old version, may be in version 3 there is no such thing as soon as you get support for 2k, I could do as follows to test and write here, if there are some errors.

[Jeremy Collake]

I will restore support for PECompact itself to run in W2K, have no fear. I was asking more for other projects, where maintaining support is more problematic.

This restoration of support will literally take just a minute, but I haven't built PECompact in a while so have to run through a few basic tests before I can release even a new beta.

[teo]

And so, it was yet another month and nothing has changed.
May be this month finally will be released a new version with support for Windows 2000?

[Jeremy Collake]

Any day now, I was hoping to have some other issues fixed, but I could go ahead.

[Jeremy Collake]

I am testing the build now. I have also worked on the PECompact Trial Request, which has been a miserable process, and am creating a stand-alone PE Suite.

[teo]

Found one problem.

For example, in "exe" file specifies used DLL and their entry point, for example, consider a file KERNEL32.dll:

KERNEL32.dll
AddAtomA
AddAtomW
AddConsoleAliasA
AddConsoleAliasW
AllocConsole
AllocateUserPhysicalPages

As you can see, this file uses these points also necessary registered and in EXE file, where needed, now, if we reduce the size of one of the points in EXE and DLL files (less than 6 characters), then everything is fine will work, but if the compress then EXE or DLL file, then why is he not does not recognize these lines (if they are less than 6 characters), therefore when you start the EXE file, writes that the entry point to the given string is not found.

(The file "KERNEL32.dll" was picked up for example)

[Jeremy Collake]

First, new PECompact is still coming ;p. It is sounding like vaporware, so I will quit with the promises. First I have to sort of the new trial authentication process, as it is absurd people are having to wait a day just to get the trial.

@teo: I am not exactly sure what you are trying to say, but it sounds like you have a problem compressing images when the entry-point code is less than 6 bytes? That makes sense. This is a rare situation unless you are using additional 'wrappers' around the EXE. Is that the case?

I am not sure why you mention those exports of kernel32 though ...

[teo]

No, it is not in the figures, the case in the section of imports.
Line in the section of imports of each DLL file their own, and if you make a string is less than 6 characters, how it works, however if you compress the file, where every line of import less than 6 characters, in a compressed file, this line though, and will be, but will consider that it isn't. And is it written that the entry point in a procedure not found...

[Jeremy Collake]

No, it is not in the figures, the case in the section of imports.
Line in the section of imports of each DLL file their own, and if you make a string is less than 6 characters, how it works, however if you compress the file, where every line of import less than 6 characters, in a compressed file, this line though, and will be, but will consider that it isn't. And is it written that the entry point in a procedure not found...

? are you using translation software? Try posting in your native language, maybe that will work. I have no idea what you mean ;o

[teo]

are you using translation software? Try posting in your native language, maybe that will work. I have no idea what you mean ;o

Use an interpreter of the site --> http://translate.yandex.ru

I wrote about the section of imports.
For example, let's take a DLL file, let it be "KERNEL32.dll"in this file there is a section of exports, with their rows, here is a small part of them:

KERNEL32.dll
AddAtomA
AddAtomW
AddConsoleAliasA
AddConsoleAliasW
AllocConsole
AllocateUserPhysicalPages

Now, we have a EXE file that uses the library KERNEL32.dll, our EXE file is a section of import, and in it prescribed the necessary string names. If you compress our EXE file, then everything will be fine.
However, if you change the names of the rows in the DLL file in the section of exports and in the EXE file in the section on import we need new, then everything will work fine, but if the size of these lines will be less than 6 characters, then the compression of the file PECompact, these lines as if they don't, will they ever and there will be written down, but when you open a file will be written that entry point not found.

For Example:
KERNEL32.dll
AllocConsole (line of 12 characters)
If it is reduced to 5 characters (in EXE and DLL), then in the normal view everything is working, but when compressing it does not work, PECompact't understand a line in less than 6 characters.
You can fix this in the PECompact?


-------------------------------------------


Использую переводчик с сайта --> http://translate.yandex.ru

Я писал о секции импорта.
Например, возьмем некий DLL файл, пусть это будет "KERNEL32.dll", в данном файле имеется секция экспорта, со своими строками, вот небольшая их часть:

KERNEL32.dll
AddAtomA
AddAtomW
AddConsoleAliasA
AddConsoleAliasW
AllocConsole
AllocateUserPhysicalPages

Так вот, у нас есть некий EXE файл, который использует библиотеку KERNEL32.dll, у нашего EXE файла есть секция импорта, и в ней прописаны необходимые имена строк. Если сжать наш EXE файл, то всё будет нормально.
Однако, если изменить имена строк в DLL файле у секции экспорта и в EXE файле у секции импорта на нужные нам новые, то всё также будет работать нормально, но если размер этих строк будет меньше 6 символов, то при сжатии файла программой PECompact, этих строк как будто не будет, они хоть и будут там прописаны, но при запуске файла будет написано, что не найдена точка входа.

Например:
KERNEL32.dll
AllocConsole (строка из 12 символов)
Если её сократить до 5 символов (в EXE и DLL), то в обычном виде всё работает, однако при сжатии это не работает, PECompact не понимает строки менее, чем 6 символов.
Вы можете исправить это в PECompact?

