1bitshort
July 6th, 2004, 20:54
When you open some packed files you might see a message like this:
Module 'target' has entry point outside the code (as specified in the PE header). Maybe this file is self-extracting or self-modifying. Please keep it in mind when setting breakpoints!
Ive always found it very interesting how OllyDbg is able to determine that. I know its a fairly simple and quick method, but the actual algorithm behind it makes me curious -- does anybody here know what might be happening? For example, does it look at the "BaseOfCode" and "BaseOfData" values, or the values of the VirtualOffset/RelativeOffset of each section, or the flags of each section, or what? If somebody can provide a "pseudo-algorithm" describing the procedure Id be very grateful.
Thankyou for your time
Module 'target' has entry point outside the code (as specified in the PE header). Maybe this file is self-extracting or self-modifying. Please keep it in mind when setting breakpoints!
Ive always found it very interesting how OllyDbg is able to determine that. I know its a fairly simple and quick method, but the actual algorithm behind it makes me curious -- does anybody here know what might be happening? For example, does it look at the "BaseOfCode" and "BaseOfData" values, or the values of the VirtualOffset/RelativeOffset of each section, or the flags of each section, or what? If somebody can provide a "pseudo-algorithm" describing the procedure Id be very grateful.
Thankyou for your time