ADDRESS MachOBinaryFile::GetMainEntryPoint() { ADDRESS aMain = GetAddressByName ("main", true); if (aMain != NO_ADDRESS) return aMain; aMain = GetAddressByName ("_main", true); if (aMain != NO_ADDRESS) return aMain; return NO_ADDRESS; }
static BOOL read_bindery( char * name ) { /***************************************/ GUID guid = DBG_SAP_ID; static char addr_buff[1024]; DWORD len; DWORD alias_len; int protocols[2] = { NSPROTO_IPX, 0 }; INT num; LPCSADDR_INFO address_info; len = sizeof( addr_buff ); alias_len = 0; num = GetAddressByName( NS_SAP, &guid, name, protocols, 0, NULL, addr_buff, &len, NULL, &alias_len ); if( _bad_rc( num ) || num < 1 ) { return( FALSE ); } address_info = (LPCSADDR_INFO)addr_buff; PartnerAddr = *(struct sockaddr_ipx *)(address_info->RemoteAddr.lpSockaddr); return( TRUE ); }
ADDRESS DOS4GWBinaryFile::GetMainEntryPoint() { ADDRESS aMain = GetAddressByName ("main", true); if (aMain != NO_ADDRESS) return aMain; aMain = GetAddressByName ("__CMain", true); if (aMain != NO_ADDRESS) return aMain; // Search with this crude pattern: call, sub ebp, ebp, call __Cmain in the first 0x300 bytes // Start at program entry point unsigned p = LMMH(m_pLXHeader->eip); unsigned lim = p + 0x300; unsigned char op1, op2; ADDRESS addr; //unsigned lastOrdCall = 0; //TODO: identify the point of setting this variable bool gotSubEbp = false; // True if see sub ebp, ebp bool lastWasCall = false; // True if the last instruction was a call SectionInfo* si = GetSectionInfoByName("seg0"); // Assume the first section is text if (si == nullptr) si = GetSectionInfoByName(".text"); if (si == nullptr) si = GetSectionInfoByName("CODE"); assert(si); ADDRESS nativeOrigin = si->uNativeAddr; unsigned textSize = si->uSectionSize; if (textSize < 0x300) lim = p + textSize; while (p < lim) { op1 = *(unsigned char*)(p + base); op2 = *(unsigned char*)(p + base + 1); //std::cerr << std::hex << "At " << p << ", ops " << (unsigned)op1 << ", " << (unsigned)op2 << std::dec << "\n"; switch (op1) { case 0xE8: { // An ordinary call if (gotSubEbp) { // This is the call we want. Get the offset from the call instruction addr = nativeOrigin + p + 5 + LMMH(*(p + base + 1)); // std::cerr << "__CMain at " << std::hex << addr << "\n"; return addr; } //lastOrdCall = p; lastWasCall = true; break; } case 0x2B: // 0x2B 0xED is sub ebp,ebp if (op2 == 0xED && lastWasCall) gotSubEbp = true; lastWasCall = false; break; default: gotSubEbp = false; lastWasCall = false; break; case 0xEB: // Short relative jump if (op2 >= 0x80) // Branch backwards? break; // Yes, just ignore it // Otherwise, actually follow the branch. May have to modify this some time... p += op2+2; // +2 for the instruction itself, and op2 for the displacement continue; // Don't break, we have the new "pc" set already } int size = microX86Dis(p + base); if (size == 0x40) { fprintf(stderr, "Warning! Microdisassembler out of step at offset 0x%x\n", p); size = 1; } p += size; } return NO_ADDRESS; }