首页
社区
课程
招聘
[转帖]PEBundle v 3.20 by Jeremy Collake / Bitsum Technologies
发表于: 2009-7-21 23:00 3622

[转帖]PEBundle v 3.20 by Jeremy Collake / Bitsum Technologies

2009-7-21 23:00
3622
PEBundle v 3.20 by Jeremy Collake / Bitsum Technologies  

One of the most advanced EXE/DLL/arbitrary file bundlers ever, especially known for its ability to load bundled DLLs bundled to an EXE directly from memory, without dropping '''anything''' to disk (by way of its own custom implemented PE loader).

Sadly, PEBundle was discontinued (possibly partly brought back again though, see below) when the core technology was purchased by Thinstall, and you can find more info about it in this forum thread:

http://www.bitsum.com/smf/index.php?topic=84.0

There is some confusion regarding if the business deal with Thinstall was later revised or nullified, which can be partly implied by the following thread (I've also read more explicit info regarding this somewhere else, which I cannot find at the moment), where the last post by the author is made a good while '''after''' the discontinuation message in the above thread:

http://www.bitsum.com/smf/index.php?topic=3.0

Because of the uncertain state/future of this product, I've uploaded the trial version from the website mentioned above (which is btw not linked from the rest of the website, only "invisibly" remaining there, indexed by google).


Official info from the product website:

PEBundle is a revolutionary tool that allows for DLLs or other files to be "bundled" with an executable, therefore removing the requirement to distribute the bundled files separately from the application. With two operational modes, one that uses advanced techniques to resolve dependencies on a bundled DLL in memory, and another that writes the bundled file(s) to disk, PEBundle is a great tool to optimize software distributions.

PEBundle Features:

* Effective static linking of a dynamic link library.

* Makes applications and the bundled modules more difficult to reverse engineer and/or tamper with.

* Helps to hide and protect the bundled modules.

* Bundling of modules the application is dependent on allows for the application to be distributed as a single executable that is capable of installing modules it needs on the fly.

* Reduces Dynamic Link Library version problems, a.k.a. “DLL Hell”. This problem is described by Microsoft in MSDN and they actually recommend that applications have their own copies of DLLs so that they will not cause version problems when they overwrite the system copy of the module.

* Supports bundling of scripts to their respective interpreters and auto-launching.

* Works with PECompact, so that your applications and all the modules may be compressed significantly. The write-to-disk module does have internal support for compression of the bundled modules.

* Full support for Windows 95/98/Me/NT/2k/XP. The advanced bundle does hook and support wide character, Unicode, APIs.


OVERVIEW OF IN-MEMORY BUNDLING BY PEBUNDLE:

This mode, called the "Advanced Bundle" in the GUI, allows dynamic link libraries to be bundled with an executable and have all references to those modules resolved at runtime to the appropriate memory addresses without ever writing the dynamic link libraries to disk*. The dependencies are resolved through the use of API hooks by the PEBundle loader, which is attached to the application.


OVERVIEW OF "WRITE-TO-DISK" BUNDLING:

In this mode, PEBundle simply uncompressed and extracts the modules to disk at runtime. This mode supports the bundling of any type of file.

The modules may be extracted to a location the user specifies at the time of bundle, and can optionally only be extracted if the module or a newer version of it does not already exist.

[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)

收藏
免费 1
支持
分享
最新回复 (1)
雪    币: 97697
活跃值: (200834)
能力值: (RANK:10 )
在线值:
发帖
回帖
粉丝
2
本地备档一份.
上传的附件:
2009-7-21 23:02
0
游客
登录 | 注册 方可回帖
返回
//