Programs for Compression and Encoding

by Sylvester Douni.
Share
|
Homepage | Submit your article | Contact | TOS
More articles on data compression  

You are here: Categories » Computers and technology » Data compression

Compressing or encoding programs is an excellent way to add additional product protection . One advantage of compressing a program is that the program must be uncompressed before it can be changed. Also , better compression programs complicate program debugging , and , of course , you cannot disassemble a compressed file. (While it may still be possible to create a loader that will change the program code directly in memory once the program has been decompressed, no well-protected program should allow anything like this.)

Compressing all of a program's files makes it difficult to change things like text, but compressed programs will run a bit more slowly than uncompressed ones (though the performance hit with a good compression program will be insignificant.) Rather than compress all of a program, you can compress executables only —this will not slow the program down at all , though start -up will be slightly slower (because compressed programs are decompressed in memory during start-up).

When deciding whether to use compression, find out whether there is a decompressor for the particular compressor you want to use. If so, don't use it. For example, while PKLITE is the best compressor for EXE files in DOS, there are many decompressors. Your best bet, of course, is to create a new compressor. Still, most programmers will use the preprogrammed ones, so we'll take a look at a variety of compression and encoding programs for executables, as well as some other types of commercial protection.

aPLib

aPLib is a commercial compression library for programmers who want to compress data in their programs, created by the great programmer Joergen Ibsen. aPLib is used by many compression programs for executable files because it is one of the best products in the field.

ASPack

ASPack (http://www.aspack.com) is a compression program for EXE, DLL, and OCX files. It is easy to use, even for less-experienced users. On the other hand, more-experienced programmers may not like it because the program menu doesn't offer many options.

You cannot select maximum compression in the unregistered version of ASPack ASPack's decompression routines contain several jumps that are designed to confuse a cracker but which really present problems only for the inexperienced ones. For example, ASPack's decoding routine contains only a few anti-debugging tricks. If a file is loaded into SoftICE's Symbol Loader, the program will not stop at the beginning. However, once you find the beginning of the program, insert INT 3h or an equivalent there, and set the breakpoint to this INT, then run the program, it will stop right at the beginning. Or, you can load the program into ProcDump and change the characteristics for the .text section. Here you will probably find C0000040; change that to E0000020 and the program should always stop at the beginning in the SoftICE loader.

To remove ASPack, all you need is a special decompressor, though you can also create a loader that will change the program code directly in memory. (ASPack has no protection against anything like that.) I have even seen a program on the Internet that makes it possible to create these patches for ASPack.

ASPack's Option menu contains the following items:

• Compress Resources Compresses resources along with the program.
• Create Backup Copy (.bak-file) Creates a copy of the compressed file.
• Auto Run After Loading Compresses the program automatically as soon as it is loaded.
• Exit When Done Closes ASPack once a program has been compressed.
• Max Compression Compresses the program as much as possible.
• Use Windows DLL Loader Uses the Windows DLL loader (this is important if you have an old Borland C++ linker).
• Preserve Extra Data Preserves extra data located after the end of a file. (This mostly concerns files with overlay data.)
• Add Into Context Menu Adds an ASPack item into the Explorer menu. If you right-click on a file, you can immediately compress it with ASPack.
• Section's Name Specifies a section name for the decompressor data in the compressed file (this is a kind of author's mark).
• Language Sets ASPack's language.

ASPack is a very good compression program, but it needs to be toughened up with more anti-debugging tricks. On the other hand, because its decompression routine doesn't contain any incompatible operations, it shouldn't cause problems with most programs, and it does offer very good compression.

In recent versions, the ASPack programmers have focused on dumping the program from memory in an effort to protect the import table as much as possible. They seem to have forgotten, though, that without good antidebugging tricks and anti-disassembling macros, it is very easy to trace and view the ASPack code, so it will not take long before a new decompressor appears.

• Test file compression: 486,400 bytes (using an unregistered version of ASPack with maximumcompression option turned off)

• Decompressors: ProcDump and UnASPack

Ding Boys PE-Crypt

Ding Boys PE-Crypt is another commonly used executable file encoder. It's particularly interesting because it implements anti-debugging tricks designed to make it impossible to run an encoded program when a debugger is present in memory. The creator's radical solution to this problem is also interesting because the program will freeze without warning if a debugger is in memory. Still, the program's encoding isn't too difficult, and it's no surprise that there is a decoding program freely available on the Internet.

