PoC Nanomite packer for PE32/PE32++ executables
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
include
res
src
tools
.gitignore
Makefile
README.md
pack

README.md

______________.___.  _____    _______    _______   
\_   ___ \__  |   | /  _  \   \      \   \      \  
/    \  \//   |   |/  /_\  \  /   |   \  /   |   \ 
\     \___\____   /    |    \/    |    \/    |    \
 \______  / ______\____|__  /\____|__  /\____|__  /
        \/\/              \/         \/         \/ 

PoC Nanomite packer for PE32/PE32++

New and improved/corrected version will be soon available.

README will be updated with better explanation about how it work. Instead of waiting you may directly look at the code :)

Under Linux cd to the cyann dir, then ./pack /path/to/my.exe

Dependances:

  • mingw for linux (i686 and x86_64)
  • python2 with capstone and pefile module

It is just a PoC, can (and will) be greatly improved. The most important part is the tiny python script who use capstone to patch with nanomite the original binary. For the moment you can't pack heavy binary, the injection technique used (process hollowing) will fail if size(original_bin) > size(packed_bin), the virtalloc will fail to allocate sufficient memory in remote process. As said, it's just a tiny PoC. I will fix that by adding fake nanomite in the table. UPDATE: Some errors are present into the way Cyann patch and use Nanomited call instructions. Will be fix soon.