Export cloning - output binary does not have exports #2
Description
Im having issues with the Cloners (both .NET and python) when I try to reference a DLL other than Functions.dll. I build Theif.dll with the Dyn-Net build (I removed the post-build event that does this automatically), and then I try to use NetClone.exe:
NetClone.exe --target Theif.dll --output Theif.dll --reference C:\windows\system32\cryptbase.dll
Or NetClone.py: python PyClone.py Theif.dll C:\windows\system32\cryptbase.dll -o Theif.dll
When I run dumpbin exports on the output file, I get the error:
dumpbin /exports .\Theif.dll
Microsoft (R) COFF/PE Dumper Version 14.27.29111.0
Copyright (C) Microsoft Corporation. All rights reserved.
Dump of file .\Theif.dll
File Type: DLL
LINK : the 32-bit linker (C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\14.27.29110\bin\Hostx86\x86\link.exe) failed to do memory mapped file I/O on `.\Theif.dll' and is going to restart linking with a 64-bit linker for better throughput
LINK : restarting link with 64-bit linker `C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\14.27.29110\bin\Hostx64\x86\link.exe'
Dump of file .\Theif.dll
File Type: DLL
.\Theif.dll : fatal error LNK1106: invalid file or disk full: cannot seek to 0xFFF7CA42
I doubled checked the binary with Ghidra to confirm there are no exported functions.
I tried replacing the dummy exports of Static() and Dynamic() to match the exports of cryptbase.dll, even though they should never be hit: extern "C" __declspec(dllexport) BOOL SystemFunction001() { return FALSE; };, but I still have the same issue.
I'm not sure if im using the tool incorrectly or if there's a bug. This error occurs with all of the DLLs ive tried in system32.
Thanks for sharing this POC!