perfect dll proxy

不久前，我需要一個代理來執行DLL劫持，但是我不喜歡現有解決方案如何生成ASM存根來處理轉發。事實證明，有一個竅門可以向前邁進，可以使用絕對路徑：

# pragma comment(linker,
" /EXPORT:CredPackAuthenticationBufferA= \\ . \ GLOBALROOT \ SystemRoot \ System32 \ credui.dll.CredPackAuthenticationBufferA "
)

有關更多信息，請參見參考。

要自動生成一個DLL，該DLL導出所有內容並加載任意DLL（無攔截功能），請查看以下項目：https：//github.com/namazso/dll-proxy-generator

python -m pip install pefile
python perfect-dll-proxy.py credui.dll

• https://nibblestew.blogspot.com/2019/05/
• https://googleprojectzero.blogspot.com/2016/02/the-definistive-guide-on-win32-to-nt.html
• https://learn.microsoft.com/en-us/cpp/build/reference/export-export-ports-a-function
• https://devblogs.microsoft.com/oldnewthing/2012116-00/?p=6073
• https://medium.com/@lsecqt/weaponizing-dll-hijacking-via-dll-proxying-3983a8249de0
• https://book.hacktricks.xyz/windows-hardening/windows-local-privilege-escalation/dll-hijacking
• https://www.ired.team/offvision-security/persistence/dll-proxying-for-persistence
• https://github.com/flangvik/sharpdllproxy
• https://github.com/hfiref0x/winobjex64