How to find out if a pe file has been packed?
-
Hi masters! I'v written a code by which I can add a new section to pe files. But as I've noticed, some pe files are a little more intelligent than I thought :) Because as soon as I run them after I add the new section, a message says to me that this file has been modified! Even when I change a few first opCode begining at their entry point without add any section to them and without making any other change to them, the same message appears! Do you think they're "packed"? How can I find out? How can I find the original entry point?
Thank you masters!
-
Hi masters! I'v written a code by which I can add a new section to pe files. But as I've noticed, some pe files are a little more intelligent than I thought :) Because as soon as I run them after I add the new section, a message says to me that this file has been modified! Even when I change a few first opCode begining at their entry point without add any section to them and without making any other change to them, the same message appears! Do you think they're "packed"? How can I find out? How can I find the original entry point?
Thank you masters!
Actually what you want to achieve? First thing, you can modify, but which tool you are using hexeditor? If you want to get the Load address which is entry point of the PE. then you can get that. HMODULE hModDLL = LoadLibraryEx( "path\name.exe", NULL, DONT_RESOLVE_DLL_REFERENCES );
Величие не Бога может быть недооценена.