EntryPoint, Pointer and Disassembling by means of a TDisAsm instance
Using DisAsm32 by Russell Libby, disassembling a procedure/function/method is just a matter of passing a (consistent) Pointer to the procedure TDisAsm.Disassemble(Address: Pointer; Size: Cardinal = 0);.
So far, I have managed to disassemble any arbitrary procedure/method, even from a loaded external module (BPL/DLL) provided they are appropriately exported.
From the current process (The EXE image loaded by windows loader), I want to get a valid pointer to the entrypoint.
I want to come up with something akin to IDR (Interactive Delphi Compiler) provides through it's Code Viewer Tab but from the Exe running instance itself.
How can it be done? I'm not very comfortable with PE structures for the time being (but I am striving to, trust me) and wonder wether they are relevant for the purpose.
My own answer:
I came up with the working solution as follows
function TForm1.GetEntryPoint: Pointer;
var
DosHeader: PImageDosHeader;
NtHeaders : PImageNtHeaders;
OptionalHeader: PImageOptionalHeader;
begin
DosHeader := PImageDosHeader(HInstance + 0);
NtHeaders := PImageNtHeaders(HInstance + Cardinal(DosHeader^._lfanew));
OptionalHeader := PImageOptionalHeader(Cardinal(NtHeaders) + SizeOf(DWORD) + IMAGE_SIZEOF_FILE_HEADER);
//
Result := Pointer(HInstance + OptionalHeader^.AddressOfEntryPoint);
end;
Side Note:
SysInit.HInstance is the same as System.MainInstance: My preference goes for it as it sounds more C/C++ and find that more meaningfull for the case.
DisAsm32 goes beyond the call @Halt0 instruction when disassembling from the EntryPoint: It is designed to disassemble function/procedure/method and considers a ret instruction as the end.
The moral of it:
I will look for other more appealing disassembler such as BeaEngine and will keep the ball rolling.
- How to list all the removable devices with DBus and UDisks2?
- gobject/gnome/glib bindings for D using GIR?
- How do nested functions get compiled?
- The "this" pointer and message receiving in D
- 64-bit executables with DMD
- GtkD with D lang on Fedora
- Why Android used Java concept instead of D language or C or C++? But Chromium web browser is in C++, its very complicated match
- How to use MongoItemWriter to write a List<T>
- Why a function with protected modifier can be overridden and accessible every where?
- Convert Unicode const(uint)* to a dlang character type
- Compiling D with Code::Blocks
- DMD vs. GDC vs. LDC
- Rendering a font in raylib using freetype
- Digital Mars D compiler; acquiring ASM output
- D Programming: openssl rsa forward reference compiler error
- D compiler DMD doesn't link object files
- OPTLINK: Warning 23: No Stack
- Is there a limit in the amount of temporary generated symbols during a project build using dmd 2.063?
- Is this the right way to combine Garbage collected with none Garbage collected code in D
- D compiler (Digital Mars D Compiler) throwing error
- Which D Compiler to Use?
- Splitting a string treating multiple whitespace as one separator
- Proper way of passing array parameters to D functions
- Detailed Valgrind internals documentation
- Is it possible, in D, to tell the garbage collector to not scan a particular pointer (or anything below it)?
- Iterate over key/value pairs in associative array in D.
- Dlang associative array of an array of strings keyed by a string has unexpected behavior
- How to repeat a statement N times (simple loop)
- Is worth the effort to learn D?
- ld: undefined reference to object I can see in objdump