At the beginning I think it's very easy to do that.But when I searched by google...The result was not very good..


So,if most packers have no source code in public ?

non-commercial packers may have source code. UPX has it anyway, since it's an open-source project of SourceForge. But for commercial packers, sorry, there's no way to get it except searching for ripped source code or begging the vendors for that, but in the both ways, I don't think you will find out something useful. But anyway, you can check out UPX source code under http://upx.sourceforge.net/.

Hope that helps...

i posted source to a basic packer in the c++ section

Thanks belgther, I have got the source of UPX, but it seems for Linux...And There are many .cpp files in the package~~ I don't know which is the main program..hehe...


Thanks tibbar,I will search for it.

well, I had never been curious about a packer's source code. But if you want to write your own packer, you can search google for tutorials. Or there are also tutorials about writing a packer. Tibbar's source code may give you a better idea, and I had never been a fan of the source codes which are complicated and treed. I find it senseless, and believe things can be easier. Everything for just one file... So you sometimes open a file, look into it, but don't see anything related with the program running... That's the way some open-source coders do.
Anyway, I tried to help you, but didn't personally know that this code is for linux only. Butthe algorithm is the same, and you shouldn't have a problem with understanding the algorithm and applying it in windows.

belgther, you are right,I know little about programme,I just want to get a source code of any packer and try to change something I can to beat AVs. Finally I think it's difficult to me if I don't learn programme.

And, I already got the packer which written by tibbar, can not beat McAfee...If it could beat McAfee and then several days later McAfee beat the packer, I think I can add some useless codz to try if it could beat McAfee again,but now it seems what the packer done has no relations with the signature which McAfee detect.So I don't know how to do..


Oh my god do you know what I say ? Forgive my "perfect English"...

Honestly to say, Tibbar's packer just encrypts the code section, which can be detected by most AV programs. But if your main aim is to make virii undetectable, packing is not the only way. In the trojan&virus errata section of GSO, there are tutorials about it, which don't do anything with packing or advanced programming. You change some "harmless" bytes in the file, and it becomes undetectable by some AVs. Packing is a good way, but not the only way.
Antoher thing is the so called heuristic analyzing. It's the code analyzation that's done by AV programs to find engines that possibly make the virii undetectable, like polymorphic/metamorphic engines, packers, weak ones like UPX and Petite, or strong ones like ASProtect and Armadillo.
And in cases, you don't need source codes at all to understand things about packers, also how some protection and packaging/encryption schemes work. Reverse engineering may help you to understand the packers, their way of certain protection schemes, but anyway, never give up, learn and study. And don't worry about your english, I don't think people will not understand you, mine is also not so good.

my latest version encrypts data and resources too, which beats all major AV. once its polymorphic i will release source here.

belgther, thank you very much.

Actually,I can hex the specified programs to anti some AVs, but the process is too boring, I think I should find a better way which is use unknown packer to pack them,so I needn't to hex them any more.I am lazy ~.~,that's the only reason why I search the packer.

Indeed, I should learn more and more... but the time is too little




Thanks tibbar for your excellent program and source code.