def run(self): if self.timeout != 0: self.timer = Timer(self.timeout, self.timeout_func) self.timer.start() self.do_stop = False self.id = pykd.startProcess(self.program, debugChildren=True) if self.handler is None: self.handler = ExceptionHandler() while not self.handler.exception_occurred and not self.do_stop: try: pykd.go() except: break if self.do_stop: try: pykd.dbgCommand(".kill") except: log("Exception killing target: %s" % str(sys.exc_info()[1])) return None if self.timer is not None: self.timer.cancel() ret = None if self.handler.exception_occurred: tmp = pykd.dbgCommand("k 1") if tmp.find("Wow64NotifyDebugger") > -1: pykd.dbgCommand(".effmach x86") stack_trace = pykd.dbgCommand("k") registers = pykd.dbgCommand("r") exploitable = None msec_path = None if self.exploitable_path is None: if self.mode == 32: msec_path = os.path.join(self.windbg_path, r"Debuggers\x86\winext") elif self.mode == 64: msec_path = os.path.join(self.windbg_path, r"Debuggers\x64\winext") elif self.mode == "arm": msec_path = os.path.join(self.windbg_path, r"Debuggers\arm\winext") else: raise Exception("Unknown mode %s, known ones are 32, 64 or 'arm'." % self.mode) else: msec_path = self.exploitable_path if msec_path is not None: full_msec_path = os.path.join(msec_path, r"msec.dll") if os.path.exists(full_msec_path): try: msec_handle = pykd.loadExt(full_msec_path) commandOutput = pykd.callExt(msec_handle, "exploitable", "") exploitable = commandOutput except: log("Error loading extension: " + str(sys.exc_info()[1])) try: if self.minidump_path is not None: pykd.dbgCommand(r".dump /m /u %s\\" % self.minidump_path) log("*** Minidump written at %s" % self.minidump_path) except: log("!!! Error saving minidump:" + str(sys.exc_info()[1])) ret = self.create_crash_data(registers, stack_trace, exploitable) print pykd.dbgCommand("k 10") print pykd.dbgCommand("r") print exploitable crash_data_buf = self.crash_data.dump_json() ret = self.crash_data.dump_dict() print print "Yep, we got a crash! \o/" print return ret
def run(self): if self.timeout != 0: self.timer = Timer(self.timeout, self.timeout_func) self.timer.start() self.do_stop = False self.id = pykd.startProcess(self.program, debugChildren=True) if self.handler is None: self.handler = ExceptionHandler() while not self.handler.exception_occurred and not self.do_stop: try: pykd.go() except: break if self.do_stop: try: pykd.dbgCommand(".kill") except: log("Exception killing target: %s" % str(sys.exc_info()[1])) return None if self.timer is not None: self.timer.cancel() ret = None if self.handler.exception_occurred: tmp = pykd.dbgCommand("k 1") if tmp.find("Wow64NotifyDebugger") > -1: pykd.dbgCommand(".effmach x86") stack_trace = pykd.dbgCommand("k") registers = pykd.dbgCommand("r") exploitable = None msec_path = None if self.exploitable_path is None: if self.mode == 32: msec_path = os.path.join(self.windbg_path, r"Debuggers\x86\winext") elif self.mode == 64: msec_path = os.path.join(self.windbg_path, r"Debuggers\x64\winext") elif self.mode == "arm": msec_path = os.path.join(self.windbg_path, r"Debuggers\arm\winext") else: raise Exception( "Unknown mode %s, known ones are 32, 64 or 'arm'." % self.mode) else: msec_path = self.exploitable_path if msec_path is not None: full_msec_path = os.path.join(msec_path, r"msec.dll") if os.path.exists(full_msec_path): try: msec_handle = pykd.loadExt(full_msec_path) commandOutput = pykd.callExt(msec_handle, "exploitable", "") exploitable = commandOutput except: log("Error loading extension: " + str(sys.exc_info()[1])) try: if self.minidump_path is not None: pykd.dbgCommand(r".dump /m /u %s\\" % self.minidump_path) log("*** Minidump written at %s" % self.minidump_path) except: log("!!! Error saving minidump:" + str(sys.exc_info()[1])) ret = self.create_crash_data(registers, stack_trace, exploitable) print pykd.dbgCommand("k 10") print pykd.dbgCommand("r") print exploitable crash_data_buf = self.crash_data.dump_json() ret = self.crash_data.dump_dict() print print "Yep, we got a crash! \o/" print return ret
def run(self): if self.timeout != 0: self.timer = Timer(self.timeout, self.timeout_func) self.timer.start() self.do_stop = False self.id = pykd.startProcess(self.program, debugChildren=True) while not self.handler.exception_occurred and not self.do_stop: try: pykd.go() except: break if self.do_stop: try: pykd.dbgCommand(".kill") except: log("Exception killing target: %s" % str(sys.exc_info()[1])) return None if self.timer is not None: self.timer.cancel() ret = None if self.handler.exception_occurred: stack_trace = pykd.dbgCommand("k") registers = pykd.dbgCommand("r") exploitable = None msec_path = None if self.exploitable_path is None: if self.mode == 32: msec_path = os.path.join(self.windbg_path, r"Debuggers\x86\winext") elif self.mode == 64: msec_path = os.path.join(self.windbg_path, r"Debuggers\x64\winext") elif self.mode == "arm": msec_path = os.path.join(self.windbg_path, r"Debuggers\arm\winext") else: raise Exception("Unknown mode %s, known ones are 32, 64 or 'arm'." % self.mode) else: msec_path = self.exploitable_path print msec_path if msec_path is not None: full_msec_path = os.path.join(msec_path, r"msec.dll") print full_msec_path if os.path.exists(full_msec_path): print "bai?" os.chdir(msec_path) msec_handle = pykd.loadExt(full_msec_path) commandOutput = pykd.callExt(msec_handle, "exploitable", "") exploitable = commandOutput print "exploitable?", exploitable ret = self.create_crash_data(registers, stack_trace, exploitable) print pykd.dbgCommand("k 8") print pykd.dbgCommand("r") print exploitable crash_data_buf = self.crash_data.dump_json() ret = self.crash_data.dump_dict() print print "Yep, we got a crash! \o/" print return ret
def callExt(intarg1, stragr2, strarg3): return pykd.callExt(intarg1, stragr2, strarg3)
def call_function(self, function_name, paras = None): paras = '' if not paras else paras return pykd.callExt(self._ext_handle, function_name, paras)
def LoadExploitable(self): # Load !exploitable extHandle = pykd.loadExt("C:\\Fuzzing\\Libs\\MSEC.dll") print "[*] MSEC at 0x%x" % extHandle commandOutput = pykd.callExt(extHandle, "exploitable", "-v") self.exploitable = commandOutput