PeInjector (version 1.2.1)		index
peinjector.py

This python tool injects shellcode in Windows Program Executable to
backdoor it with optional polymorphism.

 
Classes
       
builtins.ValueError(builtins.Exception)
ArchitectureError
ProgramExecutableError
builtins.object
NewValues
PeInjectorData
Section

 
class ArchitectureError(builtins.ValueError)
    PeInjector support only x86 and x64 Program Executable,
if the executable is not in theses architectures this
class should be used to raise an exception.
 
 
Method resolution order:
ArchitectureError
builtins.ValueError
builtins.Exception
builtins.BaseException
builtins.object
Data descriptors defined here:
__weakref__
list of weak references to the object (if defined)
Data and other attributes defined here:
__annotations__ = {'architecture': <class 'str'>}
architecture = None
Methods inherited from builtins.ValueError:
__init__(self, /, *args, **kwargs)
Initialize self.  See help(type(self)) for accurate signature.
Static methods inherited from builtins.ValueError:
__new__(*args, **kwargs) from builtins.type
Create and return a new object.  See help(type) for accurate signature.
Methods inherited from builtins.BaseException:
__delattr__(self, name, /)
Implement delattr(self, name).
__getattribute__(self, name, /)
Return getattr(self, name).
__reduce__(...)
Helper for pickle.
__repr__(self, /)
Return repr(self).
__setattr__(self, name, value, /)
Implement setattr(self, name, value).
__setstate__(...)
__str__(self, /)
Return str(self).
with_traceback(...)
Exception.with_traceback(tb) --
set self.__traceback__ to tb and return self.
Data descriptors inherited from builtins.BaseException:
__cause__
exception cause
__context__
exception context
__dict__
__suppress_context__
__traceback__
args

 
class NewValues(builtins.object)
    NewValues(image_size: int = 0, headers_size: int = 0, file_size: int = 0, section_offset: int = 0, entry_point: int = 0, first_section_offset: int = 0) -&gt; None
 
This class stores modified values
for the backdoored PE file.
 
  Methods defined here:
__eq__(self, other)
Return self==value.
__init__(self, image_size: int = 0, headers_size: int = 0, file_size: int = 0, section_offset: int = 0, entry_point: int = 0, first_section_offset: int = 0) -> None
Initialize self.  See help(type(self)) for accurate signature.
__repr__(self)
Return repr(self).
Data descriptors defined here:
__dict__
dictionary for instance variables (if defined)
__weakref__
list of weak references to the object (if defined)
Data and other attributes defined here:
__annotations__ = {'entry_point': <class 'int'>, 'file_size': <class 'int'>, 'first_section_offset': <class 'int'>, 'headers_size': <class 'int'>, 'image_size': <class 'int'>, 'section_offset': <class 'int'>}
__dataclass_fields__ = {'entry_point': Field(name='entry_point',type=<class 'int'>,defa...appingproxy({}),kw_only=False,_field_type=_FIELD), 'file_size': Field(name='file_size',type=<class 'int'>,defaul...appingproxy({}),kw_only=False,_field_type=_FIELD), 'first_section_offset': Field(name='first_section_offset',type=<class 'i...appingproxy({}),kw_only=False,_field_type=_FIELD), 'headers_size': Field(name='headers_size',type=<class 'int'>,def...appingproxy({}),kw_only=False,_field_type=_FIELD), 'image_size': Field(name='image_size',type=<class 'int'>,defau...appingproxy({}),kw_only=False,_field_type=_FIELD), 'section_offset': Field(name='section_offset',type=<class 'int'>,d...appingproxy({}),kw_only=False,_field_type=_FIELD)}
__dataclass_params__ = _DataclassParams(init=True,repr=True,eq=True,order=False,unsafe_hash=False,frozen=False)
__hash__ = None
__match_args__ = ('image_size', 'headers_size', 'file_size', 'section_offset', 'entry_point', 'first_section_offset')
entry_point = 0
file_size = 0
first_section_offset = 0
headers_size = 0
image_size = 0
section_offset = 0

 
class PeInjectorData(builtins.object)
    PeInjectorData(address_nt_headers: int = 0, machine_architecture: int = 0, sections_number: int = 0, optional_headers_size: int = 0, entry_point: int = 0, section_aligment: int = 0, file_aligment: int = 0, image_size: int = 0, headers_size: int = 0, image_base: int = 0, offset_new_section_headers: int = 0, address_end_new_section_headers: int = 0, first_section_offset: int = 0, sections: List[PeInjector.Section] = &lt;factory&gt;, new_values: PeInjector.NewValues = &lt;factory&gt;, shellcode: bytes = None) -&gt; None
 
