Re: argv
- From: Bill Kelly <billk cts com>
- To: gtk-app-devel-list gnome org
- Subject: Re: argv
- Date: Sat, 16 Apr 2016 23:41:41 -0700
Andrew Robinson wrote:
The AddressOfEntryPoint is 00000088 and is determined by me. The entry point
is therefore always the same.
I may be misunderstanding the problem; but if you're implementing the startup
code yourself, don't you need to call GetCommandLine() in Kernel32.lib/Kernel32.dll?
Or obtain the command line from the NT Process Environment Block structure directly?
As I understand it, nothing is passed on the stack to the entry point of an EXE.
The fs segment register is initialized, however, and your Process' PEB structure
can be obtained via fetching from segment fs, offset 0x30. (Or gs:0x60 for x64.)
This would allow direct access to the ProcessParameters structure, as it is a
field in the (semi-documented) PEB.
References:
http://undocumented.ntinternals.net/index.html?page=UserMode%2FUndocumented%20Functions%2FNT%20Objects%2FProcess%2FPEB.html
http://tech.reboot.pro/printthread.php?tid=4417
Regards,
Bill
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
