Implementation of custom GetProcAddress using library exports.
The code is pretty much easy and self explanatory. It also contains alot of comments, but I'll summarize the steps of the process here anyways.
The process of being able to access functions in other loaded modules:
- Enumerate through all modules and get target module base address.
- Get the DOS header which is located at the base address of the module.
- Get NT headers through DOS's e_lfanew offset.
- Get thhe EXPORT_DATA_DIRECTORY out of the optional header.
- Check if the module has any exports
- Get the EXPORT_DIRECTORY out of VirtualAddress field inside EDD.
- From now one we have access to all the tables - names, addresses and ordinals.
- We iterate through all exports inside the table and get the function we want using an ordinal which serves as an index into the export table.