This class stores all data used to
backdoor a Program Executable.
 
  Methods defined here:
__eq__(self, other)
Return self==value.
__init__(self, address_nt_headers: int = 0, machine_architecture: int = 0, sections_number: int = 0, optional_headers_size: int = 0, entry_point: int = 0, section_aligment: int = 0, file_aligment: int = 0, image_size: int = 0, headers_size: int = 0, image_base: int = 0, offset_new_section_headers: int = 0, address_end_new_section_headers: int = 0, first_section_offset: int = 0, sections: List[PeInjector.Section] = <factory>, new_values: PeInjector.NewValues = <factory>, shellcode: bytes = None) -> None
Initialize self.  See help(type(self)) for accurate signature.
__repr__(self)
Return repr(self).
Data descriptors defined here:
__dict__
dictionary for instance variables (if defined)
__weakref__
list of weak references to the object (if defined)
Data and other attributes defined here:
__annotations__ = {'address_end_new_section_headers': <class 'int'>, 'address_nt_headers': <class 'int'>, 'entry_point': <class 'int'>, 'file_aligment': <class 'int'>, 'first_section_offset': <class 'int'>, 'headers_size': <class 'int'>, 'image_base': <class 'int'>, 'image_size': <class 'int'>, 'machine_architecture': <class 'int'>, 'new_values': <class 'PeInjector.NewValues'>, ...}
__dataclass_fields__ = {'address_end_new_section_headers': Field(name='address_end_new_section_headers',typ...appingproxy({}),kw_only=False,_field_type=_FIELD), 'address_nt_headers': Field(name='address_nt_headers',type=<class 'int...appingproxy({}),kw_only=False,_field_type=_FIELD), 'entry_point': Field(name='entry_point',type=<class 'int'>,defa...appingproxy({}),kw_only=False,_field_type=_FIELD), 'file_aligment': Field(name='file_aligment',type=<class 'int'>,de...appingproxy({}),kw_only=False,_field_type=_FIELD), 'first_section_offset': Field(name='first_section_offset',type=<class 'i...appingproxy({}),kw_only=False,_field_type=_FIELD), 'headers_size': Field(name='headers_size',type=<class 'int'>,def...appingproxy({}),kw_only=False,_field_type=_FIELD), 'image_base': Field(name='image_base',type=<class 'int'>,defau...appingproxy({}),kw_only=False,_field_type=_FIELD), 'image_size': Field(name='image_size',type=<class 'int'>,defau...appingproxy({}),kw_only=False,_field_type=_FIELD), 'machine_architecture': Field(name='machine_architecture',type=<class 'i...appingproxy({}),kw_only=False,_field_type=_FIELD), 'new_values': Field(name='new_values',type=<class 'PeInjector....appingproxy({}),kw_only=False,_field_type=_FIELD), ...}
__dataclass_params__ = _DataclassParams(init=True,repr=True,eq=True,order=False,unsafe_hash=False,frozen=False)
__hash__ = None
__match_args__ = ('address_nt_headers', 'machine_architecture', 'sections_number', 'optional_headers_size', 'entry_point', 'section_aligment', 'file_aligment', 'image_size', 'headers_size', 'image_base', 'offset_new_section_headers', 'address_end_new_section_headers', 'first_section_offset', 'sections', 'new_values', 'shellcode')
address_end_new_section_headers = 0
address_nt_headers = 0
entry_point = 0
file_aligment = 0
first_section_offset = 0
headers_size = 0
image_base = 0
image_size = 0
machine_architecture = 0
offset_new_section_headers = 0
optional_headers_size = 0
section_aligment = 0
sections_number = 0
shellcode = None

 
class ProgramExecutableError(builtins.ValueError)
    PeInjector support only Windows Program Executable,
if the file is not in the good format this
class should be used to raise an exception.
 
 
Method resolution order:
ProgramExecutableError
builtins.ValueError
builtins.Exception
builtins.BaseException
builtins.object
Data descriptors defined here:
__weakref__
list of weak references to the object (if defined)
Methods inherited from builtins.ValueError:
__init__(self, /, *args, **kwargs)
Initialize self.  See help(type(self)) for accurate signature.
Static methods inherited from builtins.ValueError:
__new__(*args, **kwargs) from builtins.type
Create and return a new object.  See help(type) for accurate signature.
Methods inherited from builtins.BaseException:
__delattr__(self, name, /)
Implement delattr(self, name).
__getattribute__(self, name, /)
Return getattr(self, name).
__reduce__(...)
Helper for pickle.
__repr__(self, /)
Return repr(self).
__setattr__(self, name, value, /)
Implement setattr(self, name, value).
__setstate__(...)
__str__(self, /)
Return str(self).
with_traceback(...)
Exception.with_traceback(tb) --
set self.__traceback__ to tb and return self.
Data descriptors inherited from builtins.BaseException:
__cause__
exception cause
__context__
exception context
__dict__
__suppress_context__
__traceback__
args

 
class Section(builtins.object)
    Section(address_headers: int = 0, virtual_address: int = 0, virtual_size: int = 0, file_offset: int = 0, file_size: int = 0) -&gt; None
 
This class stores parsed sections values.
 
  Methods defined here:
__eq__(self, other)
Return self==value.
__init__(self, address_headers: int = 0, virtual_address: int = 0, virtual_size: int = 0, file_offset: int = 0, file_size: int = 0) -> None
Initialize self.  See help(type(self)) for accurate signature.
__repr__(self)
Return repr(self).
Data descriptors defined here:
__dict__
dictionary for instance variables (if defined)
__weakref__
list of weak references to the object (if defined)
Data and other attributes defined here:
__annotations__ = {'address_headers': <class 'int'>, 'file_offset': <class 'int'>, 'file_size': <class 'int'>, 'virtual_address': <class 'int'>, 'virtual_size': <class 'int'>}
__dataclass_fields__ = {'address_headers': Field(name='address_headers',type=<class 'int'>,...appingproxy({}),kw_only=False,_field_type=_FIELD), 'file_offset': Field(name='file_offset',type=<class 'int'>,defa...appingproxy({}),kw_only=False,_field_type=_FIELD), 'file_size': Field(name='file_size',type=<class 'int'>,defaul...appingproxy({}),kw_only=False,_field_type=_FIELD), 'virtual_address': Field(name='virtual_address',type=<class 'int'>,...appingproxy({}),kw_only=False,_field_type=_FIELD), 'virtual_size': Field(name='virtual_size',type=<class 'int'>,def...appingproxy({}),kw_only=False,_field_type=_FIELD)}
__dataclass_params__ = _DataclassParams(init=True,repr=True,eq=True,order=False,unsafe_hash=False,frozen=False)
__hash__ = None
__match_args__ = ('address_headers', 'virtual_address', 'virtual_size', 'file_offset', 'file_size')
address_headers = 0
file_offset = 0
file_size = 0
virtual_address = 0
virtual_size = 0

 
Functions
       
arg_parse() -> Tuple[str, str, bool]
This function parse the command line arguments and returns:
    1. Executable path
    2. Hexadecimal shellcode
    3. Use polymorphism
    4. Use default shellcode to run a command
build_injected_shellcode(injector_data: PeInjector.PeInjectorData, polymorphism: bool, command: bool) -> bytes
This function generates the injected shellcode.
 
final shellcode: (
    (prefix (crypter) if polymorphism)
    + shellcode
    + suffix (jmp OEP)
)
calcul_entrypoint(injector_data: PeInjector.PeInjectorData) -> int
This function calcul entry point (original entry point and new entrypoint).
check_new_section_injection(injector_data: PeInjector.PeInjectorData, memory_file_mapping: memoryview) -> memoryview
This function checks if new headers can be write,
modify sections position instead.
exit(status=None, /)
Exit the interpreter by raising SystemExit(status).
 
