• Stars
    star
    881
  • Rank 51,820 (Top 2 %)
  • Language
    C++
  • License
    Apache License 2.0
  • Created almost 6 years ago
  • Updated about 3 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

SuperDllHijack:A general DLL hijack technology, don't need to manually export the same function interface of the DLL, so easy! 一种通用Dll劫持技术,不再需要手工导出Dll的函数接口了

SuperDllHijack

中文版

A general DLL hijack technology, don't need to manually export the same function interface of the DLL, so easy!

Usage:

Create a DLL with the same name of the hijacked DLL(such as,target.dll), and rename the hijacked DLL to other name(such as, target.dll.1), then call SuperDllHijack function to do the hajick work.

Update:

2020-4-4

  1. fixed the bug of getting peb in x64。Thanks for @yves-yl@kiwings@6769

You can see more details in the example code.

VOID DllHijack1(HMODULE hMod)
{
	TCHAR tszDllPath[MAX_PATH] = { 0 };

	GetModuleFileName(hMod, tszDllPath, MAX_PATH);
	PathRemoveFileSpec(tszDllPath);
	PathAppend(tszDllPath, TEXT("target.dll.1"));

	SuperDllHijack(L"target.dll", tszDllPath);
}

BOOL APIENTRY DllMain( HMODULE hModule,
                       DWORD  ul_reason_for_call,
                       LPVOID lpReserved
                     )
{
    switch (ul_reason_for_call)
    {
    case DLL_PROCESS_ATTACH:
		DllHijack(hModule); break;
    case DLL_THREAD_ATTACH:
    case DLL_THREAD_DETACH:
    case DLL_PROCESS_DETACH:
        break;
    }
    return TRUE;
}

There are the related articles about the technology:

  1. https://anhkgg.com/dllhijack/
  2. https://mp.weixin.qq.com/s/Nx4C2mx94V9vhvU8Eqfobg
  3. https://bbs.pediy.com/thread-248050.htm

Support me

img