# DLL Sideloading

Recently, I purchased a commercial C4 and it turns out that my knowledge about loader locks and DLL sideloading was all wrong. There is a lot of ways DLL sideloads could go wrong one of which is loader lock, checkout DLL koppeling to know more.

### How to find DLL sideloads 

```

Get-ChildItem -Path "C:\" -Filter *.exe -Recurse -File -Name | ForEach-Object {
    Write-Host $_
    $bin = "C:\" + $_
    C:\Tools\Siofra64.exe --mode file-scan --enum-dependency --dll-hijack -f $bin >> check_appdata.txt
}

```

### How to make ProxyDlls

Use SharpProxyDLL to make a proxy dll . replace the tmpXYZ export to C:\\\Windows\\\SYSTEM32\\\XYZ.dll 

### Not so ideal hack

@paranoidNinja told me we should not load our shellcode from DLLMain but since I'm on clock, I want to share a not so ideal hack to get away. This is not the best way and your shell could die, but hey it works.

Make sure you do this change before compiling your dll (hopefully generated from SharpPorxyDll)

![](/files/R9E665RSIrAv0P0n2qv7)

Compile and enjoy


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://www.redteam.cafe/red-team/shellcode-injection/dll-sideloading.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.