def load_binary(filepath, base=None):
opList = {}
trace = vtrace.getTrace()
trace.execute(filepath)
#######################################################################
# Enable the notifier. Used later to catch the page execute exception.
notif = CustomNotifier()
eve = vtrace.NOTIFY_ALL
trace.registerNotifier(eve, notif)
#######################################################################
# Set a breakpoint on CreateProcessA and run until it is hit
pattern = "CreateProcessA()"
v_api.setBpOnPattern(trace, pattern)
v_api.printBp(trace)
trace.run()
#######################################################################
# Functions sets child process to start suspended and attaches to it
# as soon as it returns to userland by setting the Entry Point page
# as non executable and catching the exception that is thrown.
print "followCreateProcessA"
v_api.followCreateProcessA(trace)
addr = v_api.getOEP(trace, "pwnables100")
v_api.nxMemPerm(trace, addr)
#####################################################################
# Beyond this point the debugger is attached to the child process
#
print ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>"
print "HOLY BREAKPOINT BATMAN!"
print "EIP: ", v_api.printableEIP(trace)
def load_binary(filepath, base=None):
# Get the current trace object from vtrace
trace = vtrace.getTrace()
# If attempting to attach to a 64 bit process
# 64 bit python is required.
trace.execute(filepath)
###############################################################
# The notifier class we want to register
notif = CustomNotifier()
# The list of events we want the notifier to handle
eve = vtrace.NOTIFY_ALL
# Tell our vtrace object that we want to capture all events with CustomNotifier
trace.registerNotifier(eve, notif)
###############################################################
# Call a function to set BP on OEP
oep = v_api.getOEP(trace, filepath)
# Set breakpoint at address
bp = vtrace.Breakpoint(oep)
trace.addBreakpoint(bp)
# Start executing the program until you hit a breakpoint or it ends
trace.run()
#################################################################
# Step 5 times into the program
for i in range(5):
trace.stepi()
# Deregister our notifier
trace.deregisterNotifier(eve, notif)
def load_binary(filepath, base=None):
opList = {}
trace = vtrace.getTrace()
trace.execute(filepath)
#######################################################################
# Enable the notifier. Used later to catch the page execute exception.
notif = CustomNotifier()
eve = vtrace.NOTIFY_ALL
trace.registerNotifier(eve, notif)
#######################################################################
# Set a breakpoint on CreateProcessA and run until it is hit
pattern = "CreateProcessA()"
v_api.setBpOnPattern(trace, pattern)
v_api.printBp(trace)
trace.run()
#######################################################################
# Functions sets child process to start suspended and attaches to it
# as soon as it returns to userland by setting the Entry Point page
# as non executable and catching the exception that is thrown.
print "followCreateProcessA"
v_api.followCreateProcessA(trace)
addr = v_api.getOEP(trace, "pwnables100")
v_api.nxMemPerm(trace, addr)
#####################################################################
# Beyond this point the debugger is attached to the child process
#
print ">>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>"
print "HOLY BREAKPOINT BATMAN!"
print "EIP: ", v_api.printableEIP(trace)
def load_binary(filepath, base=None):
# Get the current trace object from vtrace
trace = vtrace.getTrace()
# If attempting to attach to a 64 bit process
# 64 bit python is required.
trace.execute(filepath)
###############################################################
# The notifier class we want to register
notif = CustomNotifier()
# The list of events we want the notifier to handle
eve = vtrace.NOTIFY_ALL
# Tell our vtrace object that we want to capture all events with CustomNotifier
trace.registerNotifier(eve, notif)
###############################################################
# Call a function to set BP on OEP
oep = v_api.getOEP(trace, filepath)
# Set breakpoint at address
bp = vtrace.Breakpoint(oep)
trace.addBreakpoint(bp)
# Start executing the program until you hit a breakpoint or it ends
trace.run()
#################################################################
# Step 5 times into the program
for i in range(5):
trace.stepi()
# Deregister our notifier
trace.deregisterNotifier(eve, notif)
def load_binary(filepath, base=None):
# Get the current trace object from vtrace
trace = vtrace.getTrace()
trace.setMode("FastBreak", True)
# If attempting to attach to a 64 bit process
# 64 bit python is required.
trace.execute(filepath)
# Call a function to set BP on OEP
oep = v_api.getOEP(trace, filepath)
print "OEP: %x" % oep
#######################################################################
# Add a breakpoint on CreateProcessA
# Run until the breakpoint
pattern = "kernel32.CreateProcessA"
v_api.setBpOnPattern(trace, pattern)
trace.run()
trace = v_api.followCreateProcessA(trace)
##########################################################
# Stalker
#addr is here since child process doens't start at oep
addr = 0x004015ac
try:
v_stalker.addStalkerEntry(trace, addr)
except:
pass
print('Added 0x%.8x to Stalker list' % addr)
######################################################################
## Beyond this point the debugger is attached to the child process
##
trace.setMode("FastBreak", True)
while trace.isAttached():
trace.run()
f = file("zTest.stalk", "wb")
# Prints out the current stalker hits
# Not currently working....
#print('Current Stalker Hits:')
for hitva in v_stalker.getStalkerHits(trace):
print('\t 0x%.8x' % hitva)
f.write('\t 0x%.8x\n' % hitva)
f.close()
def load_binary(filepath, base=None):
# Get the current trace object from vtrace
trace = vtrace.getTrace()
# If attempting to attach to a 64 bit process
# 64 bit python is required.
trace.execute(filepath)
# Call a function to set BP on OEP
oep = v_api.getOEP(trace, filepath)
# Set breakpoint at address
bp = vtrace.Breakpoint(oep)
trace.addBreakpoint(bp)
# Print out all the current breakpoints as well as if they are enabled.
for bp in trace.getBreakpoints():
print("%s enabled: %s" % (bp, bp.isEnabled()))
# Start executing the program until you hit a breakpoint or it ends
trace.run()
##############################################################
# At this point you are at OEP of the program
# We know that there is a call 5 instructions in
# There are ways to programmatically find a call
for i in range(5):
trace.stepi()
# Print the value of EIP as a long and as hex
print "\n"
print "EIP: ", trace.getRegister(REG_EIP)
print "HEX EIP: ", hex(trace.getRegister(REG_EIP))
# Once you are in the function you can read the value of ESP
# ESP points to the value of the return address
print "\n"
esp = trace.getRegister(REG_ESP)
retaddr = trace.readMemory(esp, 4)
# Returns the exact memory locations
# Just in the WRONG order
print "RET: ", retaddr.encode('hex')
# This returns the address correctly formatted
print "RET: ", hex(struct.unpack("I",retaddr)[0])
def load_binary(filepath, base=None):
# Get the current trace object from vtrace
trace = vtrace.getTrace()
# If attempting to attach to a 64 bit process
# 64 bit python is required.
trace.execute(filepath)
# Call a function to set BP on OEP
oep = v_api.getOEP(trace, filepath)
# Set breakpoint at address
bp = vtrace.Breakpoint(oep)
trace.addBreakpoint(bp)
# Print out all the current breakpoints as well as if they are enabled.
for bp in trace.getBreakpoints():
print("%s enabled: %s" % (bp, bp.isEnabled()))
# Start executing the program until you hit a breakpoint or it ends
trace.run()
##############################################################
# At this point you are at OEP of the program
# We know that there is a call 5 instructions in
# There are ways to programmatically find a call
for i in range(5):
trace.stepi()
# Print the value of EIP as a long and as hex
print "\n"
print "EIP: ", trace.getRegister(REG_EIP)
print "HEX EIP: ", hex(trace.getRegister(REG_EIP))
# Once you are in the function you can read the value of ESP
# ESP points to the value of the return address
print "\n"
esp = trace.getRegister(REG_ESP)
retaddr = trace.readMemory(esp, 4)
# Returns the exact memory locations
# Just in the WRONG order
print "RET: ", retaddr.encode('hex')
# This returns the address correctly formatted
print "RET: ", hex(struct.unpack("I", retaddr)[0])
def notify(self, event, trace):
if event == vtrace.NOTIFY_ALL:
print "WTF, how did we get a vtrace.NOTIFY_ALL event?!?!"
elif event == vtrace.NOTIFY_SIGNAL:
print "vtrace.NOTIFY_SIGNAL"
print "PendingSignal", trace.getMeta("PendingSignal")
print "PendingException", trace.getMeta("PendingException")
if trace.getMeta("Platform") == "Windows":
win32event = trace.getMeta("Win32Event")
#print repr(win32event)
print "ExceptionAddress: %(ExceptionAddress)x" % win32event
addr = v_api.getOEP(trace, "pwnables100")
memMap = trace.getMemoryMap(addr)
begin = memMap[0]
size = memMap[1]
trace.protectMemory(begin, size, envi.memory.MM_READ_EXEC)
win32 = trace.getMeta("Win32Event", None)
if win32:
code = win32["ExceptionCode"]
print "Win32 ExceptCode: ", code
elif event == vtrace.NOTIFY_BREAK:
print "vtrace.NOTIFY_BREAK", v_api.printableEIP(trace)
#print "BESTNAME: ", trace.getSymByAddr(v_api.getEIP(trace), exact=False)
#pass
elif event == vtrace.NOTIFY_EXIT:
print "vtrace.NOTIFY_EXIT"
print "ExitCode", trace.getMeta("ExitCode")
elif event == vtrace.NOTIFY_ATTACH:
print "vtrace.NOTIFY_ATTACH"
#pass
elif event == vtrace.NOTIFY_DETACH:
print "vtrace.NOTIFY_DETACH"
#pass
elif event == vtrace.NOTIFY_STEP:
#print "vtrace.NOTIFY_STEP"
# print "BESTNAME: ", trace.getSymByAddr(getEIP(trace), exact=False)
# print "Current Thread: ", trace.getCurrentThread()
# print "THREADS: ", trace.getThreads()
pass
else:
pass
def notify(self, event, trace):
if event == vtrace.NOTIFY_ALL:
print "WTF, how did we get a vtrace.NOTIFY_ALL event?!?!"
elif event == vtrace.NOTIFY_SIGNAL:
print "vtrace.NOTIFY_SIGNAL"
print "PendingSignal",trace.getMeta("PendingSignal")
print "PendingException",trace.getMeta("PendingException")
if trace.getMeta("Platform") == "Windows":
win32event = trace.getMeta("Win32Event")
#print repr(win32event)
print "ExceptionAddress: %(ExceptionAddress)x" % win32event
addr = v_api.getOEP(trace, "pwnables100")
memMap = trace.getMemoryMap(addr)
begin = memMap[0]
size = memMap[1]
trace.protectMemory(begin, size, envi.memory.MM_READ_EXEC)
win32 = trace.getMeta("Win32Event", None)
if win32:
code = win32["ExceptionCode"]
print "Win32 ExceptCode: ", code
elif event == vtrace.NOTIFY_BREAK:
print "vtrace.NOTIFY_BREAK", v_api.printableEIP(trace)
#print "BESTNAME: ", trace.getSymByAddr(v_api.getEIP(trace), exact=False)
#pass
elif event == vtrace.NOTIFY_EXIT:
print "vtrace.NOTIFY_EXIT"
print "ExitCode",trace.getMeta("ExitCode")
elif event == vtrace.NOTIFY_ATTACH:
print "vtrace.NOTIFY_ATTACH"
#pass
elif event == vtrace.NOTIFY_DETACH:
print "vtrace.NOTIFY_DETACH"
#pass
elif event == vtrace.NOTIFY_STEP:
#print "vtrace.NOTIFY_STEP"
# print "BESTNAME: ", trace.getSymByAddr(getEIP(trace), exact=False)
# print "Current Thread: ", trace.getCurrentThread()
# print "THREADS: ", trace.getThreads()
pass
else:
pass
def load_binary(filepath, base=None):
# Get the current trace object from vtrace
trace = vtrace.getTrace()
trace.execute(filepath)
######################################################################
# Call a function to set BP on OEP
oep = v_api.getOEP(trace, filepath)
# Set breakpoint at address
bp = vtrace.Breakpoint(oep)
trace.addBreakpoint(bp)
# Print out all the current breakpoints as well as if they are enabled.
for bp in trace.getBreakpoints():
print("%s enabled: %s" % (bp, bp.isEnabled()))
######################################################################
# Start executing the program until you hit a breakpoint or it ends
trace.run()
######################################################################
# print out the value of EIP as a long and as a hex value
print "\n"
print "EIP: ", trace.getRegister(REG_EIP)
print "HEX EIP: ", hex(trace.getRegister(REG_EIP))
# Read the address of EIP
eip = trace.getRegister(REG_EIP)
# Read the memory values pointed to by EIP
s = trace.readMemory(eip, 15)
# Determine the opcode of the memory pointed to by EIP
op1 = trace.makeOpcode(s, 0, eip)
print "OP CODE: ", op1
# print out the value of EAX as a long and as a hex value
print "\n"
print "EAX: ", trace.getRegister(REG_EAX)
print "HEX EAX: ", hex(trace.getRegister(REG_EAX))
# Print out the value of ESP as a long and as a hex value
print "\n"
print "ESP: ", trace.getRegister(REG_ESP)
print "HEX ESP: ", hex(trace.getRegister(REG_ESP))
def load_binary(filepath, base=None):
# Get the current trace object from vtrace
trace = vtrace.getTrace()
trace.execute(filepath)
######################################################################
# Call a function to set BP on OEP
oep = v_api.getOEP(trace, filepath)
# Set breakpoint at address
bp = vtrace.Breakpoint(oep)
trace.addBreakpoint(bp)
# Print out all the current breakpoints as well as if they are enabled.
for bp in trace.getBreakpoints():
print("%s enabled: %s" % (bp, bp.isEnabled()))
######################################################################
# Start executing the program until you hit a breakpoint or it ends
trace.run()
######################################################################
# print out the value of EIP as a long and as a hex value
print "\n"
print "EIP: ", trace.getRegister(REG_EIP)
print "HEX EIP: ", hex(trace.getRegister(REG_EIP))
# Read the address of EIP
eip = trace.getRegister(REG_EIP)
# Read the memory values pointed to by EIP
s = trace.readMemory(eip,15)
# Determine the opcode of the memory pointed to by EIP
op1 = trace.makeOpcode(s, 0, eip)
print "OP CODE: ", op1
# print out the value of EAX as a long and as a hex value
print "\n"
print "EAX: ", trace.getRegister(REG_EAX)
print "HEX EAX: ", hex(trace.getRegister(REG_EAX))
# Print out the value of ESP as a long and as a hex value
print "\n"
print "ESP: ", trace.getRegister(REG_ESP)
print "HEX ESP: ", hex(trace.getRegister(REG_ESP))
def load_binary(filepath, base=None):
trace.setMode("FastStep", 1)
filepath = trace.getMeta('ExeName')
fileName = os.path.basename(filepath).split('.')[0]
# Call a function to set BP on OEP
oep = getOEP(trace, filepath)
#######################################################################
# Get the list of imported functions to compare against
base, importTable = printIAT(trace, fileName)
base, poff, psize = getIATLocation(trace, fileName, debug)
# Store the IAT under the meta name IATInfo
store_IAT(trace, base, importTable, "IATInfo")
psize = trace.arch.getPointerSize()
memMap = trace.getMemoryMap(base + poff)
begin = memMap[0]
size = len(importTable) * psize
# put begin in size into the meta data
trace.setMeta("IATBegin", begin)
trace.setMeta("IATSize", size)
print "[*] Protecting Memory Location: %s" % hex(begin)
print "[*] Memory Size: %s" % size
trace.protectMemory(begin, size, envi.memory.MM_NONE)
#######################################################################
# Enable the notifier. Used later to catch the page execute exception.
notif = CustomNotifier()
eve = vtrace.NOTIFY_ALL
#eve = vtrace.NOTIFY_SIGNAL
trace.registerNotifier(eve, notif)
def load_binary(filepath, base=None):
trace.setMode("FastStep", 1)
filepath = trace.getMeta('ExeName')
fileName = os.path.basename(filepath).split('.')[0]
# Call a function to set BP on OEP
oep = getOEP(trace, filepath)
#######################################################################
# Get the list of imported functions to compare against
base, importTable = printIAT(trace, fileName)
base, poff, psize = getIATLocation(trace, fileName, debug)
# Store the IAT under the meta name IATInfo
store_IAT(trace, base, importTable, "IATInfo")
psize = trace.arch.getPointerSize()
memMap = trace.getMemoryMap(base+poff)
begin = memMap[0]
size = len(importTable) * psize
# put begin in size into the meta data
trace.setMeta("IATBegin", begin)
trace.setMeta("IATSize", size)
print "[*] Protecting Memory Location: %s" % hex(begin)
print "[*] Memory Size: %s" % size
trace.protectMemory(begin, size, envi.memory.MM_NONE)
#######################################################################
# Enable the notifier. Used later to catch the page execute exception.
notif = CustomNotifier()
eve = vtrace.NOTIFY_ALL
#eve = vtrace.NOTIFY_SIGNAL
trace.registerNotifier(eve, notif)
def load_binary(filepath, base=None):
# Get the current trace object from vtrace
trace = vtrace.getTrace()
# If attempting to attach to a 64 bit process
# 64 bit python is required.
trace.execute(filepath)
oep = v_api.getOEP(trace, filepath)
# Set breakpoint at address
bp = vtrace.Breakpoint(oep)
trace.addBreakpoint(bp)
# Print out all the current breakpoints as well as if they are enabled.
for bp in trace.getBreakpoints():
print("%s enabled: %s" % (bp, bp.isEnabled()))
# Start executing the program until you hit a breakpoint or it ends
trace.run()
print "Holy BreakPoint Batman!"
def load_binary(filepath, base=None):
trace = vtrace.getTrace()
trace.execute(filepath)
#######################################################################
# Call a function to set BP on OEP
oep = v_api.getOEP(trace, filepath)
# Set breakpoint at address
bp = vtrace.Breakpoint(oep)
trace.addBreakpoint(bp)
######################################################################
# Start executing the program until you hit a breakpoint or it ends
trace.run()
#######################################################################
# function takes in just filename not the full path to filename.exe
exeName = filepath.split(".exe")[0]
fileName = exeName.split("\\")[len(exeName.split("\\"))-1]
# Get the list of imported functions to compare against
base, importTable = v_api.printIAT(trace, fileName, debug)
def load_binary(filepath, base=None):
# Get the current trace object from vtrace
trace = vtrace.getTrace()
# If attempting to attach to a 64 bit process
# 64 bit python is required.
trace.execute(filepath)
oep = v_api.getOEP(trace, filepath)
# Set breakpoint at address
bp = vtrace.Breakpoint(oep)
trace.addBreakpoint(bp)
# Print out all the current breakpoints as well as if they are enabled.
for bp in trace.getBreakpoints():
print("%s enabled: %s" % (bp, bp.isEnabled()))
# Start executing the program until you hit a breakpoint or it ends
trace.run()
print "Holy BreakPoint Batman!"
def load_binary(filepath, base=None):
# Get the current trace object from vtrace
trace = vtrace.getTrace()
trace.setMode("FastBreak", True)
# If attempting to attach to a 64 bit process
# 64 bit python is required.
trace.execute(filepath)
# Call a function to set BP on OEP
oep = v_api.getOEP(trace, filepath)
print "OEP: %x" % oep
##########################################################
# Stalker
#addr is here since child process doens't start at oep
addr = oep
try:
v_stalker.addStalkerEntry(trace, addr)
except:
pass
print('Added 0x%.8x to Stalker list' % addr)
######################################################################
## Beyond this point the debugger is attached to the child process
##
trace.setMode("FastBreak", True)
while trace.isAttached():
trace.run()
f = file("zTest.stalk", "wb")
# Prints out the current stalker hits
# Not currently working....
#print('Current Stalker Hits:')
for hitva in v_stalker.getStalkerHits(trace):
print('\t 0x%.8x' % hitva)
f.write('\t 0x%.8x\n' % hitva)
f.close()
def load_binary(filepath, base=None):
# Get the current trace object from vtrace
trace = vtrace.getTrace()
# If attempting to attach to a 64 bit process
# 64 bit python is required.
trace.execute(filepath)
###############################################################
# Call a function to set BP on OEP
oep = v_api.getOEP(trace, filepath)
# Set breakpoint at address
bp = vtrace.Breakpoint(oep)
trace.addBreakpoint(bp)
# Start executing the program until you hit a breakpoint or it ends
trace.run()
#################################################################
# takes a snapshot of memory
snap = vs_snap.takeSnapshot(trace)
# saves it to a file
snap.saveToFile("zTest.snap")
def load_binary(filepath, base=None):
# Get the current trace object from vtrace
trace = vtrace.getTrace()
# If attempting to attach to a 64 bit process
# 64 bit python is required.
trace.execute(filepath)
###############################################################
# Call a function to set BP on OEP
oep = v_api.getOEP(trace, filepath)
# Set breakpoint at address
bp = vtrace.Breakpoint(oep)
trace.addBreakpoint(bp)
# Start executing the program until you hit a breakpoint or it ends
trace.run()
#################################################################
# takes a snapshot of memory
snap = vs_snap.takeSnapshot(trace)
# saves it to a file
snap.saveToFile("zTest.snap")
def load_binary(filepath, base=None):
trace = vtrace.getTrace()
trace.execute(filepath)
trace.setMode("FastStep", 1)
filepath = trace.getMeta('ExeName')
fileName = os.path.basename(filepath).split('.')[0]
# Call a function to set BP on OEP
oep = getOEP(trace, filepath)
#######################################################################
# Get the list of imported functions to compare against
base, importTable = printIAT(trace, fileName)
base, poff, psize = getIATLocation(trace, fileName, debug)
# Store the IAT under the meta name IATInfo
store_IAT(trace, base, importTable, "IATInfo")
psize = trace.arch.getPointerSize()
memMap = trace.getMemoryMap(base + poff)
begin = memMap[0]
size = len(importTable) * psize
# put begin in size into the meta data
trace.setMeta("IATBegin", begin)
trace.setMeta("IATSize", size)
print "[*] Protecting Memory Location: %s" % hex(begin)
print "[*] Memory Size: %s" % size
trace.protectMemory(begin, size, envi.memory.MM_NONE)
#######################################################################
# Enable the notifier. Used later to catch the page execute exception.
notif = CustomNotifier()
eve = vtrace.NOTIFY_ALL
#eve = vtrace.NOTIFY_SIGNAL
trace.registerNotifier(eve, notif)
#######################################################################
#trace.run()
count = 0
lst = trace.getMeta('IATList')
# Until you hit Ctrl+C keep looping and printing out IAT calls
# On termination print out all the calls in the order that they were called
while True:
try:
trace.run()
count += 1
lst = trace.getMeta('IATList')
except KeyboardInterrupt:
for i in lst:
a = i.split(':')
print "\t[*] %s \t %s \t %s" % (a[0], a[1], a[2])
sys.exit(1)
except:
x = pprint.pformat(lst)
a = x.lstrip('[')
a = a.rstrip(']')
a = a.split('\n')
for i in a:
i = i.replace("'", "")
i = i.replace("\'", "")
b = i.split(':')
print "\t[*] %s \t %s \t %s" % (b[0].lstrip(), b[1],
b[2].rstrip('\','))
sys.exit(2)
def load_binary(filepath, base=None):
trace = vtrace.getTrace()
trace.execute(filepath)
trace.setMode("FastStep", 1)
filepath = trace.getMeta('ExeName')
fileName = os.path.basename(filepath).split('.')[0]
# Call a function to set BP on OEP
oep = getOEP(trace, filepath)
#######################################################################
# Get the list of imported functions to compare against
base, importTable = printIAT(trace, fileName)
base, poff, psize = getIATLocation(trace, fileName, debug)
# Store the IAT under the meta name IATInfo
store_IAT(trace, base, importTable, "IATInfo")
psize = trace.arch.getPointerSize()
memMap = trace.getMemoryMap(base+poff)
begin = memMap[0]
size = len(importTable) * psize
# put begin in size into the meta data
trace.setMeta("IATBegin", begin)
trace.setMeta("IATSize", size)
print "[*] Protecting Memory Location: %s" % hex(begin)
print "[*] Memory Size: %s" % size
trace.protectMemory(begin, size, envi.memory.MM_NONE)
#######################################################################
# Enable the notifier. Used later to catch the page execute exception.
notif = CustomNotifier()
eve = vtrace.NOTIFY_ALL
#eve = vtrace.NOTIFY_SIGNAL
trace.registerNotifier(eve, notif)
#######################################################################
#trace.run()
count = 0
lst = trace.getMeta('IATList')
# Until you hit Ctrl+C keep looping and printing out IAT calls
# On termination print out all the calls in the order that they were called
while True:
try:
trace.run()
count += 1
lst = trace.getMeta('IATList')
except KeyboardInterrupt:
for i in lst:
a = i.split(':')
print "\t[*] %s \t %s \t %s" % (a[0], a[1], a[2])
sys.exit(1)
except:
x = pprint.pformat(lst)
a = x.lstrip('[')
a = a.rstrip(']')
a = a.split('\n')
for i in a:
i = i.replace("'", "")
i = i.replace("\'", "")
b = i.split(':')
print "\t[*] %s \t %s \t %s" % (b[0].lstrip(), b[1], b[2].rstrip('\','))
sys.exit(2)