MCPcopy Index your code
hub / github.com/ELMERIKH/PyinMemoryPE / inject_python_command

Function inject_python_command

windows/injection.py:305–323  ·  view source on GitHub ↗

Postulate: PYDLL is already loaded in target process

(target, code_injected, PYDLL)

Source from the content-addressed store, hash-verified

303
304
305def inject_python_command(target, code_injected, PYDLL):
306 """Postulate: PYDLL is already loaded in target process"""
307 PYCODE = code_injected + "\x00"
308 # TODO: free this (how ? when ?)
309 remote_python_code_addr = target.virtual_alloc(len(PYCODE))
310 target.write_memory(remote_python_code_addr, PYCODE)
311 shellcode_addr = getattr(target, "_execute_python_shellcode", None)
312 if shellcode_addr is not None:
313 return shellcode_addr, remote_python_code_addr
314 if target.bitness == 32:
315 shellcode_generator = generate_python_exec_shellcode_32
316 else:
317 shellcode_generator = generate_python_exec_shellcode_64
318
319 shellcode = shellcode_generator(target, PYDLL)
320 shellcode_addr = target.virtual_alloc(len(shellcode))
321 target.write_memory(shellcode_addr, shellcode)
322 target._execute_python_shellcode = shellcode_addr
323 return shellcode_addr, remote_python_code_addr
324
325def get_dll_name_from_python_version():
326 version = sys.version_info

Callers 1

execute_python_codeFunction · 0.85

Calls 2

virtual_allocMethod · 0.45
write_memoryMethod · 0.45

Tested by

no test coverage detected