Why would anyone think that "reconstructing" PE files from untrusted values in the header in memory could ever be a good idea ?
@halvarflake Hmm, because almost no-one cares to mangle with them too much anyway?
-
-
@j00ru IIRC every PE crypter worth it's salt does -- PECrypt did in 1996 (!)Thanks. Twitter will use this to make your timeline better. UndoUndo
-
-
-
@j00ru@halvarflake There are specific NT only compression methods that take advantage of the loader using in memory values for resources.Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.