https://github.com/iamsopotatoe-coder/tinyload
Packer for PE files with xor encryption and compression
https://github.com/iamsopotatoe-coder/tinyload
compression crypter obfuscation packer pe-compress pe-compression pe-packer pe-protection pe-xor pepacker peprotection protection xor
Last synced: about 2 months ago
JSON representation
Packer for PE files with xor encryption and compression
- Host: GitHub
- URL: https://github.com/iamsopotatoe-coder/tinyload
- Owner: iamsopotatoe-coder
- License: mit
- Created: 2026-03-16T09:46:54.000Z (3 months ago)
- Default Branch: main
- Last Pushed: 2026-04-19T10:00:24.000Z (2 months ago)
- Last Synced: 2026-04-20T15:48:49.413Z (2 months ago)
- Topics: compression, crypter, obfuscation, packer, pe-compress, pe-compression, pe-packer, pe-protection, pe-xor, pepacker, peprotection, protection, xor
- Language: C++
- Homepage: https://iamsopotatoe-coder.github.io/TinyLoad/
- Size: 30.3 KB
- Stars: 1
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# TinyLoad V3
  
simple PE packer for Windows. compresses and encrypts executables with a custom virtual machine into a self-extracting stub.
## how it works
TinyLoad appends your compressed payload to a copy of itself. when the packed exe runs it spins up a custom VM interpreter, executes the decryption bytecode against the payload, then loads and runs it directly in RAM.
every time you pack a file the VM opcodes are randomly shuffled and baked into the stub — so every packed file speaks a different instruction set. standard disassemblers can't auto-trace the decryption without reversing the interpreter first.
everything is in one .cpp file, no dependencies.
## download
grab a precompiled binary from [releases](https://github.com/iamsopotatoe-coder/tinyload/releases) or build it yourself.
## building from source
you need MinGW (g++) installed. just run:
```
g++ -o TinyLoad.exe TinyLoad.cpp -static -O2 -s
```
or use the included `build.bat`.
## usage
```
TinyLoad.exe --i [--o ] [--vm] [--c]
```
| flag | description |
|------|-------------|
| `--i ` | input exe to pack |
| `--o ` | output path (default: `input_packed.exe`) |
| `--vm` | custom VM encryption with randomized ISA |
| `--c` | LZ77 compression |
### examples
```
TinyLoad.exe --i myapp.exe --c
TinyLoad.exe --i myapp.exe --o packed.exe --vm --c
TinyLoad.exe --i myapp.exe --vm
```
you need at least one of `--vm` or `--c`.
## compression
custom LZ77 with hash-chain matching, 64KB sliding window, and lazy evaluation. typically gets decent ratios on PE files since they have a lot of repeated structure. compression runs on the raw input first, then VM encryption is applied on top so patterns in the compressed stream are also hidden. (we wanna improve this in v4)
## vm encryption
v3 replaces XOR with a custom 20-opcode virtual machine. the opcode table is randomly shuffled at pack time — every packed file gets a different ISA. the decryption logic is stored as bytecode with the keys embedded as immediates directly in the program. an analyst has to reverse the interpreter before they can even start on the payload.
the cipher itself is a 128-bit stream cipher using rotl/rotr key mixing, run entirely through the VM so there's no native decryption loop to fingerprint.
Graph:
## license
MIT
## Sidenotes
- This works on all files i tested it on, if it breaks on some of your files please open an issue to let me know.
- If you want to suggest any improvements or future updates please open an issue.