{"id":20847662,"url":"https://github.com/mos9527/evbunpack","last_synced_at":"2025-08-04T11:31:39.535Z","repository":{"id":38745665,"uuid":"287204449","full_name":"mos9527/evbunpack","owner":"mos9527","description":"Enigma Virtual Box Unpacker / 解包、脱壳工具","archived":false,"fork":false,"pushed_at":"2025-07-26T01:08:03.000Z","size":3473,"stargazers_count":227,"open_issues_count":0,"forks_count":24,"subscribers_count":4,"default_branch":"main","last_synced_at":"2025-07-26T07:57:18.994Z","etag":null,"topics":["evb","python","reverse-engineering","unpacker"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mos9527.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-08-13T06:54:38.000Z","updated_at":"2025-07-26T01:05:50.000Z","dependencies_parsed_at":"2024-06-11T17:48:19.579Z","dependency_job_id":"d068ee40-6e94-47d7-976a-77f37d82d4ed","html_url":"https://github.com/mos9527/evbunpack","commit_stats":null,"previous_names":[],"tags_count":18,"template":false,"template_full_name":null,"purl":"pkg:github/mos9527/evbunpack","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mos9527%2Fevbunpack","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mos9527%2Fevbunpack/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mos9527%2Fevbunpack/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mos9527%2Fevbunpack/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mos9527","download_url":"https://codeload.github.com/mos9527/evbunpack/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mos9527%2Fevbunpack/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":268689286,"owners_count":24291075,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-04T02:00:09.867Z","response_time":79,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["evb","python","reverse-engineering","unpacker"],"created_at":"2024-11-18T02:22:26.897Z","updated_at":"2025-08-04T11:31:39.464Z","avatar_url":"https://github.com/mos9527.png","language":"Python","readme":"# evbunpack\r\n[![Windows Build](https://github.com/mos9527/evbunpack/actions/workflows/build-and-publish.yml/badge.svg)](https://github.com/mos9527/evbunpack/blob/main/.github/workflows/build-and-publish.yml) [![Releases](https://img.shields.io/github/downloads/mos9527/evbunpack/total.svg)](https://GitHub.com/mos9527/evbunpack/releases/) [![Code style: black](https://img.shields.io/badge/code%20style-black-000000.svg)](https://github.com/psf/black) \r\n\r\n[Enigma Virtual Box](https://enigmaprotector.com/en/downloads/changelogenigmavb.html) unpacker\r\n\r\n## Features\r\n- Executable unpacking\r\n  - TLS, Exceptions, Import Tables and Relocs are recovered\r\n  - Executables with [Overlays](https://davidghughes.com/2023/08/06/overlays/) can be restored as well\r\n  - Enigma loader DLLs and extra data added by the packer is stripped\r\n- Virtual Box Files unpacking\r\n  - Supports both built-in files and external packages\r\n  - Supports compressed mode\r\n\r\n## Tested Versions\r\n- This applies to PE unpacking. If the chosen PE unpack variant does not work, please try out the other ones with `-pe [variant]`\r\n\r\n| Packer Version | Notes | Unpack with Flags |\r\n| - | - | - |\r\n| 11.00 | Automatically tested in CI for x86/x64 binaries.  | `-pe 10_70` |\r\n| 10.70 | Automatically tested in CI for x86/x64 binaries.  | `-pe 10_70` |\r\n| 9.70 | Automatically tested in CI for x86/x64 binaries. |  `-pe 9_70` |\r\n| 7.80 | Automatically tested in CI for x86/x64 binaries | `-pe 7_80 --legacy-fs ` |\r\n\r\n## Installation\r\n  **For Windows Users** : Builds are available [here](https://github.com/mos9527/evbunpack/releases)\r\n\r\n  Or get the latest version from PyPi:\r\n  ```bash\r\n      pip install evbunpack\r\n  ```\r\n\r\n## Usage\r\n\r\n    usage: evbunpack [-h] [--log-level {DEBUG,INFO,WARNING,ERROR,CRITICAL}] [-l] [--ignore-fs] [--ignore-pe] [--legacy-fs] [-pe {10_70,9_70,7_80}] [--out-pe OUT_PE] file output\r\n\r\n    Enigma Virtual Box Unpacker\r\n\r\n    options:\r\n      -h, --help            show this help message and exit\r\n      --log-level {DEBUG,INFO,WARNING,ERROR,CRITICAL}\r\n                            Set log level\r\n\r\n    Flags:\r\n      -l, --list            Don't extract the files and print the table of content to stderr only\r\n      --ignore-fs           Don't extract virtual filesystem\r\n      --ignore-pe           Don't restore the executable\r\n      --legacy-fs           Use legacy mode for filesystem extraction\r\n      -pe {10_70,9_70,7_80}, --pe-variant {10_70,9_70,7_80}\r\n                            Unpacker variant to use when unpacking EXEs. default=9_70\r\n\r\n    Overrides:\r\n      --out-pe OUT_PE       (If the executable is to be recovered) Where the unpacked EXE is saved. Leave as-is to save it in the output folder.\r\n\r\n    Input:\r\n      file                  File to be unpacked\r\n      output                Output folder\r\n\r\n### Example Usage ([test file available here](https://github.com/mos9527/evbunpack/blob/main/tests/x64_PackerTestApp_packed_20240522.exe))\r\nInput:\r\n```bash\r\nevbunpack x64_PackerTestApp_packed_20240522.exe output\r\n```\r\nOutput:\r\n```bash\r\nINFO: Enigma Virtual Box Unpacker v0.2.1\r\nINFO: Extracting virtual filesystem\r\nFilesystem:\r\n   └─── output\r\n       └─── output/README.txt\r\nWriting File [size=0x11, offset=0x3465]: total=      11h read=       0h\r\nINFO: Extraction complete\r\nINFO: Restoring executable\r\nINFO: Using default executable save path: output\\x64_PackerTestApp_packed_20240522.exe\r\nSaving PE: total=    3211h read=       0h\r\nINFO: Unpacked PE saved: output\\x64_PackerTestApp_packed_20240522.exe\r\n```\r\n## TODO\r\n- Automatically detect packer version\r\n\r\n## Credits\r\n- [evb-extractor](https://github.com/EVBExtractor/evb-extractor)\r\n- [aplib](https://github.com/snemes/aplib)\r\n\r\n## License\r\nApache 2.0 License\r\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmos9527%2Fevbunpack","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmos9527%2Fevbunpack","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmos9527%2Fevbunpack/lists"}