#239 UPX zeroes out exe sections with uninitialized data flag set

[Dan Weiss]

If a section on an EXE contains the "IMAGE_SCN_CNT_UNINITIALIZED_DATA" (0x80) flag, UPX will replace the section with zeroes.
When Windows normally loads an EXE containing such a section, it ignores the flag, and loads the data from the file anyway. But after compressing it with UPX, the contents of the section become all zeroes.

Attached: minimal example EXE, displays "Pass!", but if you UPX compress it, it says "Fail!" instead.

[László Molnár]

I think the flag IMAGE_SCN_CNT_UNINITIALIZED_DATA was created for sections with all zero bytes. Now you claim that windows (which version?) ignores this flag. Then this sounds like a windows bug to me.

[Dan Weiss]

As far as I know, all versions of Windows are ignoring the flag, and load the section from the EXE exactly as the bytes are in there.
I've tried it on Windows XP and Windows 7 (64 bit), both load the bytes from sections with that flag set.

[László Molnár]

I've just looked at the source code of wine, at it seems it only uses that flag when loading VXD files. This is really strange.

I'll do a patch for UPX, but I'm not sure when a new release will come (if ever).

Thanks for your report.