Phrozen Timeline

This very small snippet is an adaptation of the previously released unit > UntEnumDLLExport.pas with just one goal, retrieve an exported function address by its name from any DLL (both 32 and 64bit).

This adaptation is also interesting because it remove the need of having both heavy units Generics.Collections and SysUtils to have a smaller binary.

Finally it is also quite interesting for tweaking our GetProcAddress alternative (you will find here) and only have the necesarry code.

Read more...

As promised, we will adapt our previous code grab an exported function directly from memory.

Serious advantage of this technique:

  • We don't have to use CreateToolHelp32Snapshot anymore to enumerate modules and catch target module base address.
  • We don't need to parse PE Header from disk anymore, we will parse PE Header directly from memory.

Read more...