assembly - How to determine location of _main in x86-64 executable? -


i interested in constructing cfg x86-64 executable using static methods. having trouble including "main" function because there no precomputed jumps main function; appears jump may not computed until program run. such, cfg missing 1 of important functions - main one! how can statically determine location of _main?

for further information read microsoft pe specification.

getting entry point address

base of actual pe executables (term image preffered in documentation) lies in old dos .exe mz executables. first 2 bytes of every executable ascii 'm' , 'z'. nowadays, dos header skipped. used contain values such starting cs, ip, ss or sp.

  1. get value @ offset 0x3c in file. start of pe header.

pe header stores fields target machine, number of sections , on. these things not important you.

  1. you can skip whole pe header. (add 0x14 pointer - sizeof(pe_header_s)==20)

  2. after adding 20 bytes pointer, you're pointing start of pe optional header standard fields. on offset 0x10, there's dword contains address of entry point relative image base.

getting file offset of entry point

getting file offset of entry point bit more difficult. process looks this:

  1. find section containing entry point. .code section, better if compare starts of sections base of code (value of base of code located in pe optional header standard fields).
  2. substract virtual address of section (simply section start in memory when executable loaded) => offset of entry point (offset relative start of section).
  3. we have offset, add file offset of .code section result of previous step, , you're done.

all steps not lead address of main, address of crt entry point, calls _main function.

if wan't address of main, must go through pe object files , find symbol _main in symbol table.


Comments

Post a Comment

Popular posts from this blog

How to mention the localhost in android -

i trying call localhost in android application. unfortunately not possible used several methods emulator local host http://10.0.2.2/android/dbconnection.php and network ip address http://192.168.1.xx/android/dbconnection.php also http://localhost:8080/android/dbconnection.php but nothing connected localhost. purpose refer stackoverflow answers not working i facing same problem when worked on localhost. referred stackoverflow answer got solution create new emulator works fine in new emulator.
Read more

php - Calling a template part from a post -

i include iframe within post in wordpress. located inside content of post, meaning cannot in post template file, otherwise either before or after. i'd add facebook plugin within posts: <div id="socialwrap"><div class="fb-like" data-href="http://onlinearizonahomes.info" data-send="true" data-width="450" data-show-faces="true" data-font="arial"></div></div> i thinking of calling template part within post <?php get_template_part( 'social' ); ?> cannot use php within post without plugin (i'd avoid using plugin this). an alternative using javascript create html in post, seems unnecessary use of javascript. what best way add html within wordpress post? you can use shortcode. add functions.php function cudjex_fbshare( $atts, $content = null ) { global $post; $link = get_permalink($post->id); return '<div id="socialwrap...
Read more

c# - String.format() DateTime With Arabic culture -

check below code snippet, namespace testdateconvertion { class program { static void main(string[] args) { datetime testvalue = new datetime(2013, 12, 15, 15, 33, 44); cultureinfo culture = new cultureinfo("ar-sa"); string stringvalue = string.format(culture, "{0:d} {0:hh:mm:ss}", testvalue); console.writeline(stringvalue); console.readline(); } } } it gives output 22/02/35 15:33:44 i not getting how possible. whats 35 doing in output there that's 13/12/2015 in hijri, 35 means 1435 in hijri, default date format saudi arabia.
Read more