Program Entry Point.

I need to know how to find the offset for the program entry point.  Anyone got any idea how to do this in Delphi?

Ta,

John.
LVL 6
JaymolAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
MadshiConnect With a Mentor Commented:
Okay, I'll try to write something out of my mind (not tested/compiled):

function GetEntryPoint(fName: string) : pointer;
begin
  with TMemoryStream.Create do
    try
      LoadFromFile(fName);
      dword(result) := GetModuleNtHeaders(dword(Memory)).OptionalHeader.AddressOfEntryPoint;
    finally Free end;
end;

procedure SetEntryPoint(fName: string; newEntryPoint: pointer);
begin
  with TMemoryStream.Create do
    try
      LoadFromFile(fName);
      GetModuleNtHeaders(dword(Memory)).OptionalHeader.AddressOfEntryPoint := newEntryPoint;
      SaveToFile(fName);
    finally Free end;
end;

Regards, Madshi.
0
 
hubdogCommented:
You can use peinfomation in gexperts tools which is a freeware to get the program entry point.The source can get on http://www.gexperts.com .

If you want learn detail information of PE header ,etc.Search key word "Portable Executable" in msdn .Besides that you can get some information from demo under directory \demos\resxplor

good luck

hubdog
0
 
JaymolAuthor Commented:
Ta HubDog.  I'll look into it and get back.

John.
0
The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

 
MadshiCommented:
Use this one:

function GetModuleNtHeaders(module: cardinal) : PImageNtHeaders;
type TPWord = ^word;
const CENEWHDR = $003C;          // offset of new EXE header
      CEMAGIC  = $5A4D;          // old EXE magic id:  'MZ'
      CPEMAGIC = $4550;          // NT portable executable
begin
  result := nil;
  try
    if TPWord(module)^ = CEMAGIC then begin
      result := pointer(module + TPWord(module + CENEWHDR)^);
      if result^.signature <> CPEMAGIC then
        result := nil;
  except result := nil end;
end;

  entryPoint := GetModuleNtHeaders(HInstance).OptionalHeader.AddressOfEntryPoint;

If I remember right you have to add HInstance to this value to get the "real" entry point.

Regards, Madshi.
0
 
JaymolAuthor Commented:
Madshi : I'm sorry, but I'm far too slow on a Monday morning.  Could you give me an example of reading/writing a prog's entry point and I'll give you the points.

Ta,

John.
0
 
MadshiCommented:
like this:

var ourAppsEntryPoint : pointer;
initialization
  dword(ourAppsEntryPoint) := HInstance + GetModuleNtHeaders(HInstance).OptionalHeader.AddressOfEntryPoint;
end.

Regards, Madshi.
0
 
JaymolAuthor Commented:
Ahhh.....that explains why I had trouble.  I don't want the entry point of my Delphi program.  I want to select an executable and read/write the entry point of that.
0
 
MadshiCommented:
Then load the image of the executable into memory (e.g. by using TMemoryStream) and use the pointer of the memory (e.g. TMemoryStream.memory) instead of HModule in my example.

Regards, Madshi.
0
 
JaymolAuthor Commented:
Let me try.....(probably come back and ask for even MORE help!)
0
 
JaymolAuthor Commented:
Nah, I'm sorry Madshi, but I can't get it working.  Can you give me an example of a function that could be used like this.....

function GetEntryPoint(fName: String): Pointer;

That would be VERY nice.

Ta,

John.
0
 
JaymolAuthor Commented:
Madshi - I've increased the points a bit.  Could you do me a read function and a write function?

John.
0
 
JaymolAuthor Commented:
Madshi - you are the bollocks!
0
 
MadshiCommented:
If I only knew what a bollock is (my online translator doesn't know this word)...    :-)

But I guess it means something good, so I thank you for saying it...   (-:
0
 
JaymolAuthor Commented:
Madshi - Don't worry about it.  It is a compliment though.

Thanks,

John.
0
All Courses

From novice to tech pro — start learning today.