Results 1 to 4 of 4

Thread: How does Ollydbg determine if a file might be pack

  1. #1
    1bitshort
    Guest

    How does Ollydbg determine if a file might be pack

    When you open some packed files you might see a message like this:
    Module 'target' has entry point outside the code (as specified in the PE header). Maybe this file is self-extracting or self-modifying. Please keep it in mind when setting breakpoints!

    Ive always found it very interesting how OllyDbg is able to determine that. I know its a fairly simple and quick method, but the actual algorithm behind it makes me curious -- does anybody here know what might be happening? For example, does it look at the "BaseOfCode" and "BaseOfData" values, or the values of the VirtualOffset/RelativeOffset of each section, or the flags of each section, or what? If somebody can provide a "pseudo-algorithm" describing the procedure Id be very grateful.
    Thankyou for your time
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    psyCK0
    Guest

    How does Ollydbg determine if a file might be pack

    Just a guess:

    section = GetSectionForAddress(eip);
    if(section.characteristics != Characteristics.executable)
    ShowMessage();
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  3. #3
    1bitshort
    Guest

    How does Ollydbg determine if a file might be pack

    Thankyou! I know what you mean by section.characteristics, but what do you mean by executable.characteristics?
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    psyCK0
    Guest

    How does Ollydbg determine if a file might be pack

    I meant:

    if(section characteristics != exacutable)
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. determine call used?
    By nams in forum The Newbie Forum
    Replies: 0
    Last Post: January 1st, 2011, 21:32
  2. unable to save changes in exe file by Ollydbg
    By blondakke in forum OllyDbg Support Forums
    Replies: 17
    Last Post: August 29th, 2006, 04:57
  3. please about nsp pack
    By milad in forum OllyDbg Support Forums
    Replies: 6
    Last Post: December 28th, 2005, 07:08
  4. how to determine importtype?
    By 0rp in forum The Newbie Forum
    Replies: 3
    Last Post: May 19th, 2004, 17:31

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •