https://github.com/aeverj/rtdllhijack
dll劫持、dll hijack、Bypass Antivirus、Red Team
https://github.com/aeverj/rtdllhijack
blueteam bypass-antivirus evasion-antivirus redteam
Last synced: 4 months ago
JSON representation
dll劫持、dll hijack、Bypass Antivirus、Red Team
- Host: GitHub
- URL: https://github.com/aeverj/rtdllhijack
- Owner: aeverj
- Created: 2024-07-03T14:56:33.000Z (over 1 year ago)
- Default Branch: master
- Last Pushed: 2024-11-09T07:26:07.000Z (11 months ago)
- Last Synced: 2025-05-30T08:15:19.354Z (4 months ago)
- Topics: blueteam, bypass-antivirus, evasion-antivirus, redteam
- Language: Go
- Homepage:
- Size: 42 KB
- Stars: 46
- Watchers: 2
- Forks: 7
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# RTDllHijack
RTDllHijack 是一个解析 PE 文件导入表并生成可劫持 DLL 源代码的工具。
## 特性
- 自动发现给定目录中的可劫持 DLL
- 根据发现的 DLL 生成对应的源代码
- 支持选择编译器(MinGW 或 MSVC)
- 可排除特定文件或目录
- 提供详细输出以便调试
## 安装
```sh
git clone https://github.com/aeverj/RTDllHijack.git
cd RTDllHijack
go mod tidy
go build -o RTDllHijack.exe cmd/cmd.go
```
## Usage
```sh
.\RTDllHijack.exe -h
NAME:
RTDllHijack - Parses PE file import tables and generates hijackable DLL source code
USAGE:
RTDllHijack [global options] command [command options]
COMMANDS:
help, h Shows a list of commands or help for one command
GLOBAL OPTIONS:
--compiler value, -c value Compiler to use (mingw or msvc) (default: "msvc")
--input value, -i value Input file or directory path
--output value, -o value Output directory path
--exclude value, -e value Exclude file or directory name pattern
--verbose, -v Enable verbose output (default: false)
--help, -h show help
```
## 获取所有C盘可执行文件dll劫持
```sh
RTDllHijack.exe -i C:\
```
## 生成支持MingW编译器的源文件
```sh
RTDllHijack.exe -i C:\ -c mingw
```
## 排除特定的文件或目录
```sh
RTDllHijack.exe -i C:\ -e admin
```
## 结果
```sh
├─NoSigned
│ ├─C__Program Files_Common Files_microsoft shared_ink_InputPersonalization.exe
│ │ elscore.dll.cpp
│ │ elscore.dll.def
│ │ InputPersonalization.exe
│ │ XmlLite.dll.cpp
│ │ XmlLite.dll.def
│ │
│ ├─C__Program Files_Common Files_microsoft shared_ink_mip.exe
│ │ COMCTL32.dll.cpp
│ │ COMCTL32.dll.def
│ │ dwmapi.dll.cpp
│ │ dwmapi.dll.def
│ │ mip.exe
│ │ MSIMG32.dll.cpp
│ │ MSIMG32.dll.def
│ │ OLEACC.dll.cpp
│ │ OLEACC.dll.def
│ │ UxTheme.dll.cpp
│ │ UxTheme.dll.def
│ │ VERSION.dll.cpp
│ │ VERSION.dll.def
│ │
│ ├─C__Program Files_Common Files_microsoft shared_ink_ShapeCollector.exe
│ │ COMCTL32.dll.cpp
│ │ COMCTL32.dll.def
│ │ DUI70.dll.cpp
│ │ DUI70.dll.def
│ │ ShapeCollector.exe
│ │
│ └─C__Program Files_Common Files_microsoft shared_MSInfo_msinfo32.exe
│ ATL.DLL.cpp
│ ATL.DLL.def
│ COMCTL32.dll.cpp
│ COMCTL32.dll.def
│ MFC42u.dll.cpp
│ MFC42u.dll.def
│ msinfo32.exe
│ POWRPROF.dll.cpp
│ POWRPROF.dll.def
│ SLC.dll.cpp
│ SLC.dll.def
│
└─Signed
├─C__Program Files_Common Files_microsoft shared_ClickToRun_appvcleaner.exe
│ appvcleaner.exe
│ APPVMANIFEST.dll.cpp
│ APPVMANIFEST.dll.def
│ APPVPOLICY.dll.cpp
│ APPVPOLICY.dll.def
│ msi.dll.cpp
│ msi.dll.def
│ USERENV.dll.cpp
│ USERENV.dll.def
│
├─C__Program Files_Common Files_microsoft shared_ClickToRun_AppVShNotify.exe
│ AppVShNotify.exe
│ USERENV.dll.cpp
│ USERENV.dll.def
│
└─C__Program Files_Common Files_microsoft shared_ClickToRun_IntegratedOffice.exe
IntegratedOffice.exe
IPHLPAPI.DLL.cpp
IPHLPAPI.DLL.def
```