PE-PaCK v1.0

Tool PC 


		 ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
  ÛÛÛßÛÛ ÛÛÛßÛÛ     ÛÛÛßÛÛ ÛÛÛßÛÛ ÛÛÛßÛÛ ÛÛÛ ÛÛ
  ÛÛÛ ÛÛ ÛÛÛ        ÛÛÛ ÛÛ ÛÛÛ ÛÛ ÛÛÛ    ÛÛÛÜÛß
  ²ÛÛßß  ²ÛÛß   ßßß ²ÛÛßß  ²ÛÛßÛÛ ²ÛÛ    ²ÛÛÛ
  ±²Û    ±²Û        ±²Û    ±²Û ÛÛ ±²Û    ±²ÛßÛÜ
  °±²    °±²ÜÛÛ     °±²    °±² ÛÛ °±²ÜÛÛ °±² ÛÛ

  PE-PaCK v1.0     (C) Copyright 1998 by ANAKiN
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ
           D O C U M E N T A T I O N
ÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ


0. CONTENT
~~~~~~~~~~
I.     -  Short Overview
II.    -  Disclaimer
III.   -  Commandline Parameters
IV.    -  Technical Notes
V.     -  Contacting the Author
VI.    -  What is new?
VII.   -  What is planned?
VIII.  -  Greetings


I. Short Overview
~~~~~~~~~~~~~~~~~
You are actually reading the documentation of the very best Portable
Executable Packer around the world. I have compared PEPACK to all the
other PE packers I know off: PETITE, PECRYPT, WWPACK32, SHRINKER, STNPEE...
And I can proudly say, that PEPACK beats up all of them.

Off course PEPACKed files can be unpacked with PROCDUMP, but this is only
a PACKER! not a protector!

JUST ONE IMPORTANT THING: DO NOT THINK YOUR PC HAS LOCKED UP! COMPRESSION
IS VERY SLOW. 1MB IN 30-60 SEC. BUT DECOMPRESSION IS FUCKING FAST!!!
I MAYBE WILL CHANGE THE INTERFACE IN THE NEXT VERSION...


II. Disclaimer
~~~~~~~~~~~~~~
I, the author, am *NOT* responsible for any damage caused by the use of
PE-PaCK.  Although the program was tested with:

 + Windows 95B
 + Windows 98
 + Windows NT 4.0

it may be in some cases incompatible. I hope this was enough to warn you :)


III. Commandline Parameters
~~~~~~~~~~~~~~~~~~~~~~~~~~~
If you want to use PE-PaCK simply type:


  PEPACK  [options] "filename" [options]
                     ^
                     :--  you can write:  VERYLO~1.EXE
                                     or: "Very Long File Name.EXE"

  an option may start with either '/', '-' or ','

PE-PaCK supports the following options:

Options
-------

þ -? -h    Shows a short helpscreen

þ -o       Original file will not be modified. Output goes into
           OUTPUT.EXE

þ -rs-     The resource section will not get compressed

þ -icn     If resource compression isn't switched off, this switch
           enables ICON compression
           (!!! WINDOWS WILL NOT BE ABLE TO SHOW THE ICON !!!)

þ -ver     If resource compression isn't switched off, this switch
           enables compression of the VERSIONINFO resource
           (!!! WINDOWS WILL NOT BE ABLE TO READ THE INFOS !!!)

þ -aln     Set filealign to 512. Improves ratio on some compilers.

þ -spd     Use faster (de)compression (decreased RATIO)


IV. Technical Notes
~~~~~~~~~~~~~~~~~~~
This version of PE-PaCK is based on the code of a newer version of my
PE protector called PE-SHiELD. In fact I coded this packer, because I
wanted to test the APACK library by JiBZ. (it will also be implemented
in the new PE-SHiELD).
I removed all anti debugging/unpacking routines (not really! pepacked
files can still not be loaded with LOADER32.EXE) because I needed a
simple packer. Unlike PESHIELD, PEPaCK is able to compress DLLs.
Due to the fact that a lot of PE-SHiELD bugs were found and removed
they aren't in PE-PaCK, too.

At the moment PE-PaCK compresses all code- and data sections. The relo-
cation table gets compressed by my own DELTA/RLE compression and then
with APLIB, too.

You can choose, if the the resource section gets compressed and if the
ICON/VERSIONINFO stays uncompressed.

All other sections are left unchanged. PE-PaCK unlike the last PE-SHiELD
version does also work, if there is a .EXPORT area hidden in one of the
sections.  (EXAMPLE: OPERA.EXE)

PE-PaCK has still problems with some old linkers. One of the problems is,
that PE-PaCK rejects any file, if my own relocation compression failed.
Old linkers very often don't sort the relocations. Therefore I will add
a quicksort routine to the compression function in the next versions.
Try to add some > mov eax, [offset var1] to the end of your code, if
relocation table cannot be compressed...


V. Contacting the Author
~~~~~~~~~~~~~~~~~~~~~~~~
You may contact me, if you find any incompatibility or
just want to tell me your opinion.

contact address: This email address is being protected from spambots. You need JavaScript enabled to view it.


VI.       What is new?
~~~~~~~~~~~~~~~~~~~~~~
þ Better compression
þ Anti AVP heuristic scan trick
þ Fixed a lot of bugs
þ nicer messages if DLLs or imported
  functions cannot be found


VII.      What is planned?
~~~~~~~~~~~~~~~~~~~~~~~~~~
þ Better compression, if JiBZ improves his APLIB
þ Fix bugs...
þ Implement the packer into PE-SHiELD
þ ...


VIII. Greetings
~~~~~~~~~~~~~~~
rANDOM    þ Mhhh... Mhhh... Mhhh... mal wieder gar nichts los ;)
ROSE      þ Freue mich schon auf HackStop4COFF und HS4PE...
THeRaIN   þ Want to see your PE code...
eGIS!     þ Try to use -aln on your files...
G-ROM     þ Great code...
Stone     þ Your sources rule! Your website rulez!
Hanno     þ What about a Win9x/NT version of checkexe...


Additional greetings fly out to:

þ KAOT, LUCE, Ugly Duckling, Dark Stalker, Dark-Man
þ Valentino T., Jeremy Lilley
þ all in UCF, PCE, TPiNC
þ all on #ucf2000, #cracking - great resource base...
þ all in exelist - where are your new releases...


PS: The documentation was modified in a hurry...

News

We have 105 guests and no members online

Login