导出函数都是RunHacking8

C语言

#include <Windows.h>
#include <stdio.h>

DWORD threadID;

BOOL APIENTRY DllMain( HMODULE hModule,
                       DWORD  ul_reason_for_call,
                       LPVOID lpReserved
					 )
{
	switch (ul_reason_for_call)
	{
	case DLL_PROCESS_ATTACH:
	case DLL_THREAD_ATTACH:
	case DLL_THREAD_DETACH:
	case DLL_PROCESS_DETACH:
		break;
	}
	return TRUE;
}

//extern "C" to prevent C++ name mangling
extern "C" __declspec(dllexport) BOOL RunHacking8(LPVOID lpUserdata, DWORD nUserdataLen)
{
	MessageBoxA(NULL, "Hacking8 Test!", "Hello", 64);
	return TRUE;
}
                                        

Go语言

main.h

#include <windows.h>

void RunHacking8();

BOOL WINAPI DllMain(
    HINSTANCE _hinstDLL, // handle to DLL module
    DWORD _fdwReason,    // reason for calling function
    LPVOID _lpReserved   // reserved
);

main.go

package main
//#include "main.h"
import "C"
import (
    "os/exec"
)

var isRunning bool = false

// RunHacking8 - Export for shared lib build
//export RunHacking8
func RunHacking8() {
    if !isRunning {
        isRunning = true
        main()
    }
}

// Thanks Ne0nd0g for those
//https://github.com/Ne0nd0g/merlin/blob/master/cmd/merlinagentdll/main.go#L65

// DllInstall is used when executing the implant with regsvr32.exe (i.e. regsvr32.exe /s /n /i sliver.dll)
// https://msdn.microsoft.com/en-us/library/windows/desktop/bb759846(v=vs.85).aspx
//export DllInstall
func DllInstall() { main() }

func main() {
    _ = exec.Command("calc.exe").Run()
}

编译

go build -ldflags "-s -w" -buildmode=c-shared -o export.dll main.go