|
From: Nicholas N. <nj...@cs...> - 2006-11-17 22:50:43
|
On Fri, 17 Nov 2006, Stephen Torri wrote: > I am working on a reverse engineering shared library which can be called > from a variety of programs. The present problem I am trying to solve is > how to detect a binary program is compressed or not. That is a > packer/compression tool is used on the original binary and produces a > smaller executable. This compressed program is not the real program but > its hard to determine from the binary if this is true or not. > > [...] > > I know I need to create a PE file loader like valgrind has done for ELF > programs. Right now the fundamental issue is how to locate the program > and called DLLs at their desired location in memory if possible. > > I am sorry for being vague. Its sincere hope that what I have provided > will help you understand the nature of the problems I am trying to > solve. Sounds to me like this could be written relatively easily as a normal Valgrind tool, except that you need it to run on Windows. Or maybe you need it to handle Windows binaries, but the tool can run on Linux? Nick |