PE packer with randomized VM ISA per output file (C++)
TinyLoad V4.0 is a compact PE packer for Windows that compresses and encrypts executables using a custom virtual machine. Each packed file uses a randomly shuffled instruction set, making reverse engineering more difficult for standard disassemblers. The tool is written in a single C++ file, supports compression and VM encryption, and includes anti-debugging features.
- ▪TinyLoad appends a compressed and encrypted payload to a self-extracting stub that runs decryption in a custom VM.
- ▪Every packed executable uses a different VM instruction set due to randomized opcode shuffling at pack time.
- ▪The tool includes anti-debugging checks, opaque predicates, and PE section scrambling to hinder analysis.
- ▪Compression uses a custom LZ77 implementation with a 64KB sliding window and lazy evaluation.
- ▪TinyLoad is released under the MIT license and is intended for legitimate use, not for packing malware.
Opening excerpt (first ~120 words) tap to expand
TinyLoad V4.0 simple PE packer for Windows. compresses and encrypts executables with a custom virtual machine into a self-extracting stub. how it works TinyLoad appends your compressed payload to a copy of itself. when the packed exe runs it uses a custom VM interpreter, executes the decryption bytecode against the payload, then loads and runs it directly in RAM. every time you pack a file the VM opcodes are randomly shuffled and baked into the stub. So every packed file speaks a different instruction set. standard disassemblers can't auto-trace the decryption without reversing the interpreter first. everything is in one .cpp file, no dependencies. download grab a precompiled binary from releases or build it yourself. building from source you need MinGW (g++) installed.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at GitHub.