ie_sandbox/grayhat/injector.py
from ctypes import *
PROCESS_ALL_ACCESS =
VIRTUAL_MEM
PAGE_READWRITE
def write_data( data, length ):
pass
# A switch to determine whether we want DLL or code injectio
def inject_dll( dll_path ):
dll_len = len(dll_path)
write_data( dll_path, dll_len )
h_kernel32 = kernel32.GetModuleHandleA("kernel32.dll")
h_load_library = kernel32.GetProcAddress( h_kernel32, "LoadLibraryA" )
dll_len = len(dll_path)
# Get a handle to the process we are injecting into.
h_process = kernel32.OpenProcess(pyfault_defines.PROCESS_ALL_ACCESS, False, pid)
# Now we have to allocate enough bytes for the name and path of our DLL.
arg_address = kernel32.VirtualAllocEx(h_process,0,dll_len,pyfault_defines.VIRTUAL_MEM,pyfault_defines.PAGE_READWRITE)
# Write the path of the DLL into the previously allocated space. The pointer returned
written = ctypes.c_int(0)
kernel32.WriteProcessMemory(h_process, arg_address, dll_path, dll_len, ctypes.byref(written))
# Get a handle directly to kernel32.dll
h_kernel32 = kernel32.GetModuleHandleA("kernel32.dll")
# Get the address of LoadLibraryA
h_loadlib = kernel32.GetProcAddress(h_kernel32,"LoadLibraryA")
# Now we try to create the remote thread, with the entry point of
thread_id = ctypes.c_ulong(0)
if not kernel32.CreateRemoteThread(h_process,None,0,h_loadlib,arg_address,0,ctypes.byref(thread_id)):
raise faultx("CreateRemoteThread failed, unable to inject the DLL.")
# Return the threadid of the newly injected DLL
return True