Skip to content

import pyd or execute PE all from memory using only pure python code and some shellcode tricks

License

Notifications You must be signed in to change notification settings

n1nj4sec/pymemimporter

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
 
 
 
 
 
 
 
 
 
 

Repository files navigation

pymemimporter

pymemimporter is a funny PoC that allows you to import any .pyd from memory with only pure python code (no .pyd) !

It basically executes a shellcode with ctypes to add _memimporter (from py2exe project) as a builtin python module :D

based on Joachim Bauch's MemoryModule (https://github.com/fancycode/MemoryModule) and Didier Stevens' ShellCodeMemoryModule (https://blog.didierstevens.com/programs/shellcode/)

Only implemented for python 32bit on Windows

usage:

C:\Users\me\Desktop>python.exe
Python 2.7.11 (v2.7.11:6d1b6a68f775, Dec  5 2015, 20:32:19) [MSC v.1500 32 bit (Intel)] on win32
Type "help", "copyright", "credits" or "license" for more information.
>>> import pymemimporter
>>> import _memimporter
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  ImportError: No module named _memimporter
>>> pymemimporter.init()
>>> import _memimporter
>>> _memimporter
<module '_memimporter' (built-in)>
>>>

examples

running example/mimikatz32.py will load from memory a mimikatz interactive shell using only .py files as dependencies

About

import pyd or execute PE all from memory using only pure python code and some shellcode tricks

Topics

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages