Nah, sorry for being unclear. I meant the EntryPoint. As you might know, every thread has an own stack. When the thread is created the entrypoint of the thread is stored on the 3rd DWORD from the stack top (you start from the top address in the stack and move to the beginning).
Originally Posted by .::SCHiM::.
This address can be retrieved from the ThreadEnvironmentBlock (TEB).
At TEB+0x04 there is a DWORD indicating the address of the stack top. And as I said earlier the entrypoint is located as the 3rd DWORD from the top, meaning it's in TopOfStack - 0xC.
In ASM this could be done like this:
Hope that this made any sense.
mov eax,dword ptr fs:[18h] // TEB
mov eax,dword ptr ds:[eax+4h] // TEB.TopOfStack
lea eax,dword ptr ds:[eax-0Ch] // TEB.TopOfStack.EP
mov dword ptr ds:[eax],MY_ADDRESS // Change the EP to your address