PECompact Documentation

PEHideText


This PE tool encrypts/obfuscates marked strings so that even in the decompressed virtual image they are not in their plaintext form. At runtime, when these strings are referenced, an application must use special functions to retrieve the plaintext version of the strings.

To mark strings for encryption, you must prefix them with one of the following strings (see PEHT.H for C++ definiions).

For multi-byte (ascii) strings, prefix with "peh0001a" defined as PEHT_ENCRYPTION_MARKER_A.
For wide-character (unicode) strings, prefix with "pe0a" defined as PEHT_ENCRYPTION_MARKER_W.
For TCHARs (compile time decision between ascii/wide char), use PEHT_ENCRYPTION_MARKER_T.

PEHideText should then be run on the uncompressed application so that it can encrypt/obfuscate these strings.

Applications should link with PEHTLIB.LIB (in PECompact folder), using the functions from it (see PEHT.H for C++ prototypes) that correspond to the type of string (multi-byte or unicode) that they are referencing:

TCHAR *GetEncryptTextT(TCHAR *ptszText) For TCHAR, where the character width can be changed by #defs.
wchar_t *GetEncryptedTextW(wchar_t *pwszText) For wide-character (unicode) strings.
char *GetEncryptedTextA(char *pszText) For multi-byte (ascii) strings.

It does not hurt to call a function multiple times to retrieve a pointer to the plaintext version of the same string. The same pointer will be returned each time, but decryption will only occur once (unless cleanup/free functions below are called between invocations).

If you wish to free a single decrypted string from memory (as opposed to all at once via FreeAllDecryptedTexts), then you should use the functions:

bool *FreeEncryptedTextT(TCHAR *ptszText) For TCHAR, where the character width can be changed by #defs.
bool *FreeEncryptedTextW(wchar_t *pwszText) For wide-character (unicode) strings.
bool *FreeEncryptedTextA(char *pszText) For multi-byte (ascii) strings.

Important: The original pointer to the encrypted string should be passed to these functions, not the pointer retrieved by the GetEncryptedText functions!

Before your application exits, it should call the following to clean up dynamically allocated memory:

void PEHTCleanup();

 
C++ Example:

#include <stdio.h>
#include <tchar.h>
#include "peht.h"

...

TCHAR *ptsz1=PEHT_ENCRYPTION_MARKER_T _T("This string is encrypted.");
_tprintf(_T("The text is: %s"),GetEncryptedTextT(ptsz1));
PEHTCleanup();                // frees all decrypted text buffers
//or FreeDecryptedTextT(ptsz1); // to free only the ptsz1 string.
 

Link with PEHTLib.lib.

 

 
Need assistance? We'll work with you to implement this technology for $50 an hour. Typically it takes no more than one hour. If modifications to the PEHTLib library or PEHideText tool are required, you are not billed for time spent on such. Contact us at support@bitsum.com.

Compliment this documentation for a free license! Add code samples or other supplements, and, if quality if sufficient, we'll give you a free commercial unlimited PECompact license. Contact before you begin to make sure this offer is still available.