PE-Packer is a simple packer for Windows PE files. The new PE file after packing can obstruct the process of reverse engineering.

It will do the following things when packing a PE file:

When running a packed PE file, the shell-entry will decrypt and load the original program as follows:

Before packing, using some disassembly tools can disassemble the executable file to analyze the code, such as 📦 A simple Windows x86 PE file packer written in C & Microsoft Assembly. The file after packing can obstruct the process of reverse engineering. (5)”>IDA Pro.

After packing, the reverse analysis will be obstructed.

Warning

This project is just a demo for beginners to study Windows PE Format and Assembly Language. It still has some compatibility problems and bugs that cannot be used in practice.

Getting Started

Prerequisites

The project must configure on/for Windows 32-bit and can only process 32-bit .exe programs now.

Building

> mkdir -p build
> cd build
> cmake .. -D CMAKE_C_COMPILER=gcc -G "MinGW Makefiles"
> cmake --build .

Or run the build.ps1 file directly:

> .build.ps1

Usage

To pack a program, you must specify its input name and the output name.

PE-Packer  

For example:

PE-Packer hello.exe hello-pack.exe

Documents

You can use 📦 A simple Windows x86 PE file packer written in C & Microsoft Assembly. The file after packing can obstruct the process of reverse engineering. (17)”>Doxygen to generate the document.

In order to avoid scanning .md files, you must add *.md to the EXCLUDE_PATTERNS configuration option.

EXCLUDE_PATTERNS = *.md

This option is in “Expert” -> “Input” page.

References

📦 A simple Windows x86 PE file packer written in C & Microsoft Assembly. The file after packing can obstruct the process of reverse engineering. (19)”>《加密与解密(第3版)》段钢

📦 A simple Windows x86 PE file packer written in C & Microsoft Assembly. The file after packing can obstruct the process of reverse engineering. (20)”>PE Format – Windows Dev Center

Contact

GitHub: https://github.com/czs108/

E-Mail: chenzs108@outlook.com

WeChat: chenzs108

Download PE-Packer

Leave a Reply

Your email address will not be published. Required fields are marked *