If you have any app installed that utilizes InstallShield for deployment the chances are that you may have a Ctor.dll file present on the system.<\/p>\n\n\n\n
The nice bit about this library is that it exports a function called LaunchSetup. You can pass any file name to it and you will have it running in no time; that is:<\/p>\n\n\n\n
RunDll32.exe c:\\test\\ctor.dll, LaunchSetup <program><\/p>\n\n\n\n
There is one caveat though. You won’t be able to run Calculator or Notepad applications this way. This is because the function makes a copy of the program file provided from command line to the %TEMP% directory first, and launches it from there. As such, programs that rely on .MUI files to run (e.g. OS GUI-based programs like Notepad, Calculator) need them to be copied to that very same %TEMP% folder as well. But running Calc is not really the point of LOLBINS, isn’t it? \ud83d\ude09<\/p>\n\n\n\n
Typical ctor.dll locations:<\/p>\n\n\n\n
If you have any app installed that utilizes InstallShield for deployment the chances are that you may have a Ctor.dll file present on the system. The nice bit about this library is that it exports a function called LaunchSetup. You … Continue reading