ufrisk
VMMDLL_ProcessGetProcAddressW doesn't recursively resolve exports
When calling VMMDLL_ProcessGetProcAddressW with, for example, the function "HeapAlloc" in kernel32.dll, it returns an address that is not the function, but instead what appears to be a string containing another function name and module name.
I haven't added support for forward imports yet. Issue is that by default it's going to be quite resource intense if I do it everywhere (i.e. slow things down due to quite a few extra reads) when doing the modules parsing.
But I should add it to functions like VMMDLL_ProcessGetProcAddressW. Btw, the string is correct, it's the forwarded symbol, it's NTDLL.RtlAllocateHeap.
I'll put this up as an enhancement request. Hopefully I'll get to it in the next version. Which will be a quite large update API wise and is a few months off. For now I hope you're able to do a lookup towards the ntdll function instead as a temporary workaround.
I've added this functionality in the new release. It should handle forwarded exports recursively now.
Apologies for the slow fix, but it haven't been the main priority, but still a good suggestion and it should now be working.
Please let me know if you should run into any issues around it.