Please enable JavaScript.
Coggle requires JavaScript to display documents.
Malware, DLL Injection, DLL load orders, Summary Functions, Reference,…
-
DLL Injection
Additional Info
With the .NET Framework, most dependency problems of DLL have been eliminated by using assemblies
To Test DLL function: in CMD - rundll32 "C:\Users\halil\OneDrive\Desktop\ECQ-Code\ProcessInject\x64\Debug\ProcessInject.dll",HelloWorld
-
Can only attach to PID belongs to Desktop User | Run multiple times in Visual Studio costs the reverse shell to be delayed - too long to wait - could be because of PowerShell
Write DLL
2 ways to export
a .def file
CONS: if you are exporting functions in a C++ file, you either have to put the decorated names in the .def file or define the exported functions by using extern "C" to avoid the name decoration that's done by the MSVC compiler
-
-
-
-
-
-
-
DLL load orders
-
-
Alternate Search Order
-
LoadLibraryEx function with LOAD_LIBRARY_SEARCH flag or/and SetDefaultDllDirectories function with LOAD_LIBRARY_SEARCH flag or/and AddDllDirectory function or SetDllDirectory function
The directory that contains the DLL (LOAD_LIBRARY_SEARCH_DLL_LOAD_DIR). This directory is searched only for dependencies of the DLL to be loaded.
-
Paths explicitly added with the AddDllDirectory function (LOAD_LIBRARY_SEARCH_USER_DIRS) or the SetDllDirectory function. If more than one path has been added, the order in which the paths are searched is unspecified.
-
Summary Functions
Download File
- CoInitialize: initialize COM
-
-
-
- pIWinHttpRequest->Open: Open WinHttpRequest
- pIWinHttpRequest->Send: Send Request
- pIWinHttpRequest->get_ResponseText
- SysFreeString and CoUninitialize
Upload File
- WinHttpOpen: obtain a session handle
- WinHttpConnect: Specify an HTTP server
- WinHttpOpenRequest: Create an HTTP Request handle
- WinHttpSendRequest: Send a Request
- WinHttpWriteData: Write data to the server
-
-
-
-
Upload/Download File
Additional Info
There are just missing instructions on how to get the httprequest.h file. The Windows SDK only has the .idl file. This is somehow unusual, many Windows APIs have the .idl and the .h, some only have .h, some only have .idl ... But you can create the .h from the .idl
-
- type 'midl httprequest.idl /out [your project path]'
Ex: midl httprequest.idl /out C:\Users\halil\OneDrive\Desktop\ECQ-Code\UploadDownloadFiles\UploadDownloadFiles
It will create 3 files: httprequest.h, httprequest.tlb and httprequest_i.c in your project directory.
- Right Click on The project->Add->Existing Item to add the httprequest.h file
Attentions
Must Free or Uninitilize every time a new object is done using. Must check if the object is existing before freeing.
-