def cb_create_process_internal_w_rtn(exec_ctx): """Return callback for CreateProcessInternalW""" logging.debug("CreateProcessInternalW returned 0x%08x", exec_ctx.regs.EAX) child_proc_info = exec_ctx.hook.hook_data child_pid = memorymanager.read_dword_from_addr(child_proc_info + 8) logging.debug("PID of spawned process: 0x%08x", child_pid) logging.debug("starting inject") if not injector.inject_module_into_process(emb.dllGetFilename(), child_pid): logging.info("Error injecting %s into process %i", \ emb.dllGetFilename(), child_pid) else: logging.debug("inject SUCCESSFUL") return
def cb_create_r_thread_rtn(exec_ctx): """Return callback for CreateRemoteThread""" logging.info("CreateRemoteThread returned 0x%08x", exec_ctx.regs.EAX) # TODO experimental (child_pid, r_threadid_addr) = exec_ctx.hook.hook_data logging.debug("pointer to TID: 0x%08x" % (r_threadid_addr)) remote_tid = memorymanager.read_dword_from_addr(r_threadid_addr) logging.debug("TID of spawned thread: 0x%08x" % (remote_tid)) logging.debug("starting inject") if not injector.inject_module_into_process(emb.dllGetFilename(), child_pid): logging.error("Error injecting %s into process %i" % \ (emb.dllGetFilename(), child_pid)) else: logging.debug("inject SUCCESSFUL") # injector.inject_module_into_process(dll_path, child_pid) return