Search
 
SCRIPT & CODE EXAMPLE
 

PYTHON

DLL Injection in python

print "[+] Universal DLL Injector by Y"
print "[+] contact : If you know me then give me a shout"
print "[+] usage: ./dll_injector.py <PID> <DLLPATH>"
print "
"
 
from ctypes import *
import sys,ctypes
 
# Define constants we use
PAGE_RW_PRIV = 0x04
PROCESS_ALL_ACCESS = 0x1F0FFF
VIRTUAL_MEM = 0x3000
 
#CTYPES handler
kernel32 = windll.kernel32
 
def dll_inject(PID,DLL_PATH):
    print "[+] Starting DLL Injector"
    LEN_DLL = len(DLL_PATH)# get the length of the DLL PATH 
    print "	[+] Getting process handle for PID:%d " % PID 
    hProcess = kernel32.OpenProcess(PROCESS_ALL_ACCESS,False,PID)
     
    if hProcess == None:
        print "	[+] Unable to get process handle"
        sys.exit(0)
    print "	[+] Allocating space for DLL PATH"
    DLL_PATH_ADDR = kernel32.VirtualAllocEx(hProcess, 
                                            0,
                                            LEN_DLL,
                                            VIRTUAL_MEM,
                                            PAGE_RW_PRIV)
    bool_Written = c_int(0)
    print "	[+] Writing DLL PATH to current process space"
    kernel32.WriteProcessMemory(hProcess,
                                DLL_PATH_ADDR,
                                DLL_PATH,
                                LEN_DLL,
                                byref(bool_Written))
    print "	[+] Resolving Call Specific functions & libraries"
    kernel32DllHandler_addr = kernel32.GetModuleHandleA("kernel32")
    print "		[+] Resolved kernel32 library at 0x%08x" % kernel32DllHandler_addr
    LoadLibraryA_func_addr = kernel32.GetProcAddress(kernel32DllHandler_addr,"LoadLibraryA")
    print "		[+] Resolve LoadLibraryA function at 0x%08x" %LoadLibraryA_func_addr
     
    thread_id = c_ulong(0) # for our thread id
    print "	[+] Creating Remote Thread to load our DLL"
    if not kernel32.CreateRemoteThread(hProcess,
                                None,
                                0,
                                LoadLibraryA_func_addr,
                                DLL_PATH_ADDR,
                                0,
                                byref(thread_id)):
        print "Injection Failed, exiting"
        sys.exit(0)
    else:
        print "Remote Thread 0x%08x created, DLL code injected" % thread_id.value
PID = int(sys.argv[1])
DLL_PATH = str(sys.argv[2])
dll_inject(PID, DLL_PATH)
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
	
print "[+] Universal DLL Injector by Y"
print "[+] contact : If you know me then give me a shout"
print "[+] usage: ./dll_injector.py <PID> <DLLPATH>"
print "
"
 
from ctypes import *
import sys,ctypes
 
# Define constants we use
PAGE_RW_PRIV = 0x04
PROCESS_ALL_ACCESS = 0x1F0FFF
VIRTUAL_MEM = 0x3000
 
#CTYPES handler
kernel32 = windll.kernel32
 
def dll_inject(PID,DLL_PATH):
    print "[+] Starting DLL Injector"
    LEN_DLL = len(DLL_PATH)# get the length of the DLL PATH 
    print "	[+] Getting process handle for PID:%d " % PID 
    hProcess = kernel32.OpenProcess(PROCESS_ALL_ACCESS,False,PID)
     
    if hProcess == None:
        print "	[+] Unable to get process handle"
        sys.exit(0)
    print "	[+] Allocating space for DLL PATH"
    DLL_PATH_ADDR = kernel32.VirtualAllocEx(hProcess, 
                                            0,
                                            LEN_DLL,
                                            VIRTUAL_MEM,
                                            PAGE_RW_PRIV)
    bool_Written = c_int(0)
    print "	[+] Writing DLL PATH to current process space"
    kernel32.WriteProcessMemory(hProcess,
                                DLL_PATH_ADDR,
                                DLL_PATH,
                                LEN_DLL,
                                byref(bool_Written))
    print "	[+] Resolving Call Specific functions & libraries"
    kernel32DllHandler_addr = kernel32.GetModuleHandleA("kernel32")
    print "		[+] Resolved kernel32 library at 0x%08x" % kernel32DllHandler_addr
    LoadLibraryA_func_addr = kernel32.GetProcAddress(kernel32DllHandler_addr,"LoadLibraryA")
    print "		[+] Resolve LoadLibraryA function at 0x%08x" %LoadLibraryA_func_addr
     
    thread_id = c_ulong(0) # for our thread id
    print "	[+] Creating Remote Thread to load our DLL"
    if not kernel32.CreateRemoteThread(hProcess,
                                None,
                                0,
                                LoadLibraryA_func_addr,
                                DLL_PATH_ADDR,
                                0,
                                byref(thread_id)):
        print "Injection Failed, exiting"
        sys.exit(0)
    else:
        print "Remote Thread 0x%08x created, DLL code injected" % thread_id.value
PID = int(sys.argv[1])
DLL_PATH = str(sys.argv[2])
dll_inject(PID, DLL_PATH)
Comment

PREVIOUS NEXT
Code Example
Python :: python list pop vs remove 
Python :: python snake case to camel case 
Python :: alpha vantage import 
Python :: pandas drop duplicate keep last 
Python :: pygame mixer documentation 
Python :: Generate 3 random integers between 100 and 999 which is divisible by 5 
Python :: python remove many items via index at oncefrom a list? 
Python :: generate random password django 
Python :: cors python 
Python :: python word starts with 
Python :: Flatten List in Python Using NumPy Flatten 
Python :: rasperry pi camera 
Python :: how to repeat if statement in python 
Python :: pickle load data 
Python :: python json random number generator 
Python :: how to replace a word in text file using python 
Python :: save screenshot of screen in pygame 
Python :: convert pandas dataframe to dict with a column as key 
Python :: add two column values of a datframe into one 
Python :: generate rsa key python 
Python :: tuple and list in python 
Python :: confusion matrix for classification 
Python :: how to take space separated input in python 
Python :: create dict from two lists 
Python :: pandas loc condition 
Python :: how to add a file to an email in python 
Python :: ModuleNotFoundError: No module named 
Python :: python 3.7.9 download 
Python :: python numpy delete element from array 
Python :: beautiful soap python get the link online 
ADD CONTENT
Topic
Content
Source link
Name
4+6 =