Releases: Petitoto/pyjectify
Releases · Petitoto/pyjectify
Pyjectify v0.7
New features
Inject
- Memory loader: added
call_entry_point
parameter to allow loading a module from memory without calling its entry point
Bug fix
Core
- PE: fix
change_base()
(fix relocations parsing and update ImageBase in NT headers)
Others
- Prevent empty memory allocations in injet & pythonlib modules
PyJectify v0.6
New features
Core
- Process: added
run_funcs()
to run multiple functions in the same thread (removedstart_join_thread_x64()
)
Bug fix
PythonLib
- Fix PythonLib for Python >= 3.12
PyJectify v0.5
New features
Core
- Process: added
start_join_thread_x64()
to get the 64-bits return value of a remote thread
Bug fix
PythonLib
- Fix PythonLib module for Python 3.6-3.9 (still does not work with Python >= 3.12)
Improvements
Core
- Process:
join_thread()
now returns integer instead of ctypes.c_ulong
PyJectify v0.4
Bug fix
Syscall
- Fix x86 direct syscalls
Improvements
- Remove ctypes wintypes in core
- ApiSetSchema: use VirtualSize instead of SizeOfRawData
PyJectify v0.3
Improvements
Core
- move injectorx86, injectorwow64, windowsx86 from
pyjectify.windows.core.process
topyjectify.windows
(named respectively x86, wow64, windowsx86)
PE
- PE are automatically mapped to memory at initialization
- PyJectify automatically detects if a PE is from raw file or if it's already mapped (removed the
mapped
parameter) - PyJectify automatically parse imports and exports at initialization, unless we specify to PyJectify that we try to parse only PE headers (removed
parse_imports()
andparse_exports()
public method & addedheaders_only
parameter) - sections now use VirtualSize instead of SizeOfRawData
Inject
- improved injection without headers (do not copy them instead of filling the memory range with null bytes)
- allow to use a random address instead of the base address for memory loader, using the new
prefer_base_addr
parameter
PyJectify v0.2
Improvements
Process
- ntdll attribute can be updated dynamically to modify how basic calls are made (kernel32 calls, ntapi calls, direct Syscalls)
Syscall
- added get_common to retrieve common syscalls used by the core
- process attribute of the Syscall utils (which is pyjectify's process) is not public anymore
Fixes
Defines
- Hardcode
ctypes.wintypes
data types
PythonLib
- Fix GIL issues : fix python hooks deadlocks
Doc
- Update README and doc
Known issues
PythonLib
- PythonLib does not work anymore with Python 3.6 - 3.9 (Python 3.12 still unsupported). Issue is investigated to be fixed in upcoming releases
PyJectify v0.1
Initial release (v0.1)
PyJectify v0.1 features:
Windows
PyJectify supports Windows (x86 & x64)
Core
- Allocate / Free / Read / Write memory
- Create threads
- List loaded modules
- PE parser
- Use kernel32 or ntdll functions
Modules
- MemScan: scan memory using regex patterns
- Inject: load library, from disk (remote LoadLibrary) or from memory (fully map the DLL into the remote process)
- Hook: set up inline hooks in the target process
- PythonLib: embed python into a remote process
Utils
- Syscall: Parse syscall codes from ntdll.dll (from the loaded library or from the disk), and produce a ntdll-like object which can be used by the Inject module to use direct syscalls
- ApiSetSchema: parse Windows ApiSet