![]() And quickly relink the executable file without the linker having to completely re-generate the file. Which allows you to write code while debugging, the Edit+Continue option. More significant is the linker's /INCREMENTAL option, turned on automatically when you use /ZI. Roughly, it would look at the sections in the executable file and raise the Blue Flag when too much of it looks like non-executable code.Īnd yes, when you use /ZI then there will be a lot of it. ![]() It is not trivial, there is no standard way to implement packing. Of course not, that would make it too easy to circumvent. ![]() The exact heuristic that PE uses to detect packing is not documented. Surely the reason why Process Explorer colors it differently. Today with terabyte disks and megabit networks it is a smell, packing can also be exploited to hide malicious code. It was useful back in the olden days with limited disk storage capacity and limited network bandwidth. It uses a "loader" at runtime to decompress the data back to executable code before it starts executing. Typical file size reduction hovers around 50%. A "packed image" is one where executable code is compressed with the intention to make the file smaller.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |