As a direct response to the leaker, I have documented the main depacker internals. I might do a static unpacker, too.

I have no intention of obfuscation at all. Being transparent should be a goal of any ethical programmer. Hopefully this stops any ideas of people using the packer to pack malware.

Updated:

* better error handling when handling invalid files (already mupacked files, .NET assemblies, x64 files).
* tested post packing digital code signing.

Nice tool

Dragging an executable on mupack_pub.exe won't start packing.
Packing section take some time, at first i thought it freezes during while loop or something, it would be nice to have some text like "Wait...Packing" while packing.
Also what about merging all section into one section ? no options tab ?

About Compression ratio: Have you done some exe packer comparison with similar tools ? (uPack/XPack/MEW/..)

Nice idea, I should add commandline support.

Another nice idea, I'll add that.

Merging all sections would take a rewrite, although it should help compression ratio. I didn't see the need for a options tab, what options should there be? :)

No, I should though.

blog seems down chief, also firefox reports the site as serving malware... if i tell it to ignore it i get a 404 on the link you posted for the 'response' ... kinda sucks someone leaked, i know what that feels like.. really makes you question the motives of some people

Yah, Google in thier infinite wisdom blocked my site thanks to some false positives on some demos & files I coded, because I used a packer. And its impossible to get them to unblock because the review process seems to be entirely automated.

I tried working around it by setting Apache settings to make http://mudlord.info/blog usable instead, but that broke Wordpress entirely.

At least now the people at the taggant team have a PDF of the depacker internals, hopefully they can spread it amongst the cabal so they can autodepack it like UPX.

@mudlord you could try setting a subdomain with some aliasing, but chances are google blocked your entire domain range :)

automated blacklisting is a recipe for disaster...

There are many:
Strip TLS
Strip Reloc
Strip Debug
Strip Delphi Resources
Don't compress resource
Preserve Overlay
Merge Sections
Compression Algo
...

I know, but I proved it happened: Managed to unblacklist my site just by password protecting ZIPs/RARs with packed files.

Some executables might need it.

Might be needed for some executables, mandatory for DLLs.

Useful feature to strip. Will have to do some research to see which section debug data is stored in.

Could you elaborate?

Better yet, selectable section compression.

Overlay preservation is a feature I must add, especially when there is plenty of Flash games around these days.

Would like to add. Would need to experiment with some things, such as the rebuilt resource section after resources compression.

Private build already does this dynamically depending on the file size. It also does better compression with the default compression algorithm. But whats in there currently thats public is already pretty good as it. It sure beats LZO/aplib/zlib/LZ4/lzss. I have some ideas to further improve the compression algorithm though, but I got a private x64 rewrite in progress though.

Strip VCLAL and PACKAGEINFO resources
Nice, so that's why it's one file drop pack and Go :)

Thanks for the info.

Yes, the private build uses a high compression variant of whats in the public build as well as LZMA1. LZMA2 wasn't chosen since thats just 7z related, and not compression algo related. It changes on the fly since LZMA works well on files on large file sizes whereas the LZ77+range coder works well on small-medium file sizes. There is also a tradeoff when using the HC variant of LZ77+range coder, in terms of speed, so thats taken into account too. I'm quite proud of that.

Have you tried alternatives to LZMA by any chance?

LZMA1 seemed to be one of the best, if not the best for compression ratio vs decompressor size.

Started work on dj-siba's requests, next version will have at least commandline support for integration into MSVC and other things.