def run(self): if self.timeout != 0: self.timer = Timer(self.timeout, self.timeout_func) self.timer.start() self.do_stop = False self.id = pykd.startProcess(self.program, debugChildren=True) if self.handler is None: self.handler = ExceptionHandler() while not self.handler.exception_occurred and not self.do_stop: try: pykd.go() except: break if self.do_stop: try: pykd.dbgCommand(".kill") except: log("Exception killing target: %s" % str(sys.exc_info()[1])) return None if self.timer is not None: self.timer.cancel() ret = None if self.handler.exception_occurred: tmp = pykd.dbgCommand("k 1") if tmp.find("Wow64NotifyDebugger") > -1: pykd.dbgCommand(".effmach x86") stack_trace = pykd.dbgCommand("k") registers = pykd.dbgCommand("r") exploitable = None msec_path = None if self.exploitable_path is None: if self.mode == 32: msec_path = os.path.join(self.windbg_path, r"Debuggers\x86\winext") elif self.mode == 64: msec_path = os.path.join(self.windbg_path, r"Debuggers\x64\winext") elif self.mode == "arm": msec_path = os.path.join(self.windbg_path, r"Debuggers\arm\winext") else: raise Exception( "Unknown mode %s, known ones are 32, 64 or 'arm'." % self.mode) else: msec_path = self.exploitable_path if msec_path is not None: full_msec_path = os.path.join(msec_path, r"msec.dll") if os.path.exists(full_msec_path): try: msec_handle = pykd.loadExt(full_msec_path) commandOutput = pykd.callExt(msec_handle, "exploitable", "") exploitable = commandOutput except: log("Error loading extension: " + str(sys.exc_info()[1])) try: if self.minidump_path is not None: pykd.dbgCommand(r".dump /m /u %s\\" % self.minidump_path) log("*** Minidump written at %s" % self.minidump_path) except: log("!!! Error saving minidump:" + str(sys.exc_info()[1])) ret = self.create_crash_data(registers, stack_trace, exploitable) print pykd.dbgCommand("k 10") print pykd.dbgCommand("r") print exploitable crash_data_buf = self.crash_data.dump_json() ret = self.crash_data.dump_dict() print print "Yep, we got a crash! \o/" print return ret
def run(self): if self.timeout != 0: self.timer = Timer(self.timeout, self.timeout_func) self.timer.start() self.do_stop = False self.id = pykd.startProcess(self.program, debugChildren=True) if self.handler is None: self.handler = ExceptionHandler() while not self.handler.exception_occurred and not self.do_stop: try: pykd.go() except: break if self.do_stop: try: pykd.dbgCommand(".kill") except: log("Exception killing target: %s" % str(sys.exc_info()[1])) return None if self.timer is not None: self.timer.cancel() ret = None if self.handler.exception_occurred: tmp = pykd.dbgCommand("k 1") if tmp.find("Wow64NotifyDebugger") > -1: pykd.dbgCommand(".effmach x86") stack_trace = pykd.dbgCommand("k") registers = pykd.dbgCommand("r") exploitable = None msec_path = None if self.exploitable_path is None: if self.mode == 32: msec_path = os.path.join(self.windbg_path, r"Debuggers\x86\winext") elif self.mode == 64: msec_path = os.path.join(self.windbg_path, r"Debuggers\x64\winext") elif self.mode == "arm": msec_path = os.path.join(self.windbg_path, r"Debuggers\arm\winext") else: raise Exception("Unknown mode %s, known ones are 32, 64 or 'arm'." % self.mode) else: msec_path = self.exploitable_path if msec_path is not None: full_msec_path = os.path.join(msec_path, r"msec.dll") if os.path.exists(full_msec_path): try: msec_handle = pykd.loadExt(full_msec_path) commandOutput = pykd.callExt(msec_handle, "exploitable", "") exploitable = commandOutput except: log("Error loading extension: " + str(sys.exc_info()[1])) try: if self.minidump_path is not None: pykd.dbgCommand(r".dump /m /u %s\\" % self.minidump_path) log("*** Minidump written at %s" % self.minidump_path) except: log("!!! Error saving minidump:" + str(sys.exc_info()[1])) ret = self.create_crash_data(registers, stack_trace, exploitable) print pykd.dbgCommand("k 10") print pykd.dbgCommand("r") print exploitable crash_data_buf = self.crash_data.dump_json() ret = self.crash_data.dump_dict() print print "Yep, we got a crash! \o/" print return ret
def load_extensions(): windbg_path = os.environ['WIN_DEBUGGING_TOOLS_PATH'] exts_dll_path = os.path.normpath(os.path.join(windbg_path, 'winxp/exts.dll')) loadExt(exts_dll_path)
def run(self): if self.timeout != 0: self.timer = Timer(self.timeout, self.timeout_func) self.timer.start() self.do_stop = False self.id = pykd.startProcess(self.program, debugChildren=True) while not self.handler.exception_occurred and not self.do_stop: try: pykd.go() except: break if self.do_stop: try: pykd.dbgCommand(".kill") except: log("Exception killing target: %s" % str(sys.exc_info()[1])) return None if self.timer is not None: self.timer.cancel() ret = None if self.handler.exception_occurred: stack_trace = pykd.dbgCommand("k") registers = pykd.dbgCommand("r") exploitable = None msec_path = None if self.exploitable_path is None: if self.mode == 32: msec_path = os.path.join(self.windbg_path, r"Debuggers\x86\winext") elif self.mode == 64: msec_path = os.path.join(self.windbg_path, r"Debuggers\x64\winext") elif self.mode == "arm": msec_path = os.path.join(self.windbg_path, r"Debuggers\arm\winext") else: raise Exception("Unknown mode %s, known ones are 32, 64 or 'arm'." % self.mode) else: msec_path = self.exploitable_path print msec_path if msec_path is not None: full_msec_path = os.path.join(msec_path, r"msec.dll") print full_msec_path if os.path.exists(full_msec_path): print "bai?" os.chdir(msec_path) msec_handle = pykd.loadExt(full_msec_path) commandOutput = pykd.callExt(msec_handle, "exploitable", "") exploitable = commandOutput print "exploitable?", exploitable ret = self.create_crash_data(registers, stack_trace, exploitable) print pykd.dbgCommand("k 8") print pykd.dbgCommand("r") print exploitable crash_data_buf = self.crash_data.dump_json() ret = self.crash_data.dump_dict() print print "Yep, we got a crash! \o/" print return ret
def __init__(self, ext_path): # exception in constructor? self._ext_path = ext_path self._ext_handle = pykd.loadExt(self._ext_path)
def LoadExploitable(self): # Load !exploitable extHandle = pykd.loadExt("C:\\Fuzzing\\Libs\\MSEC.dll") print "[*] MSEC at 0x%x" % extHandle commandOutput = pykd.callExt(extHandle, "exploitable", "-v") self.exploitable = commandOutput
def load_extensions(): windbg_path = os.environ['WIN_DEBUGGING_TOOLS_PATH'] exts_dll_path = os.path.normpath( os.path.join(windbg_path, 'winxp/exts.dll')) loadExt(exts_dll_path)