The decoding routine in Ding Boy's PE-Crypt is clearly intended to make manual decoding annoying and time consuming. For one thing, it uses loops that only ever decode the following loop. Also, every loop decodes only 29 bytes, and each contains anti-debugging code, which means that the cracker has to remove this code from each individual loop. Manual decoding would therefore take several hours. (Of course, if you use a decoder, it will take only a few seconds.)

Once you run the program, you will see a menu from which you can select several encoding functions, as discussed in the list below. At the top you'll see a field where you can type a path to the program that you want to encode, or you can click Open and browse to the program. Use Run to start the program.

Start Message Sets a message that will appear when the program starts.

Restrictive Date Sets a date on which the program will expire. (It is surprising that you can set only months.)

Restrictive Times Sets how many times the program can be run.

Restrictive Message Setting Specifies a message to appear after one of the time limits expires. Pass Word Sets a password that will always be required to run the program.

Register Key Sets a registration number for the program. (Ding Boy's PECrypt supplies you with a program that will calculate such a number for you.)

Password. Register Message Setting Sets the text of a message that will appear after an incorrect password or registration number has been entered.

Ding Boy's PE-Crypt is definitely one of the better encoding programs and, because it is not too widely used, it may be more effective against crackers. Manual decoding of PE-Crypt-encoded files is both difficult and very time consuming, though who knows whether decoders will really have a problem removing Ding Boy's PE-Crypt.

Note Ding Boy's PE-Crypt's universal functionality is diminished by the fact that it cannot be
used under Windows NT, Windows 2000, or Windows XP. Also, while the program itself is in English, its documentation is in a language unknown to me, which may be a problem for many users.

• Test file compression: 1,729,553 bytes
• Decoder: Undbpe

NeoLite

NeoLite (http://www.neoworx.com) compresses executables including EXE, DLL, and OCX files. While the compression level is very high, the authors forgot to protect against unwanted decompression. In fact, the program itself can decompress files compressed by NeoLite, and the only way to safeguard against this is to select maximum compression.

I didn't manage to find any protection against debugging in the decompression routine. The only protection I did find was a set of changes in the PE header for the .text section: The program will immediately start running in the Symbol Loader for SoftICE.

The program itself contains many functions for compression tuning and should therefore be considered a good professional compression program when protection against decompression isn't that important.

To begin using the program, choose the program you want to compress. After clicking Next, you can set several options on the next screen:

Information Clicking this button will display information about the structure of the file that you chose to compress.

Create .BAK Backup File Makes a backup copy of the compressed file.

Overwrite Existing Output Files Overwrites a file with the same name if one is found.

Update Time & Date Stamp Sets the current date and time in the compressed file. By default, the date and time are the same as those in the file that is being compressed.

• Use Quick Compression Method Enables a quick compression method that is less effective but which speeds up the decompression and subsequent starting of the program.

Force Executable Compression Compresses a program even if NeoLite can't manage to shorten a program's length. The default behavior is for NeoLite not to perform any compression in this situation.

Compress Compresses the program, but it will be possible to decompress the program with NeoLite.

MaxCmp Compresses the program with maximum compression, and it will not be possible to decompress the program with NeoLite.

Change Advanced Settings Settings for advanced users.

Advanced Compression Options

The program offers a series of advanced options as follows:

Icons

This section sets the options for handling icons.

Compress All Icons Compresses all icons. It is recommended only for DLL files.

Compress All Except 1st Icon Group This is the default setting because Windows Explorer uses the first icon group for displaying files. (If these icons were compressed, the files would not be displayed correctly.) Do Not Compress Icons No icons will be compressed.

Preserve Data

Determines whether extra data that may be located in the so-called overlay will be compressed.

Don't Preserve Extra Data All extra data is ignored and removed from the final compressed file. Preserve Extra Data at End of File All extra data is located after the end of the file is preserved. Preserve Extra Data at End of PE Image All data is located after the PE image is preserved.

NeoDataSim without Compression Extra data will not be compressed. This is a model developed by the authors of NeoLite for preserving extra data.

NeoDataSim with Compression Extra data will be compressed. This is the default setting, and is a model developed by the authors of NeoLite for preserving extra data.

Other Resources

This section includes settings for compressing resources in files.

