Skip to content

dll劫持、dll hijack、Bypass Antivirus、Red Team

Notifications You must be signed in to change notification settings

aeverj/RTDllHijack

Folders and files

NameName
Last commit message
Last commit date

Latest commit

a06f9f3 · Oct 31, 2024

History

14 Commits
Oct 31, 2024
Oct 31, 2024
Oct 31, 2024
Jul 3, 2024
Oct 31, 2024
Oct 31, 2024
Jul 3, 2024
Jul 27, 2024
Jul 27, 2024
Oct 31, 2024
Jul 3, 2024

Repository files navigation

RTDllHijack

RTDllHijack 是一个解析 PE 文件导入表并生成可劫持 DLL 源代码的工具。

特性

  • 自动发现给定目录中的可劫持 DLL
  • 根据发现的 DLL 生成对应的源代码
  • 支持选择编译器(MinGW 或 MSVC)
  • 可排除特定文件或目录
  • 提供详细输出以便调试

安装

git clone https://github.com/aeverj/RTDllHijack.git
cd RTDllHijack
go mod tidy
go build -o RTDllHijack.exe cmd/cmd.go

Usage

.\RTDllHijack.exe -h
NAME:
   RTDllHijack - Parses PE file import tables and generates hijackable DLL source code

USAGE:
   RTDllHijack [global options] command [command options]

COMMANDS:
   help, h  Shows a list of commands or help for one command

GLOBAL OPTIONS:
   --compiler value, -c value  Compiler to use (mingw or msvc) (default: "msvc")
   --input value, -i value     Input file or directory path
   --output value, -o value    Output directory path
   --exclude value, -e value   Exclude file or directory name pattern
   --verbose, -v               Enable verbose output (default: false)
   --help, -h                  show help

获取所有C盘可执行文件dll劫持

RTDllHijack.exe -i C:\

生成支持MingW编译器的源文件

RTDllHijack.exe -i C:\ -c mingw

排除特定的文件或目录

RTDllHijack.exe -i C:\ -e admin

结果

├─NoSigned
│  ├─C__Program Files_Common Files_microsoft shared_ink_InputPersonalization.exe
│  │      elscore.dll.cpp
│  │      elscore.dll.def
│  │      InputPersonalization.exe
│  │      XmlLite.dll.cpp
│  │      XmlLite.dll.def
│  │
│  ├─C__Program Files_Common Files_microsoft shared_ink_mip.exe
│  │      COMCTL32.dll.cpp
│  │      COMCTL32.dll.def
│  │      dwmapi.dll.cpp
│  │      dwmapi.dll.def
│  │      mip.exe
│  │      MSIMG32.dll.cpp
│  │      MSIMG32.dll.def
│  │      OLEACC.dll.cpp
│  │      OLEACC.dll.def
│  │      UxTheme.dll.cpp
│  │      UxTheme.dll.def
│  │      VERSION.dll.cpp
│  │      VERSION.dll.def
│  │
│  ├─C__Program Files_Common Files_microsoft shared_ink_ShapeCollector.exe
│  │      COMCTL32.dll.cpp
│  │      COMCTL32.dll.def
│  │      DUI70.dll.cpp
│  │      DUI70.dll.def
│  │      ShapeCollector.exe
│  │
│  └─C__Program Files_Common Files_microsoft shared_MSInfo_msinfo32.exe
│          ATL.DLL.cpp
│          ATL.DLL.def
│          COMCTL32.dll.cpp
│          COMCTL32.dll.def
│          MFC42u.dll.cpp
│          MFC42u.dll.def
│          msinfo32.exe
│          POWRPROF.dll.cpp
│          POWRPROF.dll.def
│          SLC.dll.cpp
│          SLC.dll.def
│
└─Signed
    ├─C__Program Files_Common Files_microsoft shared_ClickToRun_appvcleaner.exe
    │      appvcleaner.exe
    │      APPVMANIFEST.dll.cpp
    │      APPVMANIFEST.dll.def
    │      APPVPOLICY.dll.cpp
    │      APPVPOLICY.dll.def
    │      msi.dll.cpp
    │      msi.dll.def
    │      USERENV.dll.cpp
    │      USERENV.dll.def
    │
    ├─C__Program Files_Common Files_microsoft shared_ClickToRun_AppVShNotify.exe
    │      AppVShNotify.exe
    │      USERENV.dll.cpp
    │      USERENV.dll.def
    │
    └─C__Program Files_Common Files_microsoft shared_ClickToRun_IntegratedOffice.exe
            IntegratedOffice.exe
            IPHLPAPI.DLL.cpp
            IPHLPAPI.DLL.def