Enigma Virtual Box Unpacker / 解包工具
Project description
evbunpack
Enigma Virtual Box unpacker
Features
- Executable unpacking
- TLS, Exceptions, Import Tables and Relocs are recovered
- Executables with Overlays can be restored as well
- Enigma loader DLLs and extra data added by the packer is stripped
- Virtual Box Files unpacking
- Supports both built-in files and external packages
- Supports compressed mode
Tested Versions
- This applies to PE unpacking. If the chosen PE unpack variant does not work, please try out the other ones with
-pe [variant]
| Packer Version | Notes | Unpack with Flags |
|---|---|---|
| 10.70 | Automatically tested in CI for x86/x64 binaries. | -pe 10_70 |
| 9.70 | Automatically tested in CI for x86/x64 binaries. | -pe 9_70 |
| 7.80 | Automatically tested in CI for x86/x64 binaries | -pe 7_80 --legacy-fs |
Installation
For Windows Users : Builds are available here
Or get the latest version from PyPi:
pip install evbunpack
Usage
usage: evbunpack [-h] [--log-level {DEBUG,INFO,WARNING,ERROR,CRITICAL}] [-l] [--ignore-fs] [--ignore-pe] [--legacy-fs] [-pe {10_70,9_70,7_80}] [--out-pe OUT_PE] file output
Enigma Virtual Box Unpacker
options:
-h, --help show this help message and exit
--log-level {DEBUG,INFO,WARNING,ERROR,CRITICAL}
Set log level
Flags:
-l, --list Don't extract the files and print the table of content to stderr only
--ignore-fs Don't extract virtual filesystem
--ignore-pe Don't restore the executable
--legacy-fs Use legacy mode for filesystem extraction
-pe {10_70,9_70,7_80}, --pe-variant {10_70,9_70,7_80}
Unpacker variant to use when unpacking EXEs. default=9_70
Overrides:
--out-pe OUT_PE (If the executable is to be recovered) Where the unpacked EXE is saved. Leave as-is to save it in the output folder.
Input:
file File to be unpacked
output Output folder
Example Usage (test file available here)
Input:
evbunpack x64_PackerTestApp_packed_20240522.exe output
Output:
INFO: Enigma Virtual Box Unpacker v0.2.1
INFO: Extracting virtual filesystem
Filesystem:
└─── output
└─── output/README.txt
Writing File [size=0x11, offset=0x3465]: total= 11h read= 0h
INFO: Extraction complete
INFO: Restoring executable
INFO: Using default executable save path: output\x64_PackerTestApp_packed_20240522.exe
Saving PE: total= 3211h read= 0h
INFO: Unpacked PE saved: output\x64_PackerTestApp_packed_20240522.exe
TODO
- Automatically detect packer version
Credits
License
Apache 2.0 License
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
evbunpack-0.2.3.tar.gz
(15.7 kB
view details)
Built Distribution
evbunpack-0.2.3-py3-none-any.whl
(15.9 kB
view details)
File details
Details for the file evbunpack-0.2.3.tar.gz.
File metadata
- Download URL: evbunpack-0.2.3.tar.gz
- Upload date:
- Size: 15.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.1 CPython/3.10.11
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 318525acb201bfe4e487c671ff7f38b270cb8834743e480f175ca2ba38bb15b7 |
|
| MD5 | 1c9c425d89f4a483ec1608e7483ca689 |
|
| BLAKE2b-256 | 286b4dd07ff0757994bf4a0b5bbb9dde92e6c9ae54d46ca8d9342f3edda7caf9 |
File details
Details for the file evbunpack-0.2.3-py3-none-any.whl.
File metadata
- Download URL: evbunpack-0.2.3-py3-none-any.whl
- Upload date:
- Size: 15.9 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/5.1.1 CPython/3.10.11
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | 85106e9b97043168c8bf0f2f7e7ff8fc277403cb3df900ccad2167f382375d4a |
|
| MD5 | f050e9ea6a191ceaa9bcddcca5484ae3 |
|
| BLAKE2b-256 | 73b18e7f005b36497f987c11ef82f9ad405fab8c4810079825692865eddd4d95 |
