Thursday, February 25, 2010

Difference of UPX packed binaries

During my analysis on a UPX packed binaries, I loaded it to LordPE and tried to study the difference of original and packed binaries.

After the UPX packed process, 4 chances has made to the PE format :

OEP - for sure this will change!
SizeofImage
BaseofCode
BaseofData
FileAlignment
NumberofSections - The original binaries has 4 sections. But now it only contain UPX0,UPX1 and .rloc section only.

No comments:

Post a Comment