Injecting a python interpreter into any process
Pymem allow you to inject python.dll into a target process and then map py_run_simple_string
with a single call to inject_python_interpreter()
.
from pymem import Pymem
import os
import subprocess
notepad = subprocess.Popen(['notepad.exe'])
pm = Pymem('notepad.exe')
pm.inject_python_interpreter()
filepath = os.path.join(os.path.abspath('.'), 'pymem_injection.txt')
filepath = filepath.replace("\\", "\\\\")
shellcode = """
f = open("{}", "w+")
f.write("pymem_injection")
f.close()
""".format(filepath)
pm.inject_python_shellcode(shellcode)
notepad.kill()
So what did that code do?
we start notepad process and get its handle
we hook pymem with notepad process
we call
inject_python_interpreter()
which will:
dynamically finds the correct python dll and inject it
register py_run_simple_string
then we inject some python code with
inject_python_shellcode()
which will:
VirtualAllocEx some space for the code to be written
write the actual payload into allocated space
execute py_run_simple_string so the python code gets interpreted within the notepad process
finally we get rid of notepad process