Memory

Get DLL Exported Function Address From Memory

March 18, 2020
Delphi, Alternative, DLL, Exported Function, GetProcAddress, Memory

As promised, we will adapt our previous code grab an exported function directly from memory. Serious advantage of this technique: We don’t have to use CreateToolHelp32Snapshot anymore to enumerate modules and catch target module base address. We don’t need to parse PE Header from disk anymore, we will parse PE Header directly from memory. Notice, it is still necessary to use LoadLibrary API to load desired DLL in memory. ...