Data

Tools

Indexes

Applications

Experiments

Open Source Science

windows-pe-packer

🗜️ A packer for Windows x86 executable files written in C and Intel x86 Assembly. The new file after packing can obstruct reverse engineering.(使用C和Intel x86汇编开发的Windows x86可执行文件打包工具,打包后的新文件可以阻碍逆向工程。)

https://github.com/czs108/windows-pe-packer

Science Score: 26.0%

This score indicates how likely this project is to be science-related based on various indicators:

  • CITATION.cff file
  • codemeta.json file
    Found codemeta.json file
  • .zenodo.json file
    Found .zenodo.json file
  • DOI references
  • Academic publication links
  • Academic email domains
  • Institutional organization owner
  • JOSS paper metadata
  • Scientific vocabulary similarity
    Low similarity (5.7%) to scientific vocabulary

Keywords

pe reverse-engineering security windows
Last synced: 6 months ago · JSON representation

Repository

🗜️ A packer for Windows x86 executable files written in C and Intel x86 Assembly. The new file after packing can obstruct reverse engineering.(使用C和Intel x86汇编开发的Windows x86可执行文件打包工具,打包后的新文件可以阻碍逆向工程。)

Basic Info
  • Host: GitHub
  • Owner: czs108
  • License: mit
  • Language: C
  • Default Branch: master
  • Homepage:
  • Size: 599 KB
Statistics
  • Stars: 335
  • Watchers: 18
  • Forks: 51
  • Open Issues: 6
  • Releases: 1
Topics
pe reverse-engineering security windows
Created about 6 years ago · Last pushed over 1 year ago
Metadata Files
Readme License Citation

README-CN.md

Windows PE Packer

C MASM CMake Windows License

翻译

简介

test-helloworld

PE-Packer是一款针对Windows *PE*文件的简单加壳程序,加壳后的可执行文件可以对逆向分析过程造成干扰。

PE文件加壳时,程序会进行如下工作:

  • 转换导入表结构。
  • 加密节区数据。
  • 清除节区名称。
  • 安装解密模块

加壳后的文件启动时,解密模块会加载原始数据及代码:

  • 解密节区数据。
  • 初始化导入表。
  • 重定位。

PE文件加壳前,使用一些反汇编工具可以自动分析其汇编代码及数据,例如IDA Pro

  • 反汇编代码。

code

  • 搜索常量字符串。

string

  • 分析导入表。

import-table

加壳后,逆向分析过程会受到干扰。

  • 反汇编代码。

packed-code

  • 搜索常量字符串。

packed-string

  • 分析导入表。

packed-import-table

警告

该项目目前仅用于初学者学习Windows PE格式汇编语言,其仍存在兼容性问题及其他Bug,尚不能用于实际生产环境。

开始

前置条件

该项目必须编译为Windows 32位版本,目前也只支持针对32位.exe文件的加壳处理。

  • 安装MASM32
  • 安装MinGW-w64,选择i686架构。
  • 安装CMake
  • 配置这三个工具的PATH环境变量。

构建

bash mkdir -p build cd build cmake .. -D CMAKE_C_COMPILER=gcc -G "MinGW Makefiles" cmake --build .

或直接执行build.ps1文件:

console PS> .\build.ps1

使用

对可执行文件加壳时,需要指定其输入路径输出路径

console PE-Packer <input-file> <output-file>

例如:

console PE-Packer hello.exe hello-pack.exe

文档

可以使用Doxygen生成项目文档。

参考

许可证

使用MIT协议,请参考LICENSE文件。

Owner

  • Name: Chenzs108
  • Login: czs108
  • Kind: user
  • Location: Dublin, Ireland
  • Company: Susquehanna International Group

Software Development | Artificial Intelligence | Reverse Engineering. For more projects, see @Zhuagenborn.

GitHub Events

Total
  • Issues event: 1
  • Watch event: 35
  • Push event: 2
  • Fork event: 6
Last Year
  • Issues event: 1
  • Watch event: 35
  • Push event: 2
  • Fork event: 6

Issues and Pull Requests

Last synced: 6 months ago

All Time
  • Total issues: 1
  • Total pull requests: 0
  • Average time to close issues: N/A
  • Average time to close pull requests: N/A
  • Total issue authors: 1
  • Total pull request authors: 0
  • Average comments per issue: 0.0
  • Average comments per pull request: 0
  • Merged pull requests: 0
  • Bot issues: 0
  • Bot pull requests: 0
Past Year
  • Issues: 1
  • Pull requests: 0
  • Average time to close issues: N/A
  • Average time to close pull requests: N/A
  • Issue authors: 1
  • Pull request authors: 0
  • Average comments per issue: 0.0
  • Average comments per pull request: 0
  • Merged pull requests: 0
  • Bot issues: 0
  • Bot pull requests: 0
View more stats
Top Authors
Issue Authors
  • realzedrix (1)
  • Spl3en (1)
Pull Request Authors
Top Labels
Issue Labels
Pull Request Labels