A script for generating proxy library source code for dynamic link libraries (DLL), mainly used for hijacking the original dynamic link library or injecting into the target program.
python3 generate_proxy_pe_source.py <options_list>
-
-f, --original-pe-file- Path to the original PE file (required)
-
-s, --pe-file-path-in-source-file- Path to the PE file in the generated source file, used to locate the corresponding PE file on the target system
- Default: same as
-f, --original-pe-file
-
-o, --output-directory- Output directory for the source code
- Default: current directory
-
-e, --encoding- Encoding for the generated source code
- Default: UTF-8
-
-h, --help- Show help message
For more detailed usage examples, refer to the WPSProfileVerificationPatch project.
- Install Python 3.x environment and install dependencies:
pip3 install -r requirements.txt- Generate proxy library source code for a 64-bit
ncrypt.dll:
python3 generate_proxy_pe_source.py -f $env:SystemRoot\System32\ncrypt.dll -s %SystemRoot%\System32\ncrypt.dll -o ncrypt64- Generate proxy library source code for a 32-bit
ncrypt.dll:
python3 generate_proxy_pe_source.py -f $env:SystemRoot\SysWOW64\ncrypt.dll -s %SystemRoot%\System32\ncrypt.dll -o ncrypt32-
Add the generated source code files to an MSBuild-based DLL project. Since the export definitions of
ncrypt.dllare the same for different architectures, you can rename theProxyLibraryExports.asmfile for 64-bit and 32-bit versions and set conditional compilation. -
Add the MASM target, then add the generated ASM file and set its type to Microsoft Macro Assembler.
-
Add the generated DEF file and set it as the Module Definition File for the linker.
-
Include the
ProxyLibrary.hheader file and callProxyLibrary_LoadinDllMainduringDLL_PROCESS_ATTACH, and callProxyLibrary_UnloadduringDLL_PROCESS_DETACH. -
Compile the project to generate the proxy DLL file for hooking.
This project is licensed under the MIT License. See the LICENSE file for details.