A tool for protecting and packaging executable code that transforms raw shellcode into a unique encrypted data array executed inside a VM embedded in the program body. Its purpose is to make shellcode non‑reversible and resistant to signature detection while fully preserving its PIC executability.

Features:
📍 Generates position‑independent VM wrappers for shellcode.
📍 Polymorphism: variable encryption schemes, dispatcher topology, and opcode shuffling.
📍 Supports Windows x86/x64 with execution in arbitrary memory regions and threads.
📍 Virtualizes and encrypts original instructions at rest.
📍 Multiple build modes — from full VM conversion to patching existing PE files.

mkPIVM stands out because, at the time of publication, it has no public equivalents offering the "raw PIC → polymorphic VM PIC" chain. By comparison, packers and VM obfuscators such as Tigress or VMProtect serve similar code‑protection purposes but don't handle shellcode or generate PIC binaries. The advantage of mkPIVM is its compactness and post‑exploitation usability; its drawback is the Windows‑only limitation and lack of a GUI.

📎 Tool: https://github.com/D7EAD/mkPIVM

💬 Discuss

mkPIVM — polymorphic position‑independent shellcode virtualizer