Yes administrator I searched the board found: "PE Rebuilding Topic"...
but I didn't find the info I needed.

I dumped a file and fixed the IAT all fine... but the dumped exe is over 1 MB and the packed file was only 33 kB. So I found empty spaces.
(Also dumped file works fine on Win XP)

My question is : How to remove that zero and create a valid exe...

I think (but isn't working or I did something wrong):

- remove bytes with Hex Editor
- change Raw Size (??? and Virtual Size ???) of section
- ??? change Size Of Image ???

If you know a good tutorial or if you want to tell me how to do it
thank you

MiniMind

If the zero bytes are at the end of some section, it is likely that you can remove them with a hex editor from the exe file. There will be a bunch of values to adjust in the PE header after this though, like e.g. the offsets pointing to all sections after the edited section, the raw size of the section (NOT the virtual size if these null bytes are used in any way by the program during runtime), all image size related values in the PE header etc. If you are lucky you can use some ready made "realigner" or "realignment" tool for PE files to perform most of these things though.

try to pack it with UPX, then unpack it with -d option :P, or use LordPE realign option, if you want to do it manually, look at the attached source

Thanks



Didn't work... but seems to be a nice trick

I wil try to understand c++ (usually programming Delphi, but nevermind)
code seems nice...

I'm working on it ->
Holiday is over and I'll have less time...

thanks dELTA for "confirming" and "improving" my thoughts