In order to facilitate advanced functionality of many types, PECompact
supports API Hook plug-in. An API Hook plug-in is a piece of code that is
invoked at runtime by the PECompact loader (decompression stub) attached to
compressed modules. This plug-in type is given the capability to hook API
imports, hence its name. As with CODEC plug-ins, any number of
API Hook plug-ins included with PECompact:
| Name |
File |
Description |
API Redirect
|
pec2hooks_redirect.dll |
This plug-in inserts a dynamically allocated shim
between an API call and the API function itself. This aids in making
rebuilding of the import table after a module dump more difficult
(protection against reverse engineering). [ retail version only ] |
| IsPacked API |
pec2hooks_ispacked.dll |
This API hook allows for an application to test whether it is still
packed or not by communicating with the PECompact loader. See the
Using the API Hook Plug-in
documentation for code snippets showing how to use this plug-in.
|
| Fast import |
pec2hooks_fastimport |
This is a custom implementation of GetProcAddress that
uses hints to increase the speed of processing host module import
tables. It performs a binary search and has full support of forwarded
exports. The source code to this plug-in is included with the PECompact
distribution. Programs that import the undocumented kernel32 ordinal
37 (or other ordinals) should use this plug-in since GetProcAddress will
fail for ordinal imports in win9x. PECompact automatically uses this
plug-in when such a case is found, so no action needs be taken by the
user/ |
|