Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/BromiumLabs/PackerAttacker

C++ application that uses memory and code hooks to detect packers
https://github.com/BromiumLabs/PackerAttacker

Last synced: 17 days ago
JSON representation

C++ application that uses memory and code hooks to detect packers

Host: GitHub
URL: https://github.com/BromiumLabs/PackerAttacker
Owner: BromiumLabs
License: gpl-2.0
Created: 2015-04-15T23:02:54.000Z (over 9 years ago)
Default Branch: master
Last Pushed: 2018-03-05T08:12:49.000Z (over 6 years ago)
Last Synced: 2024-07-31T22:46:50.733Z (3 months ago)
Language: C++
Size: 281 KB
Stars: 263
Watchers: 30
Forks: 72
Open Issues: 3
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

# PackerAttacker

## Description

The Packer Attacker is a generic hidden code extractor for Windows malware. It supports the following types of pacers:

1. Running from heap
2. Replaceing PE header
3. Injecting in a process

The Packer Attacker is based on Microsoft Detours.

## Compilation

Compile with Microsoft C++ 2010 and Detours library. You'll have two files:

1. PackerAttackerHook.dll - unpacking engine
2. PackerAttacker.exe - DLL injector that executes malware and injects PackerAttackerHook.dll

## Setting up

1. Create folder C:\dumps - all the extracted hidden code will be saved there
2. Put PackerAttacker.exe and PackerAttackerHook.dll to %PATH%
3. If it's a clean machine you're going to need MSVC++ redistributable

## Usage

PackerAttacker.exe

## Misc

Currently only PE EXE files are supported.