Problems starting PECompact v3

Started by Dark, April 14, 2011, 08:24:21 PM

Previous topic - Next topic

Dark

Hello,
My operating system Windows 2000, i download PECompact V3 from your site, install and run my output window that the application is not 32-bit. I can not understand why so.
I think you cut the files and now they give out error here is.

I beg you, please respond and help me in this issue.

Dark

The latest versions of PECompact do not work on operating systems Windows 2000 (SP4) and Windows XP (SP2).
EXE files won't run, probably not correctly cut off, I do not understand why it was necessary to something to do with the source code of the files?


Maybe what I wrote poorly understood, in fact, that I use the translator, and they are different and it is not excluded that there may be errors.

Jeremy Collake

This is because I switched to Visual Studio 2010 and Microsoft dropped support for Windows 2000 from it. However, I can restore support by switching to the older CRT (while still using the VS2010 IDE). I will do so in the next beta release. Thanks.
Software Engineer. Bitsum LLC.

Dark

Thank you very much, I will wait for the new beta version.
But it would be interesting to know when it will be released.

Also I am interested in another question.
Previously I compress the files by PECompact v2.79, and believed that the compressed files it already does not restore to the former view, but nevertheless found one scoundrel, who dug up Unpacker PECompact and could decrypt the files, although on the manufacturer's site I read somewhere that compressed the program through PECompact already cannot be returned in kind of old.
Because of this my program is decrypted and then modify it to fit your needs.

So, the question is:
Program, compressed with PECompact v3 also it is possible to return to the previous view?

Jeremy Collake

Although there is no native decompression feature of PECompact, it can be decompressed using third-party utilities. It was intentionally made easy to 'peek inside' so that anti-virus software could scan inside compressed executables. Without this, they would false positive on more executables. That said, the client can use plug-ins like the IsDebuggerPresent plug-in to aid in their protection. The more protection they aid, the greater the risk that an anti-virus scanner will not be able to scan inside and may flag the file as suspicious by default ;o. So, it is a delicate balancing act.

I do not know when the new beta will be released. As a side note, PECompact has been relocated to a different server since my consumer products are so different from my developer products. Consumers were being confused, some of them even thinking they needed PECompact ;o. To prevent their confusion I moved it to http://www.pecompact.com .

Software Engineer. Bitsum LLC.

Dark

Which plug-in you want to use, that it was impossible to unpack the compressed file?
I just need to make so that it was possible to compress and optimize the file, and the main thing is that it in no way can not be decrypted.

Jeremy Collake

First, keep in mind that they are used ONLY for software protection. I say this because malware authors who read this might think they can get around scanners using them. That is not the case. These have been made available to anti-virus vendors. That said, there is/was the Enhanced Anti-Debug Loader while sold for $799. It is still for sale, but only provides limited protection such as anti-dumping techniques. It is only available privately now to existing customers, but I have not yet set up that mechanism (the fewer people who use it the better).

A cheaper and better solution (or combination) is the IsDebuggerPresent plug-in from BobSoft. Again, existing customers are given access to purchase through through BobSoft (Neil on these forums). It has several more protections against common unpackers and debuggers. The author is also more likely to update it quicker.
Software Engineer. Bitsum LLC.

BoB

*BoB on these forums ;)

@Dark: Nothing is totally secure, but there are ways to make things harder for crackers.  You can encrypt your data, strings and code yourself also as an added layer of protection.
Also adding lots of useless code will make the job of analysing your program take too long for most beginner crackers.
These tricks along with the anti-debug protection of the IsDebuggerPresent plugin will make decrypting your program a lot harder.

Dark

The packer can be easily unpack, it is not difficult, and plug-ins biggest hindrance to this is not will be. It would be better to make the protector.

teo

Quote from: jeremy.collake on April 17, 2011, 05:32:38 PMThis is because I switched to Visual Studio 2010 and Microsoft dropped support for Windows 2000 from it. However, I can restore support by switching to the older CRT (while still using the VS2010 IDE). I will do so in the next beta release. Thanks.

Please tell me, when will this version?

Jeremy Collake

Eventually.. I am not sure when exactly. Hopefully not long.
Software Engineer. Bitsum LLC.

teo

The compression of resources, and specifically icons, after processing the icon is not displayed, if they were suppose 3-in-1, then in the task bar will be visible icon is 16x16, and other campaign deleted or something so correctly happens. At least in the version 2.79 is.

Jeremy Collake

Try "/UncompressibleRT:groupicon"  or  "/UncompressibleRT:14"

If that fails:

Try "/UncompressibleRT:groupicon,icon"

In the competitive race to save every little byte, group icons not thought to be needed were compressed. The shell's decision as to which icon to use is a bit complex, depending on what is available, the color depth of the display, and the desired size. Sometimes this causes such an error, though rarely in later versions of PECompact like that.
Software Engineer. Bitsum LLC.

teo

All the same will return to this topic as time goes on, and support for Windows 2000 so no, when will the new version PECompact?

Jeremy Collake

I can restore Windows 2000 support by going back to CRT v9, as VS2010 (CRT v10) dropped support. I can still use VS2010, as you can specify an alternate build tools set to use. I am surprised anyone is still using W2K on one hand, though on the other it was a reliable Windows platform. I'm curious, what is it being used for?

Readers should note that compressed EXEs will work fine in Windows 2000, we are talking about PECompact itself. Microsoft dropped support for W2K in VS2010 and made it so any EXE built with VS2010 and CRT v10 simply won't run in W2K.

PECompact is getting some maintenance, finally, real soon. I am working on a separate issue and will be cleaning up the remaining things I can.

The lost shell icon is a little troubling though, I really hate to muck with that portion of the code -- but will see what I can do. The issue is that it was carefully tuned, and I fear breaking other cases while fixing yours. You MIGHT want to try adding some random other icons to the resources, or re-arranging them, OR changing the available color depths and sizes of that group icon... and see what effect this has.
Software Engineer. Bitsum LLC.

teo

So if you can restore support, so why not restore, it's time to. 2k, this operating system is quite good, not buggy and does not hinder, quite nice and easy to work on it, that I can't say about XP, Vista and 7.
By the way, if you like to configure Windows 2000, it will be no worse than other operating systems Windows in terms of security. Many people still use an 2k, including Chris Kasperski.

teo

About the icons so far nothing to take, as the problem on the old version, may be in version 3 there is no such thing as soon as you get support for 2k, I could do as follows to test and write here, if there are some errors.

Jeremy Collake

I will restore support for PECompact itself to run in W2K, have no fear. I was asking more for other projects, where maintaining support is more problematic.

This restoration of support will literally take just a minute, but I haven't built PECompact in a while so have to run through a few basic tests before I can release even a new beta.
Software Engineer. Bitsum LLC.

teo

And so, it was yet another month and nothing has changed.
May be this month finally will be released a new version with support for Windows 2000?

Jeremy Collake

Any day now, I was hoping to have some other issues fixed, but I could go ahead.
Software Engineer. Bitsum LLC.

Jeremy Collake

I am testing the build now. I have also worked on the PECompact Trial Request, which has been a miserable process, and am creating a stand-alone PE Suite.
Software Engineer. Bitsum LLC.

teo

Found one problem.

For example, in "exe" file specifies used DLL and their entry point, for example, consider a file KERNEL32.dll:

KERNEL32.dll
AddAtomA
AddAtomW
AddConsoleAliasA
AddConsoleAliasW
AllocConsole
AllocateUserPhysicalPages

As you can see, this file uses these points also necessary registered and in EXE file, where needed, now, if we reduce the size of one of the points in EXE and DLL files (less than 6 characters), then everything is fine will work, but if the compress then EXE or DLL file, then why is he not does not recognize these lines (if they are less than 6 characters), therefore when you start the EXE file, writes that the entry point to the given string is not found.

(The file "KERNEL32.dll" was picked up for example)

Jeremy Collake

First, new PECompact is still coming ;p. It is sounding like vaporware, so I will quit with the promises. First I have to sort of the new trial authentication process, as it is absurd people are having to wait a day just to get the trial.

@teo: I am not exactly sure what you are trying to say, but it sounds like you have a problem compressing images when the entry-point code is less than 6 bytes? That makes sense. This is a rare situation unless you are using additional 'wrappers' around the EXE. Is that the case?

I am not sure why you mention those exports of kernel32 though ...
Software Engineer. Bitsum LLC.

teo

No, it is not in the figures, the case in the section of imports.
Line in the section of imports of each DLL file their own, and if you make a string is less than 6 characters, how it works, however if you compress the file, where every line of import less than 6 characters, in a compressed file, this line though, and will be, but will consider that it isn't. And is it written that the entry point in a procedure not found...

Jeremy Collake

Quote from: teo on September 16, 2011, 08:34:20 PM
No, it is not in the figures, the case in the section of imports.
Line in the section of imports of each DLL file their own, and if you make a string is less than 6 characters, how it works, however if you compress the file, where every line of import less than 6 characters, in a compressed file, this line though, and will be, but will consider that it isn't. And is it written that the entry point in a procedure not found...

