{"id":29506482,"url":"https://github.com/alon-alush/alushpacker","last_synced_at":"2026-05-07T01:32:57.818Z","repository":{"id":304728224,"uuid":"1019757294","full_name":"Alon-Alush/AlushPacker","owner":"Alon-Alush","description":"Powerful PE executable packer for Windows - supports x86/64, compression, encryption, and much more","archived":false,"fork":false,"pushed_at":"2025-07-15T00:56:20.000Z","size":5262,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-07-15T01:02:10.693Z","etag":null,"topics":["c","compression","file-compressor","loader","manual-mapper","packer","pe-format","pe-packer","portable-executable","protector","shellcode","shellcode-loader","thread-local-storage","upx","winapi","windows"],"latest_commit_sha":null,"homepage":"https://alon-alush.github.io","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Alon-Alush.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-07-14T20:29:20.000Z","updated_at":"2025-07-15T00:56:24.000Z","dependencies_parsed_at":"2025-07-15T01:02:13.760Z","dependency_job_id":"df59773d-6fb3-4155-8b76-9d783ce4d785","html_url":"https://github.com/Alon-Alush/AlushPacker","commit_stats":null,"previous_names":["alon-alush/alushpacker"],"tags_count":1,"template":false,"template_full_name":null,"purl":"pkg:github/Alon-Alush/AlushPacker","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Alon-Alush%2FAlushPacker","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Alon-Alush%2FAlushPacker/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Alon-Alush%2FAlushPacker/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Alon-Alush%2FAlushPacker/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Alon-Alush","download_url":"https://codeload.github.com/Alon-Alush/AlushPacker/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Alon-Alush%2FAlushPacker/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":265476300,"owners_count":23772784,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["c","compression","file-compressor","loader","manual-mapper","packer","pe-format","pe-packer","portable-executable","protector","shellcode","shellcode-loader","thread-local-storage","upx","winapi","windows"],"created_at":"2025-07-16T02:01:56.496Z","updated_at":"2026-05-07T01:32:57.805Z","avatar_url":"https://github.com/Alon-Alush.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"\u003cp align=\"center\"\u003e\n  \u003ca href=\"#\"\u003e\n    \u003cimg src=\"https://github.com/user-attachments/assets/d56f58bc-70ef-4d57-964f-8749aa1ed921\" alt=\"AlushPacker logo\" width=\"800\"\u003e\n  \u003c/a\u003e\n\u003c/p\u003e\n\u003ch1 align=\"center\"\u003eAlushPacker: Executable file packer for Windows\u003c/h1\u003e\n\u003cp align=\"center\"\u003e\n  \u003ca href=\"https://github.com/Alon-Alush/AlushPacker/blob/main/LICENSE\"\u003e\n    \u003cimg src=\"https://img.shields.io/github/license/Alon-Alush/AlushPacker?style=flat\u0026color=blue\" alt=\"License\"\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://github.com/Alon-Alush/AlushPacker\"\u003e\n    \u003cimg src=\"https://img.shields.io/github/languages/top/Alon-Alush/AlushPacker?style=flat\u0026logo=c\u0026color=red\" alt=\"Top Language\"\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://github.com/Alon-Alush/AlushPacker/releases\"\u003e\n    \u003cimg src=\"https://img.shields.io/github/v/release/Alon-Alush/AlushPacker?style=flat\u0026color=purple\" alt=\"Latest Release\"\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://github.com/Alon-Alush/AlushPacker/stargazers\"\u003e\n    \u003cimg src=\"https://img.shields.io/github/stars/Alon-Alush/AlushPacker?style=flat\u0026color=yellow\" alt=\"GitHub Stars\"\u003e\n  \u003c/a\u003e\n  \u003ca href=\"https://opensource.org\"\u003e\n    \u003cimg src=\"https://img.shields.io/badge/Open%20Source-%E2%9D%A4-brightgreen.svg?style=flat\" alt=\"Open Source\"\u003e\n  \u003c/a\u003e\n\u003c/p\u003e\n\n## Introduction\n\n\n*AlushPacker* is a reflective PE packer that enables in-memory execution of native `.exe` files. The packed file can hinder static analysis and reverse engineering with tools like IDA Pro or Ghidra.\n\n# Demo\n\n![Running the packed file](https://github.com/user-attachments/assets/40ce8bab-492e-4a7d-b8c2-3f8529ff5a50)\n\n# How it works\n\nThe [builder](https://github.com/Alon-Alush/AlushPacker/blob/main/src/Builder/builder.c) creates new `.packed` section header that stores the packed version of the original executable, that is, after it has been compressed with the [LZAV](https://github.com/Alon-Alush/AlushPacker/blob/main/src/Builder/lzav.h) compression library, and encrypted using a [custom implementation](https://github.com/Alon-Alush/AlushPacker/blob/main/src/Builder/encrypt.h) of [XTEA](https://en.wikipedia.org/wiki/XTEA) (eXtended Tiny Encryption Algorithm) block cypher.