Developing PE file packer step-by-step. Step 10. Overall architecture

Previous step is here.

I will do nothing with the code at this step, just explain architecture of the packer in easy to understand form, or, more precisely, of the file packed with it. I do this to help you understand how the packed file is organized without studying all the steps in detail. Possibly I should have started with this, but now it’s too late.

So, imagine that we have a DLL file with following directories:
imports
exports
resources (including version information)
relocations
load configuration
TLS with callbacks

In short, just everything. How will all this be placed in the packed file?

This picture shows the structure of file after packing. It always has two sections. The first one contains packed data of an original file, structure with original file information required by the unpacker, and resources (not all of them, only icons, manifest and version information), if original file has them. The second section contains the unpacker body configured to unpack the current file. TLS directories (data and callbacks), relocations for the unpacker and TLS, original export table and load configuration directory will be also located there optionally.

That’s all, not too complicated!

Leave a Reply

Your email address will not be published. Required fields are marked *