???? are you using translation software? Try posting in your native language, maybe that will work. I have no idea what you mean ;o
Software Engineer. Bitsum LLC.

teo

Quoteare you using translation software? Try posting in your native language, maybe that will work. I have no idea what you mean ;o

Use an interpreter of the site --> http://translate.yandex.ru

I wrote about the section of imports.
For example, let's take a DLL file, let it be "KERNEL32.dll"in this file there is a section of exports, with their rows, here is a small part of them:

KERNEL32.dll
AddAtomA
AddAtomW
AddConsoleAliasA
AddConsoleAliasW
AllocConsole
AllocateUserPhysicalPages

Now, we have a EXE file that uses the library KERNEL32.dll, our EXE file is a section of import, and in it prescribed the necessary string names. If you compress our EXE file, then everything will be fine.
However, if you change the names of the rows in the DLL file in the section of exports and in the EXE file in the section on import we need new, then everything will work fine, but if the size of these lines will be less than 6 characters, then the compression of the file PECompact, these lines as if they don't, will they ever and there will be written down, but when you open a file will be written that entry point not found.

For Example:
KERNEL32.dll
AllocConsole (line of 12 characters)
If it is reduced to 5 characters (in EXE and DLL), then in the normal view everything is working, but when compressing it does not work, PECompact't understand a line in less than 6 characters.
You can fix this in the PECompact?


-------------------------------------------


Использую переводчик с сайÑ,а --> http://translate.yandex.ru

Я писал о секции импорÑ,а.
Например, возьмем некий DLL Ñ,,айл, пусÑ,ÑŒ эÑ,о будеÑ, "KERNEL32.dll", в данном Ñ,,айле имееÑ,ся секция экспорÑ,а, со своими сÑ,роками, воÑ, небольшая иÑ... часÑ,ÑŒ:

KERNEL32.dll
AddAtomA
AddAtomW
AddConsoleAliasA
AddConsoleAliasW
AllocConsole
AllocateUserPhysicalPages

Так воÑ,, у нас есÑ,ÑŒ некий EXE Ñ,,айл, коÑ,орый используеÑ, библиоÑ,еку KERNEL32.dll, у нашего EXE Ñ,,айла есÑ,ÑŒ секция импорÑ,а, и в ней прописаны необÑ...одимые имена сÑ,рок. Если сжаÑ,ÑŒ наш EXE Ñ,,айл, Ñ,о всÑ' будеÑ, нормально.
Однако, если измениÑ,ÑŒ имена сÑ,рок в DLL Ñ,,айле у секции экспорÑ,а и в EXE Ñ,,айле у секции импорÑ,а на нужные нам новые, Ñ,о всÑ' Ñ,акже будеÑ, рабоÑ,аÑ,ÑŒ нормально, но если размер эÑ,иÑ... сÑ,рок будеÑ, меньше 6 символов, Ñ,о при сжаÑ,ии Ñ,,айла программой PECompact, эÑ,иÑ... сÑ,рок как будÑ,о не будеÑ,, они Ñ...оÑ,ÑŒ и будуÑ, Ñ,ам прописаны, но при запуске Ñ,,айла будеÑ, написано, чÑ,о не найдена Ñ,очка вÑ...ода.

Например:
KERNEL32.dll
AllocConsole (сÑ,рока из 12 символов)
Если еÑ' сокраÑ,иÑ,ÑŒ до 5 символов (в EXE и DLL), Ñ,о в обычном виде всÑ' рабоÑ,аеÑ,, однако при сжаÑ,ии эÑ,о не рабоÑ,аеÑ,, PECompact не понимаеÑ, сÑ,роки менее, чем 6 символов.
Ð'Ñ‹ можеÑ,е исправиÑ,ÑŒ эÑ,о в PECompact?

Jeremy Collake

I think I get the gist of what you are writing, changing import & export API names to less than 6 characters somehow causes a malfunction? I have no idea how this could occur though, and am more curious as to why you are needing to do this?

Still, if true, if is a bug .. a strange one maybe, but a bug none-the-less.

If you want to provide an uncompressed sample, email to binaries@bitsum.com. I can create my own samples. I'd also really like to hear that reasoning behind why you are doing this.

Thanks,
Software Engineer. Bitsum LLC.

teo

QuoteI think I get the gist of what you are writing, changing import & export API names to less than 6 characters somehow causes a malfunction?
Yes, if you compress the file, they will not work.

Why do I do this - reduction program code, why do we need long lines, when you can do everything is compact, where the smaller size for the file.
The sample I will send a little later.

ps: the file "KERNEL32.dll" was taken only for example.

----------------------

QuoteI think I get the gist of what you are writing, changing import & export API names to less than 6 characters somehow causes a malfunction?
Ð"а, если сжаÑ,ÑŒ Ñ,,айл, Ñ,о они не будуÑ, рабоÑ,аÑ,ÑŒ.

Почему я эÑ,о делаю - сокращение кода программы, зачем нужны длинные сÑ,роки, когда можно сделаÑ,ÑŒ всÑ' компакÑ,но, куда с меньшим размером для Ñ,,айла.
Образец я пришлю чуÑ,ÑŒ позже.

ps: Ñ,,айл "KERNEL32.dll" был взяÑ, лишь для примера.

teo

I beg your pardon, there is something else, increased the size of the string up to 12 bytes and also does not work.

