Results 1 to 3 of 3

Thread: Howto Build a new PE Header header or fix the existing?!?

  1. #1
    fad
    Guest

    Howto Build a new PE Header header or fix the existing?!?

    Hi, i have unpacked a executable. When I use PEiD to scan the exe it say's "Microsoft Visual C++ 6" but when i want to edit ressources the resource editor tells me that the programm is packed. OllyDBG tells me that the Entry Point is outside the Code section as specified in pe header.
    How can I Rebuild the PE-Header?

    ciao,

    fad
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    Bob
    Guest

    Howto Build a new PE Header header or fix the existing?!?

    Upload file to YouSendIt.com
    Post link to the file on PEiD forum, so we can check if it is indeed packed or not, and can add it to the PEiD Database.

    This goes for everyone who has moaned about PEiD not detecting properly by the way, submit sigs to PEiD forum and they will be added to the new version coming very soon.. Especially different Arma ones, lots of complaints but no sigs..

    Anyway, to rebuild the PE header, easy to use tool like LordPE or Werk..

    ~BoB~
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  3. #3
    mr haggar
    Guest

    Howto Build a new PE Header header or fix the existing?!?

    >Entry Point is outside the Code section as specified in pe header.

    Just open file in lordPE's editor. There you will probably see that code section starts at 1000 (401000-400000=1000) and that is first section. You just change that base to address that you want to be code section. It will acctually change nothing, but Olly will not complain. Read some PE format documents, btw.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. VB Header Info
    By JoePub in forum Malware Analysis and Unpacking Forum
    Replies: 1
    Last Post: December 25th, 2010, 20:55
  2. Critical Section in ASM? Howto?
    By Hero in forum Advanced Reversing and Programming
    Replies: 16
    Last Post: August 28th, 2007, 15:19
  3. PE Header Issue
    By Tom_Smith in forum OllyDbg Support Forums
    Replies: 5
    Last Post: August 4th, 2007, 17:50
  4. Howto put advanced breakpoint
    By hosiminh in forum OllyDbg Support Forums
    Replies: 3
    Last Post: January 31st, 2005, 06:52
  5. Exception Handler Howto ???
    By Malkocoglu in forum Advanced Reversing and Programming
    Replies: 5
    Last Post: May 31st, 2001, 13:26

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •