Glossary
Original Entry Point (OEP)
The entry point of an executable before a packer or protector modified it — the address where the original code starts after unpacking.
The Original Entry Point (OEP) is the entry point address of the original, unpacked executable. When a packer wraps a binary, it changes the entry point to its own decompression or decryption stub. At runtime, after that stub reconstructs the original code in memory, it jumps to the OEP. Finding the OEP is a key milestone when manually unpacking a protected binary: once execution reaches the OEP, you can dump the in-memory image to recover the clean executable for further static analysis. Common techniques for locating the OEP include breakpoints on memory-write-then-execute transitions and single-stepping through the unpacker tail.