Re: Request of the day

[Mårten Cassel <mcassel () kth se>]

> On 4/21/2006 2:10 AM Dave Aitel wrote:
> >  I want to breakpoint on WSARecv() then hit control-f9 to continue
> >  until done, and then say returned buffer is now "my string" and I want
> >  to know all references to it and if anyone uses it in strdup() or
> >  wsprintf() or similar I want to mark the return values from those as
> >  well and follow them and just comment up the whole program
> >  automagically and let me know every instruction that relates to my
> >  string as you step_instruction() through it. Then later I want to know
> >  all functions that touched my string. Later on we'll work on
> >  structures and classes and internal members for the same thing. :>
>
> That's funny. Earlier this year I found myself wanting exactly the same
> capabilities. One could write a debugger plug-in to accomplish this task
> and maybe even hack something up with IDA / IDC ... but I wanted
> something cleaner, so I implemented a Win32 debugger in Python (aptly
> named PyDbg). It's fairly complete with support for software, hardware
> and memory breakpoints, process snapshotting / restoring (ghetto and
> breaks a lot), SEH / stack unwinding, transparent remote debugging ...
>
> Expanding even further I wrote a graph based abstraction layer over IDA
> and a number of helper utilities such as a connector to uDraw (I
> mentioned this earlier on DD). In the end it's become some what of an RE
> tool framework, the hope of which is to bring to the RE tool developer
> what Metasploit brings to exploit developers. There is even a sexy
> pluggable GUI ;-)
>
> The framework was given the silly name PaiMei (from Kill Bill 2) and
> will be (mostly) released at RECON this year. I know this will be the
> second time I've teased this nonsense on DD but I couldn't help it as
> what you describe Dave has already been prototyped on top of this
> framework in less then 250 lines of Python. June 19th isn't too terribly
> far away, but so you at least know that I'm not completely full of shit,
> here are the Epydoc generated docs for the PyDbg componenet of PaiMei:
>
>     http://pedram.redhive.com/PyDbg/
>
> -pedram

I'm writing a debugger plugin for IDA Pro that's supposed do be a debugger
for a proprietary bytecode interpreter / virtual machine. What i'd like is
a abstraction layer in som form so i can easily port my debugger to use
either Ida Pro or OllyDbg and use the debugger services.
 Do you have any clues of what kind of software design would be the best
way to accomplish this?

- Marten