Dailydave mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Request of the day

From: Pedram Amini <pedram () redhive com>
Date: Mon, 24 Apr 2006 21:25:16 -0400
On 4/21/2006 2:10 AM Dave Aitel wrote:

 I want to breakpoint on WSARecv() then hit control-f9 to continue
 until done, and then say returned buffer is now "my string" and I want
 to know all references to it and if anyone uses it in strdup() or
 wsprintf() or similar I want to mark the return values from those as
 well and follow them and just comment up the whole program
 automagically and let me know every instruction that relates to my
 string as you step_instruction() through it. Then later I want to know
 all functions that touched my string. Later on we'll work on
 structures and classes and internal members for the same thing. :>
That's funny. Earlier this year I found myself wanting exactly the same capabilities. One could write a debugger plug-in to accomplish this task and maybe even hack something up with IDA / IDC ... but I wanted something cleaner, so I implemented a Win32 debugger in Python (aptly named PyDbg). It's fairly complete with support for software, hardware and memory breakpoints, process snapshotting / restoring (ghetto and breaks a lot), SEH / stack unwinding, transparent remote debugging ...
Expanding even further I wrote a graph based abstraction layer over IDA and a number of helper utilities such as a connector to uDraw (I mentioned this earlier on DD). In the end it's become some what of an RE tool framework, the hope of which is to bring to the RE tool developer what Metasploit brings to exploit developers. There is even a sexy pluggable GUI ;-)
The framework was given the silly name PaiMei (from Kill Bill 2) and will be (mostly) released at RECON this year. I know this will be the second time I've teased this nonsense on DD but I couldn't help it as what you describe Dave has already been prototyped on top of this framework in less then 250 lines of Python. June 19th isn't too terribly far away, but so you at least know that I'm not completely full of shit, here are the Epydoc generated docs for the PyDbg componenet of PaiMei: 

   http://pedram.redhive.com/PyDbg/

-pedram
Previous By Date Next
Previous By Thread Next

Current thread: