Research on New PE File Packer and Shelling Methods

摘要

The full name of PE file is Portable Executable file. The common EXE, DLL, OCX, SYS and COM documents are all PE files. File packer is a necessary means of application authors usually use to protect copyrights, but it can be used by many malicious softwares to avoid the detection of anti-virus softwares. Common shelling softwares usually deal with these programs by finding the feature codes of the targeted packer files, while directional shelling softwares usually find by specified features which have already been concluded by Network Security engineers, However, with the development of shell protection, more and more shell applications can't be processed by common shelling softwares as well as directional shelling softwares. To solve the threat of these malicious softwares, new shelling methods must be developed. The paper introduces new shelling and packing ways, and focuses on introducing principals and applications of these techniques.