Menu
I'm learning PE files structure, but I'm confused about the concept of Address of Entry Point and Original Entry Point. I know Address of Entry Point can be calculated according to Image_Optional_Header, Does Original Entry Point do? And the code between Address of Entry Point and Original Entry Point do what?
404
asked Sep 11 '25 08:09
The Original Entry Point is a concept typically referred to in reverse engineering for an executable that has been modified by some means such as being compressed (or encrypted) by a packer or infected with malware. Prior to modification, the entry-point of an executable IS the original entry point (OEP). When an executable has been modified, such as to include a stub of code that runs prior to the original code, the entry-point of the executable is changed to point to the new code. The stub then references the old entry-point when it is done. So once the stub runs, it will transfer control to the address of the original entry point so the modified program still works (or appears) to work as normal.
99
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
