-1

When running this in IDLE "run module" I am getting the error below. I have tried a lot of different things, but nothing seems to work! I'm new to Python and could use some guidance.

print ("[+] usage: ./dll_injector.py <PID> <DLLPATH>")
print ("\n")

from ctypes import *
import sys,ctypes
import time
# Define constants we use
PAGE_RW_PRIV = 0x04
PROCESS_ALL_ACCESS = 0x1F0FFF
VIRTUAL_MEM = 0x3000

#CTYPES handler
kernel32 = windll.kernel32

def dll_inject(PID,DLL_PATH):
print ("[+] Starting DLL Injector")
LEN_DLL = len(DLL_PATH)# get the length of the DLL PATH 
print ("\t[+] Getting process handle for PID:%d ") % PID 
hProcess = kernel32.OpenProcess(PROCESS_ALL_ACCESS,False,PID)
 
if hProcess == None:
    print ("\t[+] Unable to get process handle")
    sys.exit(0)
print ("\t[+] Allocating space for DLL PATH")
DLL_PATH_ADDR = kernel32.VirtualAllocEx(hProcess, 
                                        0,
                                        LEN_DLL,
                                        VIRTUAL_MEM,
                                        PAGE_RW_PRIV)
bool_Written = c_int(0)
print ("\t[+] Writing DLL PATH to current process space")
kernel32.WriteProcessMemory(hProcess,
                            DLL_PATH_ADDR,
                            DLL_PATH,
                            LEN_DLL,
                            byref(bool_Written))
print ("\t[+] Resolving Call Specific functions & libraries")
kernel32DllHandler_addr = kernel32.GetModuleHandleA("kernel32")
print ("\t\t[+] Resolved kernel32 library at 0x%08x") % kernel32DllHandler_addr
LoadLibraryA_func_addr = kernel32.GetProcAddress(kernel32DllHandler_addr,"LoadLibraryA")
print ("\t\t[+] Resolve LoadLibraryA function at 0x%08x") %LoadLibraryA_func_addr
 
thread_id = c_ulong(0) # for our thread id
print ("\t[+] Creating Remote Thread to load our DLL")
if not kernel32.CreateRemoteThread(hProcess,
                            None,
                            0,
                            LoadLibraryA_func_addr,
                            DLL_PATH_ADDR,
                            0,
                            byref(thread_id)):
    print ("Injection Failed, exiting")
    sys.exit(0)
else:
    print ("Remote Thread 0x%08x created, DLL code injected") % thread_id.value
PID = int(sys.argv[1])
DLL_PATH = str(sys.argv[2])
dll_inject(PID, DLL_PATH)
time.sleep(5)
import subprocess

filepath=os.path.dirname(os.path.realpath(pid.cmd))
p = subprocess.Popen(filepath, shell=True, stdout = subprocess.PIPE)

stdout, stderr = p.communicate()
print p.returncode # is 0 if success

The error returned is below.

Traceback (most recent call last):
File "dll.py", line 58, in
PID = int(sys.argv[1])
IndexError: list index out of range`

Ckacmaster
  • 366
  • 1
  • 10

1 Answers1

1

This module needs some command-line arguments to be passed to it, specifically the PID as the first argument and the path to your DLL as the second argument. That's why sys.argv[1] is causing an error; sys.argv stores program arguments but it hasn't been passed any, so the array only has 1 element (the script name).

Instead, open a command prompt, enter this (replacing <PID> and <DLLPATH> with the desired values) and press Enter:

"C:\Users\The Man\Desktop\dll.py" <PID> <DLLPATH>

This will give the script the arguments it needs.

Aaron Christiansen
  • 11,584
  • 5
  • 52
  • 78