Skip to content
/ RTDllHijack Public

dll劫持、dll hijack、Bypass Antivirus、Red Team

21 stars 5 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

aeverj/RTDllHijack

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
.github/workflows
.github/workflows
 
 
cmd
cmd
 
 
core
core
 
 
models
models
 
 
runner
runner
 
 
utils
utils
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
README_EN.md
README_EN.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 

Repository files navigation

RTDllHijack

RTDllHijack 是一个解析 PE 文件导入表并生成可劫持 DLL 源代码的工具。

特性

  • 自动发现给定目录中的可劫持 DLL
  • 根据发现的 DLL 生成对应的源代码
  • 支持选择编译器(MinGW 或 MSVC)
  • 可排除特定文件或目录
  • 提供详细输出以便调试

安装

git clone https://github.com/aeverj/RTDllHijack.git
cd RTDllHijack
go mod tidy
go build -o RTDllHijack.exe cmd/cmd.go

Usage

.\RTDllHijack.exe -h
NAME:
   RTDllHijack - Parses PE file import tables and generates hijackable DLL source code

USAGE:
   RTDllHijack [global options] command [command options]

COMMANDS:
   help, h  Shows a list of commands or help for one command

GLOBAL OPTIONS:
   --compiler value, -c value  Compiler to use (mingw or msvc) (default: "msvc")
   --input value, -i value     Input file or directory path
   --output value, -o value    Output directory path
   --exclude value, -e value   Exclude file or directory name pattern
   --verbose, -v               Enable verbose output (default: false)
   --help, -h                  show help

获取所有C盘可执行文件dll劫持

RTDllHijack.exe -i C:\

生成支持MingW编译器的源文件

RTDllHijack.exe -i C:\ -c mingw

排除特定的文件或目录

RTDllHijack.exe -i C:\ -e admin

结果

├─NoSigned
│  ├─C__Program Files_Common Files_microsoft shared_ink_InputPersonalization.exe
│  │      elscore.dll.cpp
│  │      elscore.dll.def
│  │      InputPersonalization.exe
│  │      XmlLite.dll.cpp
│  │      XmlLite.dll.def
│  │
│  ├─C__Program Files_Common Files_microsoft shared_ink_mip.exe
│  │      COMCTL32.dll.cpp
│  │      COMCTL32.dll.def
│  │      dwmapi.dll.cpp
│  │      dwmapi.dll.def
│  │      mip.exe
│  │      MSIMG32.dll.cpp
│  │      MSIMG32.dll.def
│  │      OLEACC.dll.cpp
│  │      OLEACC.dll.def
│  │      UxTheme.dll.cpp
│  │      UxTheme.dll.def
│  │      VERSION.dll.cpp
│  │      VERSION.dll.def
│  │
│  ├─C__Program Files_Common Files_microsoft shared_ink_ShapeCollector.exe
│  │      COMCTL32.dll.cpp
│  │      COMCTL32.dll.def
│  │      DUI70.dll.cpp
│  │      DUI70.dll.def
│  │      ShapeCollector.exe
│  │
│  └─C__Program Files_Common Files_microsoft shared_MSInfo_msinfo32.exe
│          ATL.DLL.cpp
│          ATL.DLL.def
│          COMCTL32.dll.cpp
│          COMCTL32.dll.def
│          MFC42u.dll.cpp
│          MFC42u.dll.def
│          msinfo32.exe
│          POWRPROF.dll.cpp
│          POWRPROF.dll.def
│          SLC.dll.cpp
│          SLC.dll.def
│
└─Signed
    ├─C__Program Files_Common Files_microsoft shared_ClickToRun_appvcleaner.exe
    │      appvcleaner.exe
    │      APPVMANIFEST.dll.cpp
    │      APPVMANIFEST.dll.def
    │      APPVPOLICY.dll.cpp
    │      APPVPOLICY.dll.def
    │      msi.dll.cpp
    │      msi.dll.def
    │      USERENV.dll.cpp
    │      USERENV.dll.def
    │
    ├─C__Program Files_Common Files_microsoft shared_ClickToRun_AppVShNotify.exe
    │      AppVShNotify.exe
    │      USERENV.dll.cpp
    │      USERENV.dll.def
    │
    └─C__Program Files_Common Files_microsoft shared_ClickToRun_IntegratedOffice.exe
            IntegratedOffice.exe
            IPHLPAPI.DLL.cpp
            IPHLPAPI.DLL.def

About

dll劫持、dll hijack、Bypass Antivirus、Red Team

Topics

bypass-antivirus blueteam redteam evasion-antivirus

Resources

Readme
Activity

Stars

21 stars

Watchers

2 watching

Forks

5 forks
Report repository

Releases 4

Optimize🌷 Latest
Oct 31, 2024
+ 3 releases

Packages

No packages published

Languages