If the status is omitted or None, it defaults to zero (i.e., success).
If the status is an integer, it will be used as the system exit status.
If it is another kind of object, it will be printed and the system
exit status will be one (i.e., failure).
generate_command_shellcode_x64(command: str) -> bytes
This function generates a x64 shellcode to start a command in a new thread.
generate_command_shellcode_x86(command: str) -> bytes
This function generates a x64 shellcode to start a command in a new thread.
generate_new_section_headers(injector_data: PeInjector.PeInjectorData, file_new_section_size: int, polymorphism: bool) -> bytes
This function generates the new sections headers.
generate_shellcode_suffix(injector_data: PeInjector.PeInjectorData, key: bytes, polymorphism: bool) -> bytes
This function generates the shellcode suffix
(jump on the original entry point).
get_new_section_headers(injector_data: PeInjector.PeInjectorData, memory_file_mapping: memoryview, polymorphism: bool) -> Tuple[bytes, int]
This function inject the section headers.
 
This function returns the end address of the last section.
get_new_section_offset(injector_data: PeInjector.PeInjectorData) -> Tuple[int, int]
This function calculs new section offset.
inject(target_executable: _io._BufferedIOBase, backdoored_executable: _io._BufferedIOBase, shellcode: bytes, polymorphism: bool = False, command: bool = False) -> bytes
This function injects the shellcode into the backdoored executable.
main() -> int
This function starts the program from the command line.
parse_nt_headers(injector_data: PeInjector.PeInjectorData, memory_file_mapping: memoryview) -> memoryview
This function parses the NT headers.
 
This class raise ProgramExecutableError exception
if the file don't contains valid DOS and NT magic headers.
parse_optional_headers(injector_data: PeInjector.PeInjectorData, nt_headers: memoryview) -> memoryview
This function parses the optional headers.
parse_pe_file(executable: _io._BufferedIOBase) -> Tuple[memoryview, PeInjector.PeInjectorData]
This function parses the PE file.
parse_sections_headers(injector_data: PeInjector.PeInjectorData, optional_headers: memoryview) -> memoryview
This function parses the sections headers.
rewrite_pe_headers(injector_data: PeInjector.PeInjectorData, memory_file_mapping: memoryview) -> memoryview
This function writes new value for PE headers.
rewrite_sections_position(injector_data: PeInjector.PeInjectorData, section_headers: memoryview) -> None
This function writes new section offsets.
write_new_pe_file(injector_data: PeInjector.PeInjectorData, memory_file_mapping: memoryview, executable: _io._BufferedIOBase, new_section_headers: bytes, last_section_end_address: int) -> bytes
This function writes the final shellcode in the new section.

 
Data
        List = typing.List
Tuple = typing.Tuple
__author_email__ = 'mauricelambert434@gmail.com'
__copyright__ = '\nPeInjector Copyright (C) 2024 Maurice Lambert...ome to redistribute it\nunder certain conditions.\n'
__description__ = '\nThis python tool injects shellcode in Windows P...table to\nbackdoor it with optional polymorphism.\n'
__license__ = 'GPL-3.0 License'
__maintainer__ = 'Maurice Lambert'
__maintainer_email__ = 'mauricelambert434@gmail.com'
__url__ = 'https://github.com/mauricelambert/PeInjector'
copyright = '\nPeInjector Copyright (C) 2024 Maurice Lambert...ome to redistribute it\nunder certain conditions.\n'
executable = r'C:\Program Files\Python310\python.exe'
license = 'GPL-3.0 License'
machine_types = {332: 'x86', 448: 'ARM', 512: 'IA64', 34404: 'x64', 43620: 'ARM64'}
stderr = <_io.TextIOWrapper name='<stderr>' mode='w' encoding='utf-8'>

 
Author
        Maurice Lambert