search

phra / PEzor

Open-Source Shellcode & PE Packer
https://iwantmore.pizza/posts/PEzor.html
GNU General Public License v3.0
1.81k stars 320 forks source link

Complex payloads don't work in DLLs #33

Closed phra closed 3 years ago

phra commented 3 years ago

to fix the issue:

  1. do not wait for threads in DllMain
  2. export dummy function StartW
  3. execute with rundll32 calc.dll,StartW
jfmaes commented 3 years ago

alternative fix is to create a new thread in dllmain like so

.... HANDLE hNewThread; DWORD dwNewThread;

void dostuff() { stuff } .....

DWORD WINAPI MyThread(LPVOID lpParam) { dostuff(); return 0; }

case DLL_PROCESS_ATTACH: { hNewThread = CreateThread(NULL, 0, MyThread, NULL, 0, &dwNewThread); CloseHandle(hNewThread); break; }

phra commented 3 years ago

I am creating a thread in DllMain but without a dummy export rundll32 terminates immediately.