Compress Bitmaps Compresses all images. This is a default setting.

Compress Cursors Compresses all cursors. This is a default setting.

Compress Other Resources Compresses all other resources. This is a default setting. Miscellaneous

These are some other settings for the program.

Do not compress Import Table data Does not compress the Import Table data.

Compress non-ordinal Import Table data Enables the program to locate imported functions that use only numbers as names, which is not common. If a program prints out the message "Unable to locate exported function # <ordinal > in <DLL name >" after compression , switch this function on before compressing it.

Compress all Import Table data Ensures that all data in the Import Table is compressed. This is done by default.

Preserve EXE Relocation Information Preserves all relocation information in the file.

Thunk EXE exports Adds a code into the decompressing routine code that deals with EXE files that set export function values, before running the main function itself. (This doesn't affect DLL files.)

NeoLite is one of the best professional compression software packages. However, as far as compression itself is concerned, it isn't that good at protecting against decoding and debugging. I would recommend NeoLite to professional programmers who care about the size of a file but who are not particularly concerned about security, and I hope that future versions will contain some protection.

• Test file compression: 646,577 bytes
• Decompressor: ProcDump

NFO

NFO is a very simple encoder for PE files that doesn't allow you to set parameters before file encoding. Files are only encoded and optimized, which shortens their length slightly, but they are not compressed. (Unfortunately , the programmers didn't take Windows NT , Windows 2 0 0 0 , and Windows XP into consideration, and an encoded program will not run under these operating systems.)

The decoding routine is well programmed and, at first sight, appears hard to debug because it contains many anti-debugging and anti-disassembling tricks. Still, you can easily find a decoder for this encoder on the Internet.

• Test file compression: 1,583,104 bytes
• Decompressor: unNFO

PECompact

PECompact from Collake Software (http : / /www .collakesoftware .com ) is compression software for executable files. It was created by the excellent programmer Jeremy Collake and works with EXE, DLL, and OCX files.

The entire program is written in assembler and uses two compression libraries for compression: aPLiB is the first of them , and it is one of the best compression algorithms. The other library , JCALG1, was programmed by Jeremy Collake. Unlike aPLiB, it is open source, and you can use it for free.

I was surprised to discover that if you use maximum compression, JCALG1 compresses even better than aPLiB (though compression does take quite a long time). Loading compressed files will take about the same time with both libraries.

The software's design is really very practical. You set the compression level by means of a simple volume control, and then choose the type of program you want to compress. The advanced configuration item contains a detailed menu where you can set many switches, including settings for compression optimization, whether the decompressor in the file should be optimized for size or speed, which resources will be compressed, and other settings. (You can find detailed descriptions of the settings in the documentation.). PECompact's menu is a slightly larger one than those of other compression programs Another wonderful PECompact feature is its ability to use plug-ins. It supports plug-ins for encoding, decoding, post, and GPA and contains short examples that are easy to modify. For example, the post plug-in adds a message at the beginning of the program, which may be useful for an author's shareware.

I was slightly disappointed, however, in how easy it was to remove PECompact. The developer claims in the documentation that the program will complicate debugging, but I don't think is very true because I didn't find any anti-debugging tricks (which means it isn't difficult to debug). Otherwise, this is one of the best compression programs. If you need a high compression ratio and you don't care that the compressor may be easily removed, PECompact is a great choice.

• Test file compression with JCALG: 526,336 bytes
• Test file compression with aPLIB: 537,088 bytes
• Decompressors: ProcDump and tNO-Peunc

PELOCKnt

PELOCKnt is one of the older but still among the best encoding programs for executable files. The Marquis de Soiree demonstrated considerable programming skills here. Debugging a program protected with PELOCKnt isn't easy at all, because it contains many anti-debugging tricks and the whole code is full of anti-disassembling macros. You can set several program switches, including: Don't waste your time looking for a classic 32-bit-application graphic display in PELOCKnt

-A1 Sets protection against breakpoints on API calls used by the program. This protects only against normal breakpoints, and debug breakpoints will not be discovered.

-V1 Sets 32-bit antivirus protection, which prevents program modification and protects against breakpoints. (Again, though, it discovers only classic breakpoints.)

-K Provides protection against a ProcDump-type decoder.

-Wx Lets you set an action in case SoftICE is found. You can select from three options: show a window, end the program, or crash the program.