[Jeremy Collake]

I think I get the gist of what you are writing, changing import & export API names to less than 6 characters somehow causes a malfunction? I have no idea how this could occur though, and am more curious as to why you are needing to do this?

Still, if true, if is a bug .. a strange one maybe, but a bug none-the-less.

If you want to provide an uncompressed sample, email to binaries@bitsum.com. I can create my own samples. I'd also really like to hear that reasoning behind why you are doing this.

Thanks,

[teo]

I think I get the gist of what you are writing, changing import & export API names to less than 6 characters somehow causes a malfunction?

Yes, if you compress the file, they will not work.

Why do I do this - reduction program code, why do we need long lines, when you can do everything is compact, where the smaller size for the file.
The sample I will send a little later.

ps: the file "KERNEL32.dll" was taken only for example.

----------------------

I think I get the gist of what you are writing, changing import & export API names to less than 6 characters somehow causes a malfunction?

Да, если сжать файл, то они не будут работать.

Почему я это делаю - сокращение кода программы, зачем нужны длинные строки, когда можно сделать всё компактно, куда с меньшим размером для файла.
Образец я пришлю чуть позже.

ps: файл "KERNEL32.dll" был взят лишь для примера.

[teo]

I beg your pardon, there is something else, increased the size of the string up to 12 bytes and also does not work.

What did I do? Just the EXE file shortened string and further reduced the section of the import, everything works fine, but after compression does not want to work.

Originally in the EXE file I cut the strings in DLLS (removed for 2-3 bytes), everything worked and after compression, too, then decided to cut up to 6 bytes or less, and after compression is already not working. The problem is PECompact.

Of course, I understand that for you it is unnecessary nonsense and excess waste of time, but for some people this is very useful.

--------------------------------

Прошу прощения, там что-то другое, увеличил размер строки до 12 байт и также не работает.

Что я делал? Просто у EXE файла сократил строки и далее сократил секцию импорта, всё прекрасно работает, но после сжатия не хочет работать.

Изначально в файле EXE я сократил строки на DLL (убрал по 2-3 байта), всё работало и после сжатия тоже, затем решил сократить до 6 байт и менее, и после сжатия уже не работало. Проблема именно в PECompact.

Я конечно понимаю, что для вас это ненужная ерунда и лишняя трата времени, но для некоторых людей это весьма полезно.

[Jeremy Collake]

I just don't know ... This makes little sense. Are you sure you are not over-writing critical data in the import table with your expansion? Or with the decrease in size, perhaps some other error is being made. If anyone else can tell me what he is talking about, please do .

Lastly, text compresses very well, so by shortening API names, you are not doing much.

If you want to save maximum space, import by ordinal.

[Jeremy Collake]

PECompact v3.03.20 is released, and should restore W2K compatibility, though this has not been extensively tested yet. More work is ongoing. This release was a preliminary fix (going back to VC9 since VC10 doesn't support W2K), and a 'clear out the cobwebs' check in preparation for larger changes.

[teo]

Testing:
* The version of the program (writes) --> 3.03.19, and should 3.03.20.
* The program does not start, writes that the entry point not found the procedure "DecodePointer" (library KERNEL32.dll)
* Empty folders "sdk", I think, can be removed if they are not needed.

----------------

Тестирование:
* Версия программы (пишет) --> 3.03.19, а должно 3.03.20.
* Программа не запускается, пишет, что не найдена точка входа в процедуру "DecodePointer" (библиотека KERNEL32.dll)
* Пустые папки "sdk", думаю, можно было удалить, если они не нужны.

[Jeremy Collake]

Thanks, This does not surprise me, it was a test release. To restore W2K compatibility of PECompact itself (again compressed apps work fine in W2K) is a bit of a pain because there are so many components. I will release a new beta shortly. I will fix the version # in the installer and other issues.

[Jeremy Collake]

Beta version number display on site is fixed. New version I will be testing in W2K soon, as I prep it for release.

[teo]

Version 3.03.21 tested.
Installed, but when you run the application, nothing happens, it just don't start.

[Jeremy Collake]

I will get it there next build. Importantly, we are testing the effects of this change elsewhere.

[teo]

Version 3.03.22 tested.
Installed, but when you run the application, nothing happens, it just don't start.
In general, all the same, as in previous versions.

[Jeremy Collake]

Yes, not all modules are W2K compatible yet, apparently. You can blame Microsoft for dropping W2K support in VS2010, but I will eventually get all the modules migrated to the VC9 buld tools, and it will work again.

[teo]

Hi, what's new in version 3.03.23?

[Jeremy Collake]

Working on PEHideText only. I have not gotten to the W2K retesting yet, or to the many other maintenance items pending on PECompact. Probably there is a single module still being built with the newer (v10) MS build tools. Older versions accessible in the Support area should do fine at W2K. I am also prepping (dusting off and updating) the build system, getting it ready for more extensive work and testing.

[teo]

Horror, when the same has already will support Windows 2000?