dll injection in python
Trigger
There was an article about DLL Injection in c language, so I tried to make something that can be executed in python based on it.
http://inaz2.hatenablog.com/entry/2015/08/08/223643
Already there
Here https://github.com/psychomario/pyinject
Try using
environment
windows7 pro service pack 1 (64bit) python2.7 notepad(64bit) gcc 4.8.3
dir dllInjection
dllinject.py//DL from git
use.py//Created below
spy.dll//Explained later
spy.dll Diverted from this article http://inaz2.hatenablog.com/entry/2015/08/08/223643
spy.c
#include <windows.h>
#pragma comment(lib, "user32")
BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
{
char filename[MAX_PATH];
switch (fdwReason) {
case DLL_PROCESS_ATTACH:
GetModuleFileName(NULL, filename, sizeof(filename));
MessageBox(NULL, filename, "Hello from", MB_SYSTEMMODAL);
break;
}
return TRUE;
}
Make this dll.
gcc -c spy.c //spy.o
gcc -shared -o spy.dll spy.o //spy.dll
use.py Next, write the code to use dllinject.py downloaded from git. (A level that can be console ...)
use.py
import sys
import dllinject
pid = int(sys.argv[1])
proc=dllinject.Process(pid=pid)
proc.inject("C:\\Users\\'hoge'\\Desktop\\dllInjection\\spy.dll")
proc.terminate()
Run
>C:¥Windows¥notepad.exe
>tasklist
...
notepad.exe 1988 Console 1 9,384K
...
>python use.py 1988
important point
In order to establish DLL Injection, it cannot be established unless the startup process and the DLL type match. In my environment, wow64 + 32bit dll didn't work either. http://furuya02.hatenablog.com/entry/20120114/1326484897
| process | DLL type | result |
|---|---|---|
| 32bit | 32bit | ◯ |
| 32bit | 64bit | ERROR_BAD_EXE_FORMAT |
| 64bit | 32bit | ERROR_BAD_EXE_FORMAT |
| 64bit | 64bit | ◯ |
Recommended Posts