Small PyDBG Enhancements Incoming
 Justin Seitz (jms) <jms bughunter ca> |
Thursday, August 16 2007 11:31.41 CDT |
Just waiting for Pedram to update SVN, but I thought I would post quickly. Some additions to PyDBG:
1) pydbg.pid_to_port(pid)
This function returns a list of tuples with the protocol, bound address and port number that a given process owns. So the following (originally from Pedram) for the [System] process:
import pydbg
dbg = pydbg.pydbg()
for proto, addr, port in dbg.pid_to_port(4):
print proto, addr, port
OUTPUT:
TCP 0.0.0.0 445
TCP 192.168.216.1 139
TCP 192.168.202.1 139
TCP 10.77.0.6 139
TCP 192.168.7.98 139
UDP 0.0.0.0 445
Then its trivial to enumerate all processes and retrieve each process's listening ports.
2) utils.hooking.inject()
This is a migration of my PyFault code to allow for dll injection and ejection. Again pretty straightforward:
import utils
import time
injector = utils.hooking.inject()
injector.inject_dll("C:\\testdll.dll",pid)
time.sleep(10)
injector.eject_dll("testdll.dll",pid)
So nothing earth shattering but some quick and dirty utility functions. Now I will get on Pedram's case about committing the changes :)
Comments
 jms |
Posted: Thursday, August 16 2007 18:55.52 CDT |
| Its up on http://paimei.openrce.org/ now. | |