Awesome Executable Packing

A curated list of resources related to executable packing (including Portable Executable, Executable and Linkable Format and others) containing references to books, papers, blog posts, and other written resources but also packers and tools for detecting packers and unpacking executables.

Packing is the action of modifying an executable in a way that does not modify its purpose. It is generally one or a combination of the following operations: - bundling: makes a single executable with multiple files - compression: compresses the executable to reduce its original size - encoding: obfuscates the executable by encoding it - encryption: obfuscates the executable by encrypting it - mutation: alters the executable's code so that it uses a modifided instruction set and architecture (e.g. using oligomorphism) - protection: makes the reversing of the executable harder (i.e. using anti-debugging, anti-tampering or other tricks) - virtualization: embeds a virtual machine that allows to virtualize executable's instructionsContents

:books: Literature

Documentation

Scientific Research

:bookmark_tabs: Datasets

:package: Packers

After 2010

Between 2000 and 2010

Before 2000

:wrench: Tools

:books: LiteratureDocumentation

:earth_americas: a.out (FreeBSD manual pages)

:earth_americas: A.out binary format

:earth_americas: About anti-debug tricks

:bar_chart: Android packers: Separating from the pack

:pushpin: Anti debugging protection techniques with examples

:page_facing_up: Anti-unpacker tricks - Part 14 (and previous parts)

:bar_chart: API deobfuscator: Resolving obfuscated API functions in modern packers

:green_book: The art of memory forensics: Detecting malware and threats in Windows, Linux, and mac memory

:bar_chart: The art of unpacking

:earth_americas: Awesome executable packing

:earth_americas: Awesome LLVM security

:pushpin: Cloak and dagger: Unpacking hidden malware attacks

:book: Cluster analysis

:earth_americas: Clustering algorithms

:earth_americas: COM binary format

:earth_americas: Common object file format (COFF)

:earth_americas: Comparison of executable file formats

:newspaper: A complexity measure

:newspaper: Cyclomatic complexity density and software maintenance productivity

:earth_americas: Defacto2

:newspaper: Do we need hundreds of classiﬁers to solve real world classiﬁcation problems?

:bar_chart: Dynamic binary analysis and obfuscated codes

:earth_americas: elf (FreeBSD manual pages)

:pushpin: Entropy and the distinctive signs of packer PE files

:earth_americas: Executable and linkable format (ELF)

Awesome Executable Packing

A curated list of resources related to executable packing (including Portable Executable, Executable and Linkable Format and others) containing references to books, papers, blog posts, and other written resources but also packers and tools for detecting packers and unpacking executables.

:books: Literature
Documentation
Scientific Research
:bookmark_tabs: Datasets
:package: Packers
After 2010
Between 2000 and 2010
Before 2000
:wrench: Tools

:books: Literature

Documentation

:earth_americas: a.out (FreeBSD manual pages)
:earth_americas: A.out binary format
:earth_americas: About anti-debug tricks
:bar_chart: Android packers: Separating from the pack
:pushpin: Anti debugging protection techniques with examples
:page_facing_up: Anti-unpacker tricks - Part 14 (and previous parts)
:bar_chart: API deobfuscator: Resolving obfuscated API functions in modern packers
:green_book: The art of memory forensics: Detecting malware and threats in Windows, Linux, and mac memory
:bar_chart: The art of unpacking
:earth_americas: Awesome executable packing
:earth_americas: Awesome LLVM security
:pushpin: Cloak and dagger: Unpacking hidden malware attacks
:book: Cluster analysis
:earth_americas: Clustering algorithms
:earth_americas: COM binary format
:earth_americas: Common object file format (COFF)
:earth_americas: Comparison of executable file formats
:newspaper: A complexity measure
:newspaper: Cyclomatic complexity density and software maintenance productivity
:earth_americas: Defacto2
:newspaper: Do we need hundreds of classiﬁers to solve real world classiﬁcation problems?
:bar_chart: Dynamic binary analysis and obfuscated codes
:earth_americas: elf (FreeBSD manual pages)
:pushpin: Entropy and the distinctive signs of packer PE files
:earth_americas: Executable and linkable format (ELF)