From a9f162cefe40a576335fe0c45e2cf452858445ee Mon Sep 17 00:00:00 2001 From: Pablo Quarella <58643218+defaultuser001@users.noreply.github.com> Date: Thu, 11 Nov 2021 11:00:53 -0300 Subject: [PATCH 1/2] order bug fix --- winappdbg/module.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/winappdbg/module.py b/winappdbg/module.py index 2dfa7f36..479b795e 100644 --- a/winappdbg/module.py +++ b/winappdbg/module.py @@ -604,7 +604,7 @@ def get_symbol_at_address(self, address): result = None symbols = self.get_symbols() symbols.sort() - for SymbolAddress, SymbolName, SymbolSize in symbols: + for SymbolName, SymbolAddress, SymbolSize in symbols: if SymbolAddress > address: break result = (SymbolName, SymbolAddress, SymbolSize) From 26a476b742c8c4da56197e6e568f9a1737a8a578 Mon Sep 17 00:00:00 2001 From: Pablo Quarella Date: Wed, 17 Nov 2021 16:24:29 -0300 Subject: [PATCH 2/2] Fixes and improves for Python 3 --- winappdbg/debug.py | 23 ++++++++++++++++------- winappdbg/disasm.py | 8 ++++---- winappdbg/module.py | 4 ++-- winappdbg/process.py | 11 ++++++++--- winappdbg/textio.py | 9 +++------ winappdbg/thread.py | 3 ++- winappdbg/win32/kernel32.py | 4 ++-- 7 files changed, 37 insertions(+), 25 deletions(-) diff --git a/winappdbg/debug.py b/winappdbg/debug.py index 30eb9fc7..f34692d9 100644 --- a/winappdbg/debug.py +++ b/winappdbg/debug.py @@ -50,6 +50,8 @@ from .event import Event, EventDispatcher, EventFactory from .interactive import ConsoleDebugger +from time import time + import warnings ##import traceback @@ -57,7 +59,7 @@ try: WindowsError except NameError: - from winappdbg.win32 import WindowsError + from win32 import WindowsError #============================================================================== @@ -505,7 +507,8 @@ def execl(self, lpCmdLine, **kwargs): # Warn when mixing 32 and 64 bits. # This also allows the user to stop attaching altogether, # depending on how the warnings are configured. - if System.bits != aProcess.get_bits(): + BITS_WARNING_FLAG = False + if System.bits != aProcess.get_bits() and BITS_WARNING_FLAG: msg = "Mixture of 32 and 64 bits is considered experimental." \ " Use at your own risk!" warnings.warn(msg, MixedBitsWarning) @@ -1063,7 +1066,7 @@ def stop(self, bIgnoreExceptions = True): # Close all Win32 handles the Python garbage collector failed to close. self.force_garbage_collection(bIgnoreExceptions) - def next(self): + def next(self,time_limit_in_seconds = 0): """ Handles the next debug event. @@ -1079,16 +1082,21 @@ def next(self): event handler raises an exception nobody catches. """ try: - event = self.wait() # NOQA + try: + event = self.wait(time_limit_in_seconds * 1000) # NOQA + except WindowsError: + if time_limit_in_seconds == 0: + pass + else: + raise except Exception: self.stop() - raise try: self.dispatch() finally: self.cont() - def loop(self): + def loop(self,time_limit_in_seconds = 0): """ Simple debugging loop. @@ -1118,8 +1126,9 @@ def loop(self): continued before returning. This may happen, for example, if the event handler raises an exception nobody catches. """ + while self: - self.next() + self.next(time_limit_in_seconds) def get_debugee_count(self): """ diff --git a/winappdbg/disasm.py b/winappdbg/disasm.py index 2026ca80..1d7799b3 100644 --- a/winappdbg/disasm.py +++ b/winappdbg/disasm.py @@ -509,7 +509,7 @@ def __init__(self, arch = None): try: self.__bug = not isinstance( list(capstone.cs_disasm_quick( - capstone.CS_ARCH_X86, capstone.CS_MODE_32, "\x90", 1 + capstone.CS_ARCH_X86, capstone.CS_MODE_32, b"\x90", 1 ))[0], capstone.capstone.CsInsn ) @@ -609,10 +609,10 @@ def decode(self, address, code): mnemonic = "dcb " bytes = [] for b in skipped: - if b.isalpha(): - bytes.append("'%s'" % b) + if chr(b).isalpha(): + bytes.append("'%s'" % chr(b)) else: - bytes.append("0x%x" % ord(b)) + bytes.append("0x%x" % b) op_str = ", ".join(bytes) disasm = mnemonic + op_str diff --git a/winappdbg/module.py b/winappdbg/module.py index 479b795e..a0ba9d2b 100644 --- a/winappdbg/module.py +++ b/winappdbg/module.py @@ -56,7 +56,7 @@ try: WindowsError