mupack
 

This is a small executable packer that I have been working on and off for some time. The public build is restricted compared to the private one, but it still packs alright. There is some bugs:

Known bugs:
* Resources are not compressed in certain cases. Might redo resource compression to fix this.
* TLS callbacks with DLLs don¡¯t work fully. TLS callback tables and ptrs need to be relocated via the relocs.
* Proxy TLS callback not implemented. I guess this is a feature as atm it works like a antidebug trick. Ideally it should handle TLS callbacks cleanly to ease debugging.
* Crash when unpacking VBA-Ms Wx build. Not sure why, need to fix the above TLS issue before fixing this. This would make debugging a lot easier.
* Digital code signing when executables are packed does not work.

Source code:

Updated:
* Rewrote resource compression. Fixes a known bug of not compressing executables in certain cases.

Updated:

* Rewrote TLS callback emulation. As a result, there is preliminary TLS callback in DLL support as well as easier debugging of EXE/DLL files with TLS callbacks. I found one case where TLS callbacks/index variables in DLLs doesn't work properly, need to debug that use case more.
* More work on handling uncompressed resources, fixes some bugs.

Updated:

* Fixed any TLS regressions from last build. DLL support for TLS callbacks is still preliminary, though.
* Now updates the PE file checksum.
* Added a small TLS callback on TLS using executables to fix any possible invalid TLS addresses.

Cool utility.
I guess the unpacking will not be difficult as i see into the stub:

Yeah, my private builds focus on compression ratio, using completely different compression algorithms. I designed it to be easy to depack. Figured theres no point in trying protection since people will crack it anyway. The public build is there so there is no real loss if people misuse it, although there might still be a possibility of that happening. :( Pity the taggant scheme for packers is a crock of sh*t. (only useful for commercial stuff, not freeware) And digital signatures do nothing too.

Plus, many packers like ASPack, PESpin and mpress seem to miss crucial things like proper TLS callback support. I guess now I need to work out overlay support, and fully reentrant DLL entry points. (so it doesn't needlessly depack itself over and over)

Atm I am trying to debug a nice (as in, interesting and hard) test case with DLLs with TLS. For some reason there is one flaw there, but other DLLs with TLS callbacks work fine. Dunno if its something to do with reentrancy though.

Do not share outside EXETools.com, otherwise development will cease.

Updated:
* removed asmjit, replaced with Xbyak.
* added DLL reentrancy.
* saved bytes in entrypoint, down to 34 bytes.
* removed aplib (lzss based), replaced with a lz77+arithmetic coder backend:
double the depacker size (around 360 bytes compared to 160 bytes for aplib), yet a much improved compression ratio, nearing the private packer builds compression ratio in some cases, which uses LZMA.

you can't avoid it,the only way is to share it with private people that you trust with in.

True, but I can ask for some common basic human decency?

I guess that is too much to ask for? If thats the case, might as well stop dev already. So far I haven't noticed any leaks which is nice, hopefully it stays that way, otherwise development can go back to being completely private.

i'm afraid it's not anymore a world to expect that,you may trust in me as i think like you but it's not the place to expand psychology :)

regards!

There are so many retarded people in the RE forums that it will sell your program in a few minutes after you put on public. The time teach me that some users are present including this site.
So NO do not ask for that.
:)

Unfortunately that is a little too true... Brutal... But too true :(

Yep, as proven by the most recent leak and using download credits on some website (so in practise, it being sold)....
So instead, will stick to people that I know and trust, like what was done a few months ago.
At least with that, might as well experiment with taggants too down the track.

From past experience the "developers" will take your program and edit the resources to wipe your name and put his on credits and sell your thing as his.
Many of my scripts was selled too for hundreds of EUR even i put them on sites for free.
This happened with CodeCracker tools and many other developers work.
So for me is a strong "NO" for put for free my work because i know what will happen next.
:)

In that case, no point releasing the x64 port when its finished.