Protector

[Ehtyar]

i think he was referring to the "very lame". anyway, dosnt matter now, you've got what you needed, and you're welcome for it, just a shame others won't get the same info.

[hutch--]

Guys,

I think most know the deal here, we are an international forum with members from many countries and this for no other reason prevents us from allowing links to site that have illegal content. From memory of a long time ago, Yoda used to write some good technical stuff but if you are going to succeed in write a viable PE compressor, you will need to know two things very well, PE section format and compression algorithms.

For the compression algorithm, I would recommend Jibz's aPLib compression algorithms as they have distinct advantages in the smaller end of binary files and this well covers most assembler programs. Now encryption as well as compression makes a binary file harder to crack but with experienced people, this can be beaten so if you need to protect an application, you will need to do a lot more than just encrypt or compress it. The later version of PeCompact does have many extras for you to play with if you need to do this type of work but nothing beats the "maze of garbage" effect when someone thinks they can easily crack a program you have written.

[Ehtyar]

LZMA is also a popular algo, built by the guy who did 7z i believe, used by most pe compressors including PECompact. not sure if it comes as a lib though, something for google to help with methinks.

[arafel]

7-zip`s LZMA implementation does comes as a lib. The SDK is available from www.7-zip.org site.

Though, it's a shame that Pavlov had never documented the algorithm, so it's impossible to implement it from a scratch without dwelling into the SDK`s C++ and COM mess.

[Ehtyar]

ugh, undocumented formats really suck, makes you wonder what the developer was on when they decided to implement it.

[Mark Jones]

What the hell is going on here?

The UPX licence agreement is the reason why I stopped using UPX years ago as the restrictions applied in the licence made unpacking, hacking and repacking an executable easy to do. They did have a decent compression algorithm but they crippled it with their own ideology. there is a freeware version of the later development of Jeremy Collake original exe compessor that does not impose this nonsense on you so it is a much better proposition.

So what are you saying Hutch, that scrambling UPX headers to make them non-decompressible, clearly in violation of their copyright, is okay? Or that because UPX cannot be legally scrambled, a malicious individual is better off (from both a legality standpoint and reverse-engineering standpoint) with Justin's library?

And... no comment on calling Casper "lame?" :eek

Being condecending to complete strangers is not a very good way to make friends in this world, but to each their own...

what is wrong with helping strangers?
i am ask help and this man help me and i am greatfull for this

No, not helping strangers, but saying that Casper is "lame." Ethyar doen't know who Casper is, and unknowingly hit a sore spot with him. Hutch, where is the "do not insult other members" speech? Or is this a passive-agressive stab at that individual?

i think he was referring to the "very lame". anyway, dosnt matter now, you've got what you needed, and you're welcome for it, just a shame others won't get the same info.

Yeah, doesn't matter now. You got the code you wanted, snicker snicker snicker. Now go spread it around on IRC.

[hutch--]

I may be getting slow in my old age but I have not seen the problem, there is nothing here for anyone to argue about as its all simple technical stuff. there has been a variety of EXE compressors around for years so its pick one that does the job. I used to use UPX years ago when it was being developed but as soon as the authors tried to pull the stunt in their licence about their ownership of your code by using their compressor, I stopped using it and while their licence is legal rubbish, it is their software.

Now while it is technically very simple to defeat their decompressor, the real solution is to simply not use it at all when there are better tools around that are restriction free and work better, PeCompact being one of them. If you are really and truly conciencious and like doing messy complicated work, rewrite the UPX decompression stub and patch your own into the resulting EXE and you can do watever you like with it.

I have made the comment before that Jibz's compresion algo is better on asm sized exe file anyway so using PeCompact with Jibz's plugin will give you good results and with a lot of flexibility as well.

[Ehtyar]

Not to mention the fact that upx is compiled using commercial Libraries, so should you ever want to modify its source, you end up with an inferior program. Rubbish.

[hutch--]

i am going to ask a favour of all of the members who have posted in this thread, please keep it friendly or I will simply close the thread. Chewing other members ears is not really what this forum is about and we don't need any hassles in here.

Now as far as calling someone "lame", it is in fact a specialised area to achieve that takes a lot of work. Back in the days when I used to support the MASM32 project on IRC, you use to get hit a number of times a day by kids trying to con you into joining their cracking group as they all wanted anyone who cold actually write assembler to help them out.

Now there were a number of approaches that worked OK, quoting them the then current contract rate of $120 US an hour solved most of the problems for a while but it did not free you of being hit daily with requests so one of the guys who regularly floated around IRC had this piece of genius of creating a group that was so exclusive that you could not apply to join, you could only be nominated by an existing member.

The group was called "Old, Retired and Lame" or OR&L and its requirements were so lay back that its own IRC channel was taken over the day it was started and no-one cared. membership was for life, you did not have to write anything, publish anything or in fact do anything. The notification that you were a member was usually done with the C notation for decrement, thus "hutch" became "hutch--".

When a kid tried to recruit you into his cracking roup, all you had to tell them is you were already a life member of OR&L and they used to go away in hushed silence as the group had actiely recruited all of the older guys like Iczelion and most of the really smart young guys like Bill Tyler, Jeremy Collake and the like and it was amazngly successful in its original intention to stop you from being driven mad by kids wanting you to join their cracking group.

The trailing decrement "--" also solved another problem, there was once some cretin that had the audacity to use my "hutch" nick on IRC but with the addition of the "--" it was never a problem after that.  :bg

[Ehtyar]

Speaking of which, are there any good masm chans around anymore, i idle in #asm of efnet, but not many there still use masm, and a lot are linux people :(