├── README.md ├── DLL_Wrapper_Example ├── Target_Ordinal_ForwardTo │ ├── Target_Ordinal_ForwardTo.def │ ├── Target_Ordinal_ForwardTo.h │ ├── stdafx.cpp │ ├── targetver.h │ ├── Target_Ordinal_ForwardTo.cpp │ ├── stdafx.h │ ├── dllmain.cpp │ ├── Target_Ordinal_ForwardTo.vcxproj.filters │ ├── ReadMe.txt │ └── Target_Ordinal_ForwardTo.vcxproj ├── Target_DLL │ ├── Target.def │ ├── src │ │ ├── stdafx.cpp │ │ ├── dllmain.cpp │ │ └── Target_DLL.cpp │ ├── include │ │ ├── targetver.h │ │ ├── stdafx.h │ │ └── Target_DLL.h │ ├── Target_DLL.vcxproj.filters │ ├── ReadMe.txt │ └── Target_DLL.vcxproj ├── Attacker_Example │ ├── Target_DLL.DEF │ ├── src │ │ ├── Attacker_Example.cpp │ │ ├── c_ext_intercepts.cpp │ │ ├── stdafx.cpp │ │ ├── dllmain.cpp │ │ ├── add_numbers_bridge.asm │ │ ├── print_hello_bridge.asm │ │ ├── print_hello.cpp │ │ └── add_numbers.cpp │ ├── include │ │ ├── targetver.h │ │ ├── stdafx.h │ │ ├── forwards.h │ │ └── intercepts.h │ ├── ReadMe.txt │ ├── Attacker_Example.vcxproj.filters │ └── Attacker_Example.vcxproj ├── Victim │ ├── stdafx.cpp │ ├── targetver.h │ ├── stdafx.h │ ├── Victim.vcxproj.filters │ ├── ReadMe.txt │ ├── Victim.cpp │ └── Victim.vcxproj ├── configuration.xml └── DLL_Wrapper_Example.sln └── .gitignore /README.md: -------------------------------------------------------------------------------- 1 | # DLL_Wrapper_Example 2 | Example of an over all attack using DLL_Wrapper. 3 | 4 | [COMING SOON] 5 | -------------------------------------------------------------------------------- /DLL_Wrapper_Example/Target_Ordinal_ForwardTo/Target_Ordinal_ForwardTo.def: -------------------------------------------------------------------------------- 1 | LIBRARY 2 | EXPORTS 3 | ordinal_forward_test @1 NONAME 4 | named_forward_test @2 5 | -------------------------------------------------------------------------------- /DLL_Wrapper_Example/Target_DLL/Target.def: -------------------------------------------------------------------------------- 1 | LIBRARY Target_DLL 2 | EXPORTS 3 | print_hello @1 4 | print_dll_name @2 5 | add_numbers @3 6 | ordinal_test @4 NONAME 7 | -------------------------------------------------------------------------------- /DLL_Wrapper_Example/Attacker_Example/Target_DLL.DEF: -------------------------------------------------------------------------------- 1 | ; DEF File 2 | LIBRARY Target_DLL 3 | EXPORTS 4 | ; INTERCEPT FUNCTIONS 5 | print_hello=print_hello @1 6 | add_numbers=add_numbers @3 7 | -------------------------------------------------------------------------------- /DLL_Wrapper_Example/Attacker_Example/src/Attacker_Example.cpp: -------------------------------------------------------------------------------- 1 | // Attacker_Example.cpp : Defines the exported functions for the DLL application. 2 | // 3 | 4 | #include "stdafx.h" 5 | 6 | 7 | -------------------------------------------------------------------------------- /DLL_Wrapper_Example/Target_Ordinal_ForwardTo/Target_Ordinal_ForwardTo.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include 3 | 4 | extern "C" { 5 | int ordinal_forward_test(void); 6 | int named_forward_test(void); 7 | } -------------------------------------------------------------------------------- /DLL_Wrapper_Example/Attacker_Example/src/c_ext_intercepts.cpp: -------------------------------------------------------------------------------- 1 | 2 | /* 3 | ** Global array of function pointers used by bridge assembly function 4 | ** to JMP into target DLL and execute function normally after intercepting. 5 | */ 6 | #include "stdafx.h" 7 | #include "intercepts.h" 8 | 9 | void *(c_ext_intercepts[2]) = {0}; 10 | 11 | -------------------------------------------------------------------------------- /DLL_Wrapper_Example/Victim/stdafx.cpp: -------------------------------------------------------------------------------- 1 | // stdafx.cpp : source file that includes just the standard includes 2 | // Victim.pch will be the pre-compiled header 3 | // stdafx.obj will contain the pre-compiled type information 4 | 5 | #include "stdafx.h" 6 | 7 | // TODO: reference any additional headers you need in STDAFX.H 8 | // and not in this file 9 | -------------------------------------------------------------------------------- /DLL_Wrapper_Example/Target_DLL/src/stdafx.cpp: -------------------------------------------------------------------------------- 1 | // stdafx.cpp : source file that includes just the standard includes 2 | // Target_DLL.pch will be the pre-compiled header 3 | // stdafx.obj will contain the pre-compiled type information 4 | 5 | #include "stdafx.h" 6 | 7 | // TODO: reference any additional headers you need in STDAFX.H 8 | // and not in this file 9 | -------------------------------------------------------------------------------- /DLL_Wrapper_Example/Attacker_Example/src/stdafx.cpp: -------------------------------------------------------------------------------- 1 | // stdafx.cpp : source file that includes just the standard includes 2 | // Attacker_Example.pch will be the pre-compiled header 3 | // stdafx.obj will contain the pre-compiled type information 4 | 5 | #include "stdafx.h" 6 | 7 | // TODO: reference any additional headers you need in STDAFX.H 8 | // and not in this file 9 | -------------------------------------------------------------------------------- /DLL_Wrapper_Example/Victim/targetver.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | // Including SDKDDKVer.h defines the highest available Windows platform. 4 | 5 | // If you wish to build your application for a previous Windows platform, include WinSDKVer.h and 6 | // set the _WIN32_WINNT macro to the platform you wish to support before including SDKDDKVer.h. 7 | 8 | #include 9 | -------------------------------------------------------------------------------- /DLL_Wrapper_Example/Target_DLL/include/targetver.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | // Including SDKDDKVer.h defines the highest available Windows platform. 4 | 5 | // If you wish to build your application for a previous Windows platform, include WinSDKVer.h and 6 | // set the _WIN32_WINNT macro to the platform you wish to support before including SDKDDKVer.h. 7 | 8 | #include 9 | -------------------------------------------------------------------------------- /DLL_Wrapper_Example/Target_Ordinal_ForwardTo/stdafx.cpp: -------------------------------------------------------------------------------- 1 | // stdafx.cpp : source file that includes just the standard includes 2 | // Target_Ordinal_ForwardTo.pch will be the pre-compiled header 3 | // stdafx.obj will contain the pre-compiled type information 4 | 5 | #include "stdafx.h" 6 | 7 | // TODO: reference any additional headers you need in STDAFX.H 8 | // and not in this file 9 | -------------------------------------------------------------------------------- /DLL_Wrapper_Example/Attacker_Example/include/targetver.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | // Including SDKDDKVer.h defines the highest available Windows platform. 