I found documentation on how the PE header is structured and how a program is loaded and started by the OS. Can you give me some pointers on what I should look now ? There is some very simple exe packer source I can examine ? UPX is way too much complex for me at the moment.
Sorry, I don't have any simple packers to point you to, but I think I've seen one or two long, long ago. Good luck!
One of the simpler tools than UPX is SimpleDPack, which is a very simple Windows exe packaging tool, suitable for learning or studying PE structures. Additionally, you can also consider Simple Executable Packer on SourceForge, a simple Windows exe/dll packaging tool, with source code mainly written in C and very minimalist.
To deepen your understanding of PE headers and executable packers, start by solidifying your grasp of the PE file format and program loading process. Look for simpler executable packer source codes like MPRESS or TinyPE, which are less complex than UPX. Analyzing and modifying these simpler packers will help you understand how they manipulate PE headers and compress sections. Utilize resources like Microsoft's PE and COFF Specification and tutorials on platforms like CodeProject. Experiment with small projects to test your knowledge and observe the effects of changes. This approach will build your foundation and prepare you for more complex tools.
You might want to explore simpler executable packers like PECompact or ASPack. These packers have more straightforward implementations that can help you understand the basics of PE header manipulation and compression techniques. Additionally, examining open-source projects like kraptor or FUPX can provide insights without the complexity of UPX. Look into the unpacking process as well; understanding how these packers work will give you a clearer picture of executable structure and behavior. Finally, consider reading about the PE file format and basic disassembly tools like CFF Explorer or PE Explorer to deepen your understanding.
Check Out Minimalist Packers
Since UPX is too complex at the moment, you may want to check:
Petite (small PE packer, but closed-source).
DIY Packer Examples:
- Tiny PE Packer by hasherezade – very minimal packer.
- "MiniPackers" on GitHub – Search for repositories implementing simple PE compression.
- Matt Pietrek's articles – Covers writing simple packers.