I've seen a few sites talking about injecting DLL's (such as http://www.codeproject.com/KB/DLL/DLL_Injection_tutorial.aspx), but I'm struggling with how to get an EXE to work. any help/tips would be appreciated.
The best way I know how to explain it is "RunPE" where you execute an exe in the memory. Does that help at all?
If you're asking how to inject code into a running Python process, what you want is https://fedorahosted.org/pyrasite/ .
You can use the Reflective DLL Injector as described here. Metasploit project uses it to load its meterpreter plug-ins. AFAIK this is the only way to inject a DLL, as MS officially does not support "injecting" from memory, only loading from file system.
On a low level, nothing forbids you from allocating a memory region, loading code there, marking it executable.
Note, that none of these techniques are Python specific or even Python related - it is a win32 problem.
What you're talking about is re-implementing UPX in python with more stuff. Things you would need to do in order to do this: Change all VirtualAlloc calls to be VirtualAllocEx calls. Change all Loadlibrary calls to be loadlibraryEX calls. Implement the relocation fix-ups.
A better approach would probably be tweaking UPX to output a DLL instead of an executable. Then using some python DLL injection code to throw that into another process. You're going to be working with CTypes a lot if you want to do this. Fair warning...
I would recommend this book http://www.amazon.com/Gray-Hat-Python-Programming-Engineers/dp/1593271921 - especially the chapters on writing your own debugger, but it covers the metasploit and other tools as described above.
来源:https://stackoverflow.com/questions/6246961/can-you-inject-code-an-exe-into-a-process-with-python