4 | 5 | // If you wish to build your application for a previous Windows platform, include WinSDKVer.h and 6 | // set the _WIN32_WINNT macro to the platform you wish to support before including SDKDDKVer.h. 7 | 8 | #include 9 | -------------------------------------------------------------------------------- /DLL_Wrapper_Example/Target_Ordinal_ForwardTo/targetver.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | // Including SDKDDKVer.h defines the highest available Windows platform. 4 | 5 | // If you wish to build your application for a previous Windows platform, include WinSDKVer.h and 6 | // set the _WIN32_WINNT macro to the platform you wish to support before including SDKDDKVer.h. 7 | 8 | #include 9 | -------------------------------------------------------------------------------- /DLL_Wrapper_Example/Victim/stdafx.h: -------------------------------------------------------------------------------- 1 | // stdafx.h : include file for standard system include files, 2 | // or project specific include files that are used frequently, but 3 | // are changed infrequently 4 | // 5 | 6 | #pragma once 7 | 8 | #include "targetver.h" 9 | 10 | #include 11 | #include 12 | 13 | 14 | 15 | // TODO: reference additional headers your program requires here 16 | -------------------------------------------------------------------------------- /DLL_Wrapper_Example/Target_Ordinal_ForwardTo/Target_Ordinal_ForwardTo.cpp: -------------------------------------------------------------------------------- 1 | // Target_Ordinal_ForwardTo.cpp : Defines the exported functions for the DLL application. 2 | // 3 | 4 | #include "stdafx.h" 5 | #include "Target_Ordinal_ForwardTo.h" 6 | 7 | extern "C" int ordinal_forward_test(void) { 8 | printf("Successfully Forwarded by Ordinal\n"); 9 | return 0; 10 | } 11 | 12 | extern "C" int named_forward_test(void) { 13 | printf("Successfully forwarded by Name\n"); 14 | return 0; 15 | } 16 | -------------------------------------------------------------------------------- /DLL_Wrapper_Example/Target_DLL/include/stdafx.h: -------------------------------------------------------------------------------- 1 | // stdafx.h : include file for standard system include files, 2 | // or project specific include files that are used frequently, but 3 | // are changed infrequently 4 | // 5 | 6 | #pragma once 7 | 8 | #include "targetver.h" 9 | 10 | #define WIN32_LEAN_AND_MEAN // Exclude rarely-used stuff from Windows headers 11 | // Windows Header Files: 12 | #include 13 | 14 | 15 | 16 | // TODO: reference additional headers your program requires here 17 | -------------------------------------------------------------------------------- /DLL_Wrapper_Example/Target_DLL/src/dllmain.cpp: -------------------------------------------------------------------------------- 1 | // dllmain.cpp : Defines the entry point for the DLL application. 2 | #include "stdafx.h" 3 | 4 | BOOL APIENTRY DllMain( HMODULE hModule, 5 | DWORD ul_reason_for_call, 6 | LPVOID lpReserved 7 | ) 8 | { 9 | switch (ul_reason_for_call) 10 | { 11 | case DLL_PROCESS_ATTACH: 12 | case DLL_THREAD_ATTACH: 13 | case DLL_THREAD_DETACH: 14 | case DLL_PROCESS_DETACH: 15 | break; 16 | } 17 | return TRUE; 18 | } 19 | 20 | -------------------------------------------------------------------------------- /DLL_Wrapper_Example/Attacker_Example/include/stdafx.h: -------------------------------------------------------------------------------- 1 | // stdafx.h : include file for standard system include files, 2 | // or project specific include files that are used frequently, but 3 | // are changed infrequently 4 | // 5 | 6 | #pragma once 7 | 8 | #include "targetver.h" 9 | 10 | #define WIN32_LEAN_AND_MEAN // Exclude rarely-used stuff from Windows headers 11 | // Windows Header Files: 12 | #include 13 | 14 | 15 | 16 | // TODO: reference additional headers your program requires here 17 | -------------------------------------------------------------------------------- /DLL_Wrapper_Example/Target_Ordinal_ForwardTo/stdafx.h: -------------------------------------------------------------------------------- 1 | // stdafx.h : include file for standard system include files, 2 | // or project specific include files that are used frequently, but 3 | // are changed infrequently 4 | // 5 | 6 | #pragma once 7 | 8 | #include "targetver.h" 9 | 10 | #define WIN32_LEAN_AND_MEAN // Exclude rarely-used stuff from Windows headers 11 | // Windows Header Files: 12 | #include 13 | 14 | 15 | 16 | // TODO: reference additional headers your program requires here 17 | -------------------------------------------------------------------------------- /DLL_Wrapper_Example/Attacker_Example/src/dllmain.cpp: -------------------------------------------------------------------------------- 1 | // dllmain.cpp : Defines the entry point for the DLL application. 2 | #include "stdafx.h" 3 | 4 | BOOL APIENTRY DllMain( HMODULE hModule, 5 | DWORD ul_reason_for_call, 6 | LPVOID lpReserved 7 | ) 8 | { 9 | switch (ul_reason_for_call) 10 | { 11 | case DLL_PROCESS_ATTACH: 12 | case DLL_THREAD_ATTACH: 13 | case DLL_THREAD_DETACH: 14 | case DLL_PROCESS_DETACH: 15 | break; 16 | } 17 | return TRUE; 18 | } 19 | 20 | -------------------------------------------------------------------------------- /DLL_Wrapper_Example/Target_Ordinal_ForwardTo/dllmain.cpp: -------------------------------------------------------------------------------- 1 | // dllmain.cpp : Defines the entry point for the DLL application. 2 | #include "stdafx.h" 3 | 4 | BOOL APIENTRY DllMain( HMODULE hModule, 5 | DWORD ul_reason_for_call, 6 | LPVOID lpReserved 7 | ) 8 | { 9 | switch (ul_reason_for_call) 10 | { 11 | case DLL_PROCESS_ATTACH: 12 | case DLL_THREAD_ATTACH: 13 | case DLL_THREAD_DETACH: 14 | case DLL_PROCESS_DETACH: 15 | break; 16 | } 17 | return TRUE; 18 | } 19 | 20 | -------------------------------------------------------------------------------- /DLL_Wrapper_Example/Target_DLL/src/Target_DLL.cpp: -------------------------------------------------------------------------------- 1 | // Target_DLL.cpp : Defines the exported functions for the DLL application. 2 | // 3 | 4 | #include "stdafx.h" 5 | #include "Target_DLL.h" 6 | 7 | extern "C" { 8 | int print_hello(void) { 9 | printf("Hello\n"); 10 | return 0; 11 | } 12 | 13 | int print_dll_name(void) { 14 | printf("DLL_Wrapper_Target_DLL\n"); 15 | return 0; 16 | } 17 | 18 | int add_numbers(int a, int b) { 19 | printf("%d\n", a + b); 20 | return a + b; 21 | } 22 | 23 | int ordinal_test(void) { 24 | printf("Called By Ordinal! :D"); 25 | return 0; 26 | } 27 | } -------------------------------------------------------------------------------- /DLL_Wrapper_Example/Attacker_Example/include/forwards.h: -------------------------------------------------------------------------------- 1 | //This file has been generated by DLL_Wrapper 2 | #pragma once 3 | 4 | #pragma comment(linker, "/export:ord4=Target_DLL2.dll.#4,@4,NONAME") 5 | #pragma comment(linker, "/export:print_dll_name=Target_DLL2.dll.print_dll_name,@2") 6 | #pragma comment(linker, "/export:ord5=Target_Ordinal_ForwardTo.