PECompact Revision History

Released versions

3.03 beta series (currently at 3.03.23) - final will be v3.04

This new version adds proper support of SafeSEH modules and also other rarely used tables in the LoadConfig directory. It also fixes possible very rare memory corruption of DLLs that were compiled to utilize SafeSEH and were forced into a base collission or are ASLR aware, then mapped into a process where all modules also support SafeSEH and ASLR.

Also coming this version is a fix for compression of self-extracting archives (SFX), installers, and other executables with an extra-data/overlay that is referenced at a physical offset. Now the new /EmulateOverlay (/Emo) switch will fix most all cases of this, and now is AUTOMATICALLY selected when a file is compressed with an overlay larger than 32KB.

• Addition.core: New overlay emulation, as provided by the /EmulateOverlay:[I|O|N] command line parameter, to fix SFX installers, interepted languages built into EXEs, and other similar files. This is done through inclusion of the extradata in the PE image and API hooks on the file reads to redirect reads to the extra-data's original physical offset to the correct location.
• Addition.core: Added 'N' option to /EmulateOverlay to explicitly disable it, while possible still keeping the overlay with /KeepOverlay:Y
• Addition.core: Added 'I' option to /EmulateOverlay to include the overlay within the PE image, allowing it to be compressed (default is 'O' for outside image)
• Addition.core: Auto-induce new overlay emulation if overlay found exceeding 100KB in size
• Addition.core: Added deep delete and/or relocate of LoadConfig directories
• Addition.core: Added proper LoadConfig.SafeSEH and LoadConfig.LockTablePrefix support
• Addition.core: Added /StripLoadConfig:Y|N (/Slc:Y|N) command line parameter to strip the LoadConfig directory (or not)
• Addition.core: Proper registration of loader exception handler(s) is appended to LoadConfig.SafeSEH table, if one exists
• Addition.Installer: Made 'pec.exe' the main executable, but is a 5KB stub for 'pec2.exe'. May inverse these in the future.
• Addition.Installer: Included C++ source to PEHTLib in registered build
• Addition.Installer: C++ source for PEHideText decryption is now incldued (registered verison only)
• Addition.EAD.Loader: Added new code to cause OllyDbg to crash
• Addition.GUI: Added Polish translation
• Addition.GUI: Added option for overlay emulation
• Addition.GUI: Added option for stripping the LoadConfig directory (or not)
• Fix.GUI: Fixed error message shown when specific loader host is removed from the configuration. The previous design mandated a specific loader host always be provided, but now default is simply used.
• Fix.EAD.Loader: The Enhanced Anti-Debug Loader could previously wipe out one of the watermarks stored by PEWatermark, causing runtime retrieval of the watermark to fail
• Fix.core/loaders: Fix of a memory leak on compressed DLLs that are loaded, then freed. Note that the leak will still exist if you use any API hook plug-in because the decompressed loader can't be deallocated [in the current PECompact architecture] since it contains API hook code that may be later referenced. None of this is of any concern to EXEs, nor to DLLs you don't Free.
• Fix.core: Fixed possible memory corruption on DLLs that support SafeSEH and get relocated (via ASLR or base collision)
• Change.plugins: IsPacked plug-in now requires API name of PEC_IsPacked or ordinal of 0xffff AND an an HMODULE of 1 OR -1
• Change.plugins: IsPacked plug-in now requires API name changed to PEC_IsPacked, but backwards compatibility for PEC2_IsPacked is retained
• Change.loaders: Some minor tweaks and changes - I tried to change as little as possible
• Change.GUI: Standardized command line switches, so always 'Y' and 'N' instead of some intermingled 'Yes' and 'No's
• Change.All: Updated to VC10 (Visual Studio 2010)
• Removal.Installer: Removed PEHT alternate libraries because C++ source for PEHideText decryption is now incldued
• Change.Installer: PEHideText now back in trial build, for evaluation purposes
• Change.Plugins: Updated BoB's IsDebuggerPresent plug-in to v1.08 (registered version only)
• Change.LoaderSDK: PEC_HOST_INFO structured appended with three new DWORDs
• Removal.Installer: Removed some older codecs, languages, and components that have been deprecated or unmaintined
• Change.core: Minor maintenance and other changes
• Change.core: Disallow NO_SEH characteristic on all modules (not just DLLs)
• Addition.PEClassify: Classifies Armadillo protected executables based on their SEH chain by-pass marker that is embedded in the PE for Windows to use
• Change.GUI: Mandated 'Highest Available' rights via manifests
• Change.All: Embedded manifests in primary executables
• Change.Loader: Now allows plug-ins to have SEH traps in Vista+
• [.19]Fix: IsPacked plugin that broke in previous beta build
• [.20]Fix: Restore Windows 2000 compatibily of PECompact itself (compressed apps always worked in W2K)
• [.20]Fix: Restore Windows 2000 compatibily of PE Suite tools
• [.21]Fix: Continued W2K legacy work for PEC itself, cobwebs being brushed out, VC9 migration continues
• [.21]Fix. Minor adjustments
• [.22]Change.PEHideText: Allow FreeDecryptedText to take either a pointer to the original obfuscated text, or (more traditionally), a pointer to the dynamically allocated deobfuscated rendition of it.
• [.22]Change.Loader: Minor change
• [.23]Change.PEHideText: Major rewrite of PEHT runtime decryption code. It is now assumed you'll be linking with the source code included in registered version, or writing your own.
• [.23a]Change.PEHideText: Allow caller supplied buffer, for decrypting to stack for instance, and randomize some null space left behind that could help identify these segments

