According to what I know ,Overlay is the part of PE file that is not covered by the PE header and therefore isn't part of the virtual image in the Loaded PE.
My question is if the overlay is not loaded along with all other code of the PE (sections) in the memory,How do overlay viruses execute?Do they read the file from the disk /
By overlay viruses I mean ,malware which run malicious code from its overlay?
Aucun commentaire:
Enregistrer un commentaire