Dynamically importing functions C++

This post will introduce you to a relatively simple concept, the purpose of this is to hide functions from the IAT and also call functions from Windows Native API.

The way this is done is by:

Defining the prototype of the function (use MSDN for that)
Loading the DLL (unless it is kernel32.dll) -> LoadLibrary
Getting the handle of the module -> GetModuleHandle
Getting the function address -> GetProcAddress

Stop here if you want to figure out how to actually code it

Defining the function’s prototype
Loading the module
Getting the function addy
Calling the function
Function from user32.dll

So let’s hop into coding!

The first example I’ll give is for CreateProcessW (check this if you don’t know what W means)

Defining the function’s prototype

By checking the MSDN documentation we come across this prototype:

That green underline is due to VS not finding the definition of that function yet.

WINAPI is an alias for stdcall (a calling convention).

So, let’s arrange that, make it a function pointer and typedef:

Ps: Note that Asterisk after WINAPI, meaning it refers to a function pointer.

Now we write a variable of that type:

Remember that writing the function pointer is optional but makes the code way cleaner.

Loading the module

The next step is getting the handle of Kernel32.dll since that’s where CreateProcessW lies (you can find that out by the library requirement on the MSDN page), we don’t need to load it since it gets automatically loaded into every process:

Getting the function address

The final step before actually calling the function is to get the address of the function:

Calling the function

Now let’s call it!

Function from user32.dll

Now let’s try with MessageBoxW:

Now, let’s run and…

Remember I said that we needed to load the DLL if we weren’t using a Kernel32 function? Yep, that’s right now instead of GetModuleHandle, we use LoadLibrary. (which also returns the module’s handle)