PELOCKnt doesn't perform any compression, and the resulting code is thus even slightly larger than the original. This is a pity, because even if the compression algorithm wasn't the best, it would drastically shorten the length of the program. On the other hand, PELOCKnt's file starts very quickly.

It has been some time since the last version of PELOCKnt appeared, and a decoder has, naturally, appeared in the meantime. Unfortunately, it seems that PELOCKnt is currently a dead project. This is unfortunate, since it truly is a good program.

• Test file encoding: 1,703,936 bytes
• Decoder: PEUNLOCK-NT

PE-Crypt

PE-Crypt is a great example of what can happen when two of the best crackers get down to writing protective software.

I encountered something like this for the first time in DOS when virus creators tried to protect their works in this way against debugging and against heuristic analysis. These systems are based on a simple principle but are very difficult to program. Only a skilled assembler programmer will succeed, and such a person must know the PE file structure perfectly. There aren't many people who know both of these fields really well.

The whole file is either encoded or compressed . At the beginning , there is a routine that decodes (decompresses) the file. This opening routine is very interesting, since any fool who knows something about PE-Crypt will try to trace it. What is so interesting about it? The answer is very simple: The routine doesn't make any sense at all. I have managed to decode several programs encoded by PE-Crypt, but this work requires tremendous patience.With PE-Crypt you have to think twice about which items to select in the menu before encoding an application

Here's a short example of PE-Crypt. 

Address	Instruction Code	Instruction	Explanation
   15F:42900F	85C0	test eax,eax 
   15F:429011	7302	jae 429015	;jumps to address
   429015
   15F:429013	F70550E808000000EAFF	test dword ptr [8E850], FFEA0000 
   15F:42901D	58	pop eax 
   15F:42901E	E818	jmp 429038	;we will follow the
   program's
   ;correct branch
   15F:429020	EB01	jmp 429023 
   15F:429015	50	push eax 
   15F:429016	E808000000	call 429023	;immediately jumps
   farther
   15F:42901B	EAFF58EB18EB01	jmp 0lEB:18EB58FF	;this code is wrong
   15F:429022	0FEB02	por mm0, [edx] 
   15F:429025	CD20	int 20 VXDCaII CDEA,03EB 
   15F:429023	EB02	jmp 429027	;jumps immediately
   15F:429025	CD20	int 20 VXDCaII CDEA,03EB	;this code is wrong
   15F:42902B	205840	and [eax-40].bl 
   15F:42902E	EB01	jmp 429031 
   15F:429027	EB03	jmp 42902C
;immediately jumps farther 
15F:429029	EACD205840EB01	jmp 01EB:405820CD	;this code is wrong
   15F:429030	8B40EB	mov eax,[eax-15] 
   15F:429033	0236	add dh,[esi] 
   15F:42902C	58	pop eax 
   15F:42902D	40	inc eax 
   15F:42902E	EB01	jmp 429031	;jumps farther
   15F:429030	8B40EB	mov eax,[eax-15]	;this code is wrong
   15F:429033	0236	add dh,[esi] 
   15F:429035	8350C356	adc dword ptr [eax-3D],56 
   15F:429031	40	inc eax 
   15F:429032	EB02	jmp 429036	;jumps farther
   15F:429034	368350C356	adc dword ptr ss:[eax-3D), 56	;this code is wrong
   15F:429039	57	push edi 
   15F:42903A	55	push ebp 
   15F:429036	50	push eax	;saves an address of
 
the jump ;for ret 
15F:429037	C3	ret	;jump to an address
   in the eax
   ;register
   15F:429038	56	push esi	;the program will get
   here
   ;later
   15F:42901D	58	pop eax 
   15F:42901E	EB18	jmp 429038	;jumps farther
   15F:429020	EB0l	jmp 429023 
   15F:429022	OFEB02	por mm0,[edx] 
   15F:429038	56	push esi 
   15F:429039	57	push edi 
   15F:42903A	55	push ebp 
   15F:42903B	50	push eax 
   15F:42903C	E808000000	call 429049	;jumps farther; this
   code is
   ;wrong
   15F:429041	EC	in al,dx 
   15F:429042	FF58EB	call far [eax-15] 
   15F:429045	18EB	sbb b1,ch 
   15F:429047	010F	add [edi],ecx 
   15F:429049	EB02	jmp 42904D	;immediately jumps
 
farther 
15F:429048	CD20	int 20 VXDCaII CDEC,03EB	;this code is also
 
wrong 
15F:429051	205840	and [eax-40],bl

As you can see in the preceding example, PE-Crypt doesn't produce an easy survey at all.

