windows


How do get the (relocated) entry point of an executable participating in ASLR on Windows?


How do get the (relocated) entry point of an executable participating in ASLR on Windows?
Suppose the executable has been loaded and that it participates in ASLR.
The PE header gives the executable's entry point when loaded without ASLR. However, ASLR should be "random", so the header cannot tell anything about the new entry point?
How would I locate my ASLR executable in memory, so that, e.g., I can inspect it and (possible) modify it.
If your code is running in the context of the process whose main module you want to locate, you can call either GetModuleHandle or GetModuleHandleEx, passing NULL instead of a module name.
Note that in 32-bit or 64-bit Windows, a "module handle" is in fact a pointer to the virtual address of the module. (This wasn't true in 16-bit Windows.)
If your code is running in a separate process, you can use EnumProcessModules as described here.

Related Links

Boot sequences in Windows XP
How can I put the desktop files on other drive, e.g. D:? [closed]
Problems with running remote daemon (and not only) processes via PowerShell
Debugging cdb with -c always stops at break instruction exception
Assembly syntax to distinguish two forms of near jump
Is there any way to backup ACLs and all advance attributes(encrypted or compressed) using python?
how do I run an msi with SEE_MASK_NOZONECHECKS without restart
java.exe in system32 folder not always created [closed]
how to free memory malloced by called WTSEnumerateSessionsEx?
How to keep remote powershell command alive after session end?
VBA, FileSystemObject, Windows sort order
Where can I find large amount of exe files?
PriviledgedActionException Failed to set permissions of path
Get file name and append to beginning of line
C++ -'Stream' Undeclared identifier
Updating the path within a batch file

Categories

HOME
ng-idle
dns
ecmascript-6
android-studio-2.2
youtube-data-api-v3
odoo-8
distribution
x-cart
speech-synthesis
code-generation
parameter-passing
null-pointer
wolframalpha
jersey-1.0
gmm
inno-download-plugin
nstimer
progress-bar
bioinformatics
magento-1.8
constexpr
send
testbed
fstream
memory-address
laravel-eloquent
simplecv
clickjacking
android-gridview
hard-drive
contacts
jwplayer6
hivemq
zoomify
linq-to-objects
urlsession
softmax
smoothstate.js
avcapturedevice
wc
signal-strength
photos
oim
jide
pom.xml
sonarlint-eclipse
pair-programming
java-bytecode-asm
mach-o
django-1.10
swingworker
filenet
donations
atlas
autosar
pacemaker
watch-os-2
model-associations
scaffolding
embedding
gcloud-ruby
upx
cortex-m
nullable
halcon
toast
django-urls
rubaxa-sortable
apache-commons-daemon
cwrsync
kubuntu
cryptographichashfunction
jbake
webfinger
teaspoon
gii
dot42
mbunit
mongohq
joomla-template
composite-component
resource-management
idn
paginator
objective-j
scrollbars
duplex
asynchronous-wcf-call
online-storage
commercial-application

Resources

Encrypt Message



code
soft
python
ios
c
html
jquery
cloud
mobile