How can I get a function entry point?
Question
I created a child process from within my process with CreateProcess() and suspend the child process. I can get the main entry point in the memory of child process, but how should I get function entry point of child process?
This is how I get the main entry point of child process
DWORD FindEntryPointAddress( TCHAR *exeFile )
{
BY_HANDLE_FILE_INFORMATION bhfi;
HANDLE hMapping;
char *lpBase;
HANDLE hFile = CreateFile(exeFile, GENERIC_READ, FILE_SHARE_READ, NULL, OPEN_EXISTING, 0, NULL);
if (hFile == INVALID_HANDLE_VALUE)
;
if (!GetFileInformationByHandle(hFile, &bhfi))
;
hMapping = CreateFileMapping(hFile, NULL, PAGE_READONLY, bhfi.nFileSizeHigh, bhfi.nFileSizeLow, NULL);
if (!hMapping)
;
lpBase = (char *)MapViewOfFile(hMapping, FILE_MAP_READ, 0, 0, bhfi.nFileSizeLow);
if (!lpBase)
;
PIMAGE_DOS_HEADER dosHeader = (PIMAGE_DOS_HEADER)lpBase;
if (dosHeader->e_magic != IMAGE_DOS_SIGNATURE)
;
PIMAGE_NT_HEADERS32 ntHeader = (PIMAGE_NT_HEADERS32)(lpBase + dosHeader->e_lfanew);
if (ntHeader->Signature != IMAGE_NT_SIGNATURE)
;
DWORD pEntryPoint = ntHeader->OptionalHeader.ImageBase + ntHeader->OptionalHeader.AddressOfEntryPoint;
UnmapViewOfFile((LPCVOID)lpBase);
CloseHandle(hMapping);
CloseHandle(hFile);
printf( "test.exe entry point: %p\n", pEntryPoint );
return pEntryPoint;
} // FindEntryPointAddress()
My purpose is if I don't have the child process source code and I just have the child process .exe file, can I get the function entry point of child process?
child process like this
void foo()
{
char str[10];
strcpy( str, "buffer\n" );
} // foo()
int main()
{
foo();
return 0;
} // main()
2 answers
solution1
2 2012-01-10 08:01:00
There is nothing called an entry point for a function. If you want to understand the flow of execution when a function is called, then you can put some printf() statements like as follows:
#include <stdio.h>
void foo(void)
{
printf("Entering %s:%s:%d\n", __FILE__, __func__, __LINE__);
return;
}
int main(void)
{
printf("Entering %s:%s:%d\n", __FILE__, __func__, __LINE__);
foo();
return 0;
}
Or you can use gdb and set breakpoints in the beginning of each function to see the flow of execution!
solution2
0 2012-01-10 08:38:10
Using gdb and breakpoints as suggested by Sangeeth Saravanaraj is actually the best method, but if you're intent on a runtime solution and would like an alternative to continually copy and pasting the same printf statement in every function you would like to track, you can use a (possibly dangerous) macro.
#include <stdio.h>
#define trace_func(_func) printf("Entering %s:%s:%d\n", __FILE__, __func__, __LINE__); _func
void fooAgain(int myValue)
{
printf("This is fooAgain, with my value: %d.\n", myValue);
}
void foo(void)
{
printf("Hello, I'm foo.\n");
trace_func(fooAgain(15));
}
int main(int argc, char** argv)
{
trace_func(foo());
return 0;
}
Returns:
Entering *yourfilepath*/main.c:main:18
Hello, I'm foo.
Entering *yourfilepath*/main.c:foo:13
This is fooAgain, with my value: 15
If you want to be a terrible person and be able to leave the code in even when you build for release, you can do this (but don't, it is a horrible practice and wrong. I include it for the sake of completion).
Change the define statements to:
#define TRACE_FUNCTIONS
#ifdef TRACE_FUNCTIONS
#define trace_func(_func) printf("Entering %s:%s:%d\n", __FILE__, __func__, __LINE__); _func
#else
#define trace_func(_func) _func
#endif
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.