Packer builder
In this section, we will take you through a practical process of developing a special unpopular packer from scratch. The following samples are packer.cpp source code from the Chapter#8 folder of the GitHub project. To save space, this book only contains highlights of the code; please refer to the full project for the complete source code.
Figure 8.2 shows the dumpMappedImgBin function, which is used to back up the file-mapping contents of the original program:
Figure 8.2 – The dumpMappedImgBin function
The procedure is quite simple:
- First, the
SizeImageof theOptionalHeadercan tell us how many bytes the whole program is expected to occupy after file mapping. After subtracting theVirtualAddressof the first section (i.e., DOS Headers, NT Headers, and Section Headers), it is the amount of memory space that should be reserved to allow original program data to be unpacked and filled. - Then, request enough memory space...
