Can The Backdoor Factory be used to hijack DLL export functions specifically?

Yes. By default, the tool hijacks the DLL's initialization code (e.g., DllMain), so the payload runs when LoadLibrary is called. To trigger the payload only when an exported function is invoked, you can modify the jump code to point to the desired export function. The article notes this flexibility for scenarios like COM Object hijacking or virtual file techniques (Hiding ASP.NET Webshells).