(Python) DLL Proxying by Unprotect
Created the Tuesday 06 December 2022. Updated 1 month, 3 weeks ago.
This code uses the ctypes library to load the legitimate DLL and retrieve the address of the function that will be called. It then defines a function named ProxyFunction that will be used to redirect calls to the legitimate DLL. When ProxyFunction is called, it will call the function in the legitimate DLL and return the result. As with the previous example, this code is just an example and more advanced implementations may be needed for more complex scenarios.
from ctypes import cdll # Function prototype for the function that will be used to redirect calls to the legitimate DLL ProxyFunction = ctypes.CFUNCTYPE(ctypes.c_int, ctypes.c_int) def DllMain(): # Load the legitimate DLL hLegitDLL = ctypes.windll.LoadLibrary("legit.dll") if not hLegitDLL: # Handle error # Retrieve the address of the function in the legitimate DLL # This example uses a function named "FunctionA", but the function name can be anything FunctionA = ProxyFunction(hLegitDLL.FunctionA) if not FunctionA: # Handle error # Function that will be used to redirect calls to the legitimate DLL def ProxyFunction(arg): # Call the function return FunctionA(arg)