For example, in the case of a large SFX archive, up to several gigabytes, it is logical to download only the executable code of the unpacker, and leave the archive on the disk. And then calmly unpack it.

If so, how to do it using Visual Studio? How is this generally done in the case of SFX?

  • one
    This is called an "overlay", but a cursory googling did not show that the studio can do that. - Vladimir Martyanov

1 answer 1

Often do so. An EXE is created without additional data, and then an “archive” is added to it, while the parameters of the sections do not change. The loader will only load the EXE file itself into memory, the overlay will not be loaded, as it is not in the section. The launched EXE does, for example, GetModuleHandle (NULL), gets the address of its header in memory, parses the partition table and recognizes the file offset of the end of the last section. Exactly behind him is an overlay with an “archive”, which he can read as he pleases. Option number two: after assembly, the size of the EXE is entered into the unused header fields, and the running process reads from there the offset to the overlay.

  • How to change the header fields? With using what? Will this work in the case of a dll? - Cerbo
  • HIEW or any other HEX editor will do a great job. You can write a separate tool that will automatically do all this. With the DLL, I think, also a ride. - Vladimir Martyanov
  • And do you know about any ready utenitite specifically for this? - Cerbo
  • No, if I needed - I would have written myself. - Vladimir Martyanov