WinAsm Studio, The Assembly IDE - Free Downloads, Source Code
Articles
Programming Quick Start
32-bit Assembler is Easy
Porting Iczelion tutorials
What is FASM
Hard Drive Recovery
Wiring your own LAN
 
Forum
Pages (2) [1] 2   ( Go to first unread post )

How to obtain the Address of Entry Point for a PE, code for retrieving portable executable entry point.

Track this topic | Email this topic | Print this topic
Eudorian
Quote Post


Member
**

Group: Members
Posts: 27
Member No.: 5246
Joined: 21-June 07
Hi everybody,

I was looking at Goppit's tutorial on PE files and I tried the PE vaildator. I thought about upgrading that little program to show the EntryPointAdress of an exe file in a text field after an affirmative validation. I just don't understand how to access and how to display it, thank you.

cheers.gif
PMEmail Poster
Top
Jupiter
Quote Post


Extremely Active Member
******

Group: Moderators
Posts: 661
Member No.: 773
Joined: 10-November 04
at first, study PE files structure!

CODE
assume esi: ptr IMAGE_NT_HEADERS
; Get EntryPoint
push [esi].OptionalHeader.AddressOfEntryPoint
pop eax


but before using code read articles about PE format!
PMEmail Poster
Top
Eudorian
Quote Post


Member
**

Group: Members
Posts: 27
Member No.: 5246
Joined: 21-June 07
Thank you jupiter, I am
PMEmail Poster
Top
samael
Quote Post


Typo-lord
******

Group: Moderators
Posts: 404
Member No.: 5187
Joined: 10-June 07
Hi Eudorian,

The following is a very simple PE Editor, courtesy of Avl!s.
It does more or less what you want to do.

http://win32assembly.online.fr/files/als_spe.zip
PM
Top
Eudorian
Quote Post


Member
**

Group: Members
Posts: 27
Member No.: 5246
Joined: 21-June 07
Ok, if I do it this way:

CODE
invoke MapViewOfFile, eax, FILE_MAP_READ, 0,0,0
�mov pMapping, eax
�mov edi, pMapping
�add � �edi,dword ptr[edi+3Ch]

;; ENTRYPOINT
�push � dword ptr[edi+28h]
�push � offset zoen_fmt
�push � offset zoen_buf;copy EntryAddress here
�call � wsprintf
�add � �esp,4*3
�invoke SendDlgItemMessage, hWin, 1008, WM_SETTEXT, 0, offset zoen_buf

;;BASE IMAGE
�push dword ptr[edi+34h]
�push � offset zoen_fmt
�push � offset zoen_buf;copy image base here
�call � wsprintf
�add esp, 4*3
�invoke SendDlgItemMessage, hWin, 1009, WM_SETTEXT, 0, offset zoen_buf


everything goes fine, but if I try it like this:

CODE
assume edi: ptr IMAGE_NT_HEADERS
push [edi].OptionalHeader.AddressOfEntryPoint


I'm getting some value which is not the EntryPoint. I like this last way though because is more obvious (I'm used with VisualBasic Programming ). How can I change the commands above to use this last 2? Best regards folks
PMEmail Poster
Top
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
« Next Oldest | Newbies | Next Newest »

Topic Options Pages (2) [1] 2  Reply to this topicStart new topicStart Poll

 
Sponsors
Computer Science

Internet
C/C++
Hardware & PC maintenance

HiEditor

General Discussions
Suggestions/Bug Reports 		WinAsm Studio

General Discussions
Suggestions/Bug Reports
WinAsm Studio FAQ
Multilingual User Interface
Add-Ins 		Assembly Programming

Main
Newbies
Projects
Custom Controls
Snippets 		Announcements & Rules

Announcements

General

Online Degrees - Distance Learning
The Heap
Russian