In order to facilitate advanced functionality of many types, PECompact
supports API Hook Plug-ins. API Hook plug-ins allow for hooking or overloading of APIs.
Any number of API Hook Plug-ins can be used on a single compressed executable.
API Hook plug-ins included with PECompact:
| Name |
File |
Description |
API Redirect
|
pec2hooks_redirect.dll |
This plug-in inserts a dynamically allocated shim
between an API call and the API function itself. This aids in making
rebuilding of the import table after a module dump more difficult
(protection against reverse engineering). |
| IsDebuggerPresent API |
pec2hooks_isdebuggerpresent.dll |
This plug-in, contributed by BoB of team PEiD, offers an improved version of the
IsDebuggerPresent API. Compressed programs will simply have this API replaced with
the improved version, no other action is necessary.
This improved version of IsDebuggerPresent is known to detect OllyDbg, OllyDrx, FOFF Team OllyDbg,ImmDbg, OllyDbg Plugins, SoftIce, Syser, Trw, QuickUnpack, Stripper, WinDBG, RegMon and FileMon.
|
| IsPacked API |
pec2hooks_ispacked.dll |
This API hook allows for an application to test whether it is still
packed or not by communicating with the PECompact loader. See the
Using the API Hook Plug-in
documentation for code snippets showing how to use this plug-in.
|
| Fast import |
pec2hooks_fastimport.dll |
This is a custom implementation of GetProcAddress that
uses hints to increase the speed of processing host module import
tables. It performs a binary search and has full support of forwarded
exports. The source code to this plug-in is included with the PECompact
distribution. Programs that import the undocumented kernel32 ordinal
37 (or other ordinals) should use this plug-in since GetProcAddress will
fail for ordinal imports in win9x. PECompact automatically uses this
plug-in when such a case is found, so no action needs be taken by the
user. |
| Break UN2PEC* |
pec2hooks_break_un2pec.dll |
This is a small plug-in to make compressed executables
uncompressible by the UN2PEC utility. |
|