DLL injection using Ctype in python

FOX · October 21, 2018, 4:13pm

hello everyone
I’m trying do do dll injection using ctype in python , but the return value of this line of code is zero ctypes.windll.kenrel32.GetProcAddress(k32handle , "LoadLibraryA")

here is the code before I open process to inject :

import ctypes
kernel32 = ctypes.windll.kernel32
h_k32 = kernel32.GetModuleHandleA(“kernel32.dll”)
print "h_k32 = " + h_k32

lp_func = kernel32.GetProcAddress(h_k32 , “LoadLibraryA”)

print "lp_func = " + lp_func

the output is:

h_k32 = -780730368
lp_func = 0

can someone tell me what I’m doing wrong ?
NOTE: I just did try the code above on other machine with same python version and worked,but still not working on my current machine !!

thank you

sir1ous · October 21, 2018, 10:19pm

I think you need to declare proper restype and argtypes for GetModuleHandle and GetProcAddress.
Anyway this answer worked for me: https://stackoverflow.com/questions/33779657/python-getmodulehandlew-oserror-winerror-126-the-specified-module-could-not-b/33780664#33780664

TLDR:

kernel32 = ctypes.WinDLL('kernel32', use_last_error=True)   
kernel32.GetProcAddress.restype = ctypes.c_void_p
kernel32.GetProcAddress.argtypes = (wintypes.HMODULE, wintypes.LPCSTR)

LoadLibAddy = kernel32.GetProcAddress(kernel32._handle, b'LoadLibraryA')
if not LoadLibAddy:
    raise ctypes.WinError(ctypes.get_last_error())

FOX · October 21, 2018, 11:06pm

Is this normal ?

sir1ous · October 21, 2018, 11:47pm

Yup, this should be an address of the LoadLibraryA function.

dtm · October 21, 2018, 11:47pm

You should print them out in hex because it’d make more sense/readable. No one prints addresses in decimal.

FOX · October 22, 2018, 12:52am

I appreciate your help, thank you

system · October 25, 2018, 12:52am

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.