I have the following 2 files:

RPM.dll

#include "stdafx.h"
#include <windows.h>
#include <iostream>
#include <stdio.h>

char name[70];
HINSTANCE hInst; 
DWORD DLLFunc,DLLFunc2;
HWND hWnd;

extern "C" __declspec(dllexport) void myRPM(HANDLE hProcess,LPCVOID lpBaseAddress,LPVOID lpBuffer,SIZE_T nSize,SIZE_T *lpNumberOfBytesRead)
{

__asm
{
mov edi, edi
push ebp
mov ebp, esp
jmp [DLLFunc]
}
}

extern "C" __declspec(dllexport) BOOL WINAPI __stdcall myPM(HWND hWnd, UINT Msg, WPARAM wParam, LPARAM lParam)
{

__asm
{
mov edi, edi
push ebp
mov ebp, esp
jmp [DLLFunc2]
}
}



BOOL APIENTRY DllMain (HINSTANCE hInst     /* Library instance handle. */ ,
                       DWORD reason        /* Reason this function is being called. */ ,
                       LPVOID reserved     /* Not used. */ )
{
    switch (reason)
    {
      case DLL_PROCESS_ATTACH:
        {
        if (DLLFunc == NULL) {
        hInst = LoadLibrary((LPCWSTR)"kernel32.dll");
        DLLFunc = (DWORD)GetProcAddress(hInst, "ReadProcessMemory") + 5; 
        }
		if (DLLFunc2 == NULL){
        hInst = LoadLibrary((LPCWSTR)"user32.dll");
        DLLFunc = (DWORD)GetProcAddress(hInst, "PostMessageA") + 5;
		}

        }
        break;


      case DLL_PROCESS_DETACH:
        {
        if (hInst != NULL) {
        // Un-Load DLL
        ::FreeLibrary(hInst);
        hInst = NULL;
        } 
        }
        break;

      case DLL_THREAD_ATTACH:
        {
        if (DLLFunc == NULL) {
        hInst = LoadLibrary((LPCWSTR)"kernel32.dll");
        DLLFunc = (DWORD)GetProcAddress(hInst, "ReadProcessMemory") + 5; 
        }
		if (DLLFunc2 == NULL){
        hInst = LoadLibrary((LPCWSTR)"user32.dll");
        DLLFunc = (DWORD)GetProcAddress(hInst, "PostMessageA") + 5;


        }
        break;

      case DLL_THREAD_DETACH:
        {
        if (hInst != NULL) {
        // Un-Load DLL
        ::FreeLibrary(hInst);
        hInst = NULL;
        } 
        }
        break;
    }

    /* Returns TRUE on success, FALSE on failure */
    return TRUE;
}
}

and the main app:

#include <windows.h>
  #include <iostream.h>
  #include <stdio.h>
  #include <conio.h>
  typedef void (*pfunc2)(HANDLE,LPCVOID,LPVOID,SIZE_T,SIZE_T);
  typedef BOOL WINAPI __stdcall (*pfunc3)(HWND,UINT,WPARAM,LPARAM);
  pfunc2 RPM;
  pfunc3 PM;
int main()
	{	
HINSTANCE hLib = LoadLibrary("RPM.dll");
  if(hLib==NULL)
	{
	cout << "Error! Can't open dll!";
	getch();
	return 1;}
	
	char dllpath[70],dllpath2[70];
	GetModuleFileName((HMODULE)hLib,(LPTSTR)dllpath,70);

	cout << "Dll loaded:" <<"\n"<< dllpath<<"\n"<< endl;
	RPM = (pfunc2)GetProcAddress((HMODULE)hLib, "myRPM");
	PM = (pfunc3)GetProcAddress((HMODULE)hLib, "myPM");

	if(RPM==NULL || PM==NULL)
    {
	cout << "Critical error! Can't load functions !" << endl;
	FreeLibrary((HMODULE)hLib);
	getch();
	return 1;}
	
	FreeLibrary((HMODULE)hLib);
	getch();
	return 0;
      }

Dll is compiled using Microsoft Visual Studio 2008 and main app with Dev-Cpp.

The problem is that PM is always NULL whatever i do!
I don't have much experience with hooking functions and ASM so any help would be appreciated greatly !
Any ideas?

"myPM" is returning something to do with DLLFunc2 (at line31), but lines 51 and 76 are assigning DLLFunc (again) instead of DLLFunc2.

This article has been dead for over six months. Start a new discussion instead.