Contribute  :  Web Resources  :  Past Polls  :  Site Statistics  :  Downloads  :  Forum  
    BiW ReversingThe challenge is yours    
 Welcome to BiW Reversing
 Wednesday, October 27 2021 @ 08:51 PM CEST

Entrypoint reader/writer tool


CodingLevel : beginner

OS : windows
Language : ASM/C++

RPE is a small tool that can set the Entry Point to executables.
Examples given in readme.txt.
Source included! Although not everything is comment, I am sure you can understand it as it's all API wrapping :)

Have fun modifying your PE files!

The project contains a GUI written in C++, which uses a dll written in ASM.

The dll has 2 extern functions. ReadPE and WritePE.
The sourcecode for the dll (.def file in the attachment) :

.486                       ; create 32 bit code

.model flat, stdcall       ; 32 bit memory model

option casemap :none       ; case sensitive



includelib masm32libkernel32.lib


DllEntry proc hInst:DWORD, reason:DWORD, reserved1:DWORD

xor eax, eax

inc eax


DllEntry Endp



bytwrit    dd ?

fhandle    dd ?



invoke CreateFile, [myfile], GENERIC_WRITE+GENERIC_READ, 0, 0, OPEN_EXISTING, 0, 0


je @end

mov [fhandle], eax

; ллллллллллллллллллллллллллллллллллллллллллллллллллллллллллллллллллллллллл

; look up for string "PE" here

push edi

push esi

invoke GetFileSize, [fhandle], 0

mov edi, eax

xor esi, esi

add esi, 20h ;skip the dosheader which is 20h long


invoke ReadFile, [fhandle], [EP], 4, ADDR bytwrit, 0

invoke SetFilePointer, [fhandle], esi, 0, FILE_BEGIN

inc esi

mov edx, offset mype

invoke lstrcmp, [EP], edx

cmp esi, edi

je @end2

test eax, eax

jne @B

pop esi

; look up ends here

; ллллллллллллллллллллллллллллллллллллллллллллллллллллллллллллллллллллллллл

; add another 27h after we found the "PE" string to get teh entrypoint ;-)

invoke SetFilePointer, [fhandle], 27h, 0, FILE_CURRENT

push eax

invoke ReadFile, [fhandle], [EP], 4, ADDR bytwrit, 0

; get image base

invoke SetFilePointer, [fhandle], 8, 0, FILE_CURRENT

invoke ReadFile, [fhandle], [ImageBase], 4, ADDR bytwrit, 0

mov edx, [fhandle]

pop eax




mov eax, dword ptr [EP]

mov edx, eax

add edx, 4

mov dword ptr [eax], 0

mov dword ptr [edx], 0

mov edx, [fhandle]

xor eax, eax

pop edi

jmp @end

mype db "PE", 0, "BoR0" ;) watermark!


WritePE PROC myfile:DWORD, EntryP:DWORD


EP2 dd ?

IB dd ?

fh dd ?


invoke ReadPE, [myfile], ADDR EP2, ADDR IB

test eax, eax

je @end2

mov dword ptr [fh], edx

push edx

invoke SetFilePointer, [fh], eax, 0, FILE_BEGIN

invoke WriteFile, [fh], ADDR EntryP, 4, ADDR IB, 0

pop edx




end DllEntry
Download binary and source here

What's Related

Story Options

Entrypoint reader/writer tool | 2 comments | Create New Account
The following comments are owned by whomever posted them. This site is not responsible for what they say.
Entrypoint reader/writer tool
Authored by: BoR0 on Thursday, December 29 2005 @ 01:38 PM CET

Idea originally stolen by haggar's information about the lame packer that is bypassable by changing the OEP only (the one by ExeIcon) :)
Entrypoint reader/writer tool
Authored by: Angel-55 on Sunday, May 13 2007 @ 07:07 PM CEST
Not bad as a start for a PE tool but
i think that choosing the File using OpenFileName
is better than writting it's name especialy when the
file isn't in the same directory so improvment is needed !!

But still nice work mate keep it up :)
 Copyright © 2021 BiW Reversing
 All trademarks and copyrights on this page are owned by their respective owners.
Powered By Geeklog 
Created this page in 0.70 seconds