Generates cpp code that can be compiled into an exe or dll that executes a specified shellcode. Can parse an existing dll and implement functions by proxying to retain functionality.

Option 0: go get

go get -u github.com/eatonchips/dllogram

Option 1: Build from source

Clone repository and in directory call go build

This will generate an exe which executes the provided shellcode.

dllogram -i shellcode.bin -f exe -build

This will generate a dll which executes the provided shellcode when attached to.

dllogram -i shellcode.bin -f dll -build

This will generate a dll which proxies the original functionality of msvcp140.dll.

dllogram -i shellcode.bin -f dll -proxy-dll msvcp140.dll -build

dllogram 
  -a int
        Architecture: 32, 64 (default 64)
  -build
        Build generated code?
  -f string
        Executable format: dll, exe (default "exe")
  -i string
        Shellcode file
  -o string
        Output file
  -proxy-dll string
        DLL to proxy functions to

Shellcode/target system architecture, 32/64 bit.

Attempts to build the generated code using mingw commands below.

Format of payload, currently supported options are an exe or dll.

Raw shellcode input file.

Compiler output file if build is specified. Is automatically set to dll name when using -dll-proxy option.

DLL to proxy functions to. This will rename the target dll with a random extension and place it in the build directory. It will also set the output file name to that of the original target dll.

x86_64-w64-mingw32-g++ -o nice.exe build/*

x86_64-w64-mingw32-g++ -shared -o msvcp140.dll build/*

i686-w64-mingw32-g++ -o nice.exe build/*

i686-w64-mingw32-g++ -shared -o msvcp140.dll build/*

This is designed to be flexible using Go's templating engine. In the future I may add functionality to generate payloads which implement different methods to execute or obfuscate shellcode.

• to @S4R1N for showing me the power of DLL proxying and explaining windows internals