Written some cool source code? Upload it to Programmer's Heaven.
Search (Advanced Search)
Fixing compilation bugs inside PE files
By Alexander Gerasimov

The majority of the developers never pay attention to the internal structure of the compiled projects. I know it. I did not pay attention earlier too. But once I have had a look inside EXE file of one of my programs... I was unpleasantly surprised. After well-known phrase " This program must be run under Win32" and section names I saw a piece of the source code of one of my Pascal units. It was approximately about 30 lines of the text with the declaration of variables used in this unit. It was not pleasant to me: the part of my source code has appeared in the EXE file. You see that there can be inserted a piece of the code of algorithms of protection, for example! An excellent gift for crackers! But program excellently worked.

I have decided to carry out further researches of the given program. First of all I have found that the program for some reason ceases to work after processing by exe-packer (UPX). It obviously specified that something incorrect at an internal level of my program.

I have made search in the Internet and has found some mentions of similar problems. In some conferences and newsgroups the appearance of strange trash inside headers of the compiled files was discussed. There I have found mentions of superfluous exported functions, which can be detected inside some EXE files. I have decided to check up the program on presence of exported functions. I was unpleasantly surprised the second time! My program contained about 200 exported functions, though should not contain any. Moreover, among these functions there were functions of registration code checking to the program! Magnificent possibility for crackers!

After that I have understood, that it is necessary to carry out complex research of several programs. It could help with definition of legitimacies of appearance of such errors and specify path of struggle with them. I have clarified some interesting things.

The trash in headers of PE files occurs when the compiler does not clear memory before compilation. The trash can contain both simply random set of bytes, and pieces of files from the disk. The trash occurs in main at compilation of the projects on C ++ Builder.

Some compilers at compilation insert into the file unnecessary exported functions. The part of such functions is required at debugging, but is absolutely not necessary after. A typical example of such function is __ CPPDebugHook, which is inserted by C ++ Builder compilers into any project. If the Pascal VCL components or the Pascal units are used in the program, the quantity of exported functions increases very fast. I met programs of enough known developers, which contained more than 6000 exported functions.

Why it is bad? The list of exported functions can contain functions, which intend only for internal usage (for example, function of encryption and checks of the passwords). The plenty of exported functions is badly handled by many exe-packers. For this reason my program ceased to work after packing by UPX. The list of exported functions occupies the large place inside your EXE file. For example, about 6000 functions occupy approximately 600 KB.

I took the program with about 6500 exported functions. The size of the program was 4.3 MB. After deleting all exported functions the file size has decreased up to 3.7 MB. Then I used UPX. In the total it was possible to reduce a size of the program down to 900 KB. It almost in 5 times is less, than it was! And you see it entails decrease of the installation package and enables to place in it more documentation and learning demos (for example).

I think that expediency of exploring programs after compilation now became clear. Certainly, it is difficult to correct all above indicated bugs manually. Therefore we developed the special tool which will help you not only to correct bugs, but also to make some useful changes inside yours PE files. This tool is called PE Corrector. More detailed information you can find on our site, Gigamind Systems.

Remember: probably, your product requires correction.

About the author
Alexander Gerasimov is a software developer from Gigamind Systems.
He has programming experience of C++ Builder, HTML, PHP, etc.

 

Other Views

Printer Friendly
corner
Home About PH Privacy Statement Contact Us Advertise Here
Popular resources and forums for programmers on Programmersheaven.com
Assembly, Basic, C, C#, C++, Delphi, Java, JavaScript, Pascal, Perl, PHP, Python, Ruby, Visual Basic
© Copyright 2009 Programmersheaven.com - All rights reserved.
Reproduction in whole or in part, in any form or medium without express written permission is prohibited.
Violators of this policy may be subject to legal action. Please read our Terms Of Use and Privacy Statement for more information.
Publisher: Lars Hagelin. Read the latest words from the publisher here.
Be the first to sign up for Lars Hagelin’s In-depth Outsourcing Newsletter here.
bootstrapLabs Logo A bootstrapLabs project.