#1,@5,NONAME") 7 | #pragma comment(linker, "/export:ord7=Target_Ordinal_ForwardTo.named_forward_test,@7,NONAME") 8 | #pragma comment(linker, "/export:ordinal_forward_test=Target_Ordinal_ForwardTo.#1,@6") 9 | #pragma comment(linker, "/export:named_forward_test=Target_Ordinal_ForwardTo.named_forward_test,@8") 10 | -------------------------------------------------------------------------------- /DLL_Wrapper_Example/configuration.xml: -------------------------------------------------------------------------------- 1 | 2 | 3 | C:\Users\dethj\Documents\GitHub\DLL_Wrapper_Example\DLL_Wrapper_Example\x64\Debug\Target_DLL.dll 4 | Target_DLL2.dll 5 | generated 6 | 7 | 8 | print_hello 9 | 10 | 11 | int 12 | 13 | 14 | add_numbers 15 | 16 | a 17 | b 18 | 19 | int 20 | 21 | 22 | -------------------------------------------------------------------------------- /DLL_Wrapper_Example/Target_DLL/include/Target_DLL.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | #include 3 | 4 | #ifdef TARGET_DLL_EXPORTS 5 | #define NON_WRANGLED_API __declspec(dllexport) 6 | #else 7 | #define NON_WRANGLED_API __declspec(dllimport) 8 | #endif 9 | 10 | #pragma comment(linker, "/export:ord4=Target_Ordinal_ForwardTo.#1,@5,NONAME") 11 | #pragma comment(linker, "/export:ordinal_forward_test=Target_Ordinal_ForwardTo.#1,@6") 12 | 13 | #pragma comment(linker, "/export:ord5=Target_Ordinal_ForwardTo.named_forward_test,@7,NONAME") 14 | #pragma comment(linker, "/export:named_forward_test=Target_Ordinal_ForwardTo.named_forward_test,@8") 15 | 16 | 17 | extern "C" { 18 | int print_hello(void); 19 | int print_dll_name(void); 20 | int add_numbers(int a, int b); 21 | int ordinal_test(void); 22 | }; 23 | -------------------------------------------------------------------------------- /DLL_Wrapper_Example/Attacker_Example/include/intercepts.h: -------------------------------------------------------------------------------- 1 | /* 2 | ** Header generated by DLL_Wrapper. 3 | ** 4 | ** This file contains function declerations for each intercepted DLL function. 5 | ** 6 | */ 7 | #pragma once 8 | #include 9 | #include 10 | #include "forwards.h" 11 | 12 | #define INTERCEPTED_API __declspec(dllexport) 13 | 14 | extern "C" void *(c_ext_intercepts[2]); 15 | 16 | 17 | 18 | // Uncomment line bellow if NOT using the .DEF file. 19 | // DEF file needed to export with specific ordinal value. 20 | //extern "C" INTERCEPTED_API int print_hello(); 21 | extern "C" int print_hello_bridge(); 22 | 23 | 24 | 25 | // Uncomment line bellow if NOT using the .DEF file. 26 | // DEF file needed to export with specific ordinal value. 27 | //extern "C" INTERCEPTED_API int add_numbers(int a, int b); 28 | extern "C" int add_numbers_bridge(int a, int b); 29 | 30 | -------------------------------------------------------------------------------- /DLL_Wrapper_Example/Attacker_Example/src/add_numbers_bridge.asm: -------------------------------------------------------------------------------- 1 | 2 | ;; add_numbers_bridge 3 | function_index equ 1 ;; index of function to call 4 | 5 | IFDEF RAX 6 | ;; 64 bit assembly 7 | 8 | ;; EXTERNs here 9 | ;; EXTERN MessageBoxA: PROC 10 | EXTERN c_ext_intercepts: QWORD ;; array of function pointers. 11 | 12 | .DATA 13 | .CODE 14 | 15 | PUBLIC add_numbers_bridge 16 | add_numbers_bridge PROC 17 | 18 | ;; jmp to value at index value of r10 * sizeof(qword) 19 | LEA RAX, c_ext_intercepts 20 | MOV RAX, [RAX + function_index * 8] 21 | jmp QWORD PTR RAX 22 | 23 | add_numbers_bridge ENDP 24 | 25 | ELSE 26 | ;; 32 bit assembly 27 | 28 | .586 29 | .MODEL FLAT, C 30 | .STACK 31 | .DATA 32 | .CODE 33 | 34 | ;; EXTERNs here 35 | EXTERN c_ext_intercepts: DWORD ;; array of function pointers 36 | 37 | PUBLIC add_numbers_bridge 38 | add_numbers_bridge PROC 39 | 40 | LEA EAX, c_ext_intercepts 41 | MOV EAX, [EAX + function_index * 4] 42 | jmp DWORD PTR EAX 43 | 44 | add_numbers_bridge ENDP 45 | 46 | ENDIF 47 | END 48 | 49 | -------------------------------------------------------------------------------- /DLL_Wrapper_Example/Attacker_Example/src/print_hello_bridge.asm: -------------------------------------------------------------------------------- 1 | 2 | ;; print_hello_bridge 3 | function_index equ 0 ;; index of function to call 4 | 5 | IFDEF RAX 6 | ;; 64 bit assembly 7 | 8 | ;; EXTERNs here 9 | ;; EXTERN MessageBoxA: PROC 10 | EXTERN c_ext_intercepts: QWORD ;; array of function pointers. 11 | 12 | .DATA 13 | .CODE 14 | 15 | PUBLIC print_hello_bridge 16 | print_hello_bridge PROC 17 | 18 | ;; jmp to value at index value of r10 * sizeof(qword) 19 | LEA RAX, c_ext_intercepts 20 | MOV RAX, [RAX + function_index * 8] 21 | jmp QWORD PTR RAX 22 | 23 | print_hello_bridge ENDP 24 | 25 | ELSE 26 | ;; 32 bit assembly 27 | 28 | .586 29 | .MODEL FLAT, C 30 | .STACK 31 | .DATA 32 | .CODE 33 | 34 | ;; EXTERNs here 35 | EXTERN c_ext_intercepts: DWORD ;; array of function pointers 36 | 37 | PUBLIC print_hello_bridge 38 | print_hello_bridge PROC 39 | 40 | LEA EAX, c_ext_intercepts 41 | MOV EAX, [EAX + function_index * 4] 42 | jmp DWORD PTR EAX 43 | 44 | print_hello_bridge ENDP 45 | 46 | ENDIF 47 | END 48 | 49 | -------------------------------------------------------------------------------- /DLL_Wrapper_Example/Attacker_Example/src/print_hello.cpp: -------------------------------------------------------------------------------- 1 | 2 | #include "stdafx.h" 3 | #include "intercepts.h" 4 | 5 | extern "C" int print_hello() 6 | { 7 | HINSTANCE handle; 8 | FARPROC intercepted_function; 9 | 10 | handle = LoadLibraryA("Target_DLL2.dll"); 11 | if (handle == NULL) 12 | { 13 | printf("Error: Couldn't load Target DLL\n"); 14 | return -1; 15 | } 16 | 17 | intercepted_function = GetProcAddress(handle, "print_hello"); 18 | if (intercepted_function == NULL) 19 | { 20 | printf("Error: Couldn't load function Target print_hello\n"); 21 | return -1; 22 | } 23 | 24 | // ARBITRARY CODE GOES HERE 25 | // CAN LOG PARAMATERS, EXECUTE ARBITRARY CODE, ETC 26 | printf("print_hello Called. The function has been intercepted\n"); 27 | 28 | // CALL INTERCEPTED FUNCTION 29 | // Note: This could also be done by casting intercepted_function to 30 | // the appropriate function pointer. Linking to an assembly routine 31 | // on the other hand gives a lower level control. 32 | c_ext_intercepts[0] = intercepted_function; 33 | print_hello_bridge(); 34 | 35 | return 0; 36 | } 37 | 38 | -------------------------------------------------------------------------------- /DLL_Wrapper_Example/Attacker_Example/src/add_numbers.cpp: -------------------------------------------------------------------------------- 1 | 2 | #include "stdafx.h" 3 | #include "intercepts.h" 4 | 5 | extern "C" int add_numbers(int a, int b) 6 | { 7 | HINSTANCE handle; 8 | FARPROC intercepted_function; 9 | 10 | handle = LoadLibraryA("Target_DLL2.dll"); 11 | if (handle == NULL) 12 | { 13 | printf("Error: Couldn't load Target DLL\n"); 14 | return -1; 15 | } 16 | 17 | intercepted_function = GetProcAddress(handle, "add_numbers"); 18 | if (intercepted_function == NULL) 19 | { 20 | printf("Error: Couldn't load function Target add_numbers\n"); 21 | return -1; 22 | } 23 | 24 | // ARBITRARY CODE GOES HERE 25 | // CAN LOG PARAMATERS, EXECUTE ARBITRARY CODE, ETC 26 | printf("add_numbers Called. The function has been intercepted\n"); 27 | 28 | // CALL INTERCEPTED FUNCTION 29 | // Note: This could also be done by casting intercepted_function to 30 | // the appropriate function pointer. Linking to an assembly routine 31 | // on the other hand gives a lower level control. 