Picture this scenario: Your boss enters your office with a project--you must find out with no access to source code what a 3rd party module is doing to the company's main product. If you are lucky, you might be provided with an actual address or two by the help desk as possible places to launch your investigation. How do you begin? Where do you start? As is the case with any brand-new situation, it helps to have a familiar point of reference that can be used as a place to return to again and again. With native Win32 executables one point of reference is a class of addresses that I call "entry-points." My aim in this article is to point out and explain eleven ways PEBrowse Professional can be used to help identify entry-points and provide you with a comfortable reference point to return to again and again.
Before I continue much farther, I should clarify what I mean by an "entry-point." Expanding this term beyond the normal WinMain or DllMain addresses that programs and dynamic-link libraries respectively possess, I will include as an entry-point any valid address that leads to the start of a complete internal method or function in an executable. And to help with recognizing and identifying these entry-points, I will use as my 3rd party module the system DLL, MSSCRIPT.OCX, the Microsoft ® Script Control, v188.8.131.5220, since it and similar modules contain the eleven types of addresses PEBrowse can isolate and identify.
|prev page||1st page||next page|