Join GitHub today
Display DLL forward information and forwarded addresses in Symbols table #2142
I was working on something unrelated where I was grabbing functions out of Kernel32.dll, and I realized that the address that was taken out of the PE headers for HeapAlloc was invalid.
I was trying to debug why this address I was getting was wrong, and noticed that x64dbg was also resolving to the same incorrect address.
It's obvious there is no good going on at this address.
I wrote a program that did the basic following:
This is WoW64 but same issue with the x64 library too.
Now it's very obvious this is a forwarded export...
I'm guessing if this is just a basic forwarding (non-api set crap) that x64dbg would already have code to resolve those and something else is happening?
Edit: Wild goose chases at 3:30 in the morning, it's a basic forwarder I thought my parser code I wrote ages ago handled.
I think that x64dbg should handle these case though and display something about it in the Symbols tab.