Heres a question that begs asking, as I have never seen a definitive answer to this question :
What are the register values set to apon entry to a win32 PE file?
I mean at the moment that the IP is pointing at the EntryPoint,
after the PE-Loader has loaded the segments into memory.
What are the register values set to apon entry to a win32 PE file?
I mean at the moment that the IP is pointing at the EntryPoint,
after the PE-Loader has loaded the segments into memory.
these values are not fixed and you can't rely on them...
and again... search google for "Win95 structures and secrets"
and you'll find an interesting document about this topic...
and again... search google for "Win95 structures and secrets"
and you'll find an interesting document about this topic...
Download my free symbolic debugger and find out!
from www.GoDevTool.com
from www.GoDevTool.com