Dynamic API Resolution
Create declerations for the functions you are going to call.
HANDLE (WINAPI *myHeapCreate)( DWORD flOptions, SIZE_T dwInitialSize, SIZE_T dwMaximumSize );
LPVOID (WINAPI *myHeapAlloc)( HANDLE hHeap, DWORD dwFlags, SIZE_T dwBytes);
Resolve them,
HMODULE kernel32dll = GetModuleHandleA("kernel32.dll");
myHeapCreate = GetProcAddress(kernel32dll, "HeapCreate");
myHeapAlloc = GetProcAddress(kernel32dll, "HeapAlloc");
And now you call them,
HANDLE hHeap = myHeapCreate(HEAP_CREATE_ENABLE_EXECUTE, 0, 0);
void* hmem = myHeapAlloc(hHeap, 0, 0x1000);
You can ideally encode hardcode strings like "kernel32.dll", "HeapCreate" etc.
Dynamically resolving hashed-NTAPI Calls
Last updated