Text only | Text with Images

The MASM Forum Archive 2004 to 2012

General Forums => The Workshop => Topic started by: D.F. on October 26, 2011, 01:20:54 PM

Title: My own PE Protector
Post by: D.F. on October 26, 2011, 01:20:54 PM
Hi all,
I want to write my own PE Protector. I read a lot about PE File Format, but I don't know how to start. I will be happy for any links and source codes.

Regards, David
Title: Re: My own PE Protector
Post by: qWord on October 26, 2011, 01:33:26 PM
Quote from: D.F. on October 26, 2011, 01:20:54 PMI read a lot about PE File Format, but I don't know how to start.
So you know at least on protection mechanisms?
Title: Re: My own PE Protector
Post by: D.F. on October 26, 2011, 02:37:08 PM
Quote from: qWord on October 26, 2011, 01:33:26 PM
Quote from: D.F. on October 26, 2011, 01:20:54 PMI read a lot about PE File Format, but I don't know how to start.
So you know at least on protection mechanisms?
My friend told me that I must crypt the code section. Next I must add new section to crypted PE file with loader and decryption code. There is my questions: How to add new section to PE file? How to find where the encrypted code begins and ends?
Title: Re: My own PE Protector
Post by: fearless on October 26, 2011, 02:41:53 PM
Hi David,

Probably a lot of stuff to do if your going to right your own one. Might be option to look at the main competitors out there and see what each one offers, and see if they fit your needs.

http://www.oreans.com/themida.php
http://pecompact.com/index.php

are a couple i can think of off the top of my head.

But realistically, and most coders will tell you this, no matter what you use to protect software, if someone is determined enough, and/or has enough time/patience/knowledge/money, then probably any software protection can be broken, but the commercial option may disuade casual reversing and cracking enough to justify the initial cost of the protection software.

Title: Re: My own PE Protector
Post by: D.F. on October 26, 2011, 03:33:07 PM
I write this protector for my school for educational purposes only, not to protect my software.
Title: Re: My own PE Protector
Post by: qWord on October 26, 2011, 03:49:01 PM
A simple solution would be to add a additional section, containing the decrypter, and using this one for the entry point (see SEGMENT-directive). With an external tool you must only encrypt the actual code and data sections.
Title: Re: My own PE Protector
Post by: clive on October 26, 2011, 04:01:57 PM
I think a more realistic educational goal would be to build a linker, or loader. But may be you're studying at thepiratebay.edu

If you don't know how to start, perhaps you need to figure out why you're lost.

For instance are you familiar with loading files into memory, navigating the structure of that data, writing out different pieces to another file, expanding and creating structures within the new file as you are writing it out, or holding it in memory?

Start with something that loads the file, and dumps/decodes the data therein.
Title: Re: My own PE Protector
Post by: Farabi on October 29, 2011, 09:10:56 AM
Or the simplest solusion is, create one program as unpacker and encrypt your real program and then load and run it.
Text only | Text with Images