Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/BromiumLabs/PackerAttacker
C++ application that uses memory and code hooks to detect packers
https://github.com/BromiumLabs/PackerAttacker
Last synced: 17 days ago
JSON representation
C++ application that uses memory and code hooks to detect packers
- Host: GitHub
- URL: https://github.com/BromiumLabs/PackerAttacker
- Owner: BromiumLabs
- License: gpl-2.0
- Created: 2015-04-15T23:02:54.000Z (over 9 years ago)
- Default Branch: master
- Last Pushed: 2018-03-05T08:12:49.000Z (over 6 years ago)
- Last Synced: 2024-07-31T22:46:50.733Z (3 months ago)
- Language: C++
- Size: 281 KB
- Stars: 263
- Watchers: 30
- Forks: 72
- Open Issues: 3
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# PackerAttacker
## Description
The Packer Attacker is a generic hidden code extractor for Windows malware. It supports the following types of pacers:
1. Running from heap
2. Replaceing PE header
3. Injecting in a processThe Packer Attacker is based on Microsoft Detours.
## Compilation
Compile with Microsoft C++ 2010 and Detours library. You'll have two files:
1. PackerAttackerHook.dll - unpacking engine
2. PackerAttacker.exe - DLL injector that executes malware and injects PackerAttackerHook.dll## Setting up
1. Create folder C:\dumps - all the extracted hidden code will be saved there
2. Put PackerAttacker.exe and PackerAttackerHook.dll to %PATH%
3. If it's a clean machine you're going to need MSVC++ redistributable## Usage
PackerAttacker.exe
## Misc
Currently only PE EXE files are supported.