The majority of the developers never pay attention to the
internal structure of the compiled projects. I know it. I did
not pay attention earlier too. But once I have had a look inside
EXE file of one of my programs... I was unpleasantly surprised.
After well-known phrase " This program must be run under Win32 "
and section names I saw a piece of the source code of one of my Pascal
units. It was approximately about 30 lines of the text with the declaration
of variables used in this unit. It was not pleasant to me: the part of
my source code has appeared in the EXE file. You see that there can be
inserted a piece of the code of algorithms of protection, for example!
An excellent gift for crackers! But program excellently worked.
I have decided to carry out further researches of the given program.
First of all I have found that the program for some reason ceases to
work after processing by exe-packer (UPX). It obviously specified that
something incorrect at an internal level of my program.
I have made search in the Internet and has found some mentions of similar
problems. In some conferences and newsgroups the appearance of strange trash
inside headers of the compiled files was discussed. There I have found
mentions of superfluous exported functions, which can be detected inside
some EXE files. I have decided to check up the program on presence of
exported functions. I was unpleasantly surprised the second time! My
program contained about 200 exported functions, though should not contain
any. Moreover, among these functions there were functions of registration
code checking to the program! Magnificent possibility for crackers!
After that I have understood, that it is necessary to carry out complex
research of several programs. It could help with definition of legitimacies
of appearance of such errors and specify path of struggle with them.
I have clarified some interesting things.
The trash in headers of PE files occurs when the compiler does not
clear memory before compilation. The trash can contain both simply random
set of bytes, and pieces of files from the disk. The trash occurs in main
at compilation of the projects on C ++ Builder.
Some compilers at compilation insert into the file unnecessary exported
functions. The part of such functions is required at debugging, but is
absolutely not necessary after. A typical example of such function is
__ CPPDebugHook, which is inserted by C ++ Builder compilers into any
project. If the Pascal VCL components or the Pascal units are used in
the program, the quantity of exported functions increases very fast.
I met programs of enough known developers, which contained more than
6000 exported functions.
Why it is bad? The list of exported functions can contain functions,
which intend only for internal usage (for example, function of encryption
and checks of the passwords). The plenty of exported functions is badly
handled by many exe-packers. For this reason my program ceased to work
after packing by UPX. The list of exported functions occupies the large
place inside your EXE file. For example, about 6000 functions occupy
approximately 600 KB.
I took the program with about 6500 exported functions. The size of the
program was 4.3 MB. After deleting all exported functions the file size
has decreased up to 3.7 MB. Then I used UPX. In the total it was possible
to reduce a size of the program up to 900 KB. It almost in 5 times is less,
than it was! And you see it entails decrease of the installation package
and enables to place in it more documentation and learning demos (for example).
I think that expediency of exploring programs after compilation now became
clear. Certainly, it is difficult to correct all above indicated bugs
manually. Therefore we developed the special tool which will help you
not only to correct bugs, but also to make some useful changes inside
yours PE files. This tool is called PE Corrector. More detailed
information you can find on our site (http://www.gigamindsystems.com).
Remember: probably, your product requires correction.