Phrozen Timeline - Phrozen
Get DLL Exported Function Address 23 Nov 2020

This very small snippet is an adaptation of the previously released unit > UntEnumDLLExport.pas with just one goal, retrieve an exported function address by its name from any DLL (both 32 and 64bit).

This adaptation is also interesting because it remove the need of having both heavy units Generics.Collections and SysUtils to have a smaller binary.

Finally it is also quite interesting for tweaking our GetProcAddress alternative (you will find here) and only have the necesarry code.

Read more...
Get DLL Exported Function Address From Memory 23 Nov 2020

As promised, we will adapt our previous code grab an exported function directly from memory.

Serious advantage of this technique:

  • We don't have to use CreateToolHelp32Snapshot anymore to enumerate modules and catch target module base address.
  • We don't need to parse PE Header from disk anymore, we will parse PE Header directly from memory.

Read more...