32 | c_ext_intercepts[1] = intercepted_function; 33 | add_numbers_bridge(a, b); 34 | 35 | return 0; 36 | } 37 | 38 | -------------------------------------------------------------------------------- /DLL_Wrapper_Example/Victim/Victim.vcxproj.filters: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | Header Files 23 | 24 | 25 | Header Files 26 | 27 | 28 | 29 | 30 | Source Files 31 | 32 | 33 | Source Files 34 | 35 | 36 | -------------------------------------------------------------------------------- /DLL_Wrapper_Example/Victim/ReadMe.txt: -------------------------------------------------------------------------------- 1 | ======================================================================== 2 | CONSOLE APPLICATION : Victim Project Overview 3 | ======================================================================== 4 | 5 | AppWizard has created this Victim application for you. 6 | 7 | This file contains a summary of what you will find in each of the files that 8 | make up your Victim application. 9 | 10 | 11 | Victim.vcxproj 12 | This is the main project file for VC++ projects generated using an Application Wizard. 13 | It contains information about the version of Visual C++ that generated the file, and 14 | information about the platforms, configurations, and project features selected with the 15 | Application Wizard. 16 | 17 | Victim.vcxproj.filters 18 | This is the filters file for VC++ projects generated using an Application Wizard. 19 | It contains information about the association between the files in your project 20 | and the filters. This association is used in the IDE to show grouping of files with 21 | similar extensions under a specific node (for e.g. ".cpp" files are associated with the 22 | "Source Files" filter). 23 | 24 | Victim.cpp 25 | This is the main application source file. 26 | 27 | ///////////////////////////////////////////////////////////////////////////// 28 | Other standard files: 29 | 30 | StdAfx.h, StdAfx.cpp 31 | These files are used to build a precompiled header (PCH) file 32 | named Victim.pch and a precompiled types file named StdAfx.obj. 33 | 34 | ///////////////////////////////////////////////////////////////////////////// 35 | Other notes: 36 | 37 | AppWizard uses "TODO:" comments to indicate parts of the source code you 38 | should add to or customize. 39 | 40 | ///////////////////////////////////////////////////////////////////////////// 41 | -------------------------------------------------------------------------------- /DLL_Wrapper_Example/Target_DLL/Target_DLL.vcxproj.filters: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | Header Files 23 | 24 | 25 | Header Files 26 | 27 | 28 | Header Files 29 | 30 | 31 | 32 | 33 | Source Files 34 | 35 | 36 | Source Files 37 | 38 | 39 | Source Files 40 | 41 | 42 | 43 | 44 | Source Files 45 | 46 | 47 | -------------------------------------------------------------------------------- /DLL_Wrapper_Example/Target_Ordinal_ForwardTo/Target_Ordinal_ForwardTo.vcxproj.filters: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | Header Files 23 | 24 | 25 | Header Files 26 | 27 | 28 | Header Files 29 | 30 | 31 | 32 | 33 | Source Files 34 | 35 | 36 | Source Files 37 | 38 | 39 | Source Files 40 | 41 | 42 | 43 | 44 | Source Files 45 | 46 | 47 | -------------------------------------------------------------------------------- /DLL_Wrapper_Example/Target_DLL/ReadMe.txt: -------------------------------------------------------------------------------- 1 | ======================================================================== 2 | DYNAMIC LINK LIBRARY : Target_DLL Project Overview 3 | ======================================================================== 4 | 5 | AppWizard has created this Target_DLL DLL for you. 6 | 7 | This file contains a summary of what you will find in each of the files that 8 | make up your Target_DLL application. 9 | 10 | 11 | Target_DLL.vcxproj 12 | This is the main project file for VC++ projects generated using an Application Wizard. 13 | It contains information about the version of Visual C++ that generated the file, and 14 | information about the platforms, configurations, and project features selected with the 15 | Application Wizard. 16 | 17 | Target_DLL.vcxproj.filters 18 | This is the filters file for VC++ projects generated using an Application Wizard. 19 | It contains information about the association between the files in your project 20 | and the filters. This association is used in the IDE to show grouping of files with 21 | similar extensions under a specific node (for e.g. ".cpp" files are associated with the 22 | "Source Files" filter). 23 | 24 | Target_DLL.cpp 25 | This is the main DLL source file. 26 | 27 | When created, this DLL does not export any symbols. As a result, it 28 | will not produce a .lib file when it is built. If you wish this project 29 | to be a project dependency of some other project, you will either need to 30 | add code to export some symbols from the DLL so that an export library 31 | will be produced, or you can set the Ignore Input Library property to Yes 32 | on the General propert page of the Linker folder in the project's Property 33 | Pages dialog box. 34 | 35 | ///////////////////////////////////////////////////////////////////////////// 36 | Other standard files: 37 | 38 | StdAfx.h, StdAfx.cpp 39 | These files are used to build a precompiled header (PCH) file 40 | named Target_DLL.pch and a precompiled types file named StdAfx.obj. 41 | 42 | ///////////////////////////////////////////////////////////////////////////// 43 | Other notes: 44 | 45 | AppWizard uses "TODO:" comments to indicate parts of the source code you 46 | should add to or customize. 47 | 48 | ///////////////////////////////////////////////////////////////////////////// 49 | -------------------------------------------------------------------------------- /DLL_Wrapper_Example/Attacker_Example/ReadMe.txt: -------------------------------------------------------------------------------- 1 | ======================================================================== 2 | DYNAMIC LINK LIBRARY : Attacker_Example Project Overview 3 | ======================================================================== 4 | 5 | AppWizard has created this Attacker_Example DLL for you. 6 | 7 | This file contains a summary of what you will find in each of the files that 8 | make up your Attacker_Example application. 9 | 10 | 11 | Attacker_Example.vcxproj 12 | This is the main project file for VC++ projects generated using an Application Wizard. 13 | It contains information about the version of Visual C++ that generated the file, and 14 | information about the platforms, configurations, and project features selected with the 15 | Application Wizard. 