![]() ![]() And quickly relink the executable file without requiring the linker to completely regenerate the file, which allows you to write code while debugging using the Edit+Continue option. More significant is the linker's /INCREMENTAL option, automatically turned on when you use /ZI. Roughly, it would examine the sections in the executable file and raise a flag when too much of it appears to be non-executable code. Yes, when you use /ZI, there will be a lot of it. It is not trivial; there is no standard way to implement packing. Of course, that would make it too easy to circumvent. The exact heuristic used by PE to detect packing is not documented. Perhaps the reason why Process Explorer colors it differently. Today, with terabyte disks and megabit networks, packing can be considered a smell. Packing can also be exploited to hide malicious code. It was useful in the old days when disk storage capacity was limited and network bandwidth was restricted. It uses a "loader" at runtime to decompress the data back into executable code before it starts executing. Typical file size reduction hovers around 50%. A "packed image" is an executable file where the code is compressed with the intention of making the file smaller.
0 Comments
Leave a Reply. |