This PE tool encrypts/obfuscates marked strings so that even in the decompressed virtual image they are not in their plaintext form. At runtime, when these strings are referenced, an application must use special functions to retrieve the plaintext version of the strings.
To facilitate the string decryption at run-time is PEHTLIB. It can be statically linked, or a DLL can be provided (email us). Registered users also have access to the source code, so they can simply link its C++ source into their project to utilize the string decryption functions.
The idea is to mark strings for encryption by prefixing them with a special set of characters. This lets PEHideText find them and encrypt them. At runtime, only your application knows where these strings are located. Your code will have been written to use the PEHTLIB decryption functions, and will access the encrypted strings at whatever addresses they happened to be linked to.
The prefixes for string-encryption are defined in a C++ header file, PEHT.H.
For multi-byte (ascii) strings, define a string with PEHT_DEFINE_ENCRYPTED_TEXT_A
For wide-character (unicode) strings, define a string with PEHT_DEFINE_ENCRYPTED_TEXT_W
For TCHARs (type defined at compile time) strings, define a string with PEHT_DEFINE_ENCRYPTED_TEXT_T
PEHideText should then be run on the uncompressed application so that it can encrypt/obfuscate these strings.
Applications should link with PEHTLIB.LIB (in PECompact folder), using the functions from it (see PEHT.H for C++ prototypes) that correspond to the type of string (multi-byte or unicode) that they are referencing:
| TCHAR *GetEncryptTextT(TCHAR *ptszText) | For TCHAR, where the character width can be changed by #defs. |
| wchar_t *GetEncryptedTextW(wchar_t *pwszText) | For wide-character (unicode) strings. |
| char *GetEncryptedTextA(char *pszText) | For multi-byte (ascii) strings. |
It does not hurt to call a function multiple times to retrieve a pointer to the plaintext version of the same string. The same pointer will be returned each time, but decryption will only occur once (unless cleanup/free functions below are called between invocations).
If you wish to free a single decrypted string from memory (as opposed to all at once via FreeAllDecryptedTexts), then you should use the functions:
| bool *FreeEncryptedTextT(TCHAR *ptszText) | For TCHAR, where the character width can be changed by #defs. |
| bool *FreeEncryptedTextW(wchar_t *pwszText) | For wide-character (unicode) strings. |
| bool *FreeEncryptedTextA(char *pszText) | For multi-byte (ascii) strings. |
Important: The original pointer to the encrypted string should be passed to these functions, not the pointer retrieved by the GetEncryptedText functions!
Before your application exits, it should call the following to clean up dynamically allocated memory:
void PEHTCleanup();
C++ Example:
#include <stdio.h>
#include <tchar.h>
#include "peht.h"
...
PEHT_DEFINE_ENCRYPTED_TEXT_T(ptszString1, _T("This string will be encrypted in the image."));
_tprintf(_T("The text is: %s"),GetEncryptedTextT(ptszString1));
PEHTCleanup();
// frees all decrypted text buffers
//or FreeDecryptedTextT(ptsz1); // to free only the ptsz1
string.
You can either link with PEHTLIB.lib, or PEHTLIB_X64.LIB for x64 builds, or simply include the PEHTLIB C++ source into your project (registered build only). We can also make a DLL available, if needed.