GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → cyberark → Dllspy

cyberark / Dllspy

Licence: lgpl-3.0
DLL Hijacking Detection Tool

Labels

dllpermissionprivilege-escalationpe

Projects that are alternatives of or similar to Dllspy

Windows Security
Resources About Windows Security. 1100+ Open Source Tools. 3300+ Blog Post and Videos.
Stars: ✭ 165 (-18.32%)
Mutual labels:  dll, pe
adduser-dll
Simple DLL that add a user to the local Administrators group
Stars: ✭ 48 (-76.24%)
Mutual labels:  dll, privilege-escalation
Artifacts Kit
Pseudo-malicious usermode memory artifact generator kit designed to easily mimic the footprints left by real malware on an infected Windows OS.
Stars: ✭ 99 (-50.99%)
Mutual labels:  dll, pe
Horion
Horion - A Minecraft: Bedrock Edition Utility Mod.
Stars: ✭ 163 (-19.31%)
Mutual labels:  dll
Metal
基于beego开发的网站,管理后台系统,包含功能:登录,用户管理,权限管理,多线程获取数据,定时任务,爬虫,markdown,七牛上传图片。
Stars: ✭ 165 (-18.32%)
Mutual labels:  permission
Geyser
A bridge/proxy allowing you to connect to Minecraft: Java Edition servers with Minecraft: Bedrock Edition.
Stars: ✭ 2,851 (+1311.39%)
Mutual labels:  pe
Pyafipws
Factura Electrónica AFIP y otros servicios web (proyecto software libre) — Interfases, tools and apps for Argentina's gov't. webservices (soap, com/dll simil-ocx, pdf, dbf, xml, json, etc.) #python
Stars: ✭ 198 (-1.98%)
Mutual labels:  dll
Bit7z
A C++ static library offering a clean and simple interface to the 7-zip DLLs.
Stars: ✭ 159 (-21.29%)
Mutual labels:  dll
Easypermission
一个非常轻便而且可用的Android动态权限申请库
Stars: ✭ 192 (-4.95%)
Mutual labels:  permission
Rocksdb Sharp
.net bindings for the rocksdb by facebook
Stars: ✭ 173 (-14.36%)
Mutual labels:  dll
Xxpermissions
Android 权限请求框架,已适配 Android 12
Stars: ✭ 2,971 (+1370.79%)
Mutual labels:  permission
Pe Linux
Linux Privilege Escalation Tool By WazeHell
Stars: ✭ 168 (-16.83%)
Mutual labels:  privilege-escalation
Ahkdll
AutoHotkey_H
Stars: ✭ 177 (-12.38%)
Mutual labels:  dll
Voice Overlay Android
🗣 An overlay that gets your user’s voice permission and input as text in a customizable UI
Stars: ✭ 189 (-6.44%)
Mutual labels:  permission
Iat patcher
Persistent IAT hooking application - based on bearparser
Stars: ✭ 170 (-15.84%)
Mutual labels:  pe
X3daudio1 7 hrtf
HRTF for Arma 3, Skyrim, and other titles that use XAudio2 + X3DAudio
Stars: ✭ 192 (-4.95%)
Mutual labels:  dll
Perfmonbar
Displays performance counters on the Windows Taskbar
Stars: ✭ 161 (-20.3%)
Mutual labels:  dll
Mctrl
C library providing set of additional user interface controls for Windows, intended to be complementary to standard Win32API controls from USER32.DLL and COMCTL32.DLL.
Stars: ✭ 169 (-16.34%)
Mutual labels:  dll
Invoker
Penetration testing utility, and antivirus assessment tool.
Stars: ✭ 178 (-11.88%)
Mutual labels:  dll
Lief
Authors
Stars: ✭ 2,730 (+1251.49%)
Mutual labels:  pe
View All Similar Projects ➔

DLLSpy

DLLSpy is a that detects DLL hijacking in running processes, services and in their binaries.

Installation

The easiest way to get DLLSpy from git is by running the following command:

git clone https://github.com/cyberark/DLLSpy

Usage

DLLSpy must be activated with admin rights because it enumerates all processes and services from all users. Execution the program without administrative rights will show the banner and help manual. The default output file is user desktop\machinename.csv

C:\Users\john\Desktop\DLLSpy.exe
 ______   _        _        _______  _______
(  __  \ ( \      ( \      (  ____ \(  ____ )|\     /|
| (  \  )| (      | (      | (    \/| (    )|( \   / )
| |   ) || |      | |      | (_____ | (____)| \ (_) /
| |   | || |      | |      (_____  )|  _____)  \   /
| |   ) || |      | |            ) || (         ) (
| (__/  )| (____/\| (____/\/\____) || )         | |
(______/ (_______/(_______/\_______)|/          \_/

Usage: DLLSpy.exe
-d [mandatory] Find DLL hijacking in all running processes and services.
-s [optional] Search for DLL references in the binary files of current running processes and services.
-r n [optional] Recursion search for DLL references in found DLL files privous scan.
   n is the number is the level of the recursion
-o [optional] Output path for the results in csv format of
               By ommiting this option, a defulat result file would be created on the desktop of the current user.
               Named after the name of the computer .csv

Execution Flags

-d: Mandatory, Scan loaded modules.
-o: Specify an output file. 
-s: Static scan, find missing DLLs and DLLs in binaries
-r <number>:  Recursive scan, ‘number’ is the depth of the recursion.

Overview of DLLSpy

DLLSpy has three engines under its belt.

Dynamic – First, scan the loaded modules by iterating the process loaded module list. Then checks if any of those modules could be hijacked by trying to write to their file location on disk and by checking if they could be overwritten. This is done after duplicating the access token of explorer.exe, which is a weak token. We do that in order to test whether we have write permission to the DLL location and the DLL itself as a regular user.

Static – Locate all strings that contain a DLL name or DLL Path in the binary files of running processes.

Recursive – Statically scan all the DLLs of the processes previously examined. The goal is to find more DLLs that are loaded by those DLLs and see if they are vulnerable to hijacking

Supported Architecture

DLLSpy was successfully tested on Windows 7+ operating systems.

Contributing

DLLSpy runs on Windows 7 + at the moment. We highly encourage you to contribute in the way of creating new modules or improving the existing ones.

License

GPL

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].