16 | 17 | Attacker_Example.vcxproj.filters 18 | This is the filters file for VC++ projects generated using an Application Wizard. 19 | It contains information about the association between the files in your project 20 | and the filters. This association is used in the IDE to show grouping of files with 21 | similar extensions under a specific node (for e.g. ".cpp" files are associated with the 22 | "Source Files" filter). 23 | 24 | Attacker_Example.cpp 25 | This is the main DLL source file. 26 | 27 | When created, this DLL does not export any symbols. As a result, it 28 | will not produce a .lib file when it is built. If you wish this project 29 | to be a project dependency of some other project, you will either need to 30 | add code to export some symbols from the DLL so that an export library 31 | will be produced, or you can set the Ignore Input Library property to Yes 32 | on the General propert page of the Linker folder in the project's Property 33 | Pages dialog box. 34 | 35 | ///////////////////////////////////////////////////////////////////////////// 36 | Other standard files: 37 | 38 | StdAfx.h, StdAfx.cpp 39 | These files are used to build a precompiled header (PCH) file 40 | named Attacker_Example.pch and a precompiled types file named StdAfx.obj. 41 | 42 | ///////////////////////////////////////////////////////////////////////////// 43 | Other notes: 44 | 45 | AppWizard uses "TODO:" comments to indicate parts of the source code you 46 | should add to or customize. 47 | 48 | ///////////////////////////////////////////////////////////////////////////// 49 | -------------------------------------------------------------------------------- /DLL_Wrapper_Example/Attacker_Example/Attacker_Example.vcxproj.filters: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hh;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | Header Files 23 | 24 | 25 | Header Files 26 | 27 | 28 | Header Files 29 | 30 | 31 | Header Files 32 | 33 | 34 | 35 | 36 | Source Files 37 | 38 | 39 | Source Files 40 | 41 | 42 | Source Files 43 | 44 | 45 | Source Files 46 | 47 | 48 | Source Files 49 | 50 | 51 | Source Files 52 | 53 | 54 | 55 | 56 | Source Files 57 | 58 | 59 | Source Files 60 | 61 | 62 | -------------------------------------------------------------------------------- /DLL_Wrapper_Example/Target_Ordinal_ForwardTo/ReadMe.txt: -------------------------------------------------------------------------------- 1 | ======================================================================== 2 | DYNAMIC LINK LIBRARY : Target_Ordinal_ForwardTo Project Overview 3 | ======================================================================== 4 | 5 | AppWizard has created this Target_Ordinal_ForwardTo DLL for you. 6 | 7 | This file contains a summary of what you will find in each of the files that 8 | make up your Target_Ordinal_ForwardTo application. 9 | 10 | 11 | Target_Ordinal_ForwardTo.vcxproj 12 | This is the main project file for VC++ projects generated using an Application Wizard. 13 | It contains information about the version of Visual C++ that generated the file, and 14 | information about the platforms, configurations, and project features selected with the 15 | Application Wizard. 16 | 17 | Target_Ordinal_ForwardTo.vcxproj.filters 18 | This is the filters file for VC++ projects generated using an Application Wizard. 19 | It contains information about the association between the files in your project 20 | and the filters. This association is used in the IDE to show grouping of files with 21 | similar extensions under a specific node (for e.g. ".cpp" files are associated with the 22 | "Source Files" filter). 23 | 24 | Target_Ordinal_ForwardTo.cpp 25 | This is the main DLL source file. 26 | 27 | When created, this DLL does not export any symbols. As a result, it 28 | will not produce a .lib file when it is built. If you wish this project 29 | to be a project dependency of some other project, you will either need to 30 | add code to export some symbols from the DLL so that an export library 31 | will be produced, or you can set the Ignore Input Library property to Yes 32 | on the General propert page of the Linker folder in the project's Property 33 | Pages dialog box. 34 | 35 | ///////////////////////////////////////////////////////////////////////////// 36 | Other standard files: 37 | 38 | StdAfx.h, StdAfx.cpp 39 | These files are used to build a precompiled header (PCH) file 40 | named Target_Ordinal_ForwardTo.pch and a precompiled types file named StdAfx.obj. 41 | 42 | ///////////////////////////////////////////////////////////////////////////// 43 | Other notes: 44 | 45 | AppWizard uses "TODO:" comments to indicate parts of the source code you 46 | should add to or customize. 47 | 48 | ///////////////////////////////////////////////////////////////////////////// 49 | -------------------------------------------------------------------------------- /DLL_Wrapper_Example/Victim/Victim.cpp: -------------------------------------------------------------------------------- 1 | // Victim.cpp : Defines the entry point for the console application. 2 | // 3 | 4 | #include "stdafx.h" 5 | #include 6 | #include 7 | 8 | typedef int(*fnct_ptr)(); 9 | typedef int(*fnct_ptr_two)(int, int); 10 | 11 | int main() 12 | { 13 | HINSTANCE dllHandle; 14 | fnct_ptr print_hello; 15 | fnct_ptr print_dll_name; 16 | fnct_ptr_two add_dll_name; 17 | fnct_ptr ord_test; 18 | 19 | fnct_ptr frwd_ord_test; 20 | fnct_ptr frwd_ord_to_named_test; 21 | 22 | fnct_ptr frwd_named_test; 23 | fnct_ptr frwd_named_to_ord_test; 24 | 25 | dllHandle = LoadLibraryA("Target_DLL.dll"); 26 | if (dllHandle == NULL) 27 | { 28 | std::cerr << "Error: Couldn't load Library" << std::endl; 29 | return -1; 30 | } 31 | 32 | print_hello = (fnct_ptr)GetProcAddress(dllHandle, "print_hello"); 33 | if (print_hello == NULL) 34 | { 35 | std::cerr << "Could not locate print_hello in DLL" << std::endl; 36 | return -1; 37 | } 38 | 39 | print_dll_name = (fnct_ptr)GetProcAddress(dllHandle, "print_dll_name"); 40 | if (print_dll_name == NULL) 41 | { 42 | std::cerr << "Could not locate print_dll_name" << std::endl; 43 | return -1; 44 | } 45 | 46 | add_dll_name = (fnct_ptr_two)GetProcAddress(dllHandle, "add_numbers"); 47 | if (add_dll_name == NULL) 48 | { 49 | std::cerr << "Could not locate add_dll_name" << std::endl; 50 | return -1; 51 | } 52 | 53 | ord_test = (fnct_ptr)GetProcAddress(dllHandle, MAKEINTRESOURCEA(4)); 54 | if (ord_test == NULL) 55 | { 56 | std::cerr << "Could not locate ordinal number 4" << std::endl; 57 | return -1; 58 | } 59 | 60 | frwd_ord_test = (fnct_ptr)GetProcAddress(dllHandle, MAKEINTRESOURCEA(5)); 61 | if (frwd_ord_test == NULL) 62 | { 63 | std::cerr << "Could not locate ordinal number 5" << std::endl; 64 | return -1; 65 | } 66 | 67 | //this should point to the same function as above 68 | frwd_ord_to_named_test = (fnct_ptr)GetProcAddress(dllHandle, "ordinal_forward_test"); 69 | if (frwd_ord_to_named_test == NULL) 70 | { 71 | std::cerr << "Could not locate ordinal_forward_test" << std::endl; 72 | return -1; 