Skip to content

1v4mp1r3/binary-packer-analysis-lab

Repository files navigation

Binary Packer Analysis Lab

packlab is a defensive static-analysis CLI for spotting packer indicators in PE, ELF, and raw binary files. It reads metadata, maps section entropy, applies explainable packer rules, and writes text, JSON, and HTML reports.

This implements the Notion project "Binary Packer Analysis Lab" in Go.

Features

  • PE and ELF metadata parsing.
  • SHA-256 hashing and entry point reporting.
  • Import library extraction where available.
  • Section-level entropy map.
  • PE overlay detection.
  • UPX marker and UPX-like section detection.
  • Rules for high entropy, W+X sections, low imports, and overlays.
  • Explainable score and verdict.
  • JSON and HTML reports.
  • Benign synthetic fixtures in tests.

Install

go build -o bin/packlab.exe ./cmd/packlab

Usage

bin/packlab.exe analyze .\some-binary.exe --json packlab-report.json --html packlab-report.html

Fail CI when suspicious indicators are found:

bin/packlab.exe analyze .\some-binary.exe --fail-on-suspicious

Verdicts

  • not-packed: no meaningful packer indicators fired.
  • suspicious: one or more weak or medium indicators fired.
  • packed-likely: strong UPX markers or a high combined score fired.

Safety Scope

This lab is for static defensive analysis of binaries you own, compile, or are authorized to inspect. It does not execute samples, unpack payloads, patch binaries, or ship malware fixtures.

Development

go test ./...
go build -o bin/packlab.exe ./cmd/packlab

Project Structure

cmd/packlab        CLI entry point
internal/analysis  parsers, entropy, rule engine
internal/report    text, JSON, and HTML reports
docs/              architecture and safe sample notes

About

Defensive PE/ELF packer analysis lab with entropy maps, UPX signatures, and explainable reports

Topics

Resources

License

Stars

0 stars

Watchers

0 watching

Forks

Packages

 
 
 

Contributors