![]() And quickly relink the executable file without the linker having to completely re-generate the file. Which allows you to write code while debugging, the Edit+Continue option. More significant is the linker's /INCREMENTAL option, turned on automatically when you use /ZI. ![]() Roughly, it would look at the sections in the executable file and raise the Blue Flag when too much of it looks like non-executable code.Īnd yes, when you use /ZI then there will be a lot of it. It is not trivial, there is no standard way to implement packing. Of course not, that would make it too easy to circumvent. The exact heuristic that PE uses to detect packing is not documented. Surely the reason why Process Explorer colors it differently. Today with terabyte disks and megabit networks it is a smell, packing can also be exploited to hide malicious code. It was useful back in the olden days with limited disk storage capacity and limited network bandwidth. ![]() It uses a "loader" at runtime to decompress the data back to executable code before it starts executing. Typical file size reduction hovers around 50%. A "packed image" is one where executable code is compressed with the intention to make the file smaller.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |