Well I bumped into this problem when I dasmed JCreator. It says that the file is self modifying or has a PE point out of the file.

Does this mean that the file is packed?

Most likely, yes.

And a little reading up on "packed files" and the effects on the "organization" of the original file when it becomes "packed" and the identity of various 'tools" designed to tell you whether, and with what packer a file may be packed would be a very useful exercise for anyone who wants to progress in the world of RCE.

This is why the Diety invented the internet and internet search engines. You would be amazed how much information is already out there if you actually go looking for it and learn the skills of effective searching. There is actually a site linked at the bottom which is devoted to imporving one's skills in this task which was created by the original founder of this Forum. It is called Searchlores and I would highly recommend it to anyone who is starting out and wanting to improve their knowledge about finding information about nearly ANY problem that arises in reverse engineering.

Regards,

pe out of file could also be handled by a dll, check its import tables for 'suspicious' dlls, or tls stuff in the exe possibly...

Ty all

evlncrn8, let me learn how to unpack an app first and then I can check it the inports...

nah u dont get it, if its ep is 'out of scope' of the exe, then its going to be modified by something that happens before the entry point is hit...
thus, its probably done by a dll loaded from the import table, or something sneaky like tls callbacks.. look at the import table of the exe (the one as is.. not the 'real' one and see if theres any suspicious dlls there.. then check those dlls exports etc..)...

Not necessarily. Some values in the PE header that are ignored by the OS may be set incorrectly.