There is an ongoing issue with injecting python dll into process.
In fact the issue was with inject_dll that can t hold a 64 bit address as a return value of CreateRemoteThread
Changes
Use GetModuleHandleW to retrieve the address of injected dll
Some stashed documentation
Testing
I personally used this snippet to test the code (it will create a text file within the folder where you run it)
from pymem import Pymem
import os
import subprocess
import ctypes
notepad = subprocess.Popen(['notepad.exe'])
print(notepad.pid)
if not notepad:
raise RuntimeError('notepad not launched')
pm = Pymem('notepad.exe')
pm.inject_python_interpreter()
filepath = os.path.join(os.path.dirname(os.path.abspath(__file__)), 'pymem_injection.txt')
filepath = filepath.replace("\\", "\\\\")
shellcode = """
f = open("{}", "w+")
f.write("pymem_injection")
f.close()
""".format(filepath)
print(filepath)
ctypes.windll.kernel32.SetLastError(0)
pm.inject_python_shellcode(shellcode)
notepad.kill()
Why?
There is an ongoing issue with injecting python dll into process. In fact the issue was with inject_dll that can t hold a 64 bit address as a return value of CreateRemoteThread
Changes
Testing
I personally used this snippet to test the code (it will create a text file within the folder where you run it)