def run(self):
if self.timeout != 0:
self.timer = Timer(self.timeout, self.timeout_func)
self.timer.start()
self.do_stop = False
self.id = pykd.startProcess(self.program, debugChildren=True)
if self.handler is None:
self.handler = ExceptionHandler()
while not self.handler.exception_occurred and not self.do_stop:
try:
pykd.go()
except:
break
if self.do_stop:
try:
pykd.dbgCommand(".kill")
except:
log("Exception killing target: %s" % str(sys.exc_info()[1]))
return None
if self.timer is not None:
self.timer.cancel()
ret = None
if self.handler.exception_occurred:
tmp = pykd.dbgCommand("k 1")
if tmp.find("Wow64NotifyDebugger") > -1:
pykd.dbgCommand(".effmach x86")
stack_trace = pykd.dbgCommand("k")
registers = pykd.dbgCommand("r")
exploitable = None
msec_path = None
if self.exploitable_path is None:
if self.mode == 32:
msec_path = os.path.join(self.windbg_path, r"Debuggers\x86\winext")
elif self.mode == 64:
msec_path = os.path.join(self.windbg_path, r"Debuggers\x64\winext")
elif self.mode == "arm":
msec_path = os.path.join(self.windbg_path, r"Debuggers\arm\winext")
else:
raise Exception("Unknown mode %s, known ones are 32, 64 or 'arm'." % self.mode)
else:
msec_path = self.exploitable_path
if msec_path is not None:
full_msec_path = os.path.join(msec_path, r"msec.dll")
if os.path.exists(full_msec_path):
try:
msec_handle = pykd.loadExt(full_msec_path)
commandOutput = pykd.callExt(msec_handle, "exploitable", "")
exploitable = commandOutput
except:
log("Error loading extension: " + str(sys.exc_info()[1]))
try:
if self.minidump_path is not None:
pykd.dbgCommand(r".dump /m /u %s\\" % self.minidump_path)
log("*** Minidump written at %s" % self.minidump_path)
except:
log("!!! Error saving minidump:" + str(sys.exc_info()[1]))
ret = self.create_crash_data(registers, stack_trace, exploitable)
print pykd.dbgCommand("k 10")
print pykd.dbgCommand("r")
print exploitable
crash_data_buf = self.crash_data.dump_json()
ret = self.crash_data.dump_dict()
print
print "Yep, we got a crash! \o/"
print
return ret
def run(self):
if self.timeout != 0:
self.timer = Timer(self.timeout, self.timeout_func)
self.timer.start()
self.do_stop = False
self.id = pykd.startProcess(self.program, debugChildren=True)
if self.handler is None:
self.handler = ExceptionHandler()
while not self.handler.exception_occurred and not self.do_stop:
try:
pykd.go()
except:
break
if self.do_stop:
try:
pykd.dbgCommand(".kill")
except:
log("Exception killing target: %s" % str(sys.exc_info()[1]))
return None
if self.timer is not None:
self.timer.cancel()
ret = None
if self.handler.exception_occurred:
tmp = pykd.dbgCommand("k 1")
if tmp.find("Wow64NotifyDebugger") > -1:
pykd.dbgCommand(".effmach x86")
stack_trace = pykd.dbgCommand("k")
registers = pykd.dbgCommand("r")
exploitable = None
msec_path = None
if self.exploitable_path is None:
if self.mode == 32:
msec_path = os.path.join(self.windbg_path,
r"Debuggers\x86\winext")
elif self.mode == 64:
msec_path = os.path.join(self.windbg_path,
r"Debuggers\x64\winext")
elif self.mode == "arm":
msec_path = os.path.join(self.windbg_path,
r"Debuggers\arm\winext")
else:
raise Exception(
"Unknown mode %s, known ones are 32, 64 or 'arm'." %
self.mode)
else:
msec_path = self.exploitable_path
if msec_path is not None:
full_msec_path = os.path.join(msec_path, r"msec.dll")
if os.path.exists(full_msec_path):
try:
msec_handle = pykd.loadExt(full_msec_path)
commandOutput = pykd.callExt(msec_handle,
"exploitable", "")
exploitable = commandOutput
except:
log("Error loading extension: " +
str(sys.exc_info()[1]))
try:
if self.minidump_path is not None:
pykd.dbgCommand(r".dump /m /u %s\\" % self.minidump_path)
log("*** Minidump written at %s" % self.minidump_path)
except:
log("!!! Error saving minidump:" + str(sys.exc_info()[1]))
ret = self.create_crash_data(registers, stack_trace, exploitable)
print pykd.dbgCommand("k 10")
print pykd.dbgCommand("r")
print exploitable
crash_data_buf = self.crash_data.dump_json()
ret = self.crash_data.dump_dict()
print
print "Yep, we got a crash! \o/"
print
return ret
def run(self):
if self.timeout != 0:
self.timer = Timer(self.timeout, self.timeout_func)
self.timer.start()
self.do_stop = False
self.id = pykd.startProcess(self.program, debugChildren=True)
while not self.handler.exception_occurred and not self.do_stop:
try:
pykd.go()
except:
break
if self.do_stop:
try:
pykd.dbgCommand(".kill")
except:
log("Exception killing target: %s" % str(sys.exc_info()[1]))
return None
if self.timer is not None:
self.timer.cancel()
ret = None
if self.handler.exception_occurred:
stack_trace = pykd.dbgCommand("k")
registers = pykd.dbgCommand("r")
exploitable = None
msec_path = None
if self.exploitable_path is None:
if self.mode == 32:
msec_path = os.path.join(self.windbg_path, r"Debuggers\x86\winext")
elif self.mode == 64:
msec_path = os.path.join(self.windbg_path, r"Debuggers\x64\winext")
elif self.mode == "arm":
msec_path = os.path.join(self.windbg_path, r"Debuggers\arm\winext")
else:
raise Exception("Unknown mode %s, known ones are 32, 64 or 'arm'." % self.mode)
else:
msec_path = self.exploitable_path
print msec_path
if msec_path is not None:
full_msec_path = os.path.join(msec_path, r"msec.dll")
print full_msec_path
if os.path.exists(full_msec_path):
print "bai?"
os.chdir(msec_path)
msec_handle = pykd.loadExt(full_msec_path)
commandOutput = pykd.callExt(msec_handle, "exploitable", "")
exploitable = commandOutput
print "exploitable?", exploitable
ret = self.create_crash_data(registers, stack_trace, exploitable)
print pykd.dbgCommand("k 8")
print pykd.dbgCommand("r")
print exploitable
crash_data_buf = self.crash_data.dump_json()
ret = self.crash_data.dump_dict()
print
print "Yep, we got a crash! \o/"
print
return ret
def callExt(intarg1, stragr2, strarg3):
return pykd.callExt(intarg1, stragr2, strarg3)
def call_function(self, function_name, paras = None):
paras = '' if not paras else paras
return pykd.callExt(self._ext_handle, function_name, paras)
def LoadExploitable(self):
# Load !exploitable
extHandle = pykd.loadExt("C:\\Fuzzing\\Libs\\MSEC.dll")
print "[*] MSEC at 0x%x" % extHandle
commandOutput = pykd.callExt(extHandle, "exploitable", "-v")
self.exploitable = commandOutput
