Translate

ROZDLL v1.31 updated 05-01-2023 (Inline patching executables with Dll Proxying)

ROZDLL v1.31 is a tool that allows you to create small proxy DLLs for your own purposes. These DLLs will inject code into your executable and alter its behavior.



Main Benefits

  • Fast, portable, and lightweight
  • Compatible with Windows 10 LTSC and Visual Studio 2022 (should also work on Windows 10 and Windows 11)
  • Uses dynamic loading of executable libraries, which means it will give you the exact DLLs that your executable needs after it is loaded into memory

ROZDLL vs Fixit

  • Fixit: Static load generator. It handles a predefined list of DLLs that may or may not work with your executable (similar to BayMax)
  • ROZDLL: Dynamic load generator. It runs your executable in memory and finds the proxy DLLs that your executable actually uses

Steps

  • Choose your EXE file and the location where you want to save your proxy DLL (usually in the same folder as your EXE file)
  • Enter the ‘Patched Data’. Always choose RVA for protected files. Choose ‘Prot’ if your EXE is protected or packed and UPX if you want to compress the proxy DLL
  • Click on the ‘Dll Options’ circular button
  • Click on the ‘ANZ’ or Analyze button. This will run your EXE in memory and look for all the DLLs that can be proxied (dynamic load)
  • Choose the proxy DLL from the ComboBox above. It is wise to choose 'famous proxy DLLs such as: (Version.dll, Winmm.dll, Msimg32.dll, Uxtheme.dll, Wtsapi32.dll, Shfolder.dll, D3d9.dll)
  • Choose the code injection method that you prefer (try all of them)
  • Select or deselect your magic functions (beginner: try the 3 methods, or advanced: follow the instructions below)
  • Advanced users, use Xdbg64 to select a ‘Proxy Nominated Dll’ (see step 2 above), set breakpoints on its ordinal functions, and check which function will hit the ‘Patched Code’ first (magic function)
  • The patch code will be written into the magic function, so select it in ROZDLL, and check if the EXE needs more functions to be selected (the EXE will tell you this). Select all the functions that the EXE asks for in ROZDLL. This is the most accurate way.

Download Link

Post a Comment

0 Comments