├── .github └── workflows │ └── release.yml ├── .gitignore ├── .releaserc.yml ├── CMakeLists.txt ├── README.md ├── library.c └── library.def /.github/workflows/release.yml: -------------------------------------------------------------------------------- 1 | name: C/C++ CI 2 | 3 | on: 4 | push: 5 | branches: [ master ] 6 | pull_request: 7 | branches: [ master ] 8 | 9 | jobs: 10 | build: 11 | 12 | runs-on: windows-latest 13 | 14 | steps: 15 | - uses: actions/checkout@v2 16 | with: 17 | token: ${{ secrets.API_GITHUB_TOKEN }} 18 | 19 | - name: Build 20 | run: | 21 | mkdir build 22 | cd build 23 | cmake .. -DCMAKE_BUILD_TYPE=Release -G "MinGW Makefiles" 24 | cmake --build . 25 | 26 | - name: Action For Semantic Release 27 | uses: cycjimmy/semantic-release-action@v2.4.1 28 | env: 29 | GITHUB_TOKEN: ${{ secrets.API_GITHUB_TOKEN }} 30 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | 2 | # Created by https://www.toptal.com/developers/gitignore/api/clion+all,cmake,c 3 | # Edit at https://www.toptal.com/developers/gitignore?templates=clion+all,cmake,c 4 | 5 | ### C ### 6 | # Prerequisites 7 | *.d 8 | 9 | # Object files 10 | *.o 11 | *.ko 12 | *.obj 13 | *.elf 14 | 15 | # Linker output 16 | *.ilk 17 | *.map 18 | *.exp 19 | 20 | # Precompiled Headers 21 | *.gch 22 | *.pch 23 | 24 | # Libraries 25 | *.lib 26 | *.a 27 | *.la 28 | *.lo 29 | 30 | # Shared objects (inc. Windows DLLs) 31 | *.dll 32 | *.so 33 | *.so.* 34 | *.dylib 35 | 36 | # Executables 37 | *.exe 38 | *.out 39 | *.app 40 | *.i*86 41 | *.x86_64 42 | *.hex 43 | 44 | # Debug files 45 | *.dSYM/ 46 | *.su 47 | *.idb 48 | *.pdb 49 | 50 | # Kernel Module Compile Results 51 | *.mod* 52 | *.cmd 53 | .tmp_versions/ 54 | modules.order 55 | Module.symvers 56 | Mkfile.old 57 | dkms.conf 58 | 59 | ### CLion+all ### 60 | # Covers JetBrains IDEs: IntelliJ, RubyMine, PhpStorm, AppCode, PyCharm, CLion, Android Studio, WebStorm and Rider 61 | # Reference: https://intellij-support.jetbrains.com/hc/en-us/articles/206544839 62 | 63 | # User-specific stuff 64 | .idea/**/workspace.xml 65 | .idea/**/tasks.xml 66 | .idea/**/usage.statistics.xml 67 | .idea/**/dictionaries 68 | .idea/**/shelf 69 | 70 | # Generated files 71 | .idea/**/contentModel.xml 72 | 73 | # Sensitive or high-churn files 74 | .idea/**/dataSources/ 75 | .idea/**/dataSources.ids 76 | .idea/**/dataSources.local.xml 77 | .idea/**/sqlDataSources.xml 78 | .idea/**/dynamic.xml 79 | .idea/**/uiDesigner.xml 80 | .idea/**/dbnavigator.xml 81 | 82 | # Gradle 83 | .idea/**/gradle.xml 84 | .idea/**/libraries 85 | 86 | # Gradle and Maven with auto-import 87 | # When using Gradle or Maven with auto-import, you should exclude module files, 88 | # since they will be recreated, and may cause churn. Uncomment if using 89 | # auto-import. 90 | # .idea/artifacts 91 | # .idea/compiler.xml 92 | # .idea/jarRepositories.xml 93 | # .idea/modules.xml 94 | # .idea/*.iml 95 | # .idea/modules 96 | # *.iml 97 | # *.ipr 98 | 99 | # CMake 100 | cmake-build-*/ 101 | 102 | # Mongo Explorer plugin 103 | .idea/**/mongoSettings.xml 104 | 105 | # File-based project format 106 | *.iws 107 | 108 | # IntelliJ 109 | out/ 110 | 111 | # mpeltonen/sbt-idea plugin 112 | .idea_modules/ 113 | 114 | # JIRA plugin 115 | atlassian-ide-plugin.xml 116 | 117 | # Cursive Clojure plugin 118 | .idea/replstate.xml 119 | 120 | # Crashlytics plugin (for Android Studio and IntelliJ) 121 | com_crashlytics_export_strings.xml 122 | crashlytics.properties 123 | crashlytics-build.properties 124 | fabric.properties 125 | 126 | # Editor-based Rest Client 127 | .idea/httpRequests 128 | 129 | # Android studio 3.1+ serialized cache file 130 | .idea/caches/build_file_checksums.ser 131 | 132 | ### CLion+all Patch ### 133 | # Ignores the whole .idea folder and all .iml files 134 | # See https://github.com/joeblau/gitignore.io/issues/186 and https://github.com/joeblau/gitignore.io/issues/360 135 | 136 | .idea/ 137 | 138 | # Reason: https://github.com/joeblau/gitignore.io/issues/186#issuecomment-249601023 139 | 140 | *.iml 141 | modules.xml 142 | .idea/misc.xml 143 | *.ipr 144 | 145 | # Sonarlint plugin 146 | .idea/sonarlint 147 | 148 | ### CMake ### 149 | CMakeLists.txt.user 150 | CMakeCache.txt 151 | CMakeFiles 152 | CMakeScripts 153 | Testing 154 | Makefile 155 | cmake_install.cmake 156 | install_manifest.txt 157 | compile_commands.json 158 | CTestTestfile.cmake 159 | _deps 160 | 161 | ### CMake Patch ### 162 | # External projects 163 | *-prefix/ 164 | 165 | # End of https://www.toptal.com/developers/gitignore/api/clion+all,cmake,c 166 | -------------------------------------------------------------------------------- /.releaserc.yml: -------------------------------------------------------------------------------- 1 | --- 2 | branches: 3 | - master 4 | plugins: 5 | - "@semantic-release/commit-analyzer" 6 | - "@semantic-release/release-notes-generator" 7 | - # 8 | - "@semantic-release/github" 9 | - successComment: false 10 | failComment: false 11 | assets: 12 | - path: build/version.dll 13 | -------------------------------------------------------------------------------- /CMakeLists.txt: -------------------------------------------------------------------------------- 1 | cmake_minimum_required(VERSION 3.16) 2 | project(version C) 3 | 4 | set(CMAKE_C_STANDARD 99) 5 | 6 | set(CMAKE_CXX_FLAGS_DEBUG "-g") 7 | set(CMAKE_CXX_FLAGS_RELEASE "-O3") 8 | 9 | set(CMAKE_SHARED_LIBRARY_PREFIX "") 10 | set(CMAKE_STATIC_LIBRARY_PREFIX "") 11 | 12 | # https://stackoverflow.com/questions/18138635/mingw-exe-requires-a-few-gcc-dlls-regardless-of-the-code 13 | add_link_options(-static -static-libgcc -static-libstdc++) 14 | 15 | add_library(version SHARED library.c library.def) -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Perfect Proxy 2 | 3 | > A simple and stable proxy DLL for Windows x64. 4 | 5 | ## Notes 6 | 7 | Assembly inlining is not supported in MSVC on x64, 8 | therefore this project uses GCC through MinGW. 9 | 10 | ## Compilation 11 | 12 | - mingw-w64 7.0.0+ 13 | - CMake 3.16+ 14 | 15 | If you get an error like: `undefined reference to 'orig_somefunc'`, you may need to prefix your assembly symbols with an underscore: 16 | 17 | ```patch 18 | #define WRAPPER_GENFUNC(name) \ 19 | FARPROC orig_##name; \ 20 | __declspec(naked) void _##name() \ 21 | { \ 22 | - asm("jmp *orig_"#name); \ 23 | + asm("jmp *_orig_"#name); \ 24 | } 25 | ``` 26 | 27 | _Source: https://stackoverflow.com/a/36359457_ 28 | 29 | ## References 30 | 31 | - https://github.com/advancedmonitoring/ProxyDll 32 | - https://silentbreaksecurity.com/adaptive-dll-hijacking/ 33 | - https://kevinalmansa.github.io/application%20security/DLL-Proxying/ 34 | - https://itm4n.github.io/dll-proxying/ 35 | -------------------------------------------------------------------------------- /library.c: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | #define WRAPPER_GENFUNC(name) \ 4 | FARPROC orig_##name; \ 5 | __declspec(naked) void _##name() \ 6 | { \ 7 | asm("jmp *orig_"#name); \ 8 | } 9 | 10 | WRAPPER_GENFUNC(GetFileVersionInfoA) 11 | WRAPPER_GENFUNC(GetFileVersionInfoByHandle) 12 | WRAPPER_GENFUNC(GetFileVersionInfoExW) 13 | WRAPPER_GENFUNC(GetFileVersionInfoExA) 14 | WRAPPER_GENFUNC(GetFileVersionInfoSizeA) 15 | WRAPPER_GENFUNC(GetFileVersionInfoSizeExA) 16 | WRAPPER_GENFUNC(GetFileVersionInfoSizeExW) 17 | WRAPPER_GENFUNC(GetFileVersionInfoSizeW) 18 | WRAPPER_GENFUNC(GetFileVersionInfoW) 19 | WRAPPER_GENFUNC(VerFindFileA) 20 | WRAPPER_GENFUNC(VerFindFileW) 21 | WRAPPER_GENFUNC(VerInstallFileA) 22 | WRAPPER_GENFUNC(VerInstallFileW) 23 | WRAPPER_GENFUNC(VerLanguageNameA) 24 | WRAPPER_GENFUNC(VerLanguageNameW) 25 | WRAPPER_GENFUNC(VerQueryValueA) 26 | WRAPPER_GENFUNC(VerQueryValueW) 27 | 28 | #define WRAPPER_FUNC(name) orig_##name = GetProcAddress(hOriginalDll, #name); 29 | 30 | void SourceInit() 31 | { 32 | TCHAR source[MAX_PATH]; 33 | GetSystemDirectory(source, MAX_PATH); 34 | strcat_s(source, sizeof source, "\\version.dll"); 35 | HMODULE hOriginalDll = LoadLibrary(source); 36 | 37 | WRAPPER_FUNC(GetFileVersionInfoA); 38 | WRAPPER_FUNC(GetFileVersionInfoByHandle); 39 | WRAPPER_FUNC(GetFileVersionInfoExW); 40 | WRAPPER_FUNC(GetFileVersionInfoExA); 41 | WRAPPER_FUNC(GetFileVersionInfoSizeA); 42 | WRAPPER_FUNC(GetFileVersionInfoSizeExW); 43 | WRAPPER_FUNC(GetFileVersionInfoSizeExA); 44 | WRAPPER_FUNC(GetFileVersionInfoSizeW); 45 | WRAPPER_FUNC(GetFileVersionInfoW); 46 | WRAPPER_FUNC(VerFindFileA); 47 | WRAPPER_FUNC(VerFindFileW); 48 | WRAPPER_FUNC(VerInstallFileA); 49 | WRAPPER_FUNC(VerInstallFileW); 50 | WRAPPER_FUNC(VerLanguageNameA); 51 | WRAPPER_FUNC(VerLanguageNameW); 52 | WRAPPER_FUNC(VerQueryValueA); 53 | WRAPPER_FUNC(VerQueryValueW); 54 | } 55 | 56 | void Payload() 57 | { 58 | MessageBox(NULL, "Hello from proxy dll", "Payload", MB_OK); 59 | } 60 | 61 | BOOL WINAPI DllMain(HMODULE hinstDLL, DWORD fdwReason, LPVOID lpvReserved) 62 | { 63 | if (fdwReason == DLL_PROCESS_ATTACH) 64 | { 65 | SourceInit(); 66 | Payload(); 67 | } 68 | return TRUE; 69 | } -------------------------------------------------------------------------------- /library.def: -------------------------------------------------------------------------------- 1 | LIBRARY "VERSION" 2 | EXPORTS 3 | 4 | GetFileVersionInfoA = _GetFileVersionInfoA 5 | GetFileVersionInfoByHandle = _GetFileVersionInfoByHandle 6 | GetFileVersionInfoExA = _GetFileVersionInfoExA 7 | GetFileVersionInfoExW = _GetFileVersionInfoExW 8 | GetFileVersionInfoSizeA = _GetFileVersionInfoSizeA 9 | GetFileVersionInfoSizeExA = _GetFileVersionInfoSizeExA 10 | GetFileVersionInfoSizeExW = _GetFileVersionInfoSizeExW 11 | GetFileVersionInfoSizeW = _GetFileVersionInfoSizeW 12 | GetFileVersionInfoW = _GetFileVersionInfoW 13 | VerFindFileA = _VerFindFileA 14 | VerFindFileW = _VerFindFileW 15 | VerInstallFileA = _VerInstallFileA 16 | VerInstallFileW = _VerInstallFileW 17 | VerLanguageNameA = _VerLanguageNameA 18 | VerLanguageNameW = _VerLanguageNameW 19 | VerQueryValueA = _VerQueryValueA 20 | VerQueryValueW = _VerQueryValueW --------------------------------------------------------------------------------