Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

when executed text section

ahmadmansoor
ahmadmansoor
in Programming and Coding

Featured Replies

Posted

is there a Good code (function is better ) to know when the exe file executed from text section ...in access or write

no problem if it is ASM or C++ Or VB6.0

many thanks

Hello my friend ahmed :)

What do you mean with "executed from text section" ??

Do you mean "Entry Point located in text section" ??

  • Author
Hello my friend ahmed :)

What do you mean with "executed from text section" ??

Do you mean "Entry Point located in text section" ??

Many Thanks for u replay my friend ,yse I need like this "Entry Point located in text section" :thumbsup: ... or anything like it ....

Many Thanks Arabic Team :wub:

here's a sample code ... i did nothing, just used apis :D

#include "stdafx.h"
#include <stdio.h>
#include <windows.h>
#include <imagehlp.h>#pragma comment ( lib, "imagehlp.lib" );
int _tmain(int argc, _TCHAR* argv[])
{
	//first we map the file ... any file
	HANDLE hFile = CreateFile( "EP Location.exe", GENERIC_READ, FILE_SHARE_READ, 0, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, 0 );
	HANDLE hMap = CreateFileMapping( hFile, 0, PAGE_READONLY, 0, 0, 0 );
	PVOID pFile = MapViewOfFile( hMap, FILE_MAP_READ, 0, 0, 0 );	//get the NT_HEADER address
	PIMAGE_NT_HEADERS nt = ImageNtHeader( pFile );	// get the entry point value
	DWORD EntryPoint = nt->OptionalHeader.AddressOfEntryPoint;	// get the section contains this rva
	PIMAGE_SECTION_HEADER sec = ImageRvaToSection( nt, pFile, EntryPoint );	// print the section name ... remember that it's a 8 byte array not a null-terminated string 
	// so you must precise it's size
	printf( "%.8s", sec->Name );
	// unmap the file
	UnmapViewOfFile( pFile );
	CloseHandle( hMap );
	CloseHandle( hFile );	//just to keep alive :p
	getchar();	return 0;
}

project in attachments

EP_Location.rar

Ahmed... If you by any chance mean that you need a function that serves as an automated possible OEP detector, for unpacking purposes, i would suggest trying Human's, deroko's or UsAr's OEP finders...

Trick is to set PAGE_GUARD attribute on the .text section, and check if EIP is within range whille debugging your target ...

http://deroko.phearless.org./rce.html

http://usar.pp.ru/download/

http://www.exetools.com/forum/showthread.php?t=8841

Edited by HVC

  • Author

I don't know what i can say many Thanks for (GamingMasteR ,HVC,sdy100 ) ,many thanks for ur fast replay :flowers:

i appreciate ur help .......Thanks in adv ;)

i will try it

Edited by ahmadmansoor

Create an account or sign in to comment

Go to topic listing

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.