Iíve been experimenting with the undocumented compression APIs and extending the NTCompression object that finally results in a skeleton application for a single file compressor decompressor. The file compression methods are located in the NTFileCompressor object that derives from NTCompressor.
The file format I choose looks like

4 bytes    Signature
4 bytes    Uncompressed Data Size
? bytes    Compressed Data

And the Compressed Data is build from

? bytes    Original file name (zero terminated string)
? bytes    File data

The Compress method has an optional parameter that is the file name of the compressed data. If provided and this file does exist, it is overridden. If not provided, the method replaces the file extension (if it exists) with .nfc. Now, if this file does exist, a new file name is created to preserve the original. The new file name is the original plus _xxxx.nfc, while xxxx is a cumulative hex number.

The Decompress method has 2 optional parameters. The first one is the name of the saved uncompressed file. If not provided or NULL, the original file name saved in the compressed stream is used. If the file just exists, it is overridden. The second parameter is a pointer to a variable that receives a pointer to the file name string used to create the uncompressed file.

This is only an experimental code, but can be used in many ways in a bigger application.



Posted on 2006-05-25 12:54:56 by Biterider
General notice:
I've been tinkering with a file compressor for executable files only.
It uses Biterider's core NTCompressor object along with my own PEFile object to compress the FileSections of the PEFile, add some small code to decompress them at execution-time, and manipulate the original PE Header to accomodate the changes.
Important note: no sections are added, the original sectiontable, import table etc remain totally intact.. all that changes is the raw data in each section is compressed, the compressed sections are written at filealignment to actually compress the file (plus small stubcode added to the codesection), the section descriptors are modified to suit the new file offsets, and the entrypoint is altered to point to the stubcode, which decompresses each section and jumps to the Original Entrypoint.
I'm about 80% done with this demo, I'll post it when I'm finished, and presuming that nothing goes wrong, I expect PEFile to be added to the next version update of OA32.

Note : PEFile is derived from Biterider's DiskStream object.
Posted on 2006-06-10 02:52:44 by Homer
Currently, my 'self-unpacker stubcode' is coming in at a rather chunky 1064 bytes, and theres still a small amount of code missing from it.. I think I can get that down a lot more with a little effort, for example by wrapping some common macros as procs and making some general optimizations to the code.
As soon as I have a working demo, I'll post the source for both the compressor app and the unpacker stub for public scrutiny :)
Posted on 2006-06-10 12:21:08 by Homer