Skip to content

xM0kht4r/2Pack

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
resources
resources
 
 
src
src
 
 
templates
templates
 
 
Cargo.lock
Cargo.lock
 
 
Cargo.toml
Cargo.toml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
build.rs
build.rs
 
 

Repository files navigation

2Pack

Rust Based PE & Shellcode Packer
2025_12_27_23_30_24_Command_Prompt (1)

📖 Overview

2Pack is a simple packing tool designed for malware hobbyists. It supports both PE files (EXE/DLL) and raw shellcode. The tool employs multiple layers of protection including AES encryption, XOR obfuscation, and compression before embedding payloads in the .rsrc sections of template loaders.

⚠️Please note that all templates were written with no evasion techniques in mind, This project was created solely for educational purposes to learn more about windows internals. The techniques implemented are very outdated and mainstream, there is 0 chance of making it past any self-respecting AV/EDR :(

I will continue updating the templates as I progress in my maldev journery <3

⚙️Usage:

  • Specify the input file using --input or -i
  • Specify the file format using --format or -f
  • Specify the mode, either local or remote, using --mode or -m
  • Specify the targeted process for injetction in remote mode using --process or -p
  • Specify the template file using -t or --template

Example:

> cargo run --bin tpack -- --input shellcode.bin --format shellcode --mode remote --template stomper --process Calc.exe

🚀Templates:

⚡️ Stomper : --template stomper

Remote Function stomping via memory patching. The template Allocates RWX memory in target process, injects payload, and overwrites NtQuerySystemTime entry with jumps to injected shellcode.

👻 Hollower : --template hollower

Remote Process Hollowing where the template creates a suspended process pointing to legitimate code, then hollows out the thread's context to redirect execution to injected shellcode.

🛠 Reflective-Loader : --template reflective-loader

A custom PE loader that manually parses and maps portable executable files (EXE-DLL) directly into memory without using the Windows loader or touching the disk.

💡 Templates parameters

Stomper Hollower Reflective-Loader
Local
Remote
Shellcode
Exe
Dll

🛠️ CUSTOM TEMPLATES

All template source code is located in src/templates_src/. To create a custom template:

  1. Modify the Rust source code of your chosen template
  2. Compile using: cargo build --bin [template_name] --release
  3. Place the compiled binary in templates/compiled/ with a .2pk extension

Example:

cargo build --bin remote_shellcode_stomper --release
copy target/release/remote_shellcode_stomper.exe templates/compiled/remote_shellcode_stomper.2pk

🔒 DISCLAIMER

You are responsible for ensuring you have proper authorization before using this tool. The author assumes no liability for misuse.

🤝 Collaborations

This is an ongoing project, contributions and suggestions are welcome! If you have ideas, improvements, or would like to collaborate, feel free to reach out at: M0kht4rHacks@protonmail.com

About

Rust Based PE & Shellcode Packer

Topics

packer malware malware-research malware-development

Resources

Readme

License

GPL-3.0 license
Activity

Stars

32 stars

Watchers

0 watching

Forks

7 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages