Thread: PE-Packer
View Single Post
Old 02-21-2021, 22:22
Zeokat Zeokat is offline
Join Date: Dec 2017
Posts: 35
Rept. Given: 0
Rept. Rcvd 8 Times in 5 Posts
Thanks Given: 181
Thanks Rcvd at 101 Times in 22 Posts
Zeokat Reputation: 8

PE-Packer is a simple packer for Windows PE files. The new PE file after packing can obstruct the process of reverse engineering.

This project is just a demo for beginners to study Windows PE Format and Assembly Language. It still has some compatibility problems and bugs that cannot be used in practice.

How it works:
It will do the following things when packing a PE file:
  • Transforming the original import table.
  • Encrypting sections.
  • Clearing section names.
  • Installing the shell-entry.

When running a packed PE file, the shell-entry will decrypt and load the original program as follows:
  • Decrypting sections.
  • Initializing the original import table.
  • Relocation.

Credits to original author: Chenzs108
Reply With Quote
The Following User Gave Reputation+1 to Zeokat For This Useful Post:
Asus (02-23-2021)
The Following 2 Users Say Thank You to Zeokat For This Useful Post:
sh3dow (05-27-2021)