Export cloning - output binary does not have exports

[kafkaesqu3]

Im having issues with the Cloners (both .NET and python) when I try to reference a DLL other than Functions.dll. I build Theif.dll with the Dyn-Net build (I removed the post-build event that does this automatically), and then I try to use NetClone.exe:

NetClone.exe --target Theif.dll --output Theif.dll --reference C:\windows\system32\cryptbase.dll

Or NetClone.py: python PyClone.py Theif.dll C:\windows\system32\cryptbase.dll -o Theif.dll

When I run dumpbin exports on the output file, I get the error:

 dumpbin /exports .\Theif.dll
Microsoft (R) COFF/PE Dumper Version 14.27.29111.0
Copyright (C) Microsoft Corporation.  All rights reserved.


Dump of file .\Theif.dll

File Type: DLL
LINK : the 32-bit linker (C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\14.27.29110\bin\Hostx86\x86\link.exe) failed to do memory mapped file I/O on `.\Theif.dll' and is going to restart linking with a 64-bit linker for better throughput
LINK : restarting link with 64-bit linker `C:\Program Files (x86)\Microsoft Visual Studio\2019\Community\VC\Tools\MSVC\14.27.29110\bin\Hostx64\x86\link.exe'

Dump of file .\Theif.dll

File Type: DLL
.\Theif.dll : fatal error LNK1106: invalid file or disk full: cannot seek to 0xFFF7CA42

I doubled checked the binary with Ghidra to confirm there are no exported functions.

I tried replacing the dummy exports of Static() and Dynamic() to match the exports of cryptbase.dll, even though they should never be hit: extern "C" __declspec(dllexport) BOOL SystemFunction001() { return FALSE; };, but I still have the same issue.

I'm not sure if im using the tool incorrectly or if there's a bug. This error occurs with all of the DLLs ive tried in system32.

Thanks for sharing this POC!

[monoxgas]

Holidays are a little busy, but this is on my list btw :) Ping me soon if you don't hear anything.

[kafkaesqu3]

ping :)