admin/pe-packer
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
25 Commits 2 Branches 2 Tags
master
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
William Long 34fb906d1d Merge pull request #6 from notcpuid/experimental 
fix(imgui): add correct imgui submodule linking
2025-11-19 18:19:47 +03:00
pe-packer
feat(imgui): add simple GUI interface
2025-11-19 17:03:07 +03:00
vendor
feat(imgui): add submodule for imgui
2025-11-19 17:06:17 +03:00
.gitattributes
Add project files.
2025-07-01 21:01:40 +03:00
.gitignore
Add project files.
2025-07-01 21:01:40 +03:00
.gitmodules
fix(submodule): fix file
2025-11-19 18:12:35 +03:00
LICENSE.txt
Add project files.
2025-07-01 21:01:40 +03:00
pe-packer.sln
fix(sln/core): remove x86 compiler options, add correct JIT runtime env for x64 compiler
2025-11-19 15:18:02 +03:00
README.md
perfect commit 2
2025-11-19 17:10:34 +03:00

README.md

Packer for x86 Portable Executable applications

What is this?

This packer works by encrypting a specific code places, create new section that will be contain the stub for decrypting and the necessary obfuscation.
Packer has one common stub that will be obfuscated using several methods which has adverse effects on analyzers/decompilers.

Only X86 binaries are currently supported, but in the future the ability to package x64 binaries will be added.

Optional arguments

Packer by default works off a command line. Listed below are the arguments requried to use it.

Argument Description Extra arguments
-oep_call Obfuscation of the entry point, namely the call to the required address.
-adasm Anti-disassembly technique, allows to break the hex-rays decompiler in particular
-mba Mixed Boolean Arithmetic obfuscation, inserts unwanted mathematical operations
-senc Includes encryption using the XOR algorithm of the required sections
-fpack Encrypts the required function using the XOR algorithm, adding a stub for decryptingr addr1, addr2
-finstr Generates invalid instructions that will adversely affect analyzers/decompilers.
-noaslr Allows you to disable ASLR

GUI Interface

image

Packer CLI in action

Pasted image 20250701214130

Input

Pasted image 20250701214338

Output

Pasted image 20250701214543

Usage example

pe-packer.exe <input.exe> <output.exe> <mutations> [flags...]

pe-packer.exe file.exe file_packed.exe 5 -mba -senc -fpack 0x401040 0x401072

Note

The -fpack argument takes two additional arguments, the first address (start address of the function), the second address (end address of the function).

What about .MAP parsing?

I understand how inconvenient it is to specify the addresses of the function that needs to be encrypted, the .MAP parser will be added soon, the method that is currently used will not be removed, for the reason that some people are not used to generating .MAP files at the time of compilation.

What's next?

I am going to periodically update the functionality, add new tricks that I find, in the nearest goals there is an item added anti-debug, IAT obfuscation, anti-vm tricks and other things. You should understand that the project was created by a PE packer and there is no goal to make it an obfuscator. Perhaps you will see a separate obfuscator soon.

Dependencies

Reference in New Issue View Git Blame Copy Permalink
Description
X86 Packer with Portable Executable compatibility.
Readme 1.1 MiB
Languages
C++ 99.7%
C 0.3%