Skip to content

v-p-b/peCloakCapstone

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
1 branch 0 tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
README.md
 
 
SectionDoubleP.py
 
 
peCloak.py
 
 

README.md

peCloak - Capstone

This is a simple fork of SecuritySift's peCloak that uses Capstone. The intention is to provide a fork based on a well-maintained, up-to-date disassembly library and to make the script multi-platform.

Here's what I did so far:

  • Replaced pydasm with Capstone
    • Included a patched version of SectionDoubleP as it also relied on pydasm
  • Made data (un)packing platform independent by always using standard sizes

This way I managed to create obfuscated 32-bit Windows executables on 64-bit Linux which is nice :)

Still, this is just a quick hack, bugs most probably hide here and there and I probably left some dead code too.

About

Platform independent peCloak fork based on Capstone

Resources

Readme

Stars

98 stars

Watchers

8 watching

Forks

39 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages