def test():
def open_process(pid):
h_process = kernel32.OpenProcess(PROCESS_ALL_ACCESS, False, pid)
# print("0x{:016X}".format(h_process))
if not h_process:
print(WinError(GetLastError()))
return False
return h_process
set_debug_privilege()
pid = input("pid: ")
snapshot = kernel32.CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, int(pid))
lpme = MODULEENTRY32()
lpme.dwSize = sizeof(lpme)
res = kernel32.Module32First(snapshot, byref(lpme))
address = None
while res:
if lpme.th32ProcessID == int(pid):
if lpme.szModule == b"msctf.dll" or lpme.szModule == b"msvcrt.dll":
print("PID: ", lpme.th32ProcessID)
print("MID: ", lpme.th32ModuleID)
# print("MODULE_ADDRESS 0x{:016X}".format(lpme.modBaseAddr))
print("MODULE_SIZE: ", lpme.modBaseSize)
print("MODULE_NAME: ", lpme.szModule)
print("MODULE_PATH: ", lpme.szExePath)
address = lpme.modBaseAddr
res = kernel32.Module32Next(snapshot, byref(lpme))
h_process = open_process(int(pid))
if not h_process:
print(WinError(GetLastError()))
exit()
p_address = cast(address, POINTER(BYTE))
page_info = get_page_info(h_process, p_address)
if not page_info:
print(WinError(GetLastError()))
exit()
show_protection(page_info.Protect)
old_protect = set_page_protection(h_process, p_address,
page_info.RegionSize,
PAGE_EXECUTE_READWRITE)
if not old_protect:
print(WinError(GetLastError()))
exit()
page_info = get_page_info(h_process, p_address)
if not page_info:
print(WinError(GetLastError()))
exit()
show_protection(page_info.Protect)
import copy
from ctypes import *
from ctypes import wintypes
from defines import *
from privilege import set_debug_privilege
kernel32 = windll.kernel32
set_debug_privilege()
def to_dict(lpme):
return dict((field, getattr(lpme, field)) for field, _ in lpme._fields_)
def enum_modules(pid):
module_list = []
snapshot = kernel32.CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, int(pid))
lpme = MODULEENTRY32()
lpme.dwSize = sizeof(lpme)
res = kernel32.Module32First(snapshot, byref(lpme))
while res:
if lpme.th32ProcessID == int(pid):
module_list.append(to_dict(lpme))
# print("PID: ", lpme.th32ProcessID)
# print("MID: ", lpme.th32ModuleID)
# print("MODULE_NAME: ", lpme.szModule)
# print("MODULE_PATH: ", lpme.szExePath)
res = kernel32.Module32Next(snapshot, byref(lpme))
return module_list
from ctypes import *
from ctypes import wintypes
from defines import *
from privilege import set_debug_privilege
from prompt import Prompt
from debugger import Debugger
if set_debug_privilege():
print("[*] enabled debug privilege")
else:
print("[!!] Can't enable to debug privilege!")