PyDbg Hacks
 Pedram Amini (pedram) <pedram amini gmailcom> |
Thursday, August 23 2007 00:56.17 CDT |
Just added some PyDbg based hacks to the public repository (should show up within an hour max of this post). Here is a description of what was added:
just_in_time_debugger.py
PyDbg implementation of a script that can be set as the Just-In-Time debugger. Logs the crash context to disk. I'll be blogging about / giving out a standalone executable based on this script for those of you who want to e-mail all your crash dumps to ... me ;-)
stack_integrity_monitor.py
Automatically locate the source of a stack overflow. This has already been released, just hasn't been previously part of the repo. For more info see the related blog entry.
pydbgc.py
Cody's PyDbg command line interface library. This is pretty cool, you can import it to drop a user into an interactive PyDbg shell at any point during execution. Gives you WinDbg-esque commands. One of the cooler features of this hack is that it allows you to step backwards, really.
push_pop_unpacker.py
This is a quick and dirty PyDbg implementation of a known generic technique for stopping an unpacker at OEP. This script was written during Ero and I's 2007 Reverse Engineering class at BlackHat. It took like 20 minutes to write, gotta love PyDbg.
null_selector_mem_monitor_poc.py
Pydbg implementation of skape's null selector mem-monitor technique. Read more about it on Uninformed Journal
Get all the new goodies at http://paimei.openrce.org.
Comments
 jms |
Posted: Thursday, August 23 2007 10:08.06 CDT |
| Righteous, thanks dude. | |
 adityaks |
Posted: Thursday, August 23 2007 21:54.47 CDT |
| Perfectly Tuned. Good Shot. | |