changelog.txt

1.6.1
- Fixes legacy bug that could result in failure to identify NSIS installers.
	- In previous builds, we only checked a small window for the NSIS header. That window has been increased.
- Updates the tkinterdnd hook file to only collect binaries associated with the operating system it is being built for.
- Add placeholders for 2 new use cases to solve for.
- Updates buildCLI.txt to specify output filename.
- Add file for GitHub build automation.

1.6.0
- Improves NSIS Parser to handle an irregular NSIS format
- Adds solution for Use Case 17
	- Attackers can include junk marked as the code signing signature. In previous versions, the certificate preservation would preserve the junk. Without certificate preservation, the junk would be removed but return a Result Code of "0 - No Solution Found" even though the file was deflated.
- Bug Fix
	- Adds error handling to escape non-unicode PE section names

1.5.6.6
- Bug Fix
	- Patches bug in Result-Code 4 where an excess could be removed. 
		- This was due to a miscalculation. In these instances, the "dynamic trim" and "refinery trim" methods were essentially being applied to the same data, then calculating an excess of junk.
	- The check for duplicate items in an NSIS Installer has been improved.
		- Previous check looked for item at the same offset; this version checks to see that all features are the same. 

1.5.6.5
- Bug Fix
	- Inadvertently changed "sample_compression" limit, thought it'd be OK, but it actually causes this check's main purpose to fail (that is, failing quickly when needed). Got some new ideas out of it though.

1.5.6.4
- Bug Fixes
	- Fixed logic that could incorrectly flag .text sections as suspicious.
	- Handled rare error that could occur in updating offsets.
	- Certificate preservation now works reliably for all use-cases. 

1.5.6.3
- Bug Fixes
	- Modified NSIS Parser to address issue identified in the implementation. More details here: https://github.com/binref/refinery/issues/49
		- TLDR, NSIS Installers with the properly of uncompressed data was not previously accounted for due to lack of examples. They now are accounted for.
	- Modified compression check in bloated overlay analysis
		- previous compression check was erroneous and worked only based on miracles.
- Improvements
	- Modified trimming threshold: 0.05 -> 0.15
		- New trimming threshold allows for lower compressed junk.
		- New trimming threshold removes more junk without being too aggressive.
- Known issue
	- The certificate preservation option does not preserve the certificate in all use-cases, particularly cases where junk is in the overlay.

1.5.6.2
- Bug Fix
	- Not all possible paths returned a result code. An additional result code was added.

1.5.6.1
- Bug Fix
	- Added the result code for real this time.

1.5.6
- Cert Support
	- Added support in both CLI and GUI to preserve the authenticode certificate.
		- Authenticode certificate is removed by default because the certificate becomes invalid. When it becomes invalid it becomes unclear whether the certificate was always invalid or not.
- Bug Fix
	- A result code was missing which could cause problems in processing that looked for a result code.

1.5.5
- General Improvements
	- Added functionality to print debloat version/ added to GUI UI
	- Deduped results_codes into processor file
- New Use Case
	- Identified a use case that wasn't being solved, improved program logic to solve.
		- Packed files with a bloated section. 

1.5.4
- General Improvements
	- This version prints report codes indicating which inflation tactic is identified.
	- This version can now handle instances where no pattern exists within the junk data, or the pattern is disrupted by a few characters. This version uses the trimming method from binary refinery in two cases that were found to be more efficient.
	- A performance testing script has been included.

The new updates hand a few edge use-cases that were not solvable before and fixes one bug.

	Bugfix: If debloat was unable to trim a inflated section, it would tell you it could and then exit telling you that it could not.

	New use-case solved: This solves the use-case where there a pattern exists in the overlay, but additional bytes have been added to disrupt the pattern. As much as 1 byte is enough to disrupt the pattern. This is not a problem anymore.


1.5.3.4
- NSIS Parser improvements
	- Additional use cases for NSIS were identified and tested. These identified additional bugs which are fixed in this version. These use cases were added and tested:
		- bzip2_liquid
		- bzip2_solid
		- lzma_liquid
		- lzma_solid
		- zlib_liquid
		- zlib_solid

1.5.3.3
- Modified NSIS Parser significantly.
	- Two use cases were identified where the parser were not working adequately. This resulted in identifying two logic bugs which resulted in fixing one and a large rewrite of some portions of the NSIS Parser. Rewrite was done by Huettenhain (https://github.com/huettenhain) for the original project of the NSIS Parser (https://github.com/binref/refinery) and then was incorporated into Debloat by me (Squiblydoo).
	- Removed some code that was unused.