What did I do? Just the EXE file shortened string and further reduced the section of the import, everything works fine, but after compression does not want to work.

Originally in the EXE file I cut the strings in DLLS (removed for 2-3 bytes), everything worked and after compression, too, then decided to cut up to 6 bytes or less, and after compression is already not working. The problem is PECompact.

Of course, I understand that for you it is unnecessary nonsense and excess waste of time, but for some people this is very useful.

--------------------------------

Прошу прощения, Ñ,ам чÑ,о-Ñ,о другое, увеличил размер сÑ,роки до 12 байÑ, и Ñ,акже не рабоÑ,аеÑ,.

ЧÑ,о я делал? ПросÑ,о у EXE Ñ,,айла сокраÑ,ил сÑ,роки и далее сокраÑ,ил секцию импорÑ,а, всÑ' прекрасно рабоÑ,аеÑ,, но после сжаÑ,ия не Ñ...очеÑ, рабоÑ,аÑ,ÑŒ.

Изначально в Ñ,,айле EXE я сокраÑ,ил сÑ,роки на DLL (убрал по 2-3 байÑ,а), всÑ' рабоÑ,ало и после сжаÑ,ия Ñ,оже, заÑ,ем решил сокраÑ,иÑ,ÑŒ до 6 байÑ, и менее, и после сжаÑ,ия уже не рабоÑ,ало. Проблема именно в PECompact.

Я конечно понимаю, чÑ,о для вас эÑ,о ненужная ерунда и лишняя Ñ,раÑ,а времени, но для некоÑ,орыÑ... людей эÑ,о весьма полезно.

Jeremy Collake

I just don't know ... This makes little sense. Are you sure you are not over-writing critical data in the import table with your expansion? Or with the decrease in size, perhaps some other error is being made. If anyone else can tell me what he is talking about, please do ;).

Lastly, text compresses very well, so by shortening API names, you are not doing much.

If you want to save maximum space, import by ordinal.
Software Engineer. Bitsum LLC.

Jeremy Collake

PECompact v3.03.20 is released, and should restore W2K compatibility, though this has not been extensively tested yet. More work is ongoing. This release was a preliminary fix (going back to VC9 since VC10 doesn't support W2K), and a 'clear out the cobwebs' check in preparation for larger changes.
Software Engineer. Bitsum LLC.

teo

Testing:
* The version of the program (writes) --> 3.03.19, and should 3.03.20.
* The program does not start, writes that the entry point not found the procedure "DecodePointer" (library KERNEL32.dll)
* Empty folders "sdk", I think, can be removed if they are not needed.

----------------

ТесÑ,ирование:
* Ð'ерсия программы (пишеÑ,) --> 3.03.19, а должно 3.03.20.
* Программа не запускаеÑ,ся, пишеÑ,, чÑ,о не найдена Ñ,очка вÑ...ода в процедуру "DecodePointer" (библиоÑ,ека KERNEL32.dll)
* ПусÑ,ые папки "sdk", думаю, можно было удалиÑ,ÑŒ, если они не нужны.

Jeremy Collake

#32
Thanks, This does not surprise me, it was a test release. To restore W2K compatibility of PECompact itself (again compressed apps work fine in W2K) is a bit of a pain because there are so many components. I will release a new beta shortly. I will fix the version # in the installer and other issues.
Software Engineer. Bitsum LLC.

Jeremy Collake

Beta version number display on site is fixed. New version I will be testing in W2K soon, as I prep it for release.
Software Engineer. Bitsum LLC.

teo

Version 3.03.21 tested.
Installed, but when you run the application, nothing happens, it just don't start.

Jeremy Collake

I will get it there next build. Importantly, we are testing the effects of this change elsewhere.
Software Engineer. Bitsum LLC.

teo

Version 3.03.22 tested.
Installed, but when you run the application, nothing happens, it just don't start.
In general, all the same, as in previous versions.

Jeremy Collake

Yes, not all modules are W2K compatible yet, apparently. You can blame Microsoft for dropping W2K support in VS2010, but I will eventually get all the modules migrated to the VC9 buld tools, and it will work again.
Software Engineer. Bitsum LLC.

teo


Jeremy Collake

Working on PEHideText only. I have not gotten to the W2K retesting yet, or to the many other maintenance items pending on PECompact. Probably there is a single module still being built with the newer (v10) MS build tools. Older versions accessible in the Support area should do fine at W2K. I am also prepping (dusting off and updating) the build system, getting it ready for more extensive work and testing.
Software Engineer. Bitsum LLC.

teo

Horror, when the same has already will support Windows 2000?