PE-Packer: Windows x86 PE file packer written in C & Microsoft Assembly
PE-Packer
PE-Packer is a simple packer for Windows PE files. The new PE file after packing can obstruct the process of reverse engineering.
It will do the following things when packing a PE file:
- Transforming the original import table.
- Encrypting sections.
- Clearing section names.
- Installing the shell-entry.
When running a packed PE file, the shell-entry will decrypt and load the original program as follows:
- Decrypting sections.
- Initializing the original import table.
- Relocation.
Before packing, using some disassembly tools can disassemble the executable file to analyze the code, such as IDA Pro.
- Disassembling the code.
- Searching for constant strings.
- Analyzing the import table.
After packing, the reverse analysis will be obstructed.
- Disassembling the code.
- Searching for constant strings.
- Analyzing the import table.
Warning
This project is just a demo for beginners to study Windows PE Format and Assembly Language. It still has some compatibility problems and bugs that cannot be used in practice.
Install & Use
Copyright (C) 2020 czs108
