Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

what is overlay meaning in detail?

rever_ser
rever_ser
in Programming and Coding

Featured Replies

Posted

hi guys!


can anybody say in detail WHAT IS OVERLAY? i just know the overlay in somewhere outside of PE. but what is this meaning indeed.


thanks in advance!


If you looked for "overlay pe" in Google you could get the following results:

Tutorial:

https://tuts4you.com/download.php?view.1249

Image about overlays (from http://reverseengineering.stackexchange.com/questions/2014/how-can-one-extract-the-appended-data-of-a-portable-executable):

p1tXR.png

To end with a famous quote:

An overlay (aka extra-data) is simply data appended to the physical image of a Portable Executable. Take a PE, append stuff to the end without adjusting the header, and it has an overlay. This data area is not defined as part of the image by the PE header and therefore isn't part of the virtual image of the loaded PE.

Greetings,

Mr. eXoDia

Edited by Mr. eXoDia

    • Like 6
    • Author

    perfect!!!


     


    thanks Mr. eXoDia

    Some packers hide data in overlay in order to create a invalid file if you try to unpack.


    :)


    Edited by GIV

    • Like 2

    Some packers hide date in overlay in order to create a invalid file if you try to unpack.

    :)

     

    that is no answer to the question

    Some packers hide date in overlay in order to create a invalid file if you try to unpack.

    :)

    Question: What about then packers that use said data, but also pack executables that use overlays?

    that is no answer to the question

    That is no manner to respond.

    :)

    •
    • Like 2
    • Author

    i understand whay is overlay in depth.


     


    so suppose that a PE file contain  with packed overlay. how can i get overlay in physical memo?


     


    another question is that Is it possible overlay including the original executable code? in other word the mail purpose of the exe included i the overlay?


     


    thanks. mart

    i understand whay is overlay in depth.

     

    so suppose that a PE file contain  with packed overlay. how can i get overlay in physical memo?

     

    another question is that Is it possible overlay including the original executable code? in other word the mail purpose of the exe included i the overlay?

     

    thanks. mart

     

    You can obtain the overlay from your own app by calculating the size of the file based on its size seen by the operating system and the size of the file in the header. The overlay will be the difference of the two. 

     

    And yes, the executable can store code inside of the overlay and reuse it later on during execution as a form of protection. The main executable could even be a loader/unpacker for the overlay itself which is a whole other executable to run from memory etc. Overlay files have no restriction to what they can be. You can use anything as an overlay.

    Create an account or sign in to comment

    Go to topic listing

    Configure browser push notifications
    Chrome (Android)
    1. Tap the lock icon next to the address bar.
    2. Tap Permissions → Notifications.
    3. Adjust your preference.
    Chrome (Desktop)
    1. Click the padlock icon in the address bar.
    2. Select Site settings.
    3. Find Notifications and adjust your preference.