\n\n\u003cimg width=\"773\" height=\"226\" alt=\".packed section in CFF Explorer\" src=\"https://github.com/user-attachments/assets/bbe667e0-3eb1-42d7-9c28-619477035dfe\" /\u003e\n\nAt runtime, the [reflective loader](https://github.com/Alon-Alush/AlushPacker/blob/main/src/Packer/loader.c) locates  the base address of this section (which is embedded within itself), decrypts and decompresses those contents, and manually loads the executable entirely from memory, with no disk I/O or help from the Windows loader.\n\n# Showcase\n\n### Encrypted data (IDA Pro):\n\nIn the packed version, the original executable's data is stored, well.. packed, meaning that disassemblers like IDA are unable to extract any meaningful interpretation out of that packed data.\n\n\u003cimg width=\"291\" height=\"131\" alt=\"image\" src=\"https://github.com/user-attachments/assets/914edc83-8078-4561-b1d7-a0baab6fea94\" /\u003e\n\n### Detect-It-Easy analysis:\n\n*Detect-It-Easy* has detected that our executable is packed due to the high entropy in the `.packed` section. However, this detection can be bypassed by placing the packed data inside `payload.h` instead of writing this packed data to a separate section header. You can do this by compiling from source, setting the `DEBUG_STUB` macro, and placing the packed data inside `payload.h`. But, this requires a more \"hacky approach\", so to make the build process more straightforward, we place the packed data inside a separate section header.\n\n\u003cimg width=\"717\" height=\"214\" alt=\"image\" src=\"https://github.com/user-attachments/assets/3d4e3829-a209-4260-ac12-41f8fc100604\" /\u003e\n\n# Installation and usage\n\nThe packer can be downloaded here: [latest release binaries](https://github.com/Alon-Alush/AlushPacker/releases/tag/v1.0.0).\n\n## Usage\n\nTo pack a program, you must specify its *input path*. Optionally, you can specify the output path, although this is not strictly required.\n\nExample usage:\n\n```\npacker \u003cinput_file\u003e \u003coutput_file\u003e\n```\n\n**Full usage**:\n```\n\u003e packer.exe\nUsage:\n   C:\\Users\\tamar\\Downloads\\packed_files\\Builder.exe [OPTIONS] \u003cinput_file\u003e \u003coutput_file\u003e\nOptions:\n   -l \u003ckey\u003e    Protect the packed file with a password. Example: -l mypassword\n\n    Example usage: packer.exe \u003cinput.exe\u003e \u003coutput.exe\u003e\nC:\\Users\\tamar\\Downloads\\packed_files\u003e\n```\n\n**Visual Demo**:\n\n![AlushPacker command line demonstration](https://github.com/user-attachments/assets/12f55d88-19a3-4982-86ab-1923825a539a)\n\n# Features\n\n* x64 and x86 support\n* Native console, GUI, and legacy EXE support\n* File compression, encryption\n* Payload locking (if built with `-l` option, output file will request a password before executing)\n# Technical features\n* Section headers manual mapping\n* Custom WinAPI / loader function implementations (e.g. `myGetProcAddress`, `myGetModuleHandle`)\n* Resolving imports (normal / delay-loaded), by name and by ordinal.\n* Fast export directory traversal using binary search. [Forwarded exports](https://devblogs.microsoft.com/oldnewthing/20060719-24/?p=30473) specifically are resolved using a highly reliable recursion + parsing logic in `LdrpResolveProcedureAddress`\n* Relocations (in case PE image is not loaded at base address)\n* [Structured Exception Handling (SEH)](https://learn.microsoft.com/en-us/cpp/cpp/structured-exception-handling-c-cpp?view=msvc-170), registering function table in `.pdata`\n* [Thread Local Storage](https://learn.microsoft.com/en-us/windows/win32/procthread/thread-local-storage) (TLS callbacks) support\n* Appropriate section memory protection (with `VirtualProtect`)\n* Finally, PEB patching (e.g. `PPEB-\u003epPeb-\u003eImageBaseAddress = (PVOID)ntHeaders-\u003eOptionalHeader.ImageBase`)\n\n# Contributing\n\nContributions to the project are welcome!\n\nYou can improve parts of the code, report bugs, or just suggest features you think would be cool to add. I will review your suggestions and approve them if they step the project towards a better place :)\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falon-alush%2Falushpacker","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Falon-alush%2Falushpacker","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Falon-alush%2Falushpacker/lists"}