|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Dailydave] Request of the day
From: Pedram Amini (pedram
redhive.com)
Date: Mon Apr 24 2006 - 20:25:16 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 4/21/2006 2:10 AM Dave Aitel wrote:
> I want to breakpoint on WSARecv() then hit control-f9 to continue
> until done, and then say returned buffer is now "my string" and I want
> to know all references to it and if anyone uses it in strdup() or
> wsprintf() or similar I want to mark the return values from those as
> well and follow them and just comment up the whole program
> automagically and let me know every instruction that relates to my
> string as you step_instruction() through it. Then later I want to know
> all functions that touched my string. Later on we'll work on
> structures and classes and internal members for the same thing. :>
That's funny. Earlier this year I found myself wanting exactly the same
capabilities. One could write a debugger plug-in to accomplish this task
and maybe even hack something up with IDA / IDC ... but I wanted
something cleaner, so I implemented a Win32 debugger in Python (aptly
named PyDbg). It's fairly complete with support for software, hardware
and memory breakpoints, process snapshotting / restoring (ghetto and
breaks a lot), SEH / stack unwinding, transparent remote debugging ...
Expanding even further I wrote a graph based abstraction layer over IDA
and a number of helper utilities such as a connector to uDraw (I
mentioned this earlier on DD). In the end it's become some what of an RE
tool framework, the hope of which is to bring to the RE tool developer
what Metasploit brings to exploit developers. There is even a sexy
pluggable GUI ;-)
The framework was given the silly name PaiMei (from Kill Bill 2) and
will be (mostly) released at RECON this year. I know this will be the
second time I've teased this nonsense on DD but I couldn't help it as
what you describe Dave has already been prototyped on top of this
framework in less then 250 lines of Python. June 19th isn't too terribly
far away, but so you at least know that I'm not completely full of shit,
here are the Epydoc generated docs for the PyDbg componenet of PaiMei:
http://pedram.redhive.com/PyDbg/
-pedram
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]