The basic idea here is that this DLL creates a a text file on the fileystem and writes out some basic information which confirms that it is was called and successfully executed.
// dllmain.cpp : Defines the entry point for the DLL application. /* Author: Nik Alleyne Author Blog: www.securitynik.com Date: 2019-01-10 File: sampleDLL.c Note: This code was developed stricly for education purposes and is not to be used for anything malicious. If you use this program in any malicious way or damage your computing systems, in no way am I responsible. */ #include "stdafx.h" #include <time.h> #include <iostream> #include <fstream> using namespace std; // Disable warning about deprecated function #pragma warning(disable:4996); BOOL APIENTRY DllMain( HMODULE hModule, DWORD reasonForCall, LPVOID lpReserved ) { ofstream myTextFile; time_t currentTime = time(NULL); switch (reasonForCall) { case DLL_PROCESS_ATTACH: myTextFile.open("SecurityNik.txt"); myTextFile << "Process with PID=[" << GetCurrentProcessId() << "] loading SampleDLL.dll \n" ; myTextFile << "[*] Process started on: " << ctime(¤tTime); myTextFile << "-------------======-------------||--------------======-------------\n"; myTextFile << " Welcome to SecurityNik's World \n" ; myTextFile << " This DLL was injected by the tool 'DLLInjection-Basics.exe'\n "; myTextFile << " Nik Alleyne || www.securitynik.com \n "; myTextFile << "-------------======-------------||----------------======-----------\n"; myTextFile.close(); break; case DLL_THREAD_ATTACH: // printf("Thread has been created!\n"); break; case DLL_THREAD_DETACH: // printf("Thread is exiting!\n"); break; case DLL_PROCESS_DETACH: // printf("Process is exiting!\n"); break; } return TRUE; } /* References: http://www.cplusplus.com/doc/tutorial/files/ https://www.cprogramming.com/tutorial/lesson10.html https://www.tutorialspoint.com/cplusplus/cpp_date_time.htm https://support.microsoft.com/en-us/help/815065/what-is-a-dll https://docs.microsoft.com/en-us/cpp/error-messages/compiler-warnings/compiler-warning-level-3-c4996?f1url=https%3A%2F%2Fmsdn.microsoft.com%2Fquery%2Fdev15.query%3FappId%3DDev15IDEF1%26l%3DEN-US%26k%3Dk(C4996)%26rd%3Dtrue&view=vs-2017 */
Well there is not much to this post as the next post, has most of the work which needed to be done. See you there.
No comments:
Post a Comment