测试程序功能
打印出自己进程的程序入口点地址.
结合OD载入程序,看到的入口点确实是0x004014f0, 说明程序入口点找到了
测试程序
/// @file exam_1_1.c
#include <stdlib.h>
#include <stdio.h>
void fnGetProgEntry();
int main(int agrc, char** argv)
{
fnGetProgEntry();
printf("END, press any key to quit\n");
getchar();
return 0;
}
void fnGetProgEntry()
{
#define PE_SIGNTURE 0x4550 ///< "PE"
int* pFileAddressOfNewHeader = NULL;
int* pCOFFFileHeader = NULL;
int* pAEP = NULL;
const int iAddrPeImgBase = 0x400000;
/// iOffsetX 为偏移
/// iContent 为地址中的内容
const int iOffsetFileAddressOfNewHeader = (16 * 4 - 4); ///< File address of new header 相对于DosHeader的偏移
const int iOffsetAEPToFileAddressOfNewHeader = 0x28;
int iContentFileAddressOfNewHeader = 0;
int iPeSignature = 0;
int iOffsetAddressOfEntryPoint = 0; ///< 程序入口点偏移地址
do
{
pFileAddressOfNewHeader = (int*)(iAddrPeImgBase + iOffsetFileAddressOfNewHeader);
iContentFileAddressOfNewHeader = *pFileAddressOfNewHeader; ///< iContentFileAddressOfNewHeader = 0xd0
pCOFFFileHeader = (int*)(iAddrPeImgBase + iContentFileAddressOfNewHeader);
iPeSignature = *pCOFFFileHeader;
if (PE_SIGNTURE != iPeSignature)
{
printf("error pe file\n");
}
pAEP = (int*)((int)pCOFFFileHeader + iOffsetAEPToFileAddressOfNewHeader);
iOffsetAddressOfEntryPoint = iAddrPeImgBase + *pAEP;
printf("my address entry point is 0x%x\n", iOffsetAddressOfEntryPoint);
} while (0);
printf("END, press any key to quit\n");
}
运行结果