73 | } 74 | 75 | frwd_named_test = (fnct_ptr)GetProcAddress(dllHandle, "named_forward_test"); 76 | if (frwd_named_test == NULL) 77 | { 78 | std::cerr << "Could not locate named_forward_test" << std::endl; 79 | return -1; 80 | } 81 | 82 | frwd_named_to_ord_test = (fnct_ptr)GetProcAddress(dllHandle, MAKEINTRESOURCEA(7)); 83 | if (frwd_named_to_ord_test == NULL) 84 | { 85 | std::cerr << "Could not locate ordinal number 7" << std::endl; 86 | return -1; 87 | } 88 | 89 | std::cout << "print_hello call: " << std::endl; 90 | print_hello(); 91 | 92 | std::cout << "print_dll_name call: " << std::endl; 93 | print_dll_name(); 94 | 95 | std::cout << "add_dll_name: " << std::endl; 96 | add_dll_name(4, 5); 97 | 98 | std::cout << "ordinal test:" << std::endl; 99 | ord_test(); 100 | 101 | std::cout << "forwarded ordinal test:" << std::endl; 102 | frwd_ord_test(); 103 | 104 | std::cout << "Testing a Named Export of a Forward to an Ordinal" << std::endl; 105 | frwd_ord_to_named_test(); 106 | 107 | std::cout << "Testing a Forwarded Named Export" << std::endl; 108 | frwd_named_test(); 109 | 110 | std::cout << "Testing an ordinal export forwarding to a named export" << std::endl; 111 | frwd_named_to_ord_test(); 112 | 113 | return 0; 114 | } 115 | 116 | -------------------------------------------------------------------------------- /DLL_Wrapper_Example/DLL_Wrapper_Example.sln: -------------------------------------------------------------------------------- 1 | 2 | Microsoft Visual Studio Solution File, Format Version 12.00 3 | # Visual Studio 15 4 | VisualStudioVersion = 15.0.26430.6 5 | MinimumVisualStudioVersion = 10.0.40219.1 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Attacker_Example", "Attacker_Example\Attacker_Example.vcxproj", "{9BFFC7E0-D298-40ED-B486-BD75C5EB4A0E}" 7 | EndProject 8 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Target_DLL", "Target_DLL\Target_DLL.vcxproj", "{D2509398-F31D-4608-9D04-5D7197C22757}" 9 | EndProject 10 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Victim", "Victim\Victim.vcxproj", "{2CAA28D3-FE33-48DC-AB0C-E5186DF897F9}" 11 | EndProject 12 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Target_Ordinal_ForwardTo", "Target_Ordinal_ForwardTo\Target_Ordinal_ForwardTo.vcxproj", "{AAFFDEFD-B896-4194-9DC5-54A004AD154D}" 13 | EndProject 14 | Global 15 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 16 | Debug|x64 = Debug|x64 17 | Debug|x86 = Debug|x86 18 | Release|x64 = Release|x64 19 | Release|x86 = Release|x86 20 | EndGlobalSection 21 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 22 | {9BFFC7E0-D298-40ED-B486-BD75C5EB4A0E}.Debug|x64.ActiveCfg = Debug|x64 23 | {9BFFC7E0-D298-40ED-B486-BD75C5EB4A0E}.Debug|x64.Build.0 = Debug|x64 24 | {9BFFC7E0-D298-40ED-B486-BD75C5EB4A0E}.Debug|x86.ActiveCfg = Debug|Win32 25 | {9BFFC7E0-D298-40ED-B486-BD75C5EB4A0E}.Debug|x86.Build.0 = Debug|Win32 26 | {9BFFC7E0-D298-40ED-B486-BD75C5EB4A0E}.Release|x64.ActiveCfg = Release|x64 27 | {9BFFC7E0-D298-40ED-B486-BD75C5EB4A0E}.Release|x64.Build.0 = Release|x64 28 | {9BFFC7E0-D298-40ED-B486-BD75C5EB4A0E}.Release|x86.ActiveCfg = Release|Win32 29 | {9BFFC7E0-D298-40ED-B486-BD75C5EB4A0E}.Release|x86.Build.0 = Release|Win32 30 | {D2509398-F31D-4608-9D04-5D7197C22757}.Debug|x64.ActiveCfg = Debug|x64 31 | {D2509398-F31D-4608-9D04-5D7197C22757}.Debug|x64.Build.0 = Debug|x64 32 | {D2509398-F31D-4608-9D04-5D7197C22757}.Debug|x86.ActiveCfg = Debug|Win32 33 | {D2509398-F31D-4608-9D04-5D7197C22757}.Debug|x86.Build.0 = Debug|Win32 34 | {D2509398-F31D-4608-9D04-5D7197C22757}.Release|x64.ActiveCfg = Release|x64 35 | {D2509398-F31D-4608-9D04-5D7197C22757}.Release|x64.Build.0 = Release|x64 36 | {D2509398-F31D-4608-9D04-5D7197C22757}.Release|x86.ActiveCfg = Release|Win32 37 | {D2509398-F31D-4608-9D04-5D7197C22757}.Release|x86.Build.0 = Release|Win32 38 | {2CAA28D3-FE33-48DC-AB0C-E5186DF897F9}.Debug|x64.ActiveCfg = Debug|x64 39 | {2CAA28D3-FE33-48DC-AB0C-E5186DF897F9}.Debug|x64.Build.0 = Debug|x64 40 | {2CAA28D3-FE33-48DC-AB0C-E5186DF897F9}.Debug|x86.ActiveCfg = Debug|Win32 41 | {2CAA28D3-FE33-48DC-AB0C-E5186DF897F9}.Debug|x86.Build.0 = Debug|Win32 42 | {2CAA28D3-FE33-48DC-AB0C-E5186DF897F9}.Release|x64.ActiveCfg = Release|x64 43 | {2CAA28D3-FE33-48DC-AB0C-E5186DF897F9}.Release|x64.Build.0 = Release|x64 44 | {2CAA28D3-FE33-48DC-AB0C-E5186DF897F9}.Release|x86.ActiveCfg = Release|Win32 45 | {2CAA28D3-FE33-48DC-AB0C-E5186DF897F9}.Release|x86.Build.0 = Release|Win32 46 | {AAFFDEFD-B896-4194-9DC5-54A004AD154D}.Debug|x64.ActiveCfg = Debug|x64 47 | {AAFFDEFD-B896-4194-9DC5-54A004AD154D}.Debug|x64.Build.0 = Debug|x64 48 | {AAFFDEFD-B896-4194-9DC5-54A004AD154D}.Debug|x86.ActiveCfg = Debug|Win32 49 | {AAFFDEFD-B896-4194-9DC5-54A004AD154D}.Debug|x86.Build.0 = Debug|Win32 50 | {AAFFDEFD-B896-4194-9DC5-54A004AD154D}.Release|x64.ActiveCfg = Release|x64 51 | {AAFFDEFD-B896-4194-9DC5-54A004AD154D}.Release|x64.Build.0 = Release|x64 52 | {AAFFDEFD-B896-4194-9DC5-54A004AD154D}.Release|x86.ActiveCfg = Release|Win32 53 | {AAFFDEFD-B896-4194-9DC5-54A004AD154D}.Release|x86.Build.0 = Release|Win32 54 | EndGlobalSection 55 | GlobalSection(SolutionProperties) = preSolution 56 | HideSolutionNode = FALSE 57 | EndGlobalSection 58 | EndGlobal 59 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | ## Ignore Visual Studio temporary files, build results, and 2 | ## files generated by popular Visual Studio add-ons. 3 | ## 4 | ## Get latest from https://github.com/github/gitignore/blob/master/VisualStudio.gitignore 5 | 6 | # User-specific files 7 | *.suo 8 | *.user 9 | *.userosscache 10 | *.sln.docstates 11 | 12 | # User-specific files (MonoDevelop/Xamarin Studio) 13 | *.userprefs 14 | 15 | # Build results 16 | [Dd]ebug/ 17 | [Dd]ebugPublic/ 18 | [Rr]elease/ 19 | [Rr]eleases/ 20 | x64/ 21 | x86/ 22 | bld/ 23 | [Bb]in/ 24 | [Oo]bj/ 25 | [Ll]og/ 26 | 27 | # Visual Studio 2015 cache/options directory 28 | .vs/ 29 | # Uncomment if you have tasks that create the project's static files in wwwroot 30 | #wwwroot/ 31 | 32 | # MSTest test Results 33 | [Tt]est[Rr]esult*/ 34 | [Bb]uild[Ll]og.* 35 | 36 | # NUNIT 37 | *.VisualState.xml 38 | TestResult.xml 39 | 40 | # Build Results of an ATL Project 41 | [Dd]ebugPS/ 42 | [Rr]eleasePS/ 43 | dlldata.c 44 | 45 | # Benchmark Results 46 | BenchmarkDotNet.Artifacts/ 47 | 48 | # .NET Core 49 | project.lock.json 50 | project.fragment.lock.json 51 | artifacts/ 52 | **/Properties/launchSettings.json 53 | 54 | *_i.c 55 | *_p.c 56 | *_i.h 57 | *.ilk 58 | *.meta 59 | *.obj 60 | *.pch 61 | *.pdb 62 | *.pgc 63 | *.pgd 64 | *.rsp 65 | *.sbr 66 | *.tlb 67 | *.tli 68 | *.tlh 69 | *.tmp 70 | *.tmp_proj 71 | *.log 72 | *.vspscc 73 | *.vssscc 74 | .builds 75 | *.pidb 76 | *.svclog 77 | *.scc 78 | 79 | # Chutzpah Test files 80 | _Chutzpah* 81 | 82 | # Visual C++ cache files 83 | ipch/ 84 | *.aps 85 | *.ncb 86 | *.opendb 87 | *.opensdf 88 | *.sdf 89 | *.cachefile 90 | *.VC.db 91 | *.VC.VC.opendb 92 | 93 | # Visual Studio profiler 94 | *.psess 95 | *.vsp 96 | *.vspx 97 | *.sap 98 | 99 | # TFS 2012 Local Workspace 100 | $tf/ 101 | 102 | # Guidance Automation Toolkit 103 | *.gpState 104 | 105 | # ReSharper is a .NET coding add-in 106 | _ReSharper*/ 107 | *.