Skip to content
/ SymProcAddress Public

Zero EAT touch way to retrieve function addresses (GetProcAddress on steroids)

141 stars 17 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

MzHmO/SymProcAddress

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
.vs/SymProcAddress
.vs/SymProcAddress
 
 
SymProcAddress
SymProcAddress
 
 
x64/Debug
x64/Debug
 
 
README.md
README.md
 
 
SymProcAddress.sln
SymProcAddress.sln
 
 

Repository files navigation

SymProcAddress

Zero EAT touch way to retrieve function addresses (GetProcAddress on steroids)

изображение

TL;DR

Just check the example usage, this is similar to the standard GetProcAddress function:

typedef int (WINAPI* MessageBoxWFunc)(
	HWND    hWnd,
	LPCWSTR lpText,
	LPCWSTR lpCaption,
	UINT    uType
	);

int main()
{
	HMODULE hModule = NULL;

	//hModule = GetModuleHandle("user32.dll");
	hModule = LoadLibraryA("user32.dll"); 
	MessageBoxWFunc MessageBoxWPtr = (MessageBoxWFunc)(SymProcAddress(hModule, "MessageBoxW"));
	MessageBoxWPtr(NULL, L"Lol who said GetProcAddress() xD", L"Hi from MzHmO", MB_OK);

	return 0;
}

You only need to include the function code in your project and you will be able to use my method of function address resolution

How It Works

I discovered that we can use DbgHelp to list all symbols in a PE image. The program lists all symbols based on the base address (hModule). So, when you call SymFuncAddress() for the first time, the program will create a dictionary with "function name - function address" key-value pairs, after which you can get the addresses of any functions you are interested in from the Dll.

About

Zero EAT touch way to retrieve function addresses (GetProcAddress on steroids)

Resources

Readme
Activity

Stars

141 stars

Watchers

5 watching

Forks

17 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages