Can i set entry point at code in PE headers?

Question

If I set something like 0x00000040 (my code is located at this address), then the program crashes with this error:

The application was unable to start correctly (0xc000007b)

But if I jmp from the code section to 0x00400040 then it works.

Why did I get error with that strange address (0xc000007b)? Is it possible to start the execution of program from code which is located outside sections?

I use Windows 8.

Answer 1

0xc000007b is an error code from Windows. You can look them up here. Yours is STATUS_INVALID_IMAGE_FORMAT.

I'm assuming you modify AddressOfEntryPoint in the PE Header. For here:

AddressOfEntryPoint: A pointer to the entry point function, relative to the image base address. For executable files, this is the starting address. For device drivers, this is the address of the initialization function. The entry point function is optional for DLLs. When no entry point is present, this member is zero.

So if you set this value to 0x40, it would point to an address in the DOS Header (the very beginning of your module). The header block in memory does not have the correct memory protection to be executed, so the OS loader will fail.

My guess is that you actually wanted to jump to 0x1040, which on a Windows 8 system with a typical executable would be 0x40 bytes after the first address of the code section.