I tried to apply PE-Crypt to a 4KB program. After encoding, the program was 35KB, meaning that the decoding routine takes about 30KB. Tracing such a routine would take an unbearably long time, which is bad news for those who would like to try it.

If PE-Crypt is traced or stopped by an API call breakpoint, it causes an error and the program will not run correctly. (PE-Crypt is protected by various anti-debugging tricks.)

It is possible to place anti-SoftICE routines into the program code, and rather difficult to discover them when a new and smart code is used. If a programmer takes care of other problems as well, he can rest assured that even the best crackers will spend endless hours or days on his work. Even if a cracker manages to get past all the protective software and find a place to make changes, he hasn't won yet.

When a file is encoded or compressed with PE-Crypt, you can't make a direct change to the program code. Your only choices when working with the file are to:

• Manually remove PE-Crypt from the file.
• Create a loader (a memory patcher).

Manual Removal

Manually removing PE-Crypt from a file is difficult, and it's very easy for a cracker to make a mistake. I don't want to claim that it is impossible, because there are people who have managed to do it. If you want to try it, I recommend using a less well-known debugger called TRW instead of SoftICE.

Another, much better, possibility is to use a PE-Crypt remover (such as Bye PE-Crypt). Once PE-Crypt has been removed, making changes in the protected application's code will not be a problem.

Creating a Loader

In order to create a loader you need to write a program that will run the compressed file, decompress it in memory, and then make changes directly in the memory.

You will have trouble if API hooking or anti-memory-patch functions were switched on before encoding. In these cases, PE-Crypt will try to prevent the loader from making code modifications. This function isn't very popular, though, because it isn't compatible with Windows NT, Windows 2000, or Windows XP. However, if a programmer is sure that his product will not be used under Windows NT, Windows 2000, or Windows XP, he may use these functions.

PE-Crypt Options

PE-Crypt offers a lot of options in its Options menu:

• Create Backup File (*.sav) This creates a backup of the original file.

• Virus Heuristic This inserts a heuristic routine into the file for antivirus and anti-change protection. Resource Compression/Encryption/Ignoring:

• Compression This uses LZW compression to compress the resource part, and it leaves icons and other information concerning the version of the program alone.

• Encryption This encodes the resource part while leaving icons and other information concerning the version of the program alone.

• Ignoring This function makes PE-Crypt ignore the resource part. This function is necessary when encoding fails or when the icons aren't correct.

Relocation Encryption 12-Bit/16-Bit/Relocation Packing:

• Relocation Encryption 12-Bit or 16-Bit This will encode relocations (Fix-up Table) of the PE file and will add the Relocation-Loader.

• Relocation Packing This compresses relocations (Fix-up Table) of the PE file by means of DELTA compression and the LZW routine.

• Anti-Debugging Procedures This adds anti-debugging tricks for SoftICE that are compatible with Windows 9x and Windows NT.

• Enable Hooking of API Function This enables a protective device against program-code changes in the memory. After you switch this function on, you will see a window with API calls in which you can select the API calls used by your program.

• PE-Crypt allows CRC warnings. With this function enabled, a CRC test of the code part of the program is performed with every API call that was selected. You shouldn't set API-hooking on frequently called APIs, or on API functions that are located in time-critical sections of the program. Problems under Windows NT, Windows 2000, and Windows XP could occur with these settings.

• Erase PE Header This will delete the program's PE header after the program has been started. This function won't work with Windows NT, Windows 2000, or Windows XP, or after compilation with some compilers.

• Disable TLS Support This switches off the internal TLS support of PE-Crypt. You only need to switch this function on when the program doesn't run after encoding.

• Import Hiding This adds protection against generic decoders, such as ProcDump or GTR95. You have to test it, though, since some programs don't want to run with this function enabled.

• Anti-Memory Patch This is similar to the Enable Hooking of API function. It also protects against changes in the program code. In contrast to the enablehooking function, this one is focused on threads. It may not work with Windows NT, Windows 2000, or Windows XP.

