explaingit

iamsopotatoe-coder/tinyload

Analysis updated 2026-06-24

100C++Audience · researcherComplexity · 4/5LicenseSetup · moderate

TLDR

Single file C++ Windows PE packer that compresses and encrypts an executable, then unpacks it in memory through a small randomly shuffled virtual machine.

Mindmap

mindmap
  root((TinyLoad))
    Inputs
      Input executable
      Compression flag
      VM flag
    Outputs
      Packed executable
      In memory loader
      Shuffled opcode table
    Use Cases
      Study PE packing
      Shrink legitimate binaries
      Research anti dump tricks
    Tech Stack
      C++
      MinGW
      Windows PE
      LZ77
Click or tap to explore — scroll the page freely

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Study how a PE packer compresses and encrypts a Windows binary

USE CASE 2

Learn how a tiny custom virtual machine can hide a decryption loop

USE CASE 3

Experiment with LZ77 compression plus stream cipher layering

USE CASE 4

Read a single file C++ reference implementation of anti dump tricks

What is it built with?

C++MinGWWindowsLZ77

How does it compare?

iamsopotatoe-coder/tinyload2dom/keypad5ec1cff/injectrc
Stars1008965
LanguageC++C++C++
Setup difficultymoderatehardhard
Complexity4/54/54/5
Audienceresearcherdeveloperdeveloper

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · moderate Time to first run · 30min

Needs MinGW and a Windows target, and the project is Windows only with the README asking users not to pack malicious software.

MIT license, free to use, modify, and redistribute including for commercial work, with attribution.

In plain English

TinyLoad is a Windows tool that takes a normal executable file and wraps it in a smaller, scrambled version of itself. The README calls this a PE packer. The original program is compressed, encrypted, and stored inside a stub. When you run the new file, the stub reverses those steps in memory and then runs the program directly, without writing the unpacked version to disk. The whole project is written in one C++ file with no external dependencies. The interesting part is how the unpacking happens. TinyLoad ships a small custom virtual machine with 32 opcodes. The opcode table is reshuffled randomly every time you pack a file, so each packed exe effectively speaks its own instruction set. A standard disassembler cannot follow the decryption logic without first reverse-engineering the interpreter for that specific build. The actual cipher is a 128-bit stream cipher with rotation-based key mixing, and it runs entirely inside the virtual machine, so there is no native decryption loop a tool can match against. You run it from the command line as TinyLoad.exe --i input.exe with at least one of two flags: --c turns on LZ77 compression with a 64KB sliding window and hash-chain matching, and --vm turns on the virtual-machine encryption. Compression runs first on the raw input, then encryption is applied on top, so repeated patterns in the compressed stream are also hidden. To build from source you need MinGW and a single g++ command, or you can grab a precompiled binary from the GitHub releases page. Version 5.0 adds anti-dump features. After the payload loads, it redirects critical Windows API calls (GetModuleHandleA, GetProcAddress, ExitProcess, VirtualAlloc) through wrappers in the stub, then zeroes out the import directory, DLL names, and import data structures. The README says this makes a dumped payload very hard to reconstruct because the import table is gone. Internal strings in the stub are also XOR-encrypted. The project is MIT licensed. The README includes a request not to use the tool to pack malicious software and asks users to open an issue if a packed file does not run.

Copy-paste prompts

Prompt 1
Walk me through building TinyLoad from source with MinGW and packing a hello world exe using --c and --vm
Prompt 2
Explain how TinyLoad's 32 opcode virtual machine is shuffled per build and why that breaks static disassembly
Prompt 3
Show me the LZ77 implementation in TinyLoad and where the 64KB sliding window is defined
Prompt 4
Help me read the version 5 anti dump code that zeroes the import directory and trace which Windows APIs are wrapped
Prompt 5
Sketch a small CTF challenge that uses TinyLoad as the packing step and document the expected unpacking workflow

Frequently asked questions

What is tinyload?

Single file C++ Windows PE packer that compresses and encrypts an executable, then unpacks it in memory through a small randomly shuffled virtual machine.

What language is tinyload written in?

Mainly C++. The stack also includes C++, MinGW, Windows.

What license does tinyload use?

MIT license, free to use, modify, and redistribute including for commercial work, with attribution.

How hard is tinyload to set up?

Setup difficulty is rated moderate, with roughly 30min to a first successful run.

Who is tinyload for?

Mainly researcher.

Open on GitHub → Explain another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.