Honestly to say, Tibbar's packer just encrypts the code section, which can be detected by most AV programs. But if your main aim is to make virii undetectable, packing is not the only way. In the trojan&virus errata section of GSO, there are tutorials about it, which don't do anything with packing or advanced programming. You change some "harmless" bytes in the file, and it becomes undetectable by some AVs. Packing is a good way, but not the only way.
Antoher thing is the so called heuristic analyzing. It's the code analyzation that's done by AV programs to find engines that possibly make the virii undetectable, like polymorphic/metamorphic engines, packers, weak ones like UPX and Petite, or strong ones like ASProtect and Armadillo.
And in cases, you don't need source codes at all to understand things about packers, also how some protection and packaging/encryption schemes work. Reverse engineering may help you to understand the packers, their way of certain protection schemes, but anyway, never give up, learn and study. And don't worry about your english, I don't think people will not understand you, mine is also not so good.
about packer source code
最新推荐文章于 2021-11-13 12:20:07 发布