I'll have to try every solution more extensively to find the one that requires the least amount of assembly knowledge, before I mark best answer.
I have already tried Archer's suggestion that gives me a pointer inside LdrpCallInitRoutine function at the red line below, so now I need to figure out how to change the function to call and return from my function pointer.
Code:
_LdrpCallInitRoutine@16:
7785998C 55 push ebp
7785998D 8B EC mov ebp,esp
7785998F 56 push esi
77859990 57 push edi
77859991 53 push ebx
77859992 8B F4 mov esi,esp
77859994 FF 75 14 push dword ptr [ebp+14h]
77859997 FF 75 10 push dword ptr [ebp+10h]
7785999A FF 75 0C push dword ptr [ebp+0Ch]
7785999D FF 55 08 call dword ptr [ebp+8]
778599A0 8B E6 mov esp,esi
778599A2 5B pop ebx
778599A3 5F pop edi
778599A4 5E pop esi
778599A5 5D pop ebp
778599A6 C2 10 00 ret 10h
778599A9 90 nop
778599AA 90 nop
778599AB 90 nop
778599AC 90 nop
778599AD 90 nop
I've also tried Carbon's solution but for some reason the following simplified code is failing on me at "SymFromName".
Code:
if (SymInitializeW(g_currentProcess, symbolpath, FALSE)) {
DWORD64 dwBaseAddress = SymLoadModuleExW(g_currentProcess, NULL, L"ntdll.dll", NULL, (DWORD64)ntdll, NULL, NULL, NULL);
IMAGEHLP_MODULE64 moduleinfo = { sizeof(IMAGEHLP_MODULE64) };
BOOL bInfo = SymGetModuleInfo64(g_currentProcess, dwBaseAddress, &moduleinfo);
TCHAR szSymbolName[MAX_SYM_NAME] = TEXT("LdrpCallInitRoutine");
ULONG64 buffer[(sizeof(SYMBOL_INFO) +
MAX_SYM_NAME * sizeof(TCHAR) +
sizeof(ULONG64) - 1) /
sizeof(ULONG64)] = { 0 };
PSYMBOL_INFO pSymbol = (PSYMBOL_INFO)buffer;
pSymbol->SizeOfStruct = sizeof(SYMBOL_INFO);
pSymbol->MaxNameLen = MAX_SYM_NAME;
BOOL symfound = SymFromName(g_currentProcess, szSymbolName, pSymbol);
}