Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/mp81ss/get_api_address

A small and portable 32/64 bit C code to get windows API address without calling any API
https://github.com/mp81ss/get_api_address

address api getprocaddress kernel32 kernel32-dll malware win32 win64 windows

Last synced: about 2 months ago
JSON representation

A small and portable 32/64 bit C code to get windows API address without calling any API

Host: GitHub
URL: https://github.com/mp81ss/get_api_address
Owner: mp81ss
License: unlicense
Created: 2020-04-29T20:30:14.000Z (over 4 years ago)
Default Branch: master
Last Pushed: 2023-09-15T10:33:50.000Z (over 1 year ago)
Last Synced: 2023-09-16T03:10:11.502Z (over 1 year ago)
Topics: address, api, getprocaddress, kernel32, kernel32-dll, malware, win32, win64, windows
Language: C
Size: 9.77 KB
Stars: 2
Watchers: 0
Forks: 2
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        # ARCHIVED - Moved to gitlab

This mini-library allows to retrieve API address in loaded modules **without**

calling standard API *GetProcAddress*.

Usually this code is found in assembly-written malware to avoid detection and to

bypass other PE-format restrictions on functions export.

This code is written in C with some extension to the standard specification and

can be compiled in both 32-bit and 64-bit  without modifying anything.

Actually VisualStudio and Digitalmars compiler support this code.

The code just export a single api:

```C

FARPROC get_api_address(LPCSTR name, LPCVOID its_page, LPCVOID* found_page);

```

See code for technical details

All this code is released in public domain