Thread: PE-Packer
View Single Post
  #1  
Old 02-21-2021, 22:22
Zeokat Zeokat is offline
Friend
 
Join Date: Dec 2017
Posts: 81
Rept. Given: 0
Rept. Rcvd 14 Times in 10 Posts
Thanks Given: 378
Thanks Rcvd at 227 Times in 56 Posts
Zeokat Reputation: 14
PE-Packer

PE-Packer is a simple packer for Windows PE files. The new PE file after packing can obstruct the process of reverse engineering.

Warning
This project is just a demo for beginners to study Windows PE Format and Assembly Language. It still has some compatibility problems and bugs that cannot be used in practice.

How it works:
It will do the following things when packing a PE file:
  • Transforming the original import table.
  • Encrypting sections.
  • Clearing section names.
  • Installing the shell-entry.

When running a packed PE file, the shell-entry will decrypt and load the original program as follows:
  • Decrypting sections.
  • Initializing the original import table.
  • Relocation.


Source:
Code:
https://github.com/czs108/PE-Packer
Credits to original author: Chenzs108
Reply With Quote
The Following User Gave Reputation+1 to Zeokat For This Useful Post:
Asus (02-23-2021)
The Following 2 Users Say Thank You to Zeokat For This Useful Post:
sh3dow (05-27-2021)