Windows Python / DLL Proxying

Author Sh0ckFR
Platform Windows
Language Python
Technique DLL Proxying

Description:

Basic python script to extract all exported functions of a targeted DLL, here DNSAPI.dll used by nslookup.exe.

Code

import pefile

exported_functions = []
pe = pefile.PE('C:\\windows\\system32\\DNSAPI.dll')
for entry in pe.DIRECTORY_ENTRY_EXPORT.symbols:
    func = entry.name.decode('utf-8')
    exported_functions.append(f'#pragma comment(linker,"/export:{func}=proxy.{func},@{entry.ordinal}")')

exported_functions = '\n'.join(exported_functions)
print(exported_functions)
Download Raw
Created

July 25, 2022

Last Revised

April 22, 2024