|
There was a tool years ago which was designed to remove the borland signatures from borland pascal 7.0 files.
There were unpackers available which tested the memory of the program each time the program executed code in a new segment, and did a dump if it found a signature of a compiler it recognized. I forget its name, but this tool used to kill the borland bytes so that the unpackers did not recognize the exe as a borland exe.
Now borland exe's have quite a large library appended to them. About 150kb for pascal 7. The program only changed about 300 bytes of the library. It removed things like "copyright borland" and changed some of the fixed strings (ie a constant like "0123456789") and the entrypoint of the library itself. The entrypoint was re-written (ie manually re-coded) and was not simply a poly layer. Also there was a patch available for the complier library (a new version of turbo.tpl) which included these changes, so each time you compiled a file you had an "immune" copy.
It was very effective. Later on the game continued with the unpackers detecting these libraries. I think the last version I saw had a small poly layer around the library's entry point.
|