tag:blogger.com,1999:blog-14788166.post4954367391157707325..comments2010-11-18T09:21:23.303+01:00Ero Carrerahttp://www.blogger.com/profile/12212132879580765574noreply@blogger.comBlogger5125tag:blogger.com,1999:blog-14788166.post-61804992879981783332007-03-19T13:09:00.000+01:002007-03-19T13:09:00.000+01:00I use the fantastic <A HREF="http://www.omnigroup.com/applications/omnigraffle/" REL="nofollow">OmniGraffle</A>Ero Carrerahttp://www.blogger.com/profile/12212132879580765574noreply@blogger.comtag:blogger.com,1999:blog-14788166.post-34677997706988470952007-03-19T10:04:00.000+01:002007-03-19T10:04:00.000+01:00I'm really amazed by your pictures. Could you tell what tool are you using to do it ?Emmanuelhttp://www.labri.fr/perso/fleury/noreply@blogger.comtag:blogger.com,1999:blog-14788166.post-9957846188316603032007-03-14T23:59:00.000+01:002007-03-14T23:59:00.000+01:00I think it's more robustness than "messiness". At least it does seem to handle well really broken files where other tools just break.<BR/><BR/>I haven't reversed engineered the Windows loader myself so I don't have a fully informed opinion. It's just intuition.Ero Carrerahttp://www.blogger.com/profile/12212132879580765574noreply@blogger.comtag:blogger.com,1999:blog-14788166.post-90041058703332466012007-03-14T23:36:00.000+01:002007-03-14T23:36:00.000+01:00Doesn't the "robustness" of the WIndows PE loader end up meaning "it's full of complicated code"?<BR/><BR/>Won't this "robustness" lead to some weird-beard kernel attacks via combinations of field header offsets and stuff?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-14788166.post-36207208374359504802007-03-14T08:15:00.000+01:002007-03-14T08:15:00.000+01:00Well done job,<BR/>I think another good idea would be to use an Hex editor that lets you color different fields and setup a legend for each color and its meaning...arkonhttp://ragestorm.netnoreply@blogger.com