Crinkler
Download
1 / 22

Crinkler - PowerPoint PPT Presentation


  • 145 Views
  • Uploaded on

Crinkler. - compressing Windows 4k intros to EXE files. Aske Simon Christensen Rune L. H. Stubbe. Overview. Background Compression method Function import Header layout Demo Future plans. Why another one?. Most common method: CAB dropping Dropping is a mess We want EXE files!.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Crinkler' - landry


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Crinkler

Crinkler

- compressing Windows 4k intros to EXE files

Aske Simon Christensen

Rune L. H. Stubbe

Assembly 2005, Helsinki, July 2005


Overview
Overview

  • Background

  • Compression method

  • Function import

  • Header layout

  • Demo

  • Future plans

Assembly 2005, Helsinki, July 2005


Why another one
Why another one?

  • Most common method: CAB dropping

  • Dropping is a mess

  • We want EXE files!

EXE file

EXE optimizer

CAB compressor

BAT inserter

BAT file

Assembly 2005, Helsinki, July 2005


How is crinkler different
How is Crinkler different?

  • The normal build process:

ASM files

C/C++ files

object / library files

Compiler

Assember

Linker

Cruncher

EXE file

Assembly 2005, Helsinki, July 2005


How is crinkler different1
How is Crinkler different?

  • The Crinkler way:

ASM files

C/C++ files

object / library files

Compiler

Assember

Crinkler

EXE file

Assembly 2005, Helsinki, July 2005


Why another one1
Why another one?

  • Control over code and data placement

    • Choose base address

    • Optimize order for best compression

    • Separate code and data

    • Put in extra code

      • Import code

      • Code transformations

Assembly 2005, Helsinki, July 2005


Compression method
Compression method

  • Context modelling

    + Much better compression ratio than LZX

    + Well suited for small amounts of data

    + Small decompression code (< 250 bytes)

    + Pays off even with the extra header

    - Extremely slow

    - Very memory-hungry

Assembly 2005, Helsinki, July 2005


Data compression basics
Data compression basics

  • Take advantage of self-similarity

  • Find patterns and eliminate them

  • Dictionary compression

  • Statistical compression

Assembly 2005, Helsinki, July 2005


Dictionary compression
Dictionary compression

  • LZ77: Refer repetitions back to original

  • Reasonable compression ratio

  • Fast compression

  • Very fast decompression

M

M

I

I

S

S

S

S

I

I

S

S

S

S

I

I

P

P

P

P

I

I

Assembly 2005, Helsinki, July 2005


Statistical compression
Statistical compression

  • Estimate probability distribution of each symbol based on earlier data

  • PPM:

  • Problem: local

M

I

S

S

I

S

S

I

P

P

I

Assembly 2005, Helsinki, July 2005


Context modelling
Context modelling

  • Generalization of PPM

  • Look at combinations of recent symbols

  • A bit mask describes a model

  • Problem: Many masks to choose from

M

I

S

S

I

S

S

I

P

P

I

Assembly 2005, Helsinki, July 2005


Implementation
Implementation

  • Estimation for each single bit

  • Context is current byte + selection of last 8

  • Estimate the best collection of masks

  • Estimate the best weights of the masks

  • Keep track of contexts in a hash table

  • Ignore hash collisions

  • Find hash table size with few collisions

Assembly 2005, Helsinki, July 2005


Function import
Function import

  • Import by name: Name of each function

    • The import table is a big part of an EXE file

  • Import by ordinal: Number instead of name

    • Much smaller but quite incompatible

  • Import by hash: Hash code of each function

    • Small and compatible

    • Not supported directly

  • Import by hashed ordinal range

Assembly 2005, Helsinki, July 2005


Header optimization
Header optimization

DOS header

PE offset

DOS stub

PE header

Data directories

Section header

544 bytes!

Assembly 2005, Helsinki, July 2005


Header optimization1
Header optimization

DOS header

PE offset

DOS stub

PE header

Data directories

Section header

Assembly 2005, Helsinki, July 2005


Header optimization2
Header optimization

DOS header

PE offset

DOS stub

PE header

Data directories

Section header

Assembly 2005, Helsinki, July 2005


Header optimization3
Header optimization

DOS header

PE offset

DOS stub

PE header

Data directories

Section header

Ignored

Assembly 2005, Helsinki, July 2005


Header optimization4
Header optimization

DOS header

PE offset

DOS stub

PE header

Data directories

196 bytes!

Section header

Ignored

Assembly 2005, Helsinki, July 2005


Header optimization5
Header optimization

DOS header

PE offset

DOS stub

PE header

Data directories

124 bytes + 18 hash codes!

Section header

Hash code

Assembly 2005, Helsinki, July 2005


Demo

Assembly 2005, Helsinki, July 2005


Future plans
Future plans

  • Windows 2000 compatibility

  • Even better compression

  • Section reordering

  • Transformations

  • More feedback

  • 64k specialized version

Assembly 2005, Helsinki, July 2005


Thank you
Thank you

Questions?

Comments?

Suggestions?

Assembly 2005, Helsinki, July 2005


ad