Python / DLL Proxying - Unprotect Project

Windows Python / DLL Proxying

Author	Unprotect
Platform	Windows
Language	Python
Technique	DLL Proxying

Description:

This code uses the ctypes library to load the legitimate DLL and retrieve the address of the function that will be called. It then defines a function named ProxyFunction that will be used to redirect calls to the legitimate DLL. When ProxyFunction is called, it will call the function in the legitimate DLL and return the result. As with the previous example, this code is just an example and more advanced implementations may be needed for more complex scenarios.

Code

from ctypes import cdll

# Function prototype for the function that will be used to redirect calls to the legitimate DLL
ProxyFunction = ctypes.CFUNCTYPE(ctypes.c_int, ctypes.c_int)

def DllMain():
    # Load the legitimate DLL
    hLegitDLL = ctypes.windll.LoadLibrary("legit.dll")
    if not hLegitDLL:
        # Handle error

    # Retrieve the address of the function in the legitimate DLL
    # This example uses a function named "FunctionA", but the function name can be anything
    FunctionA = ProxyFunction(hLegitDLL.FunctionA)
    if not FunctionA:
        # Handle error

# Function that will be used to redirect calls to the legitimate DLL
def ProxyFunction(arg):
    # Call the function
    return FunctionA(arg)

Download Raw

Created

December 6, 2022

Last Revised

April 22, 2024