Skip to content
C++ application that uses memory and code hooks to detect packers
Branch: master
Clone or download
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
deps/detours converted project to use cmake Mar 5, 2018
src converted project to use cmake Mar 5, 2018
.gitignore converted project to use cmake Mar 5, 2018
CMakeLists.txt converted project to use cmake Mar 5, 2018
LICENSE Initial commit Apr 15, 2015
README.md Update README.md Sep 29, 2015
buildclean.bat converted project to use cmake Mar 5, 2018
buildmsvc.bat
buildmsvc2017.bat converted project to use cmake Mar 5, 2018

README.md

PackerAttacker

Description

The Packer Attacker is a generic hidden code extractor for Windows malware. It supports the following types of pacers:

  1. Running from heap
  2. Replaceing PE header
  3. Injecting in a process

The Packer Attacker is based on Microsoft Detours.

Compilation

Compile with Microsoft C++ 2010 and Detours library. You'll have two files:

  1. PackerAttackerHook.dll - unpacking engine
  2. PackerAttacker.exe - DLL injector that executes malware and injects PackerAttackerHook.dll

Setting up

  1. Create folder C:\dumps - all the extracted hidden code will be saved there
  2. Put PackerAttacker.exe and PackerAttackerHook.dll to %PATH%
  3. If it's a clean machine you're going to need MSVC++ redistributable

Usage

PackerAttacker.exe <malware.exe>

Misc

Currently only PE EXE files are supported.

You can’t perform that action at this time.