Skip to content
/ DLLirant Public

DLLirant is a tool to automatize the DLL Hijacking researches on a specified binary.

License

MIT license
451 stars 40 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

redteamsocietegenerale/DLLirant

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

47 Commits

Classes

Classes

 
 

Properties

Properties

 
 

ViewModel

ViewModel

 
 

.gitignore

.gitignore

 
 

App.config

App.config

 
 

App.xaml

App.xaml

 
 

App.xaml.cs

App.xaml.cs

 
 

DLLirant.csproj

DLLirant.csproj

 
 

DLLirant.sln

DLLirant.sln

 
 

FodyWeavers.xml

FodyWeavers.xml

 
 

LICENSE

LICENSE

 
 

MainWindow.xaml

MainWindow.xaml

 
 

MainWindow.xaml.cs

MainWindow.xaml.cs

 
 

README.md

README.md

 
 

app.manifest

app.manifest

 
 

background.png

background.png

 
 

dllirant.ico

dllirant.ico

 
 

live.gif

live.gif

 
 

packages.config

packages.config

 
 

screenshot.png

screenshot.png

 
 

screenshot2.png

screenshot2.png

 
 

screenshot3.png

screenshot3.png

 
 

screenshot4.png

screenshot4.png

 
 

Repository files navigation

DLLirant

DLLirant is a tool to automatize the DLL Hijacking and DLL Proxying researches on a specified binary.

alt text alt text alt text

  • Final PoC output when a DLL Hijacking is found:

alt text

Old Live Demo (similar to the new version)

alt text

How to install

How to use

Select the desired PE file, if it is an .exe, the application will currently search for DLL Search Order Hijacking, if you select a DLL, the application will offer you to proxy it.

Regarding the second option, you must specify a path for the proxy DLL, this path can be specified in two ways:

  • With a name, this will generate the proxy DLL and rename it with the name of the selected DLL, and the application will copy the selected (original) DLL and rename it with the name you selected.

  • With a path, this option will generate a single file, the proxy DLL that will call the functions exported from the DLL specified in the text box.

You can also create an import directory and place the missing DLL files that your application need if necessary (the DLL files will be copied automatically in the output directory with the targeted binary).

Important

Concerning the error messages of your targeted application, I tried to avoid the error messages, but you can't really because the messagebox is generated by the System via csrss.exe, not via the targeted application, so you can try to kill the threads, the child windows, use SetErrorMode etc... it will not work.

How it works

The script will create an output directory in the same directory of DLLirant, copy the targeted binary to the output directory.

Via the PeNet library, the script will extract the dll names required by the binary, and test each imports functions available one by one by compilate a custom DLL with the required exported functions.

If a function required by the binary is executed, the custom DLL will create a C:\DLLirant\output.txt to be sure that a DLL Hijacking is possible.

The PoCs of the DLL Hijackings will be also created in the DLLirant/dll-hijacks directory.

Technical posts (in French)

About

DLLirant is a tool to automatize the DLL Hijacking researches on a specified binary.

Resources

Readme

License

MIT license
Activity

Stars

451 stars

Watchers

8 watching

Forks

40 forks
Report repository

Releases 3

Release 0.8 Latest
Nov 29, 2022
+ 2 releases

Packages

No packages published

Contributors 2

Languages