Example #1
0
def cb_create_process_internal_w_rtn(exec_ctx):
    """Return callback for CreateProcessInternalW"""
    logging.debug("CreateProcessInternalW returned 0x%08x", exec_ctx.regs.EAX)

    child_proc_info = exec_ctx.hook.hook_data
    child_pid = memorymanager.read_dword_from_addr(child_proc_info + 8)
    
    logging.debug("PID of spawned process: 0x%08x", child_pid)
    
    logging.debug("starting inject")
    if not injector.inject_module_into_process(emb.dllGetFilename(), child_pid):
        logging.info("Error injecting %s into process %i", \
                     emb.dllGetFilename(), child_pid)
    else:
        logging.debug("inject SUCCESSFUL")
    
    return
Example #2
0
def cb_create_process_internal_w_rtn(exec_ctx):
    """Return callback for CreateProcessInternalW"""
    logging.debug("CreateProcessInternalW returned 0x%08x", exec_ctx.regs.EAX)

    child_proc_info = exec_ctx.hook.hook_data
    child_pid = memorymanager.read_dword_from_addr(child_proc_info + 8)

    logging.debug("PID of spawned process: 0x%08x", child_pid)

    logging.debug("starting inject")
    if not injector.inject_module_into_process(emb.dllGetFilename(),
                                               child_pid):
        logging.info("Error injecting %s into process %i", \
                     emb.dllGetFilename(), child_pid)
    else:
        logging.debug("inject SUCCESSFUL")

    return
Example #3
0
def cb_create_r_thread_rtn(exec_ctx):
    """Return callback for CreateRemoteThread"""
    logging.info("CreateRemoteThread returned 0x%08x", exec_ctx.regs.EAX)
    
    # TODO experimental

    (child_pid, r_threadid_addr) = exec_ctx.hook.hook_data
    
    logging.debug("pointer to TID: 0x%08x" % (r_threadid_addr))
    remote_tid = memorymanager.read_dword_from_addr(r_threadid_addr)
    logging.debug("TID of spawned thread: 0x%08x" % (remote_tid))

    logging.debug("starting inject")
    if not injector.inject_module_into_process(emb.dllGetFilename(), child_pid):
        logging.error("Error injecting %s into process %i" % \
                     (emb.dllGetFilename(), child_pid))
    else:
        logging.debug("inject SUCCESSFUL")

    # injector.inject_module_into_process(dll_path, child_pid)
    
    return
Example #4
0
def cb_create_r_thread_rtn(exec_ctx):
    """Return callback for CreateRemoteThread"""
    logging.info("CreateRemoteThread returned 0x%08x", exec_ctx.regs.EAX)

    # TODO experimental

    (child_pid, r_threadid_addr) = exec_ctx.hook.hook_data

    logging.debug("pointer to TID: 0x%08x" % (r_threadid_addr))
    remote_tid = memorymanager.read_dword_from_addr(r_threadid_addr)
    logging.debug("TID of spawned thread: 0x%08x" % (remote_tid))

    logging.debug("starting inject")
    if not injector.inject_module_into_process(emb.dllGetFilename(),
                                               child_pid):
        logging.error("Error injecting %s into process %i" % \
                     (emb.dllGetFilename(), child_pid))
    else:
        logging.debug("inject SUCCESSFUL")

    # injector.inject_module_into_process(dll_path, child_pid)

    return