Reputation: 13850
How do get the (relocated) entry point of an executable participating in ASLR on Windows?
How do get the (relocated) entry point of an executable participating in ASLR on Windows?
Suppose the executable has been loaded and that it participates in ASLR.
The PE header gives the executable's entry point when loaded without ASLR. However, ASLR should be "random", so the header cannot tell anything about the new entry point?
How would I locate my ASLR executable in memory, so that, e.g., I can inspect it and (possible) modify it.
Upvotes: 0
Views: 522
Answers (1)
Reputation: 36318
If your code is running in the context of the process whose main module you want to locate, you can call either GetModuleHandle or GetModuleHandleEx, passing NULL instead of a module name.
Note that in 32-bit or 64-bit Windows, a "module handle" is in fact a pointer to the virtual address of the module. (This wasn't true in 16-bit Windows.)
If your code is running in a separate process, you can use EnumProcessModules as described here.
Upvotes: 2
Related Questions
- Is there a way to find out the location that the executable file is being run from during runtime?
- How do I determine if an EXE (or DLL) participate in ASLR, i.e. is relocatable?
- How to find the entry point(or base address) of a process - take care of ASLR
- Address of entry point
- how to get "address of entry point" from exe file in visual c++?
- Finding the Raw entrypoint
- How to find a (PE)Executable entry point in RAW memory?
- How to find offset of Dword where Address Of entry point of an executable is stored
- How to find C# entry point for Non exe program?
- How can I determine the location of disassembled code within an executable?