bats3c / darkloadlibrary Goto Github PK
View Code? Open in Web Editor NEWLoadLibrary for offensive operations
Home Page: https://www.mdsec.co.uk/2021/06/bypassing-image-load-kernel-callbacks/
LoadLibrary for offensive operations
Home Page: https://www.mdsec.co.uk/2021/06/bypassing-image-load-kernel-callbacks/
Good day,
When I try to load the CLR DLL (e.g: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll
), the call to the entry point return false
.
Appart from that, the DLL loading seems fine, do you have an idea why this call return false
? Is this an edge case scenario ?
Other DLL doesn't seems to have this behaviour.
Regards.
Hey, great tool. Are there any near-term plans to add DarkLoadLibrary loading for a DLL's dependencies/imports? They're current just using LoadLibrary, and I can see you added a note to say support would (hopefully) be added in future (in ldrutils.c
).
OS: Win10/Win11 (Tested both)
DLL: libffi-7.dll (http://sourceware.cygnus.com/libffi/)
When attempting to import either from disk (LOAD_LOCAL_FILE) or from memory (LOAD_MEMORY) the DarkLoadLibrary function call crashes with an error 0xc0000409. The specific version of libffi-7.dll comes with python3.10's portable zip package.
it doesn't work in VS2019 release x64
and work well in VS2019 debug x64
I use vs2019's x64 to compile normally, but it fails to compile on X86.
1>Assembling src\syscallsstubs.asm...
1>src\syscallsstubs.asm(1): error A2013: .MODEL must precede this directive
1>src\syscallsstubs.asm(5): error A2034: must be in segment block : NtProtectVirtualMemory
1>src\syscallsstubs.asm(6): error A2034: must be in segment block
1>src\syscallsstubs.asm(7): error A2034: must be in segment block
1>src\syscallsstubs.asm(8): error A2034: must be in segment block
1>src\syscallsstubs.asm(9): error A2034: must be in segment block
1>src\syscallsstubs.asm(10): error A2034: must be in segment block
1>src\syscallsstubs.asm(11): error A2034: must be in segment block
1>src\syscallsstubs.asm(12): error A2034: must be in segment block
1>src\syscallsstubs.asm(13): error A2034: must be in segment block
1>src\syscallsstubs.asm(14): error A2034: must be in segment block
1>src\syscallsstubs.asm(15): error A2034: must be in segment block
1>src\syscallsstubs.asm(16): error A2034: must be in segment block
1>src\syscallsstubs.asm(17): error A2034: must be in segment block
1>src\syscallsstubs.asm(18): error A2034: must be in segment block
1>src\syscallsstubs.asm(19): error A2034: must be in segment block
1>src\syscallsstubs.asm(20): error A2034: must be in segment block
1>src\syscallsstubs.asm(21): fatal error A1010: unmatched block nesting : NtProtectVirtualMemory
yeah very few HeapAlloc
calls actually get freed. I would fix this myself but that seems more fitting of a punishment for the creator of said leaks.
ahem @bats3c
I analyzed your code.
Your project is not completed, not support TLS, LoadConfig and so on.
I wish you upgrade it more prefectly.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.