[Python-RLS]Injector source

Viel gibts dazu nicht zu sagen, vielleicht kann es einer brauchen =)
Es gibt alle Pids der Prozesse aus die gerade laufen, danach gibt man PID + DLL ein und diese wird injected das ist eigentlich schon alles ^^
Wenn es Fragen gibt, einfach drauflos schreiben.
PHP Code:

			
'''
Created on 24.05.2013

@author: Patrick Walther
'''
import sys
from ctypes import *

PAGE_READWRITE      = 0x04
VIRTUAL_MEM         = (0x1000 | 0x2000)
PROCESS_ALL_ACCESS  = 0x1F0FFF

kernel32    = windll.kernel32
psapi       = windll.psapi

def EnumProcesses():
    arr = c_ulong * 256
    lpidProcess= arr()
    cb = sizeof(lpidProcess)
    cbNeeded = c_ulong()
    hModule = c_ulong()
    count = c_ulong()
    modname = c_buffer(30)
    PROCESS_QUERY_INFORMATION = 0x0400
    PROCESS_VM_READ = 0x0010
    
    #Call Enumprocesses to get hold of process id's
    psapi.EnumProcesses(byref(lpidProcess),
                        cb,
                        byref(cbNeeded))
    
    #Number of processes returned
    nReturned = cbNeeded.value/sizeof(c_ulong())
    
    pidProcess = [i for i in lpidProcess][:nReturned]
    
    for pid in pidProcess:
        
        #Get handle to the process based on PID
        hProcess = kernel32.OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ,
                                      False,
                                      pid)
        if hProcess:
            psapi.EnumProcessModules(hProcess,
                                    byref(hModule),
                                    sizeof(hModule),
                                    byref(count))
                                    
            psapi.GetModuleBaseNameA(hProcess,
                                    hModule.value,
                                    modname,
                                    sizeof(modname))
                                    
            print "".join([ i for i in modname if i != '\x00'])
            print " PID: %d" % pid
            
            #-- Clean up
            for i in range(modname._length_):
                modname[i]='\x00'
            
            kernel32.CloseHandle(hProcess)

EnumProcesses()

pid         = raw_input("Enter the pid of the process to inject to: ")
dll_path    = raw_input("Enter the path to the dll: ")

dll_len     = len(dll_path)

# Get process handle
h_process = kernel32.OpenProcess(PROCESS_ALL_ACCESS, False, int(pid))

if not h_process:
    print"[*] Couldn't acquire a handle to PID: %s" % pid
    sys.exit(0)
    
# Get some storage for the dll-path
arg_address = kernel32.VirtualAllocEx(h_process, 0, dll_len, VIRTUAL_MEM, PAGE_READWRITE)

# Write dll in the allocated storage
written = c_int(0)
kernel32.WriteProcessMemory(h_process,arg_address, dll_path, dll_len, byref(written))


h_kernel32  = kernel32.GetModulHandleA("kernel32.dll")
h_loadlib   = kernel32.GetProcAddress(h_kernel32,"LoadLibraryA")

#try to create remote thread

thread_id = c_ulong(0)

if not kernel32.CreateRemoteThread(h_process,
                                   None,
                                   0,
                                   h_loadlib,
                                   arg_address,
                                   0,
                                   byref(thread_id)):
    print "[*] Failed to inject the DLL. Exiting."
    sys.exit(0)
    
print "[*] Remote thread with ID 0x%08x created." % thread_id.value