Menu
If you assemble a PE (.exe, portable executable for Win32) file it has an entry point which you could call _start, _main or whatever you like.
The question is - is this entry point called with some args? If so, are they accessible in the stack? If so, does this entry point function need to clear the stack? Where can I find some documentation about this?
244
The PE entry point is defined in the IMAGE_OPTIONAL_HEADER structure, in the AddressOfEntryPoint field: A pointer to the entry point function, relative to the image base address. For executable files, this is the starting address. For device drivers, this is the address of the initialization function.
The entry point is given by AddressOfEntryPoint in the PE header, which gives you the virtual address of the entry point.
text: This is normally the first section and contains the executable code for the application. Inside this section is also an entry point of the application: the address of the first application instruction that will be executed.
After the MS-DOS stub, at the file offset specified at offset 0x3c, is a 4-byte signature that identifies the file as a PE format image file. This signature is "PE\0\0" (the letters "P" and "E" followed by two null bytes).
No the process does not have any information about it's arguments on the stack at the entry point. You have to call GetCommandLine or access the information in the PEB via RTL_USER_PROCESS_PARAMETERS, but that's not a stable API.
Every language support library (like the CRT) has to do this as well.
200
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
