Windows Pe Packer
| Project Name | Stars | Downloads | Repos Using This | Packages Using This | Most Recent Commit | Total Releases | Latest Release | Open Issues | License | Language |
|---|---|---|---|---|---|---|---|---|---|---|
| Awesome Hacking | 67,818 | a month ago | 27 | cc0-1.0 | ||||||
| A collection of various awesome lists for hackers, pentesters and security researchers | ||||||||||
| X64dbg | 41,628 | 12 hours ago | 566 | other | C++ | |||||
| An open-source user mode debugger for Windows. Optimized for reverse engineering and malware analysis. | ||||||||||
| Radare2 | 18,595 |  | 4 | 2 | a day ago | 13 | March 03, 2014 | 844 | lgpl-3.0 | C |
| UNIX-like reverse engineering framework and command-line toolset | ||||||||||
| Apktool | 17,271 | 3 | 3 days ago | 5 | July 22, 2023 | 44 | apache-2.0 | Java | ||
| A tool for reverse engineering Android apk files | ||||||||||
| Cutter | 14,033 | 2 days ago | 478 | gpl-3.0 | C++ | |||||
| Free and Open Source Reverse Engineering Platform powered by rizin | ||||||||||
| Unicorn | 6,594 |  | 4 | 21 days ago | 8 | November 01, 2022 | 70 | gpl-2.0 | C | |
| Unicorn CPU emulator framework (ARM, AArch64, M68K, Mips, Sparc, PowerPC, RiscV, S390x, TriCore, X86) | ||||||||||
| Capstone | 6,592 | 2 | 5 days ago | 2 | April 12, 2022 | 353 | other | C | ||
| Capstone disassembly/disassembler framework for ARM, ARM64 (ARMv8), BPF, Ethereum VM, M68K, M680X, Mips, MOS65XX, PPC, RISC-V(rv32G/rv64G), SH, Sparc, SystemZ, TMS320C64X, TriCore, Webassembly, XCore and X86. | ||||||||||
| Infosec_reference | 5,071 | 2 months ago | mit | CSS | ||||||
| An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version. | ||||||||||
| Ipatool | 3,751 | 2 months ago | 19 | June 11, 2023 | 12 | mit | Go | |||
| Command-line tool that allows searching and downloading app packages (known as ipa files) from the iOS App Store | ||||||||||
| Ctf All In One | 3,313 | 6 months ago | 3 | cc-by-sa-4.0 | C | |||||
| CTF竞赛权威指南 | ||||||||||
Windows PE Packer
Languages
About The Project
PE-Packer is a simple packer for Windows PE files. The new PE file after packing can obstruct the process of reverse engineering.
It will do the following things when packing a PE file:
- Transforming the original import table.
- Encrypting sections.
- Clearing section names.
- Installing the shell-entry.
When running a packed PE file, the shell-entry will decrypt and load the original program as follows:
- Decrypting sections.
- Initializing the original import table.
- Relocation.
Before packing, using some disassembly tools can disassemble the executable file to analyze the code, such as IDA Pro.
-
Disassembling the code.
-
Searching constant strings.
-
Analyzing the import table.
After packing, the reverse analysis will be obstructed.
-
Disassembling the code.
-
Searching constant strings.
-
Analyzing the import table.
Warning
This project is just a demo for beginners to study Windows PE Format and Assembly Language. It still has some compatibility problems and bugs that cannot be used in practice.
Getting Started
Prerequisites
The project must configure on/for Windows 32-bit and can only process 32-bit .exe programs now.
- Install MASM32.
- Install MinGW-w64, select
i686architecture. - Install CMake.
- Set the
PATHenvironment variables of these three tools.
Building
mkdir -p build
cd build
cmake .. -D CMAKE_C_COMPILER=gcc -G "MinGW Makefiles"
cmake --build .
Or run the build.ps1 file directly:
PS> .\build.ps1
Usage
To pack a program, you must specify its input name and the output name.
PE-Packer <input-file> <output-file>
For example:
PE-Packer hello.exe hello-pack.exe
Documents
You can use Doxygen to generate the document.
References
PE Format - Windows Dev Center
License
Distributed under the GNU General Public License. See LICENSE for more information.
