Cheat Engine

kot1990 · Posted: Tue May 04, 2010 3:00 pm Post subject: please help..~

I am looking at the structure of an executable. I opened notepad.exe 66,5 KB (68.096 bytes) and it loads in memory. I then extract the notepad.exe from the memory and the output file is 80,0 KB (81.920 bytes). Why the size is not the same as the initial file in memory? What's happening when a program is loaded?? Also, the new file 80,0 KB has no icon. That means that the structure of the file is incorrect and of course the new exe doesn't run.

EDIT: It would be also nice if you give me a link for a good tutorial about executable files, about their types and how do they load into memory.

Deltron Z · Posted: Tue May 04, 2010 5:13 pm Post subject:

Using OllyDump I get the same by unchecking "Fix Raw Size & Offset of Dump Image". I haven't messed with this kind of stuff for a while now, but if I'm not mistaken it fixes the position of the data (and it's size) in the file. if you don't do this, I guess OllyDump will use other values specified in the file, process' memory or calculated in some other way. or maybe it just prevent from the original values from being changed... I'd also like someone to explain further about this.