|
|
#1
08-23-2005, 09:56
|
|||
|
|||
|
how to get the address of the entry point in an API
I read the microsoft docs about PE and tried to understand how to get the address of the entry point in an API but i still don't got it.I know how to get each imported dll and imported functions for each dll but don't know how to get the [xxxx] address from jmp dword ptr [xxxx] that is used to call an import function.
Can someone enlight me ... I know only the RVA's to the names of the functions // Get a pointer to the found module's import address table (IAT) // =====IMAGE_THUNK_DATA *pThunk; pThunk = MakePtr(PIMAGE_THUNK_DATA, pDosHeader, pImportDesc->FirstThunk); //This is what i was talkin about earlier... //In pThunk, if it was image loaded in memory, you'll get the address to //entry point of functions //but in a disk file, It's a function name 
|
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Can I move Entry Point to the middle of the codz ? | netxman | General Discussion | 11 | 11-23-2005 08:51 |
| Stupid question: module has entry point outside of code??? | yaa | General Discussion | 7 | 04-12-2004 11:56 |
| Is it possable breakpoint on entry point of DLL | jadesk99 | General Discussion | 17 | 01-18-2004 12:08 |
| How to make sure this is really the Entry Point | merursinecury | General Discussion | 7 | 04-13-2003 08:20 |
Threaded Mode