写程序取自己进程的AEP
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了写程序取自己进程的AEP相关的知识,希望对你有一定的参考价值。
测试程序功能
打印出自己进程的程序入口点地址.
结合OD载入程序,看到的入口点确实是0x004014f0, 说明程序入口点找到了
测试程序
- /// @file exam_1_1.c
- #include <stdlib.h>
- #include <stdio.h>
- void fnGetProgEntry();
- int main(int agrc, char** argv)
- {
- fnGetProgEntry();
- printf("END, press any key to quit\n");
- getchar();
- return 0;
- }
- void fnGetProgEntry()
- {
- #define PE_SIGNTURE 0x4550 ///< "PE"
- int* pFileAddressOfNewHeader = NULL;
- int* pCOFFFileHeader = NULL;
- int* pAEP = NULL;
- const int iAddrPeImgBase = 0x400000;
- /// iOffsetX 为偏移
- /// iContent 为地址中的内容
- const int iOffsetFileAddressOfNewHeader = (16 * 4 - 4); ///< File address of new header 相对于DosHeader的偏移
- const int iOffsetAEPToFileAddressOfNewHeader = 0x28;
- int iContentFileAddressOfNewHeader = 0;
- int iPeSignature = 0;
- int iOffsetAddressOfEntryPoint = 0; ///< 程序入口点偏移地址
- do
- {
- pFileAddressOfNewHeader = (int*)(iAddrPeImgBase + iOffsetFileAddressOfNewHeader);
- iContentFileAddressOfNewHeader = *pFileAddressOfNewHeader; ///< iContentFileAddressOfNewHeader = 0xd0
- pCOFFFileHeader = (int*)(iAddrPeImgBase + iContentFileAddressOfNewHeader);
- iPeSignature = *pCOFFFileHeader;
- if (PE_SIGNTURE != iPeSignature)
- {
- printf("error pe file\n");
- }
- pAEP = (int*)((int)pCOFFFileHeader + iOffsetAEPToFileAddressOfNewHeader);
- iOffsetAddressOfEntryPoint = iAddrPeImgBase + *pAEP;
- printf("my address entry point is 0x%x\n", iOffsetAddressOfEntryPoint);
- } while (0);
- printf("END, press any key to quit\n");
- }
运行结果
http://blog.csdn.net/lostspeed/article/details/49506193
以上是关于写程序取自己进程的AEP的主要内容,如果未能解决你的问题,请参考以下文章