DLL and PowerShell script to assist with finding DLL hijacks
outputFilevariable within
write.cpp
powershell.exeand load
Get-PotentialDLLHijack.ps1into memory
. .\Get-PotentialDLLHijack.ps1
Get-PotentialDLLHijackwith the appropriate flags
Get-PotentialDLLHijack -CSVPath .\Logfile.CSV -MaliciousDLLPath .\DLLHijackTest.dll -ProcessPath "C:\Users\John\AppData\Local\Programs\Microsoft VS Code\Code.exe"
-CSVPathtakes in a path to a .csv file exported from Procmon
-MaliciousDLLPathtakes in a path to your compiled hijack DLL
-ProcessPathtakes in a path to the executable you want to run
-ProcessArgumentstakes in commandline arguments you want to pass to the executeable
outputFilefor found DLL hijacks
strings.exeon the
outputFileto clean up the output paths