Re: Detecting a C translated bound program

new topic     » goto parent     » topic index » view thread      » older message » newer message 

Pete Lomax wrote:
> 
> OtterDad wrote:
> > > Pete Lomax wrote:
> > > > The above is completely untested, btw.
> On closer inspection it has a UPX0 section in there which changes size and
> entry
> point every time, didn't realise that. On an equally unsure footing, you may
> be able to check for the UPX0 section as an indicator, if eu2c applies upx
> then
> I'm out of ideas. Anyway, fingers crossed:
> > }}}
<eucode>
> >-- 	void = seek(fn,#A8)
> >       void = seek(fn,#178)
> >-- 	if equal(ep,{#10,#0F,#03,#00}) then
> > 	if equal(ep,"UPX0") then
> > </eucode>
{{{

> Seems to identify bound eu programs for me anyway.
> 
> Regards,
> Pete

Worked like a champ! Let me pretty up the code and I'll publish the function.
Maybe it will come in handy for somebody else. Does it also work with 3.1.1?

Thanks again! You saved me much embarrassment.

Yours, OtterDad

Don't sweat it -- it's not real life. It's only ones and zeroes. Gene Spafford

new topic     » goto parent     » topic index » view thread      » older message » newer message

Search



Quick Links

User menu

Not signed in.

Misc Menu