| Author | Message | Time |
|---|---|---|
| iago | Does anybody know how I could get a pointer to the beginning and the end of (my own) program's datasegment? I tried adding a void FirstFunction() and void LastFunction() but that didn't work :-/ | February 6, 2003, 12:02 AM |
| Yoni | You would have to open your PE header (in memory) and parse it to get that. | February 6, 2003, 3:08 AM |
| iago | So there's no function GetPointerToEnd() ? :-( | February 6, 2003, 11:50 AM |
| Yoni | AFAIK there is no AllPurposeMagicFunctions.dll | February 6, 2003, 12:08 PM |
| iago | I guess somebody should write it, then... | February 6, 2003, 1:12 PM |
| Skywing | You turn on .map and .cod generation, and parse those. | February 6, 2003, 2:16 PM |
| Etheran | [quote] Be careful, though, if it was made by a Canadian programmer you might end up with $10000000cdn, which happens to be less than a dollar American![/quote] in that case I would just go with deposit_money_in_eths_bank_account('£',100000000); :) | February 7, 2003, 2:50 AM |
| Arta | What Eth said :P | February 7, 2003, 9:55 AM |
| St0rm.iD | This isn't an exact answer to your question, but it may help. You can do stuff like this in C: [code] void myfunc() { DWORD addr; __asm { mov dword ptr addr, offset [label] } label: } [/code] | February 7, 2003, 8:24 PM |
| iago | hmm.. I like the header idea, but if Storm's actually works it would be a lot easier. Thanks! Can somebody close this topic now? It's dead :-) | February 8, 2003, 4:51 AM |
| Adron | I deleted my off-topic post and add this instead: [code] void printinfo() { unsigned base = (unsigned)GetModuleHandle(0); IMAGE_DOS_HEADER *idh = (IMAGE_DOS_HEADER*)base; IMAGE_NT_HEADERS *inh = (IMAGE_NT_HEADERS*)((unsigned)idh + idh->e_lfanew); IMAGE_SECTION_HEADER *ish = IMAGE_FIRST_SECTION(inh); for(int i = 0; i < inh->FileHeader.NumberOfSections; i++) { printf("Section %s at %08x ends at %08x, flags %08x\n", ish[i].Name, ish[i].VirtualAddress + base, ish[i].VirtualAddress + base + ish[i].Misc.VirtualSize, ish[i].Characteristics); } } [/code] | February 8, 2003, 12:41 PM |
| iago | oooh, very nice, thanks :) | February 8, 2003, 3:12 PM |
| St0rm.iD | Can you give some code to convert a virtual addr to a file offset? | February 9, 2003, 1:47 PM |
| Adron | Most of those things are actually in the imagehlp api. If you're doing things that require mapping virtual address to file offset, you're probably modifying executables. Then you should be using the imagehlp api. | February 9, 2003, 2:07 PM |
| St0rm.iD | I am...it's just that no one taught me how to load memmapped files and I'm lost lol. | February 9, 2003, 11:30 PM |
| Adron | Since i've been opening nbbot again and making some changes, i'll post this snippet from it, regarding memory mapping files: [code] LPCVOID map; int size; HANDLE h, sh; h = CreateFile(exe, GENERIC_READ, FILE_SHARE_READ|FILE_SHARE_WRITE, 0, OPEN_EXISTING, FILE_FLAG_SEQUENTIAL_SCAN, 0); if(h != INVALID_HANDLE_VALUE) { sh = CreateFileMapping(h, 0, PAGE_READONLY|SEC_COMMIT, 0, 0, 0); map = MapViewOfFile(sh, FILE_MAP_READ, 0, 0, 0); if((int)map) { size = GetFileSize(h, 0); // Do something with it UnmapViewOfFile(map); } CloseHandle(h); CloseHandle(sh); } [/code] | February 10, 2003, 7:31 PM |
| St0rm.iD | Thank you my friend. | February 11, 2003, 12:01 AM |