1.5.3.2
- Fixed a bug with the RSRC trimming
	- These were some long standing issues:
		- The default threshold and default size_limit were brought into conformance with Refinery Trim
		- With the previously high threshold, it could result in problems from removing the entire resource.
		- I also reverted the compression method in this section. The one used elsewhere was found not to be compatible with this part of the processing.

1.5.3.1
- Fixed NSIS extractor bug. 
	- Bug was caused due to the failure of adding some bytes when iterating through NSIS entries.
	- Bug was caused by a missing variable.
- Updated the imports for nsisParser and readers
	- (Somehow?) It was working without these needing to be explicitly mentioned, but it has been updated for completeness.

1.5.3
- Fixed alignment bug
	- There was a bug where I was subtracting instead of adding bytes to fix alignment. It now adds instead of subtracts.
- Polished the trim
	- The "find_chunk_start" method had some unclear logic, that has been improved. 
	- Instead of trying to remove all junk, the method now returns all bytes if the full regex was unable to match.
	- So, if the step is 1000 or 2000 bytes and not all of them are junk, it will leave all 1000
		- The logic is that they aren't really hurting anything by being here, and it is better to leave them than accidentally remove them.

1.5.2
- Merged Optimization changes
	- Changes primarily related to the trim_junk function
	- Primary changes reduced the active memory cost
- No changes in the functionality were made in this release.

1.5.1
- Made modifications recommended by gdesmar for memory improvements.
	- Added the ability to pass the size of the file to the process_pe method
		- This reduces memory usage to calculate the length
	- Bug fixes suggested by gdesmar such as passing the correct object type
	- New compression algorithim implemented
	- See https://github.com/Squiblydoo/debloat/pull/18 to learn more about performance enhancements.
- Implemented the optional "beginning_file_size" parameter for "process_pe" in both main.py and gui.py
- Fixed typecasting bug introduced in 1.5.0 in relation to the "write_multiple_files" method

1.5.0
- Added capability to handle Nullsoft Scriptable Install System (NSIS, aka Nullsoft) executables.
	- Setup instructions and binaries are extracted from the Nullsoft installer to a separate directory.
	- At this time, the user needs to resubmit files if they are bloated. Currently, debloat has no way of determining which files are malicious.

- Fully renamed "Unsafe" Processing to "last_ditch_processing"
	- Last ditch better represents its purpose.
	- "Unsafe" is a name that is often used in the context of untrusted code.
	- Fixed inconsistency in naming of "last ditch processing"

- Adjusted how debloat determines if junk was removed or not:
	- Previously, it could think junk removed if 1 or more bytes were removed or if only the signature was removed.
	- Now debloat checks for a 10% removal at the least

- Updated documentation regarding Linux build command.
	- This had been updated elsewhere, but the update had not made it to the README

1.4.3
- Fixed a logic bug where debloating a section did not debloat the proper section.
    - This worked previously when the bloated section was the last section
- Finished a TODO item: namely, change all the offsets in the sections when the bloated section wasn't the last section of the binary.

1.4.2
- Added checkbox for unsafe processing in GUI
- Moved RSRC class out of processor into utilities
- Fixed bug where chunk_start could fail to be given a value with the result that the program would stop functioning but not inform the user. Better error handling in this case to come.

1.4.1
- Fixed loading PE in GUI

1.4.0
- Fixed headers in a few use cases where I had missed them before.
- Fixed removing resource method. Works properly now.
- Fixed instance where the dynamic trim regex could pick up illegal characters
- Now last_loads PE for better loading time.
- Now manipuates PE data in the buffer.

1.3.2.2
- Fixed a bug where the Delta_last_non_junk value could fail to be set in one use case.

1.3.2.1
- Temporary fix for release version.

1.3.2
- Added Dynamic Trim for trimming bytes from both the Overlay and bloated sections
	- Dynamic trim identifies the junk and creates a targeted regex to remove it.

- Improved output. 
	- Output wasn't being updated as the program ran. I now clear the buffer and update the UI after each output message.

1.3.1
- Fixed required versions in pyproject.toml

1.3.0
- Merged refactoring changes per nazywam's recommendation
- Updated text length per PEP8
- Started docstrings and other documentation for methods
- Updated variable names for PEP8 consistency