#ifndef _NTRTL_H

/**
 * The RtlLookupFunctionEntry routine searches the active function tables for an entry that corresponds to the specified PC value.
 *
 * \param ControlPc The virtual address of an instruction bundle within the function.
 * \param ImageBase The base address of module to which the function belongs.
 * \return The entry in the function table for the specified PC.
 * \sa https://learn.microsoft.com/en-us/windows/win32/api/winnt/nf-winnt-rtllookupfunctionentry
 */
// NTSYSAPI
// PRUNTIME_FUNCTION
// NTAPI
// RtlLookupFunctionEntry(
//     _In_ ULONG_PTR ControlPc,
//     _Out_ PULONG_PTR ImageBase,
//     _Inout_opt_ PUNWIND_HISTORY_TABLE HistoryTable
//     );

/**
 * The RtlPcToFileHeader routine retrieves the base address of the image that contains the specified PC value.
 *
 * \param PcValue The PC value. The function searches all modules mapped into the address space of the calling process for a module that contains this value.
 * \param BaseOfImage The base address of the image containing the PC value. This value must be added to any relative addresses in the headers to locate the image.
 * \return If the PC value is found, returns the base address of the image that contains the PC value. If no image contains the PC value, the function returns NULL.
 * \sa https://learn.microsoft.com/en-us/windows/win32/api/winnt/nf-winnt-rtlpctofileheader
 */
NTSYSAPI
PVOID
NTAPI
RtlPcToFileHeader(
    _In_ PVOID PcValue,
    _Out_ PVOID* BaseOfImage
    );

#endif
View code on GitHub

// winnt.h

NTSYSAPI PVOID RtlPcToFileHeader(
  [in]  PVOID PcValue,
  [out] PVOID *BaseOfImage
);
View the official Win32 API reference