Author Topic: finding programs entry point  (Read 303 times)

smoalne

  • Regular Member
  • *
  • Posts: 1
finding programs entry point
« on: February 10, 2019, 05:27:22 AM »
Hello !
I'm interested in trying to find out how to get a programs start address ?  I have found a couple of hints, but haven't been able to put it together successfully yet.  I tried using "offset" and "$" to assign the address to a variable but haven't ( to the best of my knowledge ) gotten anywhere.  any help would be appreciated !

thanks,
Jeff

jj2007

  • Member
  • *****
  • Posts: 9288
  • Assembler is fun ;-)
    • MasmBasic
Re: finding programs entry point
« Reply #1 on: February 10, 2019, 07:26:43 AM »
mov eax, offset start?

Code: [Select]
include \masm32\include\masm32rt.inc ; plain Masm32 for the fans of pure assembler

.code
AppName db "Masm32:", 0

start: MsgBox 0, hex$(offset start), addr AppName, MB_OK
exit

end start

hutch--

  • Administrator
  • Member
  • ******
  • Posts: 6212
  • Mnemonic Driven API Grinder
    • The MASM32 SDK
Re: finding programs entry point
« Reply #2 on: February 10, 2019, 11:29:51 AM »
The location of the program entry point is in the PE header of the executable file but there is little reason to need that access unless you want to modify a PE header or insert malicious code to replace it which is how old style viruses were triggered. Read the forum rules on any form or cracking, virus, trojan or similar activity.
hutch at movsd dot com
http://www.masm32.com    :biggrin:  :biggrin:

Raistlin

  • Member
  • ***
  • Posts: 456
Re: finding programs entry point
« Reply #3 on: February 11, 2019, 03:22:43 AM »
Dear Smoalne, the entry point of an EXE or COM or anything else; does not require Assembly Language to muck with directly or indirectly unless in very strange circumstances.  Easy enough to read the ISO/IEEE/Microsoft documentation (2500+ A4 pages of facinating specifications, if otherwise interested)

Astoundingly, I do believe hutch did, and is declining to share without being able to trust you on face value.
« Last Edit: February 11, 2019, 02:32:41 PM by Raistlin »
Are you pondering what I'm pondering? It's time to take over the world ! - let's use ASSEMBLY...