export table

include <iostream>
#include <windows.h>
#include <string>
#include <conio.h>

using namespace std;

DWORD get_code_cave(DWORD mem)
{
    DWORD counter = 0;
    for (DWORD i = (DWORD)GetModuleHandleA("Kernel32.dll") + 0x1000; ; i++)
    {
        byte byte_buf;
        if (ReadProcessMemory(GetCurrentProcess(), (void*)i, &byte_buf, 1, 0))
        {
            if (byte_buf == 0x0)
                counter++;
            else counter = 0;

            if (counter == mem)
                return i - counter + 1;
        }
    }
    return 0;
}

int main()
{
    DWORD dll_addr = (DWORD)GetModuleHandleA("ntdll.dll");
    DWORD p = dll_addr + *(DWORD*)(dll_addr + 0x3C);
    DWORD *pDATA_DIRECTORY = (DWORD*)(p + 0x78);
    DWORD pExport = pDATA_DIRECTORY[0] + dll_addr;
    DWORD xExport = pDATA_DIRECTORY[1];
    DWORD nameRVA = *(DWORD*)(pExport + 0xC) + dll_addr;
    DWORD ordinalBASE = *(DWORD*)(pExport + 0x10);
    DWORD addressTableEntries = *(DWORD*)(pExport + 0x14);
    DWORD numberOfNamePointers = *(DWORD*)(pExport + 0x18);
    DWORD *exportAddressTableRVA = (DWORD*)(*(DWORD*)(pExport + 0x1C) + dll_addr);
    DWORD *namePointerRVA = (DWORD*)(*(DWORD*)(pExport + 0x20) + dll_addr);
    WORD *ordinalTableRVA = (WORD*)(*(DWORD*)(pExport + 0x24) + dll_addr);
    DWORD f_index, f_address, ordinal;
    char *pForward;

    //cout << addressTableEntries << endl;
    //cout << numberOfNamePointers << endl;

    for (DWORD i = 0; i < addressTableEntries && i < numberOfNamePointers; i++)
    {
        f_index = ordinalTableRVA[i];
        f_address = exportAddressTableRVA[f_index] + dll_addr;
        if (f_address == dll_addr) continue;
        ordinal = f_index + ordinalBASE;
        if (f_address > pExport && f_address < (pExport + xExport))
            pForward = (char*)f_address;
        else pForward = 0;

        printf("%s [%d/%d] 0x%X %s\n", (char*)(namePointerRVA[i] + dll_addr), ordinal, i, f_address, pForward);
    }

    printf("place: 0x%X", get_code_cave(0x30));

    _getch();

    return 0;
}