Enigma Virtual Box Unpacker / 解包、脱壳工具

Python 88.1%
C 11.9%

Find a file

greats3an f6f7d83dbf Version 0.1.0 feat : PE restoration is implemented feat : added a tree graph for directory listing misc : improved overall quality		2022-06-24 14:44:29 +08:00
.github/workflows	Version 0.1.0	2022-06-24 14:44:29 +08:00
evbunpack	Version 0.1.0	2022-06-24 14:44:29 +08:00
.gitignore	Reinitialized repo	2022-04-17 14:55:02 +08:00
LICENSE	Reinitialized repo	2022-04-17 14:55:02 +08:00
README.md	Version 0.1.0	2022-06-24 14:44:29 +08:00
setup.py	Version 0.1.0	2022-06-24 14:44:29 +08:00

README.md

evbunpack

Enigma Virtual Box unpacker

Features

Unpacks PE / external external packages made with Enigma Vitrual Box

Supports compressed archives and basically every recent version of EVB (tested 6.x & 9.x)

Can also restore the original executable for easier reverse engineering

Installation

pip install evbunpack

If PE restoration is desired, install pefile alongside this script

Usage

usage: __main__.py [-h] [--legacy] file output

Enigma Vitural Box Unpacker

positional arguments:
  file                  File to be unpacked
  output                Extract destination directory

options:
  -h, --help            show this help message and exit
  --ignore-pe IGNORE_PE
                        Treat PE files like external packages and thereby does not recover the original executable (for usage without pefile)
  --legacy              Enable compatibility mode to work with older (6.x) EVB packages

Examples

python -m evbunpack Lycoris_radiata.mys ../biman5_chs_moe
python -m evbunpack biman2.exe extract --legacy

TODO

~~Restore original PEs~~
Registery configuration extraction

Credits

evb-extractor

aplib

License

Apache 2.0 License