3.02

• Fix.Core: Fixed issue where debug directory entry wasn't completely cleared when stripping of debug directory was indicated
• Addition.Plugins: Added a new loader that does not execute any code from writable dynamic memory allocations (pec2ldr_no_rwx_mem). This is useful in various situations.
• Change.Plugins: Updated IsDebuggerPresent plug-in by BoBSoft
• Change.Licensing: Extended trial period to 30 days to give users time to evaluate product
• Change.PEHideText: Increased size of encrypted text marker to ensure no accidental collisions with random code and data. This makes the new version incompatible with the old version, so be sure to get the latest PEHT lib.
• Change.PEHideText: If key not supplied on command line, then a random number is used.
• Change.Loader: Minor maintenance
• Change.Loader.Slim: Slim version of loader tweaked a bit
• Change.Loader.Enhanced.Anti.Debug: Added new anti-debugging capabilities (note: EAD loader is a seperate purchase)
• Change.Loader.Enhanced.Anti.Debug: Added new anti-dump capabilities (note: EAD loader is a seperate purchase)
• Change.Updater: Consolidated all locale specific update checker resource files into main resource files
• Change.Docs: Some formatting and content updates
• Change.All: Removed cs_cpl (language selection) DLL, library is now statically linked
• Addition.Installer: Added help, about, and publisher links for use by the OS
• Change.Installer: Reduced total install size
• Fix.Updater: No longer shows update check dialog if 'never check for updates' is selected
• Fix.Installer: Improved uninstall procedure to properly clean up the newly renamed default PECompact start menu folder
• Fix.Installer: Fixed rarely used 'Visit Bitsum Tehcnologies' start menu shortcut
• Fix.Installer: Fixed missing PEC2CodecSDK.h for CODEC SDK (registered build only)
• Fix.Installer: Fixed scrambled Swedish EULA
• Post-release updates:
  • [.1]Change.Updater: Only show update dialog when an update is actually available, instead of asking user for permission to check every time we want to merely check
  • [.2]Change.Plugins: Updated BobSoft's IsDebuggerPresent plug-in to v1.06 - This fixes DEP violations with this plug-in

3.00

• Addition.Package: Added user contributed ElfHash plug-in (a fast hash algorithm)
• Addition.Package: Added user contributed Pascal/Delphi header files for all plug-in types (registered version only)
• Addition.Package: Added user contributed 'IsDebuggerPresent' API plug-in (registered version only)
• Addition.Package: Added user contributed API hook and Codec plug-ins developed in Delphi
• Addition.Installer: Added x64 build of PEHTLib.lib
• Change.GUI: Improved message boxes (updated to XMessageBox 1.10 and applied Bitsum custom mods)
• Change.PETrim: Enhanced stripping of debug directories
• Change.PEHTLib: Change to macros
• Change.Installer: Switched to UNICODE build of NSIS
• Change.Localization: Updated Swedish translation
• Change.Docs: Added credits for contributions of BoB of team PEiD
• Change.Docs: Some minor maintenance and improvements
• Removal.Installer: Some out of date languages removed
• Fix.GUI: Adjustments to initial display position of child windows
• Fix.UpdateChecker: Fixed missing space after beta version numbers
• Fix.Installer: Fixed missing application icon in 'Add/remove programs' or 'Programs and features'
• Fix.PEHTLib: Some fixes for thread safety, applies only to users of PEHideText
• Fix.Core: Fixed issue where small decoder was sometimes being used even when fast decoder was specified
• Fix.EADLoader: Fixed conflict with removal of import table by enhanced anti-debug loader and Restore Imports option
• Fix.TestCodec: Removed dependency on CRT DLLs
• Post-release updates:
  • [.1]Change.Localization: Updated Russian localization
  • [.1]Fix.Localization: Fixed Russian in installer
  • [.1]Fix.Documentation: Fixed problem with missing pages in CHM
  • [.2]Change.Installer: Included more plug-ins in the trial edition (ones not abusable)
  • [.2]Change.All: Replaced all occurrances of 'PECompact2' with 'PECompact' (unreleased)
  • [.2]Change.EAD-Loader: Updated enhanced anti-debug loader for better interoperability with /RestoreImports:Y option

