Generates cpp code that can be compiled into an exe or dll that executes a specified shellcode. Can parse an existing dll and implement functions by proxying to retain functionality.
Option 0: go get
go get -u github.com/eatonchips/dllogram
Option 1: Build from source
Clone repository and in directory call go build
This will generate an exe which executes the provided shellcode.
dllogram -i shellcode.bin -f exe -build
This will generate a dll which executes the provided shellcode when attached to.
dllogram -i shellcode.bin -f dll -build
This will generate a dll which proxies the original functionality of msvcp140.dll.
dllogram -i shellcode.bin -f dll -proxy-dll msvcp140.dll -build
dllogram
-a int
Architecture: 32, 64 (default 64)
-build
Build generated code?
-f string
Executable format: dll, exe (default "exe")
-i string
Shellcode file
-o string
Output file
-proxy-dll string
DLL to proxy functions to
Shellcode/target system architecture, 32/64 bit.
Attempts to build the generated code using mingw commands below.
Format of payload, currently supported options are an exe or dll.
Raw shellcode input file.
Compiler output file if build is specified. Is automatically set to dll name when using -dll-proxy option.
DLL to proxy functions to. This will rename the target dll with a random extension and place it in the build directory. It will also set the output file name to that of the original target dll.
x86_64-w64-mingw32-g++ -o nice.exe build/*
x86_64-w64-mingw32-g++ -shared -o msvcp140.dll build/*
i686-w64-mingw32-g++ -o nice.exe build/*
i686-w64-mingw32-g++ -shared -o msvcp140.dll build/*
This is designed to be flexible using Go's templating engine. In the future I may add functionality to generate payloads which implement different methods to execute or obfuscate shellcode.
- to @S4R1N for showing me the power of DLL proxying and explaining windows internals