Menu
Is it always at the lowest address of code section?
832
No, not necessarily. The PE entry point is defined in the IMAGE_OPTIONAL_HEADER structure, in the AddressOfEntryPoint field:
A pointer to the entry point function, relative to the image base address. For executable files, this is the starting address. For device drivers, this is the address of the initialization function. The entry point function is optional for DLLs. When no entry point is present, this member is zero.
A linker can set this to be whatever it wants to be, as long as its a valid relative virtual offset into the PE. Some compilers and linkers might have the convention of putting the entry point at the beginning of the text/code section, but there's no OS or PE format requirement for it.
112
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
