写程序取自己进程的AEP

时间：2016-02-12 22:12:32 阅读：315 评论：0 收藏：0 [点我收藏+]

标签：

打印出自己进程的程序入口点地址.

技术分享

结合OD载入程序，看到的入口点确实是0x004014f0, 说明程序入口点找到了

技术分享

[cpp] view plain copy

/// @file exam_1_1.c
#include <stdlib.h>
#include <stdio.h>
void fnGetProgEntry();
int main(int agrc, char** argv)
{
fnGetProgEntry();
printf("END, press any key to quit\n");
getchar();
return 0;
}
void fnGetProgEntry()
{
#define PE_SIGNTURE 0x4550 ///< "PE"
int* pFileAddressOfNewHeader = NULL;
int* pCOFFFileHeader = NULL;
int* pAEP = NULL;
const int iAddrPeImgBase = 0x400000;
/// iOffsetX 为偏移
/// iContent 为地址中的内容
const int iOffsetFileAddressOfNewHeader = (16 * 4 - 4); ///< File address of new header 相对于DosHeader的偏移
const int iOffsetAEPToFileAddressOfNewHeader = 0x28;
int iContentFileAddressOfNewHeader = 0;
int iPeSignature = 0;
int iOffsetAddressOfEntryPoint = 0; ///< 程序入口点偏移地址
do
{
pFileAddressOfNewHeader = (int*)(iAddrPeImgBase + iOffsetFileAddressOfNewHeader);
iContentFileAddressOfNewHeader = *pFileAddressOfNewHeader; ///< iContentFileAddressOfNewHeader = 0xd0
pCOFFFileHeader = (int*)(iAddrPeImgBase + iContentFileAddressOfNewHeader);
iPeSignature = *pCOFFFileHeader;
if (PE_SIGNTURE != iPeSignature)
{
printf("error pe file\n");
}
pAEP = (int*)((int)pCOFFFileHeader + iOffsetAEPToFileAddressOfNewHeader);
iOffsetAddressOfEntryPoint = iAddrPeImgBase + *pAEP;
printf("my address entry point is 0x%x\n", iOffsetAddressOfEntryPoint);
} while (0);
printf("END, press any key to quit\n");
}

技术分享

http://blog.csdn.net/lostspeed/article/details/49506193

标签：

原文地址：http://www.cnblogs.com/findumars/p/5187279.html

踩

(0)

评论一句话评论（0）

分享档案

更多>

周排行