Use CFF Explorer<\/a> for each executable ( If everything is done correctly, the modified executable should automatically load the custom DLL.<\/p>\n\n\n\n \uc704 \ubc29\ubc95 \uadf8\ub300\ub85c \uc9c4\ud589\ud558\uba74 \ub41c\ub2e4. <\/p>\n\n\n\n \uc2e4\uc81c\ub85c \uc798 \uc791\ub3d9\ud558\ub294\uc9c0, <\/p>\n","protected":false},"excerpt":{"rendered":" \ub9ac\ub205\uc2a4\uc5d0\uc11c\ub294 patchelf, \ub9e5\uc5d0\uc11c\ub294 optool\uc744 \uc774\uc6a9\ud574\uc11c \ub77c\uc774\ube0c\ub7ec\ub9ac\ub97c \ucd94\uac00\ub85c \ub85c\ub4dc\uc2dc\ud0a4\ub3c4\ub85d,\ubc14\uc774\ub108\ub9ac \uc2e4\ud589 \ud30c\uc77c\uc744 \ud328\uce58\uc2dc\ud0ac \uc218 \uc788\uc5c8\ub2e4. \uadf8\ub7fc \uc708\ub3c4\uc6b0\ub294 \uc5c6\uc744\uae4c? \uad6c\uae00\uc5d0\uc11c \ucc3e\uc544\ubcf4\ub2c8 CFF Explorer \ud234\ub85c DLL\uc744 \ucd94\uac00\uc2dc\ud0a4\ub294 \ubc29\ubc95\uc774 \uc788\uc5c8\ub2e4. https:\/\/github.com\/ko4life-net\/KOHook Use CFF Explorer for each executable (AIServer.exe, Ebenezer.exe and KnightOnLine.exe) to add the exported functions of the custom DLLs into the executables’ Import Table by following these steps: If everything is done correctly, the modified executable… \ub354 \ubcf4\uae30 »\uc708\ub3c4\uc6b0\uc5d0\uc11c CFF Explorer \uc774\uc6a9\ud558\uc5ec .exe \uc2e4\ud589\ud30c\uc77c\uc5d0 DLL \ucd94\uac00<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"neve_meta_sidebar":"","neve_meta_container":"","neve_meta_enable_content_width":"","neve_meta_content_width":0,"neve_meta_title_alignment":"","neve_meta_author_avatar":"","neve_post_elements_order":"","neve_meta_disable_header":"","neve_meta_disable_footer":"","neve_meta_disable_title":"","footnotes":""},"categories":[1],"tags":[40],"class_list":["post-937","post","type-post","status-publish","format-standard","hentry","category-uncategorized","tag-windows"],"_links":{"self":[{"href":"https:\/\/h4ck.kr\/index.php?rest_route=\/wp\/v2\/posts\/937","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/h4ck.kr\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/h4ck.kr\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/h4ck.kr\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/h4ck.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=937"}],"version-history":[{"count":2,"href":"https:\/\/h4ck.kr\/index.php?rest_route=\/wp\/v2\/posts\/937\/revisions"}],"predecessor-version":[{"id":940,"href":"https:\/\/h4ck.kr\/index.php?rest_route=\/wp\/v2\/posts\/937\/revisions\/940"}],"wp:attachment":[{"href":"https:\/\/h4ck.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=937"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/h4ck.kr\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=937"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/h4ck.kr\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=937"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}AIServer.exe<\/code>, Ebenezer.exe<\/code> and KnightOnLine.exe<\/code>) to add the exported functions of the custom DLLs into the executables’ Import Table<\/code> by following these steps:<\/p>\n\n\n\n\n
Import Addr<\/code> on the left pane and then click Add<\/code> for adding a new module\/dll.<\/li>\n\n\n\nAIServer.exe<\/code> needs AIServer.dll<\/code>.<\/li>\n\n\n\nExported Functions<\/code> pane select all of them and Import by Oridinal<\/code>.<\/li>\n\n\n\nRebuild Import Table<\/code> and then Save<\/code>.<\/li>\n<\/ol>\n\n\n\n
\ub2e4\ub9cc, \ucd5c\uc18c \ud558\ub098 \uc774\uc0c1\uc740 dll\uc5d0\uc11c export\ub41c \ud568\uc218\uac00 \uc788\uc5b4\uc57c \ub418\ub294 \uac83 \uac19\ub354\ub77c…<\/p>\n\n\n\n
puts \ud568\uc218\ub97c \ud6c4\ud0b9\ud558\ub294 dll \ub77c\uc774\ube0c\ub7ec\ub9ac \ud30c\uc77c\uc774 \ub85c\ub4dc\ub418\ub3c4\ub85d \ud328\uce58\uc2dc\ucf1c\ubcf4\uc558\ub2e4.<\/p>\n\n\n\n![\"\"](\"https:\/\/h4ck.kr\/wp-content\/uploads\/2023\/10\/image-3.png\")
<\/figure>\n\n\n\n\uc798\ub41c\ub2e4!<\/h2>\n\n\n\n
MyProcess.exe<\/h4>\n\n\n\n
#include <stdio.h>\n#include <stdlib.h>\n#include <stdarg.h>\n\nint main() {\n\tprintf(\"Hello, This is MyProcess!\\n\");\n\tputs(\"Is hook working?\");\n\treturn 0;\n}<\/pre>\n<\/div>\n<\/div>\n\n\n\nMyProcessHooker.exe<\/h4>\n\n\n\n
#include \"framework.h\"\n#include \"MinHook.h\"\n\n#include <stdio.h>\n#include <stdarg.h>\n#include <stdlib.h>\n\nstatic int (*orig_puts)(const char* str);\n\nint hook_puts(const char* str) {\n\tprintf(\"[+] hook_puts str: %s\\n\", str);\n\treturn orig_puts(str);\n}\n\n__declspec(dllexport) BOOL APIENTRY DllMain(HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved)\n{\n\n\tswitch (ul_reason_for_call)\n\t{\n\t\tcase DLL_PROCESS_ATTACH:\n\t\t{\n\t\t\tprintf(\"[i] Loaded MyProcessHooker!!!\\n\");\n\n\t\t\tif (MH_Initialize() != MH_OK) return false; \n\n\t\t\tHMODULE ucrtModule = GetModuleHandleA(\"ucrtbased.dll\");\n\n\t\t\tLPVOID puts_func = GetProcAddress(ucrtModule, \"puts\");\n\n\t\t\tif (MH_CreateHook(puts_func, &hook_puts, reinterpret_cast<void**>((LPVOID)&orig_puts)) != MH_OK) return false;\n\n\t\t\tif (MH_EnableHook(puts_func) != MH_OK) return false;\n\t\t}\n\t\tbreak;\n\tcase DLL_THREAD_ATTACH:\n\tcase DLL_THREAD_DETACH:\n\t\tbreak;\n\tcase DLL_PROCESS_DETACH:\n\t\tbreak;\n\t}\n\treturn TRUE;\n}<\/pre>\n<\/div>\n<\/div>\n\n\n\n