Some BOFs make use of Beacon-intrinsic versions of LoadLibraryA, GetProcAddress, GetModuleHandleA, and FreeLibrary. This PR implements these four APIs by resolving the address of the real API within Kernel32; during relocation of the function addresses, if a BOF uses these Beacon-intrinsic functions they will be provided the address of the real function via the InternalFunctionAddresses array. Previously, COFFLoader would exit because it would fail to resolve a symbol like '__imp_GetProcAddress'.
This PR additionally tweaks the default BOF args; I was previously wrong about what the "no arguments" byte structure needed to look like.
Credit to TrustedSec, whose COFFLoader provided an excellent reference for implementing these functions.
Some BOFs make use of Beacon-intrinsic versions of LoadLibraryA, GetProcAddress, GetModuleHandleA, and FreeLibrary. This PR implements these four APIs by resolving the address of the real API within Kernel32; during relocation of the function addresses, if a BOF uses these Beacon-intrinsic functions they will be provided the address of the real function via the InternalFunctionAddresses array. Previously, COFFLoader would exit because it would fail to resolve a symbol like '__imp_GetProcAddress'.
This PR additionally tweaks the default BOF args; I was previously wrong about what the "no arguments" byte structure needed to look like.
Credit to TrustedSec, whose COFFLoader provided an excellent reference for implementing these functions.