why use NtUnmapViewOfSection in function "UnpackAndRunEp"

[A1ex0n]

param "_Pe1.pNtHdr->OptionalHeader.ImageBase" always is 0000000140000000 ,What's the meaning in it

update: The reason is that it doesn't support ASLR.........

[NUL0x4C]

this is the preferable address of the image to be loaded at (be default - by windows not me :p )
but images aren't mapped to this address and thus the "reallocation" thing, but here in my packer, i try loading to that address first, if failed ill try any random base address and do the reallocation later ...

hope this answer your question