• Anti-Breakpoints This function switches on protection against breakpoints with API calls in SoftICE (bpx API, bpm API). It may not work in Windows NT.

CRC Warnings:

• Display Window on CRC Error If PE-Crypt encounters a CRC error (such as when the program code has been changed) it will display an error message.

• Hang-up on CRC Error The process will freeze in case of a CRC error.

PE-Crypt Summary

PE-Crypt was probably the best product in program protection until its decoder Bye PE-Crypt appeared. While PE-Crypt was successfully used with Settlers 3, for example, there's not much point in using it today because it can be removed so easily.

NoteThere is one other version of PE-Crypt that is used by some cracker groups. This is a slightly
different version, and you cannot remove it with Bye PE-Crypt. Unfortunately, it is only for internal use of the group and therefore is not accessible to the general public.

I don't want to damn PE-Crypt here. You can still use it, and the less experienced crackers will have a tough job removing it. Unfortunately, there don't seem to be any hints of a new version in development.

• Test file compression: 864,256 bytes
• Test file encoding: 1,052,672 bytes
• Decompressor: Bye PE-Crypt

PE-SHiELD

At this writing, PE-SHiELD is probably the best encoder for executable files, even though the current version cannot encode DLL files (parts of it are incompatible with them). On the other hand, because PESHiELD won't decode DLLs, it's safe to use to encode EXE files.

ANAKiN, PE-SHiELD's creator, is clearly at the top of his field and he created many of the anti-debugging routines that are now commonly used. (You can reach him at anakin@rockz.org.) In fact, it took almost a full year for a decoder to appear. The program is so good because its decoding is polymorphous, meaning that it changes with each new encoding, just like a virus. This polymorphous characteristic makes it impossible to find where the encoding ends or where any other orientation points.

The only way to correctly decode files encoded with PE-SHiELD is to analyze the code with heuristics to determine each particular instruction's function (this is precisely how the PE-SHiELD decoder works). While people have attempted to decode PE -SHiELD using ProcDump , they have failed because PE-SHiELD contains many protections against tracing in general, and ProcDump in particular.

PE-SHiELD contains many anti-debugging tricks that make debugging nearly impossible. For one thing, it checks all API calls on the breakpoints located in the Import table. It deletes debug breakpoints while running, and thus renders debugging programs useless.

I am not sure whether ANAKiN was the first to use heuristic API calls, but PE-SHiELD masters this method very well indeed. The program heuristically analyzes its opening before the API call, since its opening changes with various Windows versions. As such, it can start the API code elsewhere, omit the beginning of the API service , and jump to someplace like MessageBoxA + 8 , thus bypassing possible debug breakpoints for API calls.

Another great PE-SHiELD feature is its ability to optimize a file with the -r switch. Files optimized in this way, while not encoded, will be optimized in the best possible way. In my view, PE-SHiELD is absolutely one of the best optimization tools.

At this writing, ANAKiN is working on a new version of PE-SHiELD that should offer completely rewritten code, not a mere update or error correction (there are almost no errors to correct anyway). Considering ANAKiN's abilities, I can say with some certainty that the new version will be a hard program to break.

PE-SHiELD is shareware that may be used for private purposes for free. (The unregistered version is fully functional.) The encoded file shows that it was encoded with an unregistered version, along with other information.

• Test file encoding: 1,622,016 bytes
• Decoder: UnPEShield

Petite

Petite is also commonly used to compress executables, most often together with SecuROM. Before compression begins, you can set the classic ratio of speed to quality for the compression, though there aren't many additional options. Petite is supplied with a graphical interface that makes working with it easier If you choose maximum compression, the process may take up to several hours to complete for longer files , and the results aren't that great . ASPack and similar programs are faster and offer a better compression ratio, even when they are not set for maximum compression.

Petite's decompression routine isn't very well protected against debugging, and it can be manually decompressed. While at this writing there was not yet a decompressor for the current version, 2.2, this version isn't very different from version 2.1, so it probably won't be long before a decompressor appears.

• Test file compression: 538,490 bytes
• Decompressor: ProcDump

Shrinker

Shrinker, from Blink Inc. (http://www.blinkinc.com), is a rather expensive commercial compression tool. The latest version is over two years old, which suggests that it isn't in continuous development. This is a pity, because Shrinker offers pretty good compression and it is still usable. It also contains some good anti-debugging tricks.

