mirrors/evbunpack
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Enigma Virtual Box Unpacker / 解包、脱壳工具
50 commits 1 branch 19 tags 3.3 MiB
  • Python 88.1%
  • C 11.9%
Find a file
Exact
mos9527 104f2c7e25 Version 0.2.1 
Made CLI arguments backwards compatible with pre-0.2.0 versions.
Added example usage to README.
2024-06-11 22:59:48 +08:00
.github/workflows Version 0.2.0 2024-06-07 13:11:49 +08:00
evbunpack Version 0.2.1 2024-06-11 22:59:48 +08:00
example/PackerTestApp Support for EVB 10.70 and major refactor 2024-06-07 00:13:22 +08:00
tests Support for EVB 10.70 and major refactor 2024-06-07 00:13:22 +08:00
.gitignore Support for EVB 10.70 and major refactor 2024-06-07 00:13:22 +08:00
LICENSE Reinitialized repo 2022-04-17 14:55:02 +08:00
README.md Version 0.2.1 2024-06-11 22:59:48 +08:00
setup.py Version 0.1.9 2022-09-04 23:05:19 +08:00
test_unpack_pe.py Version 0.2.0 2024-06-07 09:17:34 +08:00

README.md

evbunpack

Enigma Virtual Box unpacker

Features

  • Executable unpacking
    • TLS, Exceptions, Import Tables and Relocs are recovered
    • Executables with Overlays can be restored as well
    • Enigma loader DLLs and extra data added by the packer is stripped
  • Virtual Box Files unpacking
    • Supports both built-in files and external packages
    • Supports compressed mode

Tested Versions

Packer Version Notes Unpack with Flags
10.70 Automatically tested in CI for x86/x64 binaries. None
9.60 Limited testing. --legacy-pe
7.80 Automatically tested in CI for x86/x64 binaries --legacy-fs --legacy-pe

Installation

For Windows Users : Builds are available here

Or get the latest version from PyPi:

    pip install evbunpack

Usage

usage: evbunpack [-h] [--log-level {DEBUG,INFO,WARNING,ERROR,CRITICAL}] [-l] [--ignore-fs] [--ignore-pe]
                  [--legacy-fs] [--legacy-pe] [--out-pe OUT_PE]
                  file output

Enigma Virtual Box Unpacker

options:
  -h, --help            show this help message and exit
  --log-level {DEBUG,INFO,WARNING,ERROR,CRITICAL}
                        Set log level

Flags:
  -l, --list            Don't extract the files and print the table of content to stderr only
  --ignore-fs           Don't extract virtual filesystem
  --ignore-pe           Don't restore the executable
  --legacy-fs           Use legacy mode for filesystem extraction
  --legacy-pe           Use legacy mode for PE restoration

Overrides:
  --out-pe OUT_PE       (If the executable is to be recovered) Where the unpacked EXE is saved. Leave as-is  
                        to save it in the output folder.

Input:
  file                  File to be unpacked
  output                Output folder

Example Usage (test file available here)

Input:

evbunpack x64_PackerTestApp_packed_20240522.exe output

Output:

INFO: Enigma Virtual Box Unpacker v0.2.1
INFO: Extracting virtual filesystem
Filesystem:
   └─── output
       └─── output/README.txt
Writing File [size=0x11, offset=0x3465]: total=      11h read=       0h
INFO: Extraction complete
INFO: Restoring executable
INFO: Using default executable save path: output\x64_PackerTestApp_packed_20240522.exe
Saving PE: total=    3211h read=       0h
INFO: Unpacked PE saved: output\x64_PackerTestApp_packed_20240522.exe

TODO

  • Automatically detect packer version

Credits

License

Apache 2.0 License