{"id":8572,"date":"2023-06-07T21:54:04","date_gmt":"2023-06-07T21:54:04","guid":{"rendered":"https:\/\/www.hexacorn.com\/blog\/?p=8572"},"modified":"2023-06-07T21:54:04","modified_gmt":"2023-06-07T21:54:04","slug":"this-lolbin-doesnt-exist","status":"publish","type":"post","link":"https:\/\/www.hexacorn.com\/blog\/2023\/06\/07\/this-lolbin-doesnt-exist\/","title":{"rendered":"This LOLBIN doesn’t exist…"},"content":{"rendered":"\n

I have written about Nullsoft<\/a> installer<\/a> a few times before. I am a bit fascinated by it, because there is not that much research about it, in general, and even less – about its esoteric, yet omnipresent DLL plug-ins…<\/p>\n\n\n\n

One of the more interesting plug-ins that I know of, and yet, one that you will never really see residing on any system, is… ShellDispatch.dll<\/em>.<\/p>\n\n\n\n

It’s a rarely used Nullsoft Plug-In DLL that is known to be used by the installer of WinAmp, yes.. THE WinAmp… and even there… it is used temporarily, as it is immediately deleted from the file system after delivering the required functionality.<\/p>\n\n\n\n

What’s so special about it?<\/p>\n\n\n\n

The ShellDispatch.dll<\/em> exports a few functions:<\/p>\n\n\n\n