portable executable - Which PE header fields are used by windows loader? -

-

i'm trying understand pe header files produced executable compressor.

i've been told header fields windows uses in case intact. other, on other hand, contain complete garbage pe header perspective. i'm trying understand ones relevant ones.

let's got image_dos_header:

enter image description here

and image_file_header:

enter image description here

when open executable on debugger, stops @ address:

cpu disasm address   hex dump          command                                  comments 0040005c    53              push ebx

so, how debugger knows 0x0040005c location needs start debugging at? what'd formula calculate "entry point" address?

i guess main question here is, pe header files relevant windows perspective loader , ones used other purposes these type of packers?

from image_dos_header e_magic (for check) , e_lfanew(offset image_nt_headersxx (32 or 64) ) used. need image_nt_headers fields. entry point calc easy 

pimage_dos_header imagebase; if (imagebase->e_magic == image_dos_signature) {     union {         pvoid pv;         pimage_nt_headers32 pinth32;         pimage_nt_headers64 pinth64;      };     pv = rtloffsettopointer(imagebase, imagebase->e_lfanew);     dword addressofentrypoint = 0;     switch (pinth32->optionalheader.magic)     {     case image_nt_optional_hdr32_magic:         addressofentrypoint = pinth32->optionalheader.addressofentrypoint;         break;     case image_nt_optional_hdr64_magic:         addressofentrypoint = pinth64->optionalheader.addressofentrypoint;         break;     }     pvoid entrypoint = addressofentrypoint ? rtloffsettopointer(imagebase, addressofentrypoint) : 0; }

so image_optional_header.addressofentrypoint

when open executable on debugger, stops @ address:

bad debugger :) must stop @ ldrinitializethunk


Comments

Post a Comment

Popular posts from this blog

php - How to display all orders for a single product showing the most recent first? Woocommerce -

-
i have password protected page on frontend. on page, want display full list of purchases associated single woocommerce product id. option 1: i've looked through woocommerce docs , , found: wc_cli_order , list_( $args, $assoc_args ) function lists orders. presumably, orders can filtered product id [--=] filter orders based on order property. line item fields (numeric array, started index zero): line_items.0.product_id option 2: i found article , based on customer id. i've modified code based on guesses meta_key , meta_value. $customer_orders = get_posts( array( 'numberposts' => -1, 'meta_key' => '_product', 'meta_value' => get_product_id(), 'post_type' => wc_get_order_types(), 'post_status' => array_keys( wc_get_order_statuses() ), ) ); how display orders single product showing recent order first? here solution put based on these articles: http://www.w...
Read more

asp.net - How to correctly use QUERY_STRING in ISAPI rewrite? -

-
i'm having difficult time , hope guys can help. using helicon isapi rewrite version 3.1.0.104 on our iis server. edit http.conf file , have tried , still fail. this trying do: redirect url: https://www.domain.com/switch-by-version?version=2.8.5.2594 to: https://test.domain.com/load/load.aspx?tver=2.8.5.2594 the version number @ end source url change, , need target url have same version number @ end of url example above shows. i tried following not work: rewritecond %{query_string} ^version=(\d\d?)\.(\d\d?)\.(\d\d?)\.(.*)$ [nc] rewriterule ^/switch-by-version(.*)$ https://test.domain.com/load/load.aspx?tver=%1 [r=307,nc,l] any appreciated! thanks. if it's running in equivalent context of .htaccess , rule shouldn't start / . here's simpler version: rewritecond %{query_string} ^version=(\d+\.\d+\.\d+(?:\..+)?)$ [nc] rewriterule ^switch-by-version/?$ https://test.domain.com/load/load.aspx?tver=%1 [r=307,nc,l]
Read more

angularjs - How restrict admin panel using in backend laravel and admin panel on angular? -

-
https://scotch.io/tutorials/token-based-authentication-for-angularjs-and-laravel-apps following tutorials, try write authentication restrict admin panel, didn't understood how can that. this admin panel, admin panel don't want show , request database unauthenticated users. my laravel-routes route::get('/admin',function(){ return view('index'); }); route::get('/api/v1/employees/{id?}', 'employees@index'); route::get('/api/v1/users/{id?}', 'employees@users'); route::post('/api/v1/employees', 'employees@store'); route::post('/api/v1/employees/{id}', 'employees@update'); route::delete('/api/v1/employees/{id}', 'employees@destroy'); route::group(['prefix' => 'api'], function() { route::resource('authenticate', 'authenticatecontroller', ['only' => ['index']]); route::post('authenticate', 'authentic...
Read more