PECompact – Windows (PE) Executable Compressor
Powerful executable compression for software developers and vendors
Read this first:
PECompact has been a leader in the Windows executable compression industry for over a decade. You’ll find no other compressor that offers the features of PECompact. It has a plugin system that offers virtually limitless customization, setting it apart from all other competitors.
Software distributions large and small have used PECompact. Our biggest client has been Google, used on their Google Desktop product (now discontinued), but countless small and mid size companies and independent developers use PECompact to compress and/or protect their executables.
Software vendors will want to compress their Windows executables for a wide array of reasons, but the usual reason is to help protect the code and data inside. Compression inherently does this, though it is no fool-proof solution (no fool-proof solution is possible).
PECompact is technically a Windows executable compressor only, but plug-ins are available for it that offer protection against reverse-engineering (some sold separately by third-parties).
If you don’t care about your data security, then perhaps you may need to reduce EXE size even further than archivers like ZIP and RAR can achieve. Since our algorithm is optimized for PEs, we pre-process the code using advanced algorithms that make it more compressible for dictionary based compressors like LZMA.
Decreasing your EXE size can actually speed load time because the retrieval time from the storage media or network is often greater than the very rapid decompression time. Pages that are not used will quickly get paged out by Windows as needed, then your application will be running just as if it were never compressed. Shared sections of your PE are skipped by default and your EXE still makes full use of shared system DLL pages. So, there is only upside on the performance side of the equation.
Ok, so you want to compress, but need to pick a compressor. There is UPX, Aspack, and PECompact. Those are the top 3 PE (32-bit) native EXE compressors.
UPX has a decompression switch and is open source (often abused by malware authors), Aspack can not compress as well as PECompact and has no plug-in support at all. It also lacks other key features of PECompact. We invite you to try them all for yourself, as we’re confident you’ll come back to PECompact if you are ‘our type of customer’.
To get to the question of Why PECompact? The answer is its maturity, interoperability, compatibility, and compression ability. You want a Windows executable (PE) compressor that has been around for a while and is supported by all the popular security software. That way, the security products can scan inside your EXE. This keeps the bad guys from using the compressor, and maintains all the benefit for the good guys. This is important, because if a security product can’t see inside the EXE, it will often just mark it as suspicious. We work hard to achieve good interoperability with all the major security software companies.
PECompact’s compression ratio is second to NONE. Our record speaks for itself. Compare us yourself. We pack better than ASPack, much better than PEtite, and compress as well as UPX (but don’t have that ‘decompress’ switch that UPX has). We keep your code and data compressed as good as it can be, offering the perfect mix of security, stability, and interoperability. PECompact compressed executables work everywhere and require no modifications.
PECompact does things right. For instance, it skips shared sections of DLLs by default, and can skip any shared section — allowing you to maintain memory sharing between process instances. It makes sure icons needed for use by the shell are kept uncompressed, so your shell view icons don’t disappear. It makes sure version and manifest information is also kept uncompressed, and can keep any other type of resource you desire kept uncompressed. Additionally, it is the ONLY compressor that properly preserves debug information embedded in the PE. Naturally, it fully supports software and hardware DEP as well as code signing (after compression).
- Great compression – The most obvious feature to mention is excellent compression. Since we’re optimized to compress PEs, their code, data, and resources.. we are able to achieve a compression ratio. One that is much better than any ZIP format compression software, for instance. Compared to other executable compressors, we are either better or roughly equal in compression ratio. It depends on the EXE and other factors. As an example, we PECompact almost always beats the latest version of ASPack in compression ratio. Compare them yourselves on YOUR module(s), but we’ll soon publish a new benchmark showing the difference on some common applications.
- Faster load time – Since the slowest bottleneck is usually the storage system, loading the whole module into memory and decompressing it is advantageous in many situations. It depends on a few variables, such as how big your EXE is and how fast the disk is. CPU decompression time is so minimal that it is not even considered a factor.
- Does things ‘right’ – From skipping compression of shared sections of DLLs, preserving debug information, or leaving shell icons uncompressed – you can be PECompact does things the ‘right’ way. It has had MANY years to mature and be worked free of bugs.
- Robust plug-in framework (and library) – PECompact boasts a great plug-in framework. We allow several different types (CODEC, API Hook, and Loader). Best of all, you can use as many as you want on the same executable. You can, for instance, chain a series of CODECs together!
- Good security industry support – As one of the ‘good guys’ we work with anti-virus and anti-malware companies to help them scan inside PECompact compressed executables. We deter abuse whenever we can. Use of PECompact on high profile software such as Google Desktop ensures any rare accidental false alarm by any vendor is immediately corrected. I believe PECompact has the best security software support in the industry, but that is a guess.
