Cheat Engine

[Corruptor]

Well, so far i found out that you can list the loaded module handles (which practically are just their offsets cast to a HMODULE) using EnumProcessModules. Furthermore, i found out that GetProcAddress can be used to find a specific function inside of this module. At least, most of the time.
The problem is that i ran into a module where GetProcAddress seems to fail; it just doesnt find the functions i tell it to find, constantly returning ERROR_MOD_NOT_FOUND even though i am 100% sure that this function does exist (at least i can find it with cheat engine, so i highly assume that its there)

So i thought i might just list all the functions from that module and look what functions actually ARE there, just to find that i have absolutely no clue how to do that. I mean, it has to be possible somehow as cheat engine is obviously able to do that somehow, but i just can't seem to find anything about it. (Probably im just searching for the wrong terms).

long story short: how do i list them?

[atom0s]

GetProcAddress does not work remotely. It is specifically for the modules located in the process that is calling the function.

If you need to get the address of an export from a dll, load it into your memory space then call GetProcAddress on it when it is loaded inside your own process.

[Corruptor]

In hindsight, i should have known, given the fact that GetProcAddress doesn't even take a process handle as a parameter
Also explains why it worked for the kernel.dll; afaik this one is always mapped to the exact same position.

However, as far as i know, both the position of the loaded dll as well as the position of their functions may vary every time someone loads the dll into his virtual memory, so if i loaded the dll and then used GetProcAddress on the newly loaded dll, wouldn't i get an address that is unique for my process?

[atom0s]

[Corruptor]

Works like a charm. Thanks a lot for your help