segfo/Cargo.toml

## Cargo.toml
[package]
name = "sideloading_dll"
version = "0.1.0"
authors = ["segfo <k.segfo@gmail.com>"]
edition = "2018"

[lib]
name = "sideloading"
path = "src/lib.rs"
crate-type = ["dylib"]

[dependencies]

## lib.rs
#[no_mangle]
pub extern "C" fn MessageBoxW(handle: usize,text:usize,caption:usize,icon_type:i32) -> bool {
    println!("side loading !");
    return true;
}

## vuln_dll_SearchOrderHijacking.c
#include <windows.h>
#include <tchar.h>
#include<stdio.h>

typedef int (*MSGBOX)(HWND,LPCWSTR,LPCWSTR,UINT);

int main(){
    char user32_path[255]={0};
    char *file_name = NULL;
    // DLLのサーチを行う(!!!!!Vulnerability!!!!!)
    SearchPathA(NULL,"user32.dll",NULL,255,user32_path,&file_name);
    // サーチしたDLLパスからDLLを読み込む
    HMODULE user32 = LoadLibraryA(user32_path);
    // MessageBox関数のポインタを取得する
    MSGBOX F_MessageBoxW =(MSGBOX) GetProcAddress(user32, "MessageBoxW");
    // 使う
    F_MessageBoxW(NULL,L"hello world!",L"not malware!",0);
    FreeLibrary(user32);
}
	[package]
	name = "sideloading_dll"
	version = "0.1.0"
	authors = ["segfo <k.segfo@gmail.com>"]
	edition = "2018"

	[lib]
	name = "sideloading"
	path = "src/lib.rs"
	crate-type = ["dylib"]

	[dependencies]
	#[no_mangle]
	pub extern "C" fn MessageBoxW(handle: usize,text:usize,caption:usize,icon_type:i32) -> bool {
	println!("side loading !");
	return true;
	}
	#include <windows.h>
	#include <tchar.h>
	#include<stdio.h>

	typedef int (*MSGBOX)(HWND,LPCWSTR,LPCWSTR,UINT);

	int main(){
	char user32_path[255]={0};
	char *file_name = NULL;
	// DLLのサーチを行う(!!!!!Vulnerability!!!!!)
	SearchPathA(NULL,"user32.dll",NULL,255,user32_path,&file_name);
	// サーチしたDLLパスからDLLを読み込む
	HMODULE user32 = LoadLibraryA(user32_path);
	// MessageBox関数のポインタを取得する
	MSGBOX F_MessageBoxW =(MSGBOX) GetProcAddress(user32, "MessageBoxW");
	// 使う
	F_MessageBoxW(NULL,L"hello world!",L"not malware!",0);
	FreeLibrary(user32);
	}