特性
- 自动发现给定目录中的可劫持DLL
- 根据发现的DLL生成对应的来源代码
- 支持选择编译器(MinGW 或 MSVC)
- 可排除特定文件或目录
- 提供详细的交付准备
安装
git clone https://github.com/aeverj/RTDllHijack.gitcd RTDllHijackgo mod tidygo build -o RTDllHijack.exe cmd/cmd.go
获取C盘当前所有文件dll劫持
RTDllHijack.exe -i C:生成支持MingW编译器的源文件
RTDllHijack.exe -i C: -c mingw排除的特定文件或目录
RTDllHijack.exe -i C: -e admin结果
├─NoSigned│ ├─C__Program Files_Common Files_microsoft shared_ink_InputPersonalization.exe│ │ elscore.dll.cpp│ │ elscore.dll.def│ │ InputPersonalization.exe│ │ XmlLite.dll.cpp│ │ XmlLite.dll.def│ ││ ├─C__Program Files_Common Files_microsoft shared_ink_mip.exe│ │ COMCTL32.dll.cpp│ │ COMCTL32.dll.def│ │ dwmapi.dll.cpp│ │ dwmapi.dll.def│ │ mip.exe│ │ MSIMG32.dll.cpp│ │ MSIMG32.dll.def│ │ OLEACC.dll.cpp│ │ OLEACC.dll.def│ │ UxTheme.dll.cpp│ │ UxTheme.dll.def│ │ VERSION.dll.cpp│ │ VERSION.dll.def│ ││ ├─C__Program Files_Common Files_microsoft shared_ink_ShapeCollector.exe│ │ COMCTL32.dll.cpp│ │ COMCTL32.dll.def│ │ DUI70.dll.cpp│ │ DUI70.dll.def│ │ ShapeCollector.exe│ ││ └─C__Program Files_Common Files_microsoft shared_MSInfo_msinfo32.exe│ ATL.DLL.cpp│ ATL.DLL.def│ COMCTL32.dll.cpp│ COMCTL32.dll.def│ MFC42u.dll.cpp│ MFC42u.dll.def│ msinfo32.exe│ POWRPROF.dll.cpp│ POWRPROF.dll.def│ SLC.dll.cpp│ SLC.dll.def│└─Signed├─C__Program Files_Common Files_microsoft shared_ClickToRun_appvcleaner.exe│ appvcleaner.exe│ APPVMANIFEST.dll.cpp│ APPVMANIFEST.dll.def│ APPVPOLICY.dll.cpp│ APPVPOLICY.dll.def│ msi.dll.cpp│ msi.dll.def│ USERENV.dll.cpp│ USERENV.dll.def│├─C__Program Files_Common Files_microsoft shared_ClickToRun_AppVShNotify.exe│ AppVShNotify.exe│ USERENV.dll.cpp│ USERENV.dll.def│└─C__Program Files_Common Files_microsoft shared_ClickToRun_IntegratedOffice.exeIntegratedOffice.exeIPHLPAPI.DLL.cppIPHLPAPI.DLL.def
原文始发于微信公众号(TtTeam):一键查找可劫持DLL
免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论