Hi, i have unpacked a executable. When I use PEiD to scan the exe it say's "Microsoft Visual C++ 6" but when i want to edit ressources the resource editor tells me that the programm is packed. OllyDBG tells me that the Entry Point is outside the Code section as specified in pe header.
How can I Rebuild the PE-Header?

ciao,

fad

Upload file to YouSendIt.com
Post link to the file on PEiD forum, so we can check if it is indeed packed or not, and can add it to the PEiD Database.

This goes for everyone who has moaned about PEiD not detecting properly by the way, submit sigs to PEiD forum and they will be added to the new version coming very soon.. Especially different Arma ones, lots of complaints but no sigs..

Anyway, to rebuild the PE header, easy to use tool like LordPE or Werk..

~BoB~

>Entry Point is outside the Code section as specified in pe header.

Just open file in lordPE's editor. There you will probably see that code section starts at 1000 (401000-400000=1000) and that is first section. You just change that base to address that you want to be code section. It will acctually change nothing, but Olly will not complain. Read some PE format documents, btw.