Skip to content

【WIP】📦 一款脱壳工具,能够识别并尝试脱除常见的PE壳,如UPX、ASPack等,帮助用户进行软件逆向工程和恶意软件分析。This is an unpacking tool that can identify and attempt to remove common PE shells like UPX and ASPack, aiding in software reverse engineering and malware analysis.

License

Notifications You must be signed in to change notification settings

orcastor/unpack

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Unpack: A PE Unpacking Tool & Library

Introduction

Unpack is a powerful and versatile library written in Go (Golang), designed to analyze and decompress executable files, particularly those packed with various PE (Portable Executable) packers. Packed executables are often used to obfuscate the true nature of the code, making it harder for security researchers and anti-virus software to analyze and understand the behavior of the program.

The primary goal of Unpack is to detect the presence of a packer, identify the type of packer used, and if possible, decompress the executable to its original form, allowing for easier analysis and understanding of the program's functionality.

Background

Executable packers have been a staple in the cybersecurity landscape for years. They are used for both legitimate purposes, such as protecting intellectual property, and malicious purposes, such as hiding malware. The ability to unpack these executables is crucial for security professionals who need to analyze and understand the behavior of potentially harmful software.

Supported Packers

Unpack currently supports the detection and unpacking of the following common PE packers:

  • UPX
  • ASPack
  • FSG
  • Themida
  • WinUpack
  • Petite
  • PESpin
  • Armadillo

Please note that the list above is not exhaustive, and Unpack is continuously updated to support new and emerging packers.

Command Line Usage

Unpack can be used as a command-line tool to detect the type of packer, check for composite packing, and attempt to unpack the executable. Here's how you can use it:

Installation

To install Unpack, you can use the following command:

go get github.com/orcastor/unpack

Detect Packer

To detect the packer used in an executable:

unpack detect <path-to-executable>

Unpack Executable

To attempt to unpack the executable:

unpack unpack <path-to-executable>

Contributing

Contributions to Unpack are welcome! If you have identified a new packer that is not yet supported or have improvements to the existing code, please submit a pull request or create an issue on the GitHub repository.

License

Unpack is released under the MIT License. Feel free to use, modify, and distribute this software as you see fit.

About

【WIP】📦 一款脱壳工具,能够识别并尝试脱除常见的PE壳,如UPX、ASPack等,帮助用户进行软件逆向工程和恶意软件分析。This is an unpacking tool that can identify and attempt to remove common PE shells like UPX and ASPack, aiding in software reverse engineering and malware analysis.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages