I've searched these message boards and on goole and haven't had any luck finding any discussions of this topic. So here goes a stab at what I think could work:
1) Use the LoadLibary call to map the dll into your process.
2) Use GetProcAddress to get the address of the first exported function in the DLL.
a) Running through all of the exported functions declared in the LIB file would be one way?
b) any other ideas?
3) Write the memmory range (GetProcAddress(fristProc) - padding) through (GetProcAddress(firstProc) + dllSize) out to a file.
4) Use a hex editor and a knowledge of the dll format to strip all of the extra junk off of the beginning of the file.
I'm certainly not a hard core Win32 hacker so please poke holes in this theory. If this looks like I workable idea, I'll give it a shot this weekend.
Also, what about using the debugging api for this? The LOAD_DLL_DEBUG_INFO structure looks like it might be a good way to get the exact start of the dll in memory.