bats3c / darkloadlibrary Goto Github PK
View Code? Open in Web Editor NEWLoadLibrary for offensive operations
Home Page: https://www.mdsec.co.uk/2021/06/bypassing-image-load-kernel-callbacks/
darkloadlibrary's People
Contributors
Stargazers
Watchers
Forkers
ashr emiltayl jordanpotti gavz psmitty7373 0x09al b0y1n4o4 leftp egebalci ohio813 a10ncoder firehak solomonsklash moloch-- hypervis0r d1sabl4 qiaomu2333 msf-ntdll fengjixuchui tuoitrechuatraisudoi daffodi1 zzhsec wbaby crackercat jaychouzzk debox103 arryboom freeide mitchelltesla yougar0 sarvex sunnyneo linecode wadewfsssss siwonheo zhouzu asdlei99 deeby w1nds killvxk meesong rocker9527 jilvan1234 tzf-omkey 3453-315h bigbael idkwim hackflame y11en ykankaya yang-zhiyuan 0x738a ariesike eragon226 red-infosec devbabygo mikeyhodl liushouhuo bb33bb pyonghe invokethreatguy evilashz actorexpose re-expoc yangfan6888 5l1v3r1 physics-sec segg21 idfix007 xiaoxiaozhu5 preventions fdlucifer beyondcy hddmm5 ckwindowsproject benheise arrnitage sairson idlcode wuyadie tututu-patch tai-rex bigbrobro iamasbcx icyfox168168 modulexcite inosec2 johnlatwc askyeye wisdark sasqwatch izj007 ricardo-rossini koolacac int2ecall ririmaiyuliani l34rn adversaryemulator 2217936322 workchadarkloadlibrary's Issues
Loading clr.dll return `false` when calling the entry point
Good day,
When I try to load the CLR DLL (e.g: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll), the call to the entry point return false.
Appart from that, the DLL loading seems fine, do you have an idea why this call return false ? Is this an edge case scenario ?
Other DLL doesn't seems to have this behaviour.
Regards.
[Feature Request] DarkLoadLibrary for DLL Imports
Hey, great tool. Are there any near-term plans to add DarkLoadLibrary loading for a DLL's dependencies/imports? They're current just using LoadLibrary, and I can see you added a note to say support would (hopefully) be added in future (in ldrutils.c).
Crashes when loading libffi-7.dll
OS: Win10/Win11 (Tested both)
DLL: libffi-7.dll (http://sourceware.cygnus.com/libffi/)
When attempting to import either from disk (LOAD_LOCAL_FILE) or from memory (LOAD_MEMORY) the DarkLoadLibrary function call crashes with an error 0xc0000409. The specific version of libffi-7.dll comes with python3.10's portable zip package.
it doesn't work in VS2019 release x64
it doesn't work in VS2019 release x64
and work well in VS2019 debug x64
Hello, doesn't DarkLoadLibrary support x86?
I use vs2019's x64 to compile normally, but it fails to compile on X86.
1>Assembling src\syscallsstubs.asm...
1>src\syscallsstubs.asm(1): error A2013: .MODEL must precede this directive
1>src\syscallsstubs.asm(5): error A2034: must be in segment block : NtProtectVirtualMemory
1>src\syscallsstubs.asm(6): error A2034: must be in segment block
1>src\syscallsstubs.asm(7): error A2034: must be in segment block
1>src\syscallsstubs.asm(8): error A2034: must be in segment block
1>src\syscallsstubs.asm(9): error A2034: must be in segment block
1>src\syscallsstubs.asm(10): error A2034: must be in segment block
1>src\syscallsstubs.asm(11): error A2034: must be in segment block
1>src\syscallsstubs.asm(12): error A2034: must be in segment block
1>src\syscallsstubs.asm(13): error A2034: must be in segment block
1>src\syscallsstubs.asm(14): error A2034: must be in segment block
1>src\syscallsstubs.asm(15): error A2034: must be in segment block
1>src\syscallsstubs.asm(16): error A2034: must be in segment block
1>src\syscallsstubs.asm(17): error A2034: must be in segment block
1>src\syscallsstubs.asm(18): error A2034: must be in segment block
1>src\syscallsstubs.asm(19): error A2034: must be in segment block
1>src\syscallsstubs.asm(20): error A2034: must be in segment block
1>src\syscallsstubs.asm(21): fatal error A1010: unmatched block nesting : NtProtectVirtualMemory
Various different memory leaks
yeah very few HeapAlloc calls actually get freed. I would fix this myself but that seems more fitting of a punishment for the creator of said leaks.
ahem @bats3c
can i use darkloadlibrary for UDRL(user-defined reflective loader)
vs memorymodule
I analyzed your code.
Your project is not completed, not support TLS, LoadConfig and so on.
I wish you upgrade it more prefectly.
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.