This article is part 3 of the series Making our own executable packer:
In the last article, we found where code was hiding in our
executable, by disassembling the whole file and then looking for syscalls.
Later on, we learned how to inspect which memory ranges are mapped for a given PID (process identifier). We saw that memory areas weren’t all equal: they can be readable, writable, and/or executable.
Finally, we learned about program headers and how they specified which parts of the executable file should be mapped to which memory areas.
Want to read more?
This post is Patreon-exclusive until January 26, 2020
Become a Patron now to get early access to all my posts. Learn more