Typedef pointer to WINAPI function with 2 parameters

Question

What does this mean? I know that NtUnMapViewOfSection is a pointer to a Winapi function with 2 parameters and a long return value. And I know that this chunk is casting "GetProcAddress" with its arguments to a NtUnmapViewOfSection object. But what is the last row doing?

typedef LONG (WINAPI * NtUnmapViewOfSection)(HANDLE ProcessHandle, PVOID BaseAddress);

NtUnmapViewOfSection xNtUnmapViewOfSection;
xNtUnmapViewOfSection = NtUnmapViewOfSection(GetProcAddress(GetModuleHandleA("ntdll.dll"), "NtUnmapViewOfSection"));
xNtUnmapViewOfSection(Pinfo.hProcess, PVOID(dwImageBase)); // Pinfo is PROCESS_INFORMATION and dwImageBase is a pointer to DWORD

Possible duplicate of [Typedef function pointer?](https://stackoverflow.com/questions/4295432/typedef-function-pointer) — Axalo, Sep 16 '19 at 14:03
`xNtUnmapViewOfSection = NtUnmapViewOfSection(GetProcAddress(GetModuleHandleA("ntdll.dll"), "NtUnmapViewOfSection"));` is a unusual way of doing a cast. If it were written as `xNtUnmapViewOfSection = (NtUnmapViewOfSection)GetProcAddress(GetModuleHandleA("ntdll.dll"), "NtUnmapViewOfSection");` that might be clearer that we're assigning to the function pointer (and NOT calling the function as you might naively assume). — Mike Vine, Sep 16 '19 at 14:04

score 2 · Answer 1 · edited Sep 16 '19 at 16:29

2

what is the last row doing?

The last line is calling the function you got a pointer to with GetProcAddress() - that is, it is calling NtUnmapViewOfSection().

edited Sep 16 '19 at 16:29

Remy Lebeau

555,201
31
458
770

answered Sep 16 '19 at 14:00

Ted Lyngmo

93,841
5
60
108

Typedef pointer to WINAPI function with 2 parameters

1 Answers1