Question [c++]

iago · February 05, 2003, 06:02 PM

Does anybody know how I could get a pointer to the beginning and the end of (my own) program's datasegment? I tried adding a void FirstFunction() and void LastFunction() but that didn't work :-/

Yoni · February 05, 2003, 09:08 PM

You would have to open your PE header (in memory) and parse it to get that.

iago · February 06, 2003, 05:50 AM

So there's no function GetPointerToEnd() ? :-(

Yoni · February 06, 2003, 06:08 AM

AFAIK there is no AllPurposeMagicFunctions.dll

iago · February 06, 2003, 07:12 AM

I guess somebody should write it, then...

Skywing · February 06, 2003, 08:16 AM

You turn on .map and .cod generation, and parse those.

Etheran · February 06, 2003, 08:50 PM

QuoteBe careful, though, if it was made by a Canadian programmer you might end up with $10000000cdn, which happens to be less than a dollar American!

in that case I would just go with
deposit_money_in_eths_bank_account('£',100000000);

Arta · February 07, 2003, 03:55 AM

What Eth said

Banana fanna fo fanna · February 07, 2003, 02:24 PM

This isn't an exact answer to your question, but it may help.

You can do stuff like this in C:

Code Select

void myfunc() {
      DWORD addr;

      __asm {
            mov dword ptr addr, offset [label]
      }
label:
}

iago · February 07, 2003, 10:51 PM

hmm.. I like the header idea, but if Storm's actually works it would be a lot easier.

Thanks! Can somebody close this topic now? It's dead :-)

Adron · February 08, 2003, 06:41 AM

I deleted my off-topic post and add this instead:

Code Select

void printinfo()
{
      unsigned base = (unsigned)GetModuleHandle(0);
      IMAGE_DOS_HEADER *idh = (IMAGE_DOS_HEADER*)base;
      IMAGE_NT_HEADERS *inh = (IMAGE_NT_HEADERS*)((unsigned)idh + idh->e_lfanew);
      IMAGE_SECTION_HEADER *ish = IMAGE_FIRST_SECTION(inh);
      for(int i = 0; i < inh->FileHeader.NumberOfSections; i++) {
            printf("Section %s at %08x ends at %08x, flags %08x\n", 
                  ish[i].Name, ish[i].VirtualAddress + base, ish[i].VirtualAddress + base + ish[i].Misc.VirtualSize, ish[i].Characteristics);
      }
}

iago · February 08, 2003, 09:12 AM

oooh, very nice, thanks

Banana fanna fo fanna · February 09, 2003, 07:47 AM

Can you give some code to convert a virtual addr to a file offset?

Adron · February 09, 2003, 08:07 AM

Most of those things are actually in the imagehlp api. If you're doing things that require mapping virtual address to file offset, you're probably modifying executables. Then you should be using the imagehlp api.

Banana fanna fo fanna · February 09, 2003, 05:30 PM

I am...it's just that no one taught me how to load memmapped files and I'm lost lol.