[Rr]e[Ss]harper 108 | *.DotSettings.user 109 | 110 | # JustCode is a .NET coding add-in 111 | .JustCode 112 | 113 | # TeamCity is a build add-in 114 | _TeamCity* 115 | 116 | # DotCover is a Code Coverage Tool 117 | *.dotCover 118 | 119 | # Visual Studio code coverage results 120 | *.coverage 121 | *.coveragexml 122 | 123 | # NCrunch 124 | _NCrunch_* 125 | .*crunch*.local.xml 126 | nCrunchTemp_* 127 | 128 | # MightyMoose 129 | *.mm.* 130 | AutoTest.Net/ 131 | 132 | # Web workbench (sass) 133 | .sass-cache/ 134 | 135 | # Installshield output folder 136 | [Ee]xpress/ 137 | 138 | # DocProject is a documentation generator add-in 139 | DocProject/buildhelp/ 140 | DocProject/Help/*.HxT 141 | DocProject/Help/*.HxC 142 | DocProject/Help/*.hhc 143 | DocProject/Help/*.hhk 144 | DocProject/Help/*.hhp 145 | DocProject/Help/Html2 146 | DocProject/Help/html 147 | 148 | # Click-Once directory 149 | publish/ 150 | 151 | # Publish Web Output 152 | *.[Pp]ublish.xml 153 | *.azurePubxml 154 | # TODO: Comment the next line if you want to checkin your web deploy settings 155 | # but database connection strings (with potential passwords) will be unencrypted 156 | *.pubxml 157 | *.publishproj 158 | 159 | # Microsoft Azure Web App publish settings. Comment the next line if you want to 160 | # checkin your Azure Web App publish settings, but sensitive information contained 161 | # in these scripts will be unencrypted 162 | PublishScripts/ 163 | 164 | # NuGet Packages 165 | *.nupkg 166 | # The packages folder can be ignored because of Package Restore 167 | **/packages/* 168 | # except build/, which is used as an MSBuild target. 169 | !**/packages/build/ 170 | # Uncomment if necessary however generally it will be regenerated when needed 171 | #!**/packages/repositories.config 172 | # NuGet v3's project.json files produces more ignorable files 173 | *.nuget.props 174 | *.nuget.targets 175 | 176 | # Microsoft Azure Build Output 177 | csx/ 178 | *.build.csdef 179 | 180 | # Microsoft Azure Emulator 181 | ecf/ 182 | rcf/ 183 | 184 | # Windows Store app package directories and files 185 | AppPackages/ 186 | BundleArtifacts/ 187 | Package.StoreAssociation.xml 188 | _pkginfo.txt 189 | *.appx 190 | 191 | # Visual Studio cache files 192 | # files ending in .cache can be ignored 193 | *.[Cc]ache 194 | # but keep track of directories ending in .cache 195 | !*.[Cc]ache/ 196 | 197 | # Others 198 | ClientBin/ 199 | ~$* 200 | *~ 201 | *.dbmdl 202 | *.dbproj.schemaview 203 | *.jfm 204 | *.pfx 205 | *.publishsettings 206 | orleans.codegen.cs 207 | 208 | # Since there are multiple workflows, uncomment next line to ignore bower_components 209 | # (https://github.com/github/gitignore/pull/1529#issuecomment-104372622) 210 | #bower_components/ 211 | 212 | # RIA/Silverlight projects 213 | Generated_Code/ 214 | 215 | # Backup & report files from converting an old project file 216 | # to a newer Visual Studio version. Backup files are not needed, 217 | # because we have git ;-) 218 | _UpgradeReport_Files/ 219 | Backup*/ 220 | UpgradeLog*.XML 221 | UpgradeLog*.htm 222 | 223 | # SQL Server files 224 | *.mdf 225 | *.ldf 226 | *.ndf 227 | 228 | # Business Intelligence projects 229 | *.rdl.data 230 | *.bim.layout 231 | *.bim_*.settings 232 | 233 | # Microsoft Fakes 234 | FakesAssemblies/ 235 | 236 | # GhostDoc plugin setting file 237 | *.GhostDoc.xml 238 | 239 | # Node.js Tools for Visual Studio 240 | .ntvs_analysis.dat 241 | node_modules/ 242 | 243 | # Typescript v1 declaration files 244 | typings/ 245 | 246 | # Visual Studio 6 build log 247 | *.plg 248 | 249 | # Visual Studio 6 workspace options file 250 | *.opt 251 | 252 | # Visual Studio 6 auto-generated workspace file (contains which files were open etc.) 253 | *.vbw 254 | 255 | # Visual Studio LightSwitch build output 256 | **/*.HTMLClient/GeneratedArtifacts 257 | **/*.DesktopClient/GeneratedArtifacts 258 | **/*.DesktopClient/ModelManifest.xml 259 | **/*.Server/GeneratedArtifacts 260 | **/*.Server/ModelManifest.xml 261 | _Pvt_Extensions 262 | 263 | # Paket dependency manager 264 | .paket/paket.exe 265 | paket-files/ 266 | 267 | # FAKE - F# Make 268 | .fake/ 269 | 270 | # JetBrains Rider 271 | .idea/ 272 | *.sln.iml 273 | 274 | # CodeRush 275 | .cr/ 276 | 277 | # Python Tools for Visual Studio (PTVS) 278 | __pycache__/ 279 | *.pyc 280 | 281 | # Cake - Uncomment if you are using it 282 | # tools/** 283 | # !tools/packages.config 284 | 285 | # Tabs Studio 286 | *.tss 287 | 288 | # Telerik's JustMock configuration file 289 | *.jmconfig 290 | 291 | # BizTalk build output 292 | *.btp.cs 293 | *.btm.cs 294 | *.odx.cs 295 | *.xsd.cs -------------------------------------------------------------------------------- /DLL_Wrapper_Example/Victim/Victim.vcxproj: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Debug 6 | Win32 7 | 8 | 9 | Release 10 | Win32 11 | 12 | 13 | Debug 14 | x64 15 | 16 | 17 | Release 18 | x64 19 | 20 | 21 | 22 | 15.0 23 | {2CAA28D3-FE33-48DC-AB0C-E5186DF897F9} 24 | Win32Proj 25 | Victim 26 | 10.0.15063.0 27 | 28 | 29 | 30 | Application 31 | true 32 | v141 33 | Unicode 34 | 35 | 36 | Application 37 | false 38 | v141 39 | true 40 | Unicode 41 | 42 | 43 | Application 44 | true 45 | v141 46 | Unicode 47 | 48 | 49 | Application 50 | false 51 | v141 52 | true 53 | Unicode 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | true 75 | 76 | 77 | true 78 | 79 | 80 | false 81 | 82 | 83 | false 84 | 85 | 86 | 87 | Use 88 | Level3 89 | Disabled 90 | WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions) 91 | 92 | 93 | Console 94 | 95 | 96 | 97 | 98 | Use 99 | Level3 100 | Disabled 101 | _DEBUG;_CONSOLE;%(PreprocessorDefinitions) 102 | 103 | 104 | Console 105 | 106 | 107 | 108 | 109 | Level3 110 | Use 111 | MaxSpeed 112 | true 113 | true 114 | WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions) 115 | 116 | 117 | Console 118 | true 119 | true 120 | 121 | 122 | 123 | 124 | Level3 125 | Use 126 | MaxSpeed 127 | true 128 | true 129 | NDEBUG;_CONSOLE;%(PreprocessorDefinitions) 130 | 131 | 132 | Console 133 | true 134 | true 135 | 136 | 137 | 138 | 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | Create 147 | Create 148 | Create 149 | Create 150 | 151 | 152 | 153 | 154 | 155 | 156 | -------------------------------------------------------------------------------- /DLL_Wrapper_Example/Target_DLL/Target_DLL.vcxproj: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Debug 6 | Win32 7 | 8 | 9 | Release 10 | Win32 11 | 12 | 13 | Debug 14 | x64 15 | 16 | 17 | Release 18 | x64 19 | 20 | 21 | 22 | 15.0 23 | {D2509398-F31D-4608-9D04-5D7197C22757} 24 | Win32Proj 25 | Target_DLL 26 | 10.0.15063.0 27 | 28 | 29 | 30 | DynamicLibrary 31 | true 32 | v141 33 | Unicode 34 | 35 | 36 | DynamicLibrary 37 | false 38 | v141 39 | true 40 | Unicode 41 | 42 | 43 | DynamicLibrary 44 | true 45 | v141 46 | Unicode 47 | 48 | 49 | DynamicLibrary 50 | false 51 | v141 52 | true 53 | Unicode 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | true 75 | $(ProjectDir)\include;$(VC_IncludePath);$(WindowsSDK_IncludePath); 