- Interoperability – We’ve worked hard to achieve great interoperability with most EXE formats. Our new v3.03 beta even emulates extra-data appended to the end of an EXE then referenced
by a static offset, as is the case of an installer.
- Compatibility – Compressed modules are fully compatible with Windows 95 through Windows 7 (all editions of both NT and 9x kernels), and all those in-between — including 64-bit variants (WOW64). Further, compression works on C++, Delphi, VB, and most other languages that will generate native 32-bit PEs.
- Settings, Settings, Settings – If plug-ins weren’t enough, we have more settings than you’ll likely ever need in your lifetime.
- Software Protection – While PECompact itself is not written specifically to be a protector, there are plug-ins to facilitate this. Additionally, compression itself obfuscates the module, adding an inherent layer of protection.
PECompact *IS* fully compatible with DEP, code signing (sign after compression), and Windows 7/2008. We keep PECompact well maintained. It supports native PE modules, but does not support device drivers or some .NET assemblies. PE+ (PE64) support is still pending as it requires a massive rewrite of the loader (decompression stub).
PECompact is available in English, Russian, Chinese (traditional and simplified), German, Dutch, French, Swedish, Italian, Slovenian, and Polish!
PECompact comes with a set of PE manipulation utilities to do useful things like change the subsystem, or trim (realign) a PE. This suite is named, collectively, PESuite. The full set is listed below.
PECompact has been around for over a decade now. It started off
as a small x86 asm program, then blossomed into what it is today.
PECompact enjoys widespread industry adoption. Used by companies large and small throughout the world, companies depend on PECompact for reliable executable compression, obfuscation, and protection.
Security company representative?
If your company needs any assistance scanning inside compressed modules, please email us and we’ll be happy to provide you
with all the help we can. Our goals are the same as yours; allow legitimate application use and deter illegitimate use.
NOTICE: To deter abuse, we have not included many plug-ins and some utilities in the trial version. If you need to try one out that is not included, email us and we’ll set you up. We do require verification that you are a legitimate software publisher and/or developer.
Need older versions, for whatever reason? Registered Users have access to them.
- First rate compression
Almost always compresses better than RAR, ZIP, and other archivers because it is targetted towards PEs and uses advanced code pre-processing
Security products support PECompact, meaning your EXE contents can be scanned – necessary to avoid aiding the bad guys while keeping false positive rates near zero. We screen ALL our customers of PECompact these days, out of necessity. Use of PECompact on high profile applications like Google Desktops (and hundreds of others) helps ensure the security companies maintain good interoperability.
Wow have we got a list of plug-ins for you! You can even create your own plug-ins, or your whole alternate loader with our Loader SDK (purchase separately)
- Full Windows support across the board, from Windows 95 to Windows 10. We’ve kept up with Windows. All the latest features are supported in our compressor.
- Full DEP support
Not only do we offer full DEP support by default, but we even have a loader that takes that one step further and doesn’t execute from any page not marked executable (DEP only checks if page is executable).
- Overlay emulation
Our unique overlay emulation allows for compression of installers, SFX, and other type PE EXEs that can not normally be compressed.
Compress is YOUR way! We’ve got more settings than you’ll likely ever need.
Note that all are NOT included with the trial version, and some (two) require additional purchase.
Anti-debug loader (basic debugger presence checks)
Sold separately – anti-debugging/anti-reverse engineering technology
Alternate loader used for easier debugging (no SEH traps)
Reduced size loader, for the truly size obsessed
API Hook Plug-ins
Emulate extra-data at its original physical offset, allowing compression of installer type EXEs that otherwise couldn’t be compressed. PECompact automatically uses this if an overlay is present or as the /Emo switch specifies.
Provides an API based callback to determine if the module is still compressed or not.
Provides an API based callback to retrieve a watermark placed by PEWatermark.
Breaks a known PECompact unpacker. Simply include this
Custom GetProcAddress implementation using binary search through target import table.
JCALG1 compression algorithm for slow compression, good performance, and fast decompression.
aPLib compression algorithm for faster compression, good performance, and fast decompression.
FFCE compression algorithm for faster compression, good performance, and fast decompression.
LZMA2 compression algorithm for faster compression, good performance, and fast decompression.
Do a CRC32 check on the data (store with data on encoding, check on decoding)
Put a password on the EXE, and encrypt the data based on that password
Expand the data instead of shrink it (for robustness testing)
Four different simple XOR/ADD/SUB based ciphers.
- and more…There are many more plug-ins, both third-party and developed by Bitsum.