Skip to content

Latest commit

 

History

History

Module_Overloading

Folders and files

NameName
Last commit message
Last commit date

parent directory

..
 
 
 
 
 
 
 
 
 
 

Module Overloading 🦀

Overview

Module overloading is a method of swapping the contents of a DLL mapped to our process using the NtCreateSection and NtMapViewOfSection APIs, then replacing its contents with an EXE/DLL file and subsequently executing its entry point.

Usage

You can pass a DLL file or an EXE to the binary:

cargo run -- -f <file.exe / file.dll> --dll "<path-dll>"
target/release/module_overloading.exe -f <file.exe / file.dll> --dll "<path-dll>"

You can pass arguments to your file, in this example I'm using mimikatz.exe

cargo run -- -f mimikatz.exe --dll "C:\Windows\System32\user32.dll" --args "coffee exit"

References