c++ - Is it possible to change the entry point of a process from a DLL? -
the default entry point application processes 0x401000.
is there way shift or change entry point of process? example, if wanted change entry point 0x901000 externally using dll (assuming process loaded dll via c++)?
i'm trying create dll edit process's default entry point.
yes, can change imagebase in optional header of portable executable, if linker allows this. linkers set imagebase=0x10000 when linking executable , 0x400000 when linking dll. however, number chosen arbitrarily (i guess because easy remember , looks in debuggers) , may disobeyed loader if memory occupied. see http://msdn.microsoft.com/en-us/library/ms809762.aspx table 3. paragraph image_optional_header.imagebase:
when linker creates executable, assumes file memory-mapped specific location in memory. address stored in field, assuming load address allows linker optimizations take place. if file memory-mapped address loader, code doesn't need patching before can run. in executables produced windows nt, default image base 0x10000. dlls, default 0x400000. in windows 95, address 0x10000 can't used load 32-bit exes because lies within linear address region shared processes. because of this, microsoft has changed default base address win32 executables 0x400000. older programs linked assuming base address of 0x10000 take longer load under windows 95 because loader needs apply base relocations.
Comments
Post a Comment