except NameError: - from winappdbg.win32 import WindowsError + from win32 import WindowsError #============================================================================== @@ -1141,7 +1141,7 @@ def parse_label(module = None, function = None, offset = None): # Validate the parameters. if module is not None and ('!' in module or '+' in module): raise ValueError("Invalid module name: %s" % module) - if function is not None and ('!' in function or '+' in function): + if function is not None and ('!' in str(function) or '+' in str(function)): raise ValueError("Invalid function name: %s" % function) # Parse the label. diff --git a/winappdbg/process.py b/winappdbg/process.py index 1f5b8162..d535b0cf 100644 --- a/winappdbg/process.py +++ b/winappdbg/process.py @@ -68,7 +68,7 @@ try: WindowsError except NameError: - from winappdbg.win32 import WindowsError, getenv # NOQA + from win32 import WindowsError, getenv # NOQA # delayed import System = None @@ -1161,7 +1161,10 @@ def get_environment_variables(self): # renders garbage. # Read the environment block contents. - data = self.peek( *self.get_environment_block() ) + + eb_address,eb_size = self.get_environment_block() + data = self.peek(eb_address,eb_size) + # Put them into a Unicode buffer. tmp = ctypes.create_string_buffer(data) @@ -1261,6 +1264,7 @@ def get_environment_data(self, fUnicode = None): block = [ key + u'=' + value for (key, value) \ in self.get_environment_variables() ] + # Convert the data to ANSI if requested. if fUnicode is None: gst = win32.GuessStringType @@ -1967,8 +1971,9 @@ def read_string(self, lpBaseAddress, nChars, fUnicode = False): def __peek_c_type(self, address, format, c_type): size = ctypes.sizeof(c_type) packed = self.peek(address, size) + if len(packed) < size: - packed = '\0' * (size - len(packed)) + packed + packed = b'\0' * (size - len(packed)) + packed elif len(packed) > size: packed = packed[:size] return struct.unpack(format, packed)[0] diff --git a/winappdbg/textio.py b/winappdbg/textio.py index 0d4ba7b4..16f42bb8 100644 --- a/winappdbg/textio.py +++ b/winappdbg/textio.py @@ -1357,8 +1357,7 @@ def dump_registers_peek(registers, data, separator = ' ', width = 16): """ if None in (registers, data): return '' - names = data.keys() - names.sort() + names = sorted(data) result = '' for reg_name in names: tag = reg_name.lower() @@ -1390,8 +1389,7 @@ def dump_data_peek(data, base = 0, """ if data is None: return '' - pointers = data.keys() - pointers.sort() + pointers = sorted(data) result = '' for offset in pointers: dumped = HexDump.hexline(data[offset], separator, width) @@ -1427,8 +1425,7 @@ def dump_stack_peek(data, separator = ' ', width = 16, arch = None): return '' if arch is None: arch = win32.arch - pointers = data.keys() - pointers.sort() + pointers = sorted(data) result = '' if pointers: if arch == win32.ARCH_I386: diff --git a/winappdbg/thread.py b/winappdbg/thread.py index 599fbaec..e3fadc1e 100644 --- a/winappdbg/thread.py +++ b/winappdbg/thread.py @@ -50,7 +50,7 @@ try: WindowsError except NameError: - from winappdbg.win32 import WindowsError + from win32 import WindowsError # delayed imports Process = None @@ -1363,6 +1363,7 @@ def get_stack_frame(self, max_size = None): or reading data from the process memory. """ sp, fp = self.get_stack_frame_range() + print(sp,fp) size = fp - sp if max_size and size > max_size: size = max_size diff --git a/winappdbg/win32/kernel32.py b/winappdbg/win32/kernel32.py index 772f6745..f9b8c599 100644 --- a/winappdbg/win32/kernel32.py +++ b/winappdbg/win32/kernel32.py @@ -3707,8 +3707,8 @@ def ReadProcessMemory(hProcess, lpBaseAddress, nSize): lpBuffer = ctypes.create_string_buffer(b'', nSize) lpNumberOfBytesRead = SIZE_T(0) success = _ReadProcessMemory(hProcess, lpBaseAddress, lpBuffer, nSize, byref(lpNumberOfBytesRead)) - if not success and GetLastError() != ERROR_PARTIAL_COPY: - raise ctypes.WinError() + #if not success and GetLastError() != ERROR_PARTIAL_COPY: + # raise ctypes.WinError() return (lpBuffer.raw)[:lpNumberOfBytesRead.value] # BOOL WINAPI WriteProcessMemory(