Code Monkey home page Code Monkey logo

superdllhijack's Introduction

SuperDllHijack

中文版

A general DLL hijack technology, don't need to manually export the same function interface of the DLL, so easy!

Usage:

Create a DLL with the same name of the hijacked DLL(such as,target.dll), and rename the hijacked DLL to other name(such as, target.dll.1), then call SuperDllHijack function to do the hajick work.

Update:

2020-4-4

  1. fixed the bug of getting peb in x64。Thanks for @yves-yl@kiwings@6769

You can see more details in the example code.

VOID DllHijack1(HMODULE hMod)
{
	TCHAR tszDllPath[MAX_PATH] = { 0 };

	GetModuleFileName(hMod, tszDllPath, MAX_PATH);
	PathRemoveFileSpec(tszDllPath);
	PathAppend(tszDllPath, TEXT("target.dll.1"));

	SuperDllHijack(L"target.dll", tszDllPath);
}

BOOL APIENTRY DllMain( HMODULE hModule,
                       DWORD  ul_reason_for_call,
                       LPVOID lpReserved
                     )
{
    switch (ul_reason_for_call)
    {
    case DLL_PROCESS_ATTACH:
		DllHijack(hModule); break;
    case DLL_THREAD_ATTACH:
    case DLL_THREAD_DETACH:
    case DLL_PROCESS_DETACH:
        break;
    }
    return TRUE;
}

There are the related articles about the technology:

  1. https://anhkgg.com/dllhijack/
  2. https://mp.weixin.qq.com/s/Nx4C2mx94V9vhvU8Eqfobg
  3. https://bbs.pediy.com/thread-248050.htm

Support me

img

superdllhijack's People

Contributors

anhkgg avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

explife0011 hldgaofeng killvxk sharsdela supertanglang fcccode gavz m00zh33 adspro15 eminsight zenixyang asuralove obaby w7oami oksbsb h0k5 sry309 gl00mylee renecn deviceobject kt0721 alphonsetai wxh0000mm stjack adpushpop sudami hymeca arryboom newdream2018 sasqwatch hahaha1986 haidragon zhangf911 jeffli678 bb33bb yuaom espmihacker sluckywhh uncia loudy2000 gdy666 wdnmd-rushb yzpku yesnomore a-new igit-cn matrixkung kissthink jbinkleyj fengjixuchui diggold miloqq qing666888 prsood presleyhank i0nay eddiechen12 youyeyuki woiwoz asdlei99 docterling qianniaoge isinfo raystyle radtek lxlyh fucora hayasec fantasyboy fuck123fuckabc nicelnicel 2217936322 wbglil sanshao27 by1c hnxyy imulmul yang-zhiyuan 276585877 suifei ezhangle 0x738a toygang awen162 attackgithub 39blackwing 6769 adzbtgb xets007 codingman y11en linmw quinn-yan bingshuizhilian hackflame heartacker poiuytr92 sjhgithub 3as0n harry1080

superdllhijack's Issues

这个跟AheadLib生成的劫持代码有什么区别吗

如题,最近研究关于某个游戏的劫持注入,遇到点问题
进游戏虽然执行了dllmian,但是传入的参数跟 内存注入传入的不一样,导致线程里面的函数无法实现。
不知道有没有大佬愿意帮忙,有偿。

思路新颖 但是隐藏性不好

被劫持程序在自己模块里通过比对模块,就很容易发现有劫持。

原来的那个方法,是在调用函数时再去load原始的dll,调完就释放,这样被劫持的程序里只有一份dll

win10 vs2019 x64 需要修改代码后才能使用

vs2019 下测试得到:
win10 x86运行良好.

win10 x64 无法使用 void* NtCurrentPeb().
需要将 return (void*)__readgsqword(0x30)
改成 return (void*)__readgsqword(0x60)
win10 x64 无法根据dll.def导出文件.需要加"__declspec(dllexport)"进行导出

请问如何劫持系统dll

比如要劫持系统的version.dll
是不是给出系统dll的绝对路径即可
SuperDllHijack(TEXT("version.dll"), TEXT("C:\windows\system32\version.dll"));

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.