bytexus
September 1st, 2002, 10:23
Where can i find some documentation about packing pe files? I'm very interested in this subject.What knowledge it is suposed to have and how does the process works?
View Full Version : how can i creat a packer?
DakienDX
September 1st, 2002, 10:48
Hello bytexus !
Try to read as many documentation of the PE file format as you can get. You'll need to understand the PE format nearly perfect before you can start.
Very good knowledge of ASM is also an important point as well as knowing what you can do on different operating systems and what not.
First you should start with a simple encryptor (maybe XORing every byte by 01h). Go over to compression later when the encryptor works. If I remember correctly, PeSentry and Stone's PE Encryptor come with source code so you can look how they work.
Since I'm sure you can't write a compression algorithm right out of your hand you should look for some free compression library like JACLG1 or aPLib.
Try to read as many documentation of the PE file format as you can get. You'll need to understand the PE format nearly perfect before you can start.
Very good knowledge of ASM is also an important point as well as knowing what you can do on different operating systems and what not.
First you should start with a simple encryptor (maybe XORing every byte by 01h). Go over to compression later when the encryptor works. If I remember correctly, PeSentry and Stone's PE Encryptor come with source code so you can look how they work.
Since I'm sure you can't write a compression algorithm right out of your hand you should look for some free compression library like JACLG1 or aPLib.
bytexus
September 2nd, 2002, 22:36
Thanks for your answers. for he moment i've found some references to pe format,i've found jcalc compresion library(by jeremy collake PeCompact i think). My question is how do i do it? If i can tell in some small detail in some regular terms(i don't have a lot of knowledge for the moment) the exact steps that you got to make to create a packer.
cyberheg
September 3rd, 2002, 06:24
Like DakienDX said without knowledge of PE you won't get far.
However the basic steps are as following:
I'd rather call it tasks and not steps since one task can involve alot of coding. In my research a proper packer could easily become many many many thousand codes of lines so depending on how proper code you write even a simple initial packer could become a few thousand lines.
1. Write a file processor which will append your loader to the target. The target is the program you want to protect. This processor should add a section, append loader, process relocs, process import directory, encrypt/compress the other sections of the file and ofcourse remap the entrypoint.
2. Write a simple loader. This should be relocation free (VERY VERY IMPORTANT). This can be done either with delta setup or making a reloc section for the loader and remap the reloc directory info to the loader. Then it should decrypt/decompress the target sections, load imports and fix relocations.
So now you got the needed tasks to do it. Again if theres anything you don't understand of what I've written most of the words can be looked up in any PE document, I recommend Luevemeyer.
// CyberHeg
However the basic steps are as following:
I'd rather call it tasks and not steps since one task can involve alot of coding. In my research a proper packer could easily become many many many thousand codes of lines so depending on how proper code you write even a simple initial packer could become a few thousand lines.
1. Write a file processor which will append your loader to the target. The target is the program you want to protect. This processor should add a section, append loader, process relocs, process import directory, encrypt/compress the other sections of the file and ofcourse remap the entrypoint.
2. Write a simple loader. This should be relocation free (VERY VERY IMPORTANT). This can be done either with delta setup or making a reloc section for the loader and remap the reloc directory info to the loader. Then it should decrypt/decompress the target sections, load imports and fix relocations.
So now you got the needed tasks to do it. Again if theres anything you don't understand of what I've written most of the words can be looked up in any PE document, I recommend Luevemeyer.
// CyberHeg
Powered by vBulletin® Version 4.2.2 Copyright © 2018 vBulletin Solutions, Inc. All rights reserved.