![]() ![]() And the page on which the PE header is stored is read UPX0 & UPX1 in the compressed files, so we have to patch the PE header These supposed to be read only addresses are covered by the sections like not running the floating point initialization code - the result If this check fails the runtime does "interesting" things ![]() ![]() still in a read only section by looking at the pe header of the section then it compiles in a runtime check whether that data is C runtime library which references some data in a read only When the compiler detects that it would link in some code from its There is some info in UPX sources: // This works around a "protection" introduced in MSVCRT80, which
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |