Forward to Compression issues
Back to Application integrity protection
What is application import table?
The import table contains lists all the DLLs and all the function pointers your application uses.
What happens to import table while moleboxing a program?
Import table is processed in two steps: function interception and packing. While moleboxing, the import table is being encrypted, which prevents any modifications to import table contents, and protect the application from substitution its functions with the other ones.
What is functions interception?
MoleBox intercepts the functions dealing with the packed files. It finds those functions in the import table of the original application, and substitutes with its own functions. This technique allows to pack the data files without any changes to the source code.
Are there functions which cannot be intercepted?
Yes, there are few of such functions. For example, MCI*() functions family of MediaControl component cannot be correctly intercepted in Windows 9X. To avoid this concrete problem, you may explicitly load Windows Media Player component when necessary.
How protected the import table is in the packed application?
MoleBox prevents external API hooking (function pointers modifications) and any other import table modifications.
It's the import table of MoleBox launcher, not of your original application. We have to keep the launcher import table unchanged, in order to let it run. However, the import table of your application is encrypted, and cannot be accessed.