Program Entry Point.

I need to know how to find the offset for the program entry point.  Anyone got any idea how to do this in Delphi?

Ta,

John.
LVL 6
JaymolAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

hubdogCommented:
You can use peinfomation in gexperts tools which is a freeware to get the program entry point.The source can get on http://www.gexperts.com .

If you want learn detail information of PE header ,etc.Search key word "Portable Executable" in msdn .Besides that you can get some information from demo under directory \demos\resxplor

good luck

hubdog
0
JaymolAuthor Commented:
Ta HubDog.  I'll look into it and get back.

John.
0
MadshiCommented:
Use this one:

function GetModuleNtHeaders(module: cardinal) : PImageNtHeaders;
type TPWord = ^word;
const CENEWHDR = $003C;          // offset of new EXE header
      CEMAGIC  = $5A4D;          // old EXE magic id:  'MZ'
      CPEMAGIC = $4550;          // NT portable executable
begin
  result := nil;
  try
    if TPWord(module)^ = CEMAGIC then begin
      result := pointer(module + TPWord(module + CENEWHDR)^);
      if result^.signature <> CPEMAGIC then
        result := nil;
  except result := nil end;
end;

  entryPoint := GetModuleNtHeaders(HInstance).OptionalHeader.AddressOfEntryPoint;

If I remember right you have to add HInstance to this value to get the "real" entry point.

Regards, Madshi.
0
Cloud Class® Course: CompTIA Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

JaymolAuthor Commented:
Madshi : I'm sorry, but I'm far too slow on a Monday morning.  Could you give me an example of reading/writing a prog's entry point and I'll give you the points.

Ta,

John.
0
MadshiCommented:
like this:

var ourAppsEntryPoint : pointer;
initialization
  dword(ourAppsEntryPoint) := HInstance + GetModuleNtHeaders(HInstance).OptionalHeader.AddressOfEntryPoint;
end.

Regards, Madshi.
0
JaymolAuthor Commented:
Ahhh.....that explains why I had trouble.  I don't want the entry point of my Delphi program.  I want to select an executable and read/write the entry point of that.
0
MadshiCommented:
Then load the image of the executable into memory (e.g. by using TMemoryStream) and use the pointer of the memory (e.g. TMemoryStream.memory) instead of HModule in my example.

Regards, Madshi.
0
JaymolAuthor Commented:
Let me try.....(probably come back and ask for even MORE help!)
0
JaymolAuthor Commented:
Nah, I'm sorry Madshi, but I can't get it working.  Can you give me an example of a function that could be used like this.....

function GetEntryPoint(fName: String): Pointer;

That would be VERY nice.

Ta,

John.
0
JaymolAuthor Commented:
Madshi - I've increased the points a bit.  Could you do me a read function and a write function?

John.
0
MadshiCommented:
Okay, I'll try to write something out of my mind (not tested/compiled):

function GetEntryPoint(fName: string) : pointer;
begin
  with TMemoryStream.Create do
    try
      LoadFromFile(fName);
      dword(result) := GetModuleNtHeaders(dword(Memory)).OptionalHeader.AddressOfEntryPoint;
    finally Free end;
end;

procedure SetEntryPoint(fName: string; newEntryPoint: pointer);
begin
  with TMemoryStream.Create do
    try
      LoadFromFile(fName);
      GetModuleNtHeaders(dword(Memory)).OptionalHeader.AddressOfEntryPoint := newEntryPoint;
      SaveToFile(fName);
    finally Free end;
end;

Regards, Madshi.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
JaymolAuthor Commented:
Madshi - you are the bollocks!
0
MadshiCommented:
If I only knew what a bollock is (my online translator doesn't know this word)...    :-)

But I guess it means something good, so I thank you for saying it...   (-:
0
JaymolAuthor Commented:
Madshi - Don't worry about it.  It is a compliment though.

Thanks,

John.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Delphi

From novice to tech pro — start learning today.