ohffldr.exe <object file> <symbol> <api prefix> <opt:arguments>
Where:
<object file>: path to the BOF;<symbol>: function's name to load;<api prefix>: used beacon API function prefix (e.g. Beacon for the Cobalt Strike's API);<opt:arguments>: data to pass to the BOF.
Arguments must be formatted as type=value where type can be int, short, string and wstring.
For composed strings like path with spaces, consider using double quotes (e.g. string="bofs are cool") like shown in the demo.
ohffldr class is a static object ready-to-load the passed BOF.
The load procedure requires:
path: location of the object file;symbol: function's name to call;api_prefix: prefix of the used API (e.g. Beacon for the Beacon API);argv: pointer to arguments to pass to the BOF function;argc: number of the arguments contained inargv.
Its return value is a bool.
If the function fails, get_last_error can be used to retrieve the error code.
You can find more detailed documentation in the ohffldr.hpp file.
arguments_packer class will automatically convert your command line parameters into an understandable format
for BOFs written using the Cobalt Strike's beacon API.
Note that the version of the API used in this loader may not be up to date and must be configured for your needs.
If you want to manually build the OHFFLdr launch the build.sh script in the ohffldr/build folder.
Click here to access the release page and download the precompiled binaries.
whoami BOF (x64):
dir BOF (x64):
OHFFLdr does NOT support 32 bit BOFs.
Finally, ohffldr class has been designed to be easily imported into your project, configured and used.
It is important to say that the loader may need some modifications to the code to be adapted to your implant and work as expected.
- MaldevAcademy;
- COFFLoader (packer concept);
- CoffeeLdr (
beacon.h).