https://github.com/alon-alush/alushpacker
Powerful PE executable packer for Windows - supports x86/64, compression, encryption, and much more
https://github.com/alon-alush/alushpacker
c compression file-compressor loader manual-mapper packer pe-format pe-packer portable-executable protector shellcode shellcode-loader thread-local-storage upx winapi windows
Last synced: 5 months ago
JSON representation
Powerful PE executable packer for Windows - supports x86/64, compression, encryption, and much more
- Host: GitHub
- URL: https://github.com/alon-alush/alushpacker
- Owner: Alon-Alush
- License: mit
- Created: 2025-07-14T20:29:20.000Z (5 months ago)
- Default Branch: main
- Last Pushed: 2025-07-15T00:56:20.000Z (5 months ago)
- Last Synced: 2025-07-15T01:02:10.693Z (5 months ago)
- Topics: c, compression, file-compressor, loader, manual-mapper, packer, pe-format, pe-packer, portable-executable, protector, shellcode, shellcode-loader, thread-local-storage, upx, winapi, windows
- Language: C
- Homepage: https://alon-alush.github.io
- Size: 5.02 MB
- Stars: 0
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
AlushPacker: Executable file packer for Windows
*AlushPacker* is an advanced, high-performance executable packer for Windows PE .exe files, made in C.
It first compresses your *entire* static executable with [LZAV compression library](https://github.com/avaneev/lzav), then encrypts it with a custom TEA-32 encryption implementation. The resulting packed file manually maps and loads itself at runtime. It is significantly smaller in size, and all the original resources — strings, headers, and executable code — are fully hidden once packed, making static analysis with tools like IDA significantly more difficult.
# Example: Packed HxD in Action
# Installation and usage
In order for the packed executable to run correctly on your machine, you'd need Visual C/C++ redistributables.
Basic usage: `builder.exe input.exe`
```
builder.exe
Alush Packer
Copyright (C) 2025
Alon Alush / alonalush5@gmail.com
Usage:
C:\Users\tamar\source\repos\ConsoleApplication2\x64\Release\ConsoleApplication2.exe [OPTIONS]
Options:
-o Specify packed output file path. If not provided, writes to input directory
-e Encrypt file with a random 16-byte key.
-c Compress input file with LZAV, a fast general-purpose in-memory data compression algorithm
-l Lock the packed file with a password. Example: -l mypassword
```
Example usage:
`builder.exe "C:\Users\tamar\Downloads\brainfuck compiler\HxD.exe"`
# Features
* x64 and x86 support
* Native console, GUI, and legacy EXE support
* File compression, encryption
* Payload locking (if built with `-l` option, output file will request a password before executing)
# Technical features
* Section headers manual mapping
* Custom WinAPI / loader function implementations (e.g. `myGetProcAddress`, `myGetModuleHandle`)
* Resolving imports (normal / delay-loaded), by name and by ordinal.
* Fast export directory traversal using binary search. [Forwarded exports](https://devblogs.microsoft.com/oldnewthing/20060719-24/?p=30473) specifically are resolved using a highly reliable recursion + parsing logic in `LdrpResolveProcedureAddress`
* Relocations (in case PE image is not loaded at base address)
* [Structured Exception Handling (SEH)](https://learn.microsoft.com/en-us/cpp/cpp/structured-exception-handling-c-cpp?view=msvc-170), registering function table in `.pdata`
* [Thread Local Storage](https://learn.microsoft.com/en-us/windows/win32/procthread/thread-local-storage) (TLS callbacks) support
* Appropriate section memory protection (with `VirtualProtect`)
* Finally, PEB patching (e.g. `PPEB->pPeb->ImageBaseAddress = (PVOID)ntHeaders->OptionalHeader.ImageBase`)