76 | $(ProjectDir)\src;$(VC_SourcePath); 77 | $(VC_IncludePath);$(ProjectDir)\include;$(WindowsSDK_IncludePath);$(MSBuild_ExecutablePath);$(VC_LibraryPath_x86); 78 | 79 | 80 | true 81 | $(ProjectDir)\include;$(VC_IncludePath);$(WindowsSDK_IncludePath); 82 | $(ProjectDir)\src;$(VC_SourcePath); 83 | $(VC_IncludePath);$(ProjectDir)\include;$(WindowsSDK_IncludePath);$(MSBuild_ExecutablePath);$(VC_LibraryPath_x64); 84 | 85 | 86 | false 87 | $(ProjectDir)\include;$(VC_IncludePath);$(WindowsSDK_IncludePath); 88 | $(ProjectDir)\src;$(VC_SourcePath); 89 | $(VC_IncludePath);$(ProjectDir)\include;$(WindowsSDK_IncludePath);$(MSBuild_ExecutablePath);$(VC_LibraryPath_x86); 90 | 91 | 92 | false 93 | $(ProjectDir)\include;$(VC_IncludePath);$(WindowsSDK_IncludePath); 94 | $(ProjectDir)\src;$(VC_SourcePath); 95 | $(VC_IncludePath);$(ProjectDir)\include;$(WindowsSDK_IncludePath);$(MSBuild_ExecutablePath);$(VC_LibraryPath_x64); 96 | 97 | 98 | 99 | NotUsing 100 | Level3 101 | Disabled 102 | WIN32;_DEBUG;_WINDOWS;_USRDLL;TARGET_DLL_EXPORTS;%(PreprocessorDefinitions) 103 | 104 | 105 | Windows 106 | Target.def 107 | 108 | 109 | 110 | 111 | NotUsing 112 | Level3 113 | Disabled 114 | _DEBUG;_WINDOWS;_USRDLL;TARGET_DLL_EXPORTS;%(PreprocessorDefinitions) 115 | stdafx.h 116 | 117 | 118 | Windows 119 | Target.def 120 | 121 | 122 | 123 | 124 | Level3 125 | NotUsing 126 | MaxSpeed 127 | true 128 | true 129 | WIN32;NDEBUG;_WINDOWS;_USRDLL;TARGET_DLL_EXPORTS;%(PreprocessorDefinitions) 130 | 131 | 132 | Windows 133 | true 134 | true 135 | Target.def 136 | 137 | 138 | 139 | 140 | Level3 141 | NotUsing 142 | MaxSpeed 143 | true 144 | true 145 | NDEBUG;_WINDOWS;_USRDLL;TARGET_DLL_EXPORTS;%(PreprocessorDefinitions) 146 | 147 | 148 | Windows 149 | true 150 | true 151 | Target.def 152 | 153 | 154 | 155 | 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | -------------------------------------------------------------------------------- /DLL_Wrapper_Example/Target_Ordinal_ForwardTo/Target_Ordinal_ForwardTo.vcxproj: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Debug 6 | Win32 7 | 8 | 9 | Release 10 | Win32 11 | 12 | 13 | Debug 14 | x64 15 | 16 | 17 | Release 18 | x64 19 | 20 | 21 | 22 | 15.0 23 | {AAFFDEFD-B896-4194-9DC5-54A004AD154D} 24 | Win32Proj 25 | Target_Ordinal_ForwardTo 26 | 10.0.15063.0 27 | 28 | 29 | 30 | DynamicLibrary 31 | true 32 | v141 33 | Unicode 34 | 35 | 36 | DynamicLibrary 37 | false 38 | v141 39 | true 40 | Unicode 41 | 42 | 43 | DynamicLibrary 44 | true 45 | v141 46 | Unicode 47 | 48 | 49 | DynamicLibrary 50 | false 51 | v141 52 | true 53 | Unicode 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | true 75 | 76 | 77 | true 78 | 79 | 80 | false 81 | 82 | 83 | false 84 | 85 | 86 | 87 | Use 88 | Level3 89 | Disabled 90 | _DEBUG;_WINDOWS;_USRDLL;TARGET_ORDINAL_FORWARDTO_EXPORTS;%(PreprocessorDefinitions) 91 | 92 | 93 | Windows 94 | Target_Ordinal_ForwardTo.def 95 | 96 | 97 | 98 | 99 | Use 100 | Level3 101 | Disabled 102 | WIN32;_DEBUG;_WINDOWS;_USRDLL;TARGET_ORDINAL_FORWARDTO_EXPORTS;%(PreprocessorDefinitions) 103 | 104 | 105 | Windows 106 | Target_Ordinal_ForwardTo.def 107 | 108 | 109 | 110 | 111 | Level3 112 | Use 113 | MaxSpeed 114 | true 115 | true 116 | WIN32;NDEBUG;_WINDOWS;_USRDLL;TARGET_ORDINAL_FORWARDTO_EXPORTS;%(PreprocessorDefinitions) 117 | 118 | 119 | Windows 120 | true 121 | true 122 | Target_Ordinal_ForwardTo.def 123 | 124 | 125 | 126 | 127 | Level3 128 | Use 129 | MaxSpeed 130 | true 131 | true 132 | NDEBUG;_WINDOWS;_USRDLL;TARGET_ORDINAL_FORWARDTO_EXPORTS;%(PreprocessorDefinitions) 133 | 134 | 135 | Windows 136 | true 137 | true 138 | Target_Ordinal_ForwardTo.def 139 | 140 | 141 | 142 | 143 | 144 | 145 | 146 | 147 | 148 | 149 | 150 | 151 | false 152 | 153 | 154 | false 155 | 156 | 157 | false 158 | 159 | 160 | false 161 | 162 | 163 | 164 | 165 | Create 166 | Create 167 | Create 168 | Create 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | 178 | -------------------------------------------------------------------------------- /DLL_Wrapper_Example/Attacker_Example/Attacker_Example.vcxproj: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Debug 6 | Win32 7 | 8 | 9 | Release 10 | Win32 11 | 12 | 13 | Debug 14 | x64 15 | 16 | 17 | Release 18 | x64 19 | 20 | 21 | 22 | 15.0 23 | {9BFFC7E0-D298-40ED-B486-BD75C5EB4A0E} 24 | Win32Proj 25 | Attacker_Example 26 | 10.0.15063.0 27 | 28 | 29 | 30 | DynamicLibrary 31 | true 32 | v141 33 | Unicode 34 | 35 | 36 | DynamicLibrary 37 | false 38 | v141 39 | true 40 | Unicode 41 | 42 | 43 | DynamicLibrary 44 | true 45 | v141 46 | Unicode 47 | 48 | 49 | DynamicLibrary 50 | false 51 | v141 52 | true 53 | Unicode 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | true 76 | $(ProjectDir)\include;$(VC_IncludePath);$(WindowsSDK_IncludePath); 77 | $(ProjectDir)\src;$(VC_SourcePath); 78 | $(VC_IncludePath);$(ProjectDir)\include;$(WindowsSDK_IncludePath);$(MSBuild_ExecutablePath);$(VC_LibraryPath_x86); 79 | 80 | 81 | true 82 | $(ProjectDir)\include;$(VC_IncludePath);$(WindowsSDK_IncludePath); 83 | $(ProjectDir)\src;$(VC_SourcePath); 84 | $(VC_IncludePath);$(ProjectDir)\include;$(WindowsSDK_IncludePath);$(MSBuild_ExecutablePath);$(VC_LibraryPath_x64); 85 | 86 | 87 | false 88 | $(ProjectDir)\include;$(VC_IncludePath);$(WindowsSDK_IncludePath); 89 | $(ProjectDir)\src;$(VC_SourcePath); 90 | $(VC_IncludePath);$(ProjectDir)\include;$(WindowsSDK_IncludePath);$(MSBuild_ExecutablePath);$(VC_LibraryPath_x86); 91 | 92 | 93 | false 94 | $(ProjectDir)\include;$(VC_IncludePath);$(WindowsSDK_IncludePath); 95 | $(ProjectDir)\src;$(VC_SourcePath); 96 | $(VC_IncludePath);$(ProjectDir)\include;$(WindowsSDK_IncludePath);$(MSBuild_ExecutablePath);$(VC_LibraryPath_x64); 97 | 98 | 99 | 100 | NotUsing 101 | Level3 102 | Disabled 103 | WIN32;_DEBUG;_WINDOWS;_USRDLL;ATTACKER_EXAMPLE_EXPORTS;%(PreprocessorDefinitions) 104 | 105 | 106 | Windows 107 | Target_DLL.def 108 | 109 | 110 | 111 | 112 | NotUsing 113 | Level3 114 | Disabled 115 | _DEBUG;_WINDOWS;_USRDLL;ATTACKER_EXAMPLE_EXPORTS;%(PreprocessorDefinitions) 116 | 117 | 118 | Windows 119 | Target_DLL.def 120 | 121 | 122 | 123 | 124 | Level3 125 | NotUsing 126 | MaxSpeed 127 | true 128 | true 129 | WIN32;NDEBUG;_WINDOWS;_USRDLL;ATTACKER_EXAMPLE_EXPORTS;%(PreprocessorDefinitions) 130 | 131 | 132 | Windows 133 | true 134 | true 135 | 136 | 137 | C:\Users\dethj\Documents\GitHub\DLL_Wrapper_Example\DLL_Wrapper_Example\Attacker_Example\Target_DLL.DEF 138 | 139 | 140 | 141 | 142 | Level3 143 | NotUsing 144 | MaxSpeed 145 | true 146 | true 147 | NDEBUG;_WINDOWS;_USRDLL;ATTACKER_EXAMPLE_EXPORTS;%(PreprocessorDefinitions) 148 | 149 | 150 | Windows 151 | true 152 | true 153 | 154 | 155 | C:\Users\dethj\Documents\GitHub\DLL_Wrapper_Example\DLL_Wrapper_Example\Attacker_Example\Target_DLL.DEF 156 | 157 | 158 | 159 | 160 | 161 | 162 | 163 | 164 | 165 | 166 | 167 | 168 | 169 | 170 | 171 | 172 | 173 | 174 | 175 | 176 | 177 | Document 178 | 179 | 180 | Document 181 | 182 | 183 | 184 | 185 | 186 | 187 | --------------------------------------------------------------------------------