Test program features
Print out the program entry point address of your process.
Combined with the OD loader, the entry point you see is really 0x004014f0, and the program entry point finds
Test program
[CPP]View PlainCopy
- @file exam_1_1.c
- #include <stdlib.h>
- #include <stdio.h>
- void Fngetprogentry ();
- int main (int agrc, char** argv)
- {
- Fngetprogentry ();
- printf ("END, press any key to quit\n");
- GetChar ();
- return 0;
- }
- void Fngetprogentry ()
- {
- #define Pe_signture 0x4550///< "PE"
- int* pfileaddressofnewheader = NULL;
- int* pcofffileheader = NULL;
- int* PAEP = NULL;
- const int iaddrpeimgbase = 0x400000;
- /// Ioffsetx for offset
- /// Icontent for the contents of the address
- const INT ioffsetfileaddressofnewheader = (16 * 4-4); ///< The offset of the File address of the new header with respect to the Dosheader
- const int ioffsetaeptofileaddressofnewheader = 0x28;
- int icontentfileaddressofnewheader = 0;
- int ipesignature = 0;
- int ioffsetaddressofentrypoint = 0; ///< Program Entry point offset address
- Do
- {
- Pfileaddressofnewheader = (int*) (iaddrpeimgbase + ioffsetfileaddressofnewheader);
- Icontentfileaddressofnewheader = *pfileaddressofnewheader; ///< icontentfileaddressofnewheader = 0xd0
- Pcofffileheader = (int*) (iaddrpeimgbase + icontentfileaddressofnewheader);
- Ipesignature = *pcofffileheader;
- if (pe_signture! = ipesignature)
- {
- printf ("error PE file\n");
- }
- PAEP = (int*) ((int) Pcofffileheader + ioffsetaeptofileaddressofnewheader);
- Ioffsetaddressofentrypoint = Iaddrpeimgbase + *PAEP;
- printf ("My address entry point is 0x%x\n", ioffsetaddressofentrypoint);
- } while (0);
- printf ("END, press any key to quit\n");
- }
Run results
http://blog.csdn.net/lostspeed/article/details/49506193
The AEP that writes the program to its own process
