Ejemplo n.º 1
0
def test():
    def open_process(pid):
        h_process = kernel32.OpenProcess(PROCESS_ALL_ACCESS, False, pid)
        # print("0x{:016X}".format(h_process))
        if not h_process:
            print(WinError(GetLastError()))
            return False
        return h_process

    set_debug_privilege()

    pid = input("pid: ")

    snapshot = kernel32.CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, int(pid))
    lpme = MODULEENTRY32()
    lpme.dwSize = sizeof(lpme)
    res = kernel32.Module32First(snapshot, byref(lpme))
    address = None
    while res:
        if lpme.th32ProcessID == int(pid):
            if lpme.szModule == b"msctf.dll" or lpme.szModule == b"msvcrt.dll":
                print("PID:         ", lpme.th32ProcessID)
                print("MID:         ", lpme.th32ModuleID)
                # print("MODULE_ADDRESS 0x{:016X}".format(lpme.modBaseAddr))
                print("MODULE_SIZE: ", lpme.modBaseSize)
                print("MODULE_NAME: ", lpme.szModule)
                print("MODULE_PATH: ", lpme.szExePath)
                address = lpme.modBaseAddr
        res = kernel32.Module32Next(snapshot, byref(lpme))
    h_process = open_process(int(pid))
    if not h_process:
        print(WinError(GetLastError()))
        exit()
    p_address = cast(address, POINTER(BYTE))
    page_info = get_page_info(h_process, p_address)
    if not page_info:
        print(WinError(GetLastError()))
        exit()
    show_protection(page_info.Protect)
    old_protect = set_page_protection(h_process, p_address,
                                      page_info.RegionSize,
                                      PAGE_EXECUTE_READWRITE)
    if not old_protect:
        print(WinError(GetLastError()))
        exit()
    page_info = get_page_info(h_process, p_address)
    if not page_info:
        print(WinError(GetLastError()))
        exit()
    show_protection(page_info.Protect)
Ejemplo n.º 2
0
import copy
from ctypes import *
from ctypes import wintypes
from defines import *
from privilege import set_debug_privilege

kernel32 = windll.kernel32

set_debug_privilege()


def to_dict(lpme):
    return dict((field, getattr(lpme, field)) for field, _ in lpme._fields_)


def enum_modules(pid):
    module_list = []
    snapshot = kernel32.CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, int(pid))
    lpme = MODULEENTRY32()
    lpme.dwSize = sizeof(lpme)
    res = kernel32.Module32First(snapshot, byref(lpme))
    while res:
        if lpme.th32ProcessID == int(pid):
            module_list.append(to_dict(lpme))
            # print("PID:         ", lpme.th32ProcessID)
            # print("MID:         ", lpme.th32ModuleID)
            # print("MODULE_NAME: ", lpme.szModule)
            # print("MODULE_PATH: ", lpme.szExePath)
        res = kernel32.Module32Next(snapshot, byref(lpme))
    return module_list
Ejemplo n.º 3
0
from ctypes import *
from ctypes import wintypes
from defines import *
from privilege import set_debug_privilege
from prompt import Prompt
from debugger import Debugger

if set_debug_privilege():
    print("[*] enabled debug privilege")
else:
    print("[!!] Can't enable to debug privilege!")