https://github.com/a5m1/fakewer

contains code for fakewer, dll sideloading poc / writeup
https://github.com/a5m1/fakewer

bypass c cpp crowdstrike dllsideloading edr learnc malware-poc ntapi poc sideloading wermgr windows

Last synced: 11 months ago
JSON representation

contains code for fakewer, dll sideloading poc / writeup

• Host: GitHub
• URL: https://github.com/a5m1/fakewer
• Owner: A5M1
• Created: 2024-12-17T22:02:16.000Z (about 1 year ago)
• Default Branch: main
• Last Pushed: 2024-12-17T22:29:39.000Z (about 1 year ago)
• Last Synced: 2024-12-31T20:18:57.164Z (about 1 year ago)
• Topics: bypass, c, cpp, crowdstrike, dllsideloading, edr, learnc, malware-poc, ntapi, poc, sideloading, wermgr, windows
• Language: C#
• Homepage:
• Size: 136 KB
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
`dllexp-x64/dllexp.exe` using this, i exported the all exports to `win-x64/raw.txt`




from there i used `exporter.exe` to make a fake `wer.dll` with all the exports as msgbox to see what i used




i then took the realavent exports and made `fakewer/fakewer.c`, compiled and viola notepad opened




*requires gcc in path*

![image](https://github.com/user-attachments/assets/9357e3b2-da71-4331-afb6-92b52d7b6dd1)

fakewer.dll (wer.dll)

![image](https://github.com/user-attachments/assets/b5850b9e-d26a-4043-8264-a3de157513fb)

![image](https://github.com/user-attachments/assets/83371475-03ec-4168-ab0f-d845cbf627b8)