I attached a small DLL at runtime which just called pyeval with a little bootstrap REPL running over a socket. Then I'd connect to it and use pythons introspection abilities to poke around the internal services and their methods. It took some tinkering, but I have no reversing or hacking experience, so it wasn't that hard.