The program interface is similar to ASPack's and is very easy to use . You can set the speed-to-compression ratio with a sliding bar, and most of its other settings should be familiar to you.

• Test file compression: 723,456 bytes
• Decompressor: ProcDump

UPX

UPX (http://upx.sourceforge.net) is a wonderful, free (GPL'd) compressor for executables that ranks among the best. There are versions for DOS, Linux, and Windows, but we'll focus only on the Windows version here because it's the most commonly used.

UPX's lack of a GUI may be a disadvantage these days, but one talented individual has created a GUI for it. Personally, I don't miss the GUI, though there is also an official UPX GUI in the works.

Because UPX was beta tested for almost two years, it's likely that any major faults have been removed and that your programs will work correctly after compression . My tests rank UPX as the second best compression program, after ASPack. While its compression routine takes a bit longer to run, the results are very good. Still, it is very hard to say which PE Compressor is the best. For some files, UPX is better than ASPack, but for others it is the reverse.

Unfortunately, UPX is much too easy to remove because it doesn't seem to contain any anti-debugging tricks or other protection. Programs compressed by UPX can even be decompressed with UPX, simply by setting the -d switch (though the current version may not always decompress programs compressed with older versions, probably due to changes in the compression algorithm).

The creators of UPX have done an excellent job, and they may even be able to defeat ASPack with future versions. They should consider developing a higher level of protection, however, to make the program even more useful.

• Test file compression: 496,128 bytes
• Decompressor: ProcDump

WWPack32

The latest version of WWPack32 (http://www.webmedia.pl/wwpack32) is disappointing. Its compression isn't very good (certainly nowhere near as good as ASPack's), though the program looks good. The environment is fine and compression is really easy, but you cannot set many options, including the compression-to-speed ratio.

In the main window, you'll see a directory like those in Windows Explorer. Select the files you want to compress, and click the compression icon. WWPack32 does the rest.

WWPack32's environment makes it easier to compress more files at a time I don't recommend WWPack32 for software protection because its compression isn't that great and it's not hard to remove. Also, it has no anti-debugging tricks, and the anti-disassembling macros are very poor—they can only prevent disassembling in WinDasm. While at this writing there was no decompressor for WWPack32, it will certainly come soon.

• Test file compression: 823,808 bytes
• Decompressor: Currently none

Share
Leave a comment or ask a question
Total comments: 0

Data compression Disclaimer

  • The e-articles directory is not responsible for any and all copyright infringements by writers and authors. If you suspect the information contained by this page for any copyright infringements, please contact us to investigate the issue
Hardware Compression - Some hard disk manufacturers have investigated device-level compression into some of their products. This technology moves the compression coprocessor from an expansion board to the disk drive. (more...)
File Compression and Archiving Systems - Compression has proven to be such a valuable technology that it is used in other ways besides increasing disk storage. For example, advanced modem protocols often include data compression to inc (more...)
New Technology File System (NTFS) - Windows NT and newer versions offer two choices for file system, the same old FAT-based system used since time began, as enhanced for Window 95, and its own Windows NT File System, usually terme (more...)
Best Bluray Solution for Windows Movie Maker Users - Recently Microsoft released Windows Movie Maker 2.6 for vista users. But you still cannot edit your latest Blu-ray movies like Avatar, The Dark Knight, Alice in Wonderland directly with this softwa (more...)
How to Enjoy Bluray Movies on Windows Movie Player - Have you ever heard about the latest Blu-ray movies, such as Avatar, The Dark Knight, Alice in Wonderland? Do you want to enjoy the perfect effect it brings to you? However, you can afford the Blu- (more...)
Email Archiving in Outlook: Merge PST Archive Files - Email Archiving in Outlook – Wonderful Feature: An archive file in Microsoft Outlook emailing application is a PST file that has the collected email data (including attachm (more...)
How to convert MKV to AVI format - Summary: This guide is about how to convert MKV to AVI format with MKV to AVI Converter. Here I am very glad to share this guide with more friends who like to convert MKV (Matroska Video (more...)
Data Compression and Error Control - Data compression results depend on the type of data being compressed. Some types, such as ASCII files, can be compressed quite a bit. Other types of data can compress only a little. Even though (more...)
 
free content
    Copyright © 2006 - 2012 e-articles.info.
The texts, articles and tutorials in the directory are property of their respective owners and authors.