dll injection - Strange results while trying to inject a dll into a process via windll.kernel32.CreateRemoteThread() of python mode ctypes -


i trying following task: 1. inject dll process; 2. use windll.kernel32.createremotethread() within mode of ctypes of python;

and encouting following results: 1. new thread created success; 2. can not grap thread via windbg; 3. call stack (grapped via processexploer) strange:

   ntkrnlpa.exe!kiunexpectedinterrupt+0x8d    ntkrnlpa.exe!psdereferenceprimarytoken+0x362    ntkrnlpa.exe!kideliverapc+0xb3    ntkrnlpa.exe!zwyieldexecution+0x19a4    ntkrnlpa.exe!lsaderegisterlogonprocess+0x29b56    ntkrnlpa.exe!lsaderegisterlogonprocess+0x2ac2b    ntkrnlpa.exe!lsaderegisterlogonprocess+0x2b20b    ntkrnlpa.exe!psremovecreatethreadnotifyroutine+0x11d    ntkrnlpa.exe!kidispatchinterrupt+0x5a2    kernel32.dll!createthread+0x22

the code "gray hat python", , it's this:

import sys ctypes import *  page_readwrite     =     0x04 process_all_access =     ( 0x000f0000 | 0x00100000 | 0xfff ) virtual_mem        =     ( 0x1000 | 0x2000 )  kernel32 = windll.kernel32 pid      = sys.argv[1] dll_path = sys.argv[2] dll_len  = len(dll_path)  # handle process injecting into. h_process = kernel32.openprocess( process_all_access, false, int(pid) )  if not h_process:      print "[*] couldn't acquire handle pid: %s" % pid     sys.exit(0)   # allocate space dll path arg_address = kernel32.virtualallocex( h_process, 0, dll_len, virtual_mem, page_readwrite)  # write dll path allocated space written = c_int(0) kernel32.writeprocessmemory(h_process, arg_address, dll_path, dll_len, byref(written))  # need resolve address loadlibrarya h_kernel32 = kernel32.getmodulehandlea("kernel32.dll") h_loadlib  = kernel32.getprocaddress(h_kernel32,"loadlibrarya")  # try create remote thread, entry point set # loadlibrarya , pointer dll path it's single parameter thread_id = c_ulong(0)  if not kernel32.createremotethread(h_process,none,0,h_loadlib,arg_address,0,byref(thread_id)):      print "[*] failed inject dll. exiting."     sys.exit(0)   print "[*] remote thread created thread id of: 0x%08x" % thread_id.value print "[*] vnc connection open , ready action...."


Comments

Post a Comment

Popular posts from this blog

linux - xterm copying to CLIPBOARD using copy-selection causes automatic updating of CLIPBOARD upon mouse selection -

i've tried various ways coerce xterm (versions 285 , 292) copy selection clipboard clipboard whenever press ctrl-shift-c. promising way far has been, in ~/.xresources, put this: xterm*vt100.translations: #override \ ctrl shift <keypress> c: copy-selection(clipboard) \n\ ctrl shift <keypress> v: insert-selection(clipboard) ctrl-shift-v works perfectly, copying has nuance... if restart xterm, highlighting text puts things in primary clipboard; expected, proper, default behavior. if hit ctrl-shift-c, copies current selection clipboard clipboard. the bug, however, if highlight text after first time pressed ctrl-shift-c, you'll see highlighting copies both primary and clipboard. cannot figure out how stop xterm updating clipboard upon selection... , doesn't make sense me in first place. i said, @ specific point in time, copy selection clipboard... yet starts updating automatically upon selection after doing once... anyone have workaround...
Read more

c++ - qgraphicsview horizontal scrolling always has a vertical delta -

Image
i've subclassed qgraphicsview custom canvas used in cad application. i've reimplemented qgraphicsview::wheelevent check keyboard modifiers control key and, if control key pressed, zoom. i'm trying implement horizontal scroll when user holds shift , uses wheel. the problem i'm having horizontal scrolling always scrolls 0.279. not huge problem, hugely annoying , points else being wrong. so, here questions: is right way implement horizontal scrolling? if not, is? how eliminate delta of 0.279? thanks in advance. code , sample output below void myview::zoom(int delta) { double factor = pow(1.2, delta/abs(delta)); this->scale(factor, factor); } void myview::scrollhorizontal(int level) { qpointf center = maptoscene(viewport()->rect().center()); qdebug() << "center: " << center.x() << ", " << center.y(); centeron(qpointf(center.x() - level, center.y())); } void myview::wheelevent(qwheeleve...
Read more