Spawn detached DLL instead of using thread (#216)

0xW1LD · NHAS · durck · web-flow · commit aa0d280af07c · 2026-04-23T16:00:37.000+12:00
* Update modules * fix naming of parametres (#210) was one conflict between README and source code. In readme used "--use-kerberos" flag. And in internal/client... some. But in cmd/client/main.go used "--host-kerberos". Ьany users were confused. I unified it Co-authored-by: user05 <user05@hd.lab> * spawn detached dll instead of thread * remove lld bypass for dev syntax error * Remove unnecessary thread function --------- Co-authored-by: nhas <jordanatararimu@gmail.com> Co-authored-by: durck <31553806+durck@users.noreply.github.com> Co-authored-by: user05 <user05@hd.lab>
diff --git a/cmd/client/dllmain.h b/cmd/client/dllmain.h
@@ -1,16 +1,11 @@
 
 #include <windows.h>
+#include <stdio.h>
 
 void OnProcessAttach();
 
-DWORD WINAPI MyThreadFunction()
-{
-    OnProcessAttach();
-    return 0;
-}
-
 BOOL WINAPI DllMain(
-    HINSTANCE _hinstDLL, // handle to DLL module
+    HINSTANCE hinstDLL, // handle to DLL module
     DWORD _fdwReason,    // reason for calling function
     LPVOID _lpReserved)  // reserved
 {
@@ -20,8 +15,17 @@ BOOL WINAPI DllMain(
         // Initialize once for each new process.
         // Return FALSE to fail DLL load.
         {
-            HANDLE hThread = CreateThread(NULL, 0, MyThreadFunction, NULL, 0, NULL);
-            // CreateThread() because otherwise DllMain() is highly likely to deadlock.
+            if (GetModuleHandleA("rundll32.exe")) return TRUE;
+
+            char dll[MAX_PATH], cmd[MAX_PATH + 64];
+            GetModuleFileNameA((HINSTANCE)hinstDLL, dll, MAX_PATH);
+#ifdef _WIN64
+            snprintf(cmd, sizeof(cmd), "C:\\Windows\\System32\\rundll32.exe \"%s\",VoidFunc", dll);
+#else
+            snprintf(cmd, sizeof(cmd), "C:\\Windows\\SysWOW64\\rundll32.exe \"%s\",VoidFunc", dll);
+#endif
+            STARTUPINFOA si = {sizeof(si)}; PROCESS_INFORMATION pi = {0};
+            CreateProcessA(NULL, cmd, NULL, NULL, FALSE, DETACHED_PROCESS, NULL, NULL, &si, &pi);
         }
         break;
     case DLL_PROCESS_DETACH:
@@ -36,4 +40,4 @@ BOOL WINAPI DllMain(
     }
 
     return TRUE; // Successful.
-}
+}
