PECompact v3.03 beta series has begun

Started by Jeremy Collake, May 17, 2010, 12:15:47 PM

Previous topic - Next topic

Jeremy Collake

The first beta of the v3.03 beta series has been released. Changes thus far are:

  • Fix.core/loaders: Fix of a memory leak on compressed DLLs that are loaded, then freed. Note that the leak will still exist if you use any API hook plug-in because the decompressed loader can't be deallocated since it contains API hook code that may be later referenced.
  • Fix.core: Fixed possible memory corruption on DLLs that support SafeSEH and get relocated (via ASLR or base collision)
  • Addition.core: Added deep delete and/or relocate of LoadConfig directories
  • Addition.core: Added proper SafeSEH and LockTablePrefix support
  • Addition.core: Proper registration of loader exception handler(s) is (created or appended) SafeSEH table
  • Change.GUI: Standardized command line switches, so always 'Y' and 'N' instead of some intermingled 'Yes' and 'No's
  • Fix.EAD.Loader: The Enhanced Anti-Debug Loader could previously wipe out one of the watermarks stored by PEWatermark, causing runtime retrieval of the watermark to fail
Software Engineer. Bitsum LLC.

Jeremy Collake

And 3.03.2 beta is here already ... This has an additional fix of a memory leak on compressed DLLs that are loaded, then freed. Note that the leak will still exist if you use any API hook plug-in because the decompressed loader can't be deallocated since it contains API hook code that may be later referenced... A solution to that issue is a little larger, but in cases where no API hook plug-in is used the loader is now deallocated as it should be. This will slightly decrease memory use on compressed EXEs as well.
Software Engineer. Bitsum LLC.

Jeremy Collake

3.03.3 beta is out, with 3.03.4 on its way.

This update makes a few small changes to the loader(s). Any anti-virus/anti-malware researcher should get up to date. I tried to change as little as possible, and don't plan further changes. Any anti-virus/anti-malware researcher/developer who needs the loader source code should email me at support@bitsum.com . Those who already have the LoaderSDK will get an update when v3.04.0 goes final.
Software Engineer. Bitsum LLC.

Jeremy Collake

3.03.5 beta fixes a crash when handling certain LoadConfig directories and fixes handling of LoadConfig.SecurityCookie. It is getting there.
Software Engineer. Bitsum LLC.

Jeremy Collake

3.03.7 beta has been released with the new capability (console only right now) to correctly compress SFX installers and other previously uncompressible files with extra-data appended at the end and referenced at a static physical offset. This is accomplished through API hooks. You have the option to either include the extra-data within the compressed PE image (so its processed through CODECs), or leave it outside the compressed PE image (so it isn't all loaded at once, and instead read from disk as needed). The new switch is /ExtraDataFix:[I/O] . Other switches are not necessary (e.g. /KeepOverlay), and may interfere as this switch will set those setting as needed to perform the operation.

Of course, this is accomplished via API hooks to redirect reads on the host file by the host file to the new location of the overlay.

The Loader SDK has been updated, extending the PEC_HOST_INFO structure by 3 DWORDs to provide 'emulated' overlay/extra-data information.
Software Engineer. Bitsum LLC.

Jeremy Collake

PECompact 3.04.01 beta continues this series, a build that is now available. Changes are minor, cosmetic only at this junction.
Software Engineer. Bitsum LLC.