2.98.6

• Fix.Core: Fixed problem with compression of some previously signed modules. Note that the signature is removed after compression, since it will be invalidated by the changes
• Fix.GUI: Fix to display of compression ratio
• Fix.Installer: Improved Vista+ UAC support
• Change.All: Removed use of alternate HKCU\PECompact registry key
• Change.Core: Cleaned up console output
• Change.Core: Removed /AllowSecurityDirectory (/Asd) command line parameter (now always 'Yes')
• Change.GUI: Removed 'Ignore Security Directory' option
• Change.Installer: Language selection is now propagated from the installer to GUI, removing redundant language selection on first run of the GUI
• Change.PEClassify: Cleaned up console output
• Addition.PEClassify: Added PE or PE+ type output
• Addition.Package: Added new plug-in to break automated decompression by UN2PEC, pec2hooks_break_un2pec. (registered version only)

2.96

• Fix.Core: Fixed compression of executables with MUI resources (i.e. Vista's notepad.exe). In previous builds, affected executables would fail to start after compression
• Change.EAD.Loader: Updated, some more protection code added
• Change.EAD.Loader: Changed name so it appears more descriptive and correct
• Installer.Change: Trial verison no longer includes cipher codecs
• Installer.Removal: Removed PEHideText from trial version
• Installer.Removal: No longer publicly distributing student version due to abuse by malware authors. Freeware authors and acedemics can obtain a freeware license for PECompact by emailing support@bitsum.com

2.94

• Fix.Core: Fixed handling of some non-Microsoft linkers debug directories. This could have caused a decrease in compression ratio or an inability to locate post-compressed debug information, depending on if /StripDebug was set to Yes or No, respectively
• Fix.Core: Improved compression ratio when debug directories are present and preserved. In previous versions, unrelocated (old) copies of the debug data would get left in the compressed data stream
• Fix.Core: Improved handling of very large debug directories
• Change.Core: If overlay/extra-data is empty (no non-NULL data) we skip storage of it after compression. This is useful for the new code changes that can strip debug information from the overlay/extra-data area
• Fix.Core: Fixed help mode capital 'A' not being accepted correctly to show advanced help menu
• Fix.Core: Fixed '% ompressed' output (missing 'c')
• Fix.TestCodec: Various updates to get it up to speed with the latest CODEC specifications and more
• Change.Settings: Made /StripDebug:Yes (/SD:Y) the default. Debug information will get stripped unless you specify /SD:N
• Addition.GUI: Now remembers last browsed folder when adding files to the listview in older NT OSes (XP, 2k)
• Change.GUI: Minor cosmetic adjustments
• Addition.Package: Included new cipher1 codec in all packages
• Addition.Package: Included new cipher2 codec in retail build
• Installer: Update to NSIS 2.39

2.92

• Fix.Core: Fixed issue with DLLs with type libraries (COM objects usually have them)
• Fix.Core: Fixed empty sections sometimes not getting assimilated when they should be. For some executables, this improves comrpession ratio back to what it was in v2.88

2.90

• Fix.Core: Fix for infinite loop condition on some executables when merging sections is turned off, or certain sections are skipped (such as shared sections). This would literally cause compression to never end
• Fix.Core: Fix for some shared sections containing only NULL data getting optimized out (assimilated) and losing their shared status even when '/ssh:y' is given
• Change.Core: Tweaking handling of section attributes when merging. Now only executable characteristics will be merged
• Changes.Codec: Updated IbsenSoftware's aPLib CODEC to v0.44, thanks to Joergen Ibsen for providing the CODEC plugin

2.88

• Addition.Core: New beta support for .NET executable compression is finally here! We are still ironing out kinks, adding features, optimzing, and testing on various .NET applications. That said, you can try our early implementation out now. Yes, your shell icons, version information, and other resources are properly preserved. Also, all PECompact plug-ins are utilized, including the CODECs. The .NET assemblies are compressed using LZMA
• Addition.GUI: Various things to facilitate .NET support
• Addition.Core: Added '/FrameworkVersion=x.x.x.x' or '/Fv=x.x.x.x' switch to set the .NET Framework version that should be loaded by compressed .NET assemblies
• Fix.Core: Reworked behavior of '/CompressResource:No' (/cr:n). Now resources are loaded and re-written, but all are kept uncompressed. This results in better compression ratios and fixes known errata with excluding all resources on some executables
• Fix.GUI: Fixed problem when test launching executables with spaces in the pathname. They would launch, but some would interept the first parameter wrong since it wasn't quote encapsulated and may not be able to 'find themselves' if they rely on the first argument to determine their executable path
• Fix.GUI: Improved cosmetics of progress bar during long compressions
• Change.Core: We now preserve overlays/extra-data by default. The previous default was to only preserve them if they were in excess of 255 bytes in length
• Fix.Docs: Fixed up ugly headers and fixed title of CHM

2.86

• Change.Core: More proper support of ASLR aware programs in that fixups on EXEs are stripped unless they utilize ASLR
• Change.PETrim: Don't trim fixups from ASLR images

 Older history has been removed from this list ...