-
Notifications
You must be signed in to change notification settings - Fork 8
/
Copy pathwinappdbgtest.py
87 lines (69 loc) · 2.55 KB
/
winappdbgtest.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
# sample script to demonstrate use of winappdbg
# written by corelanc0d3r
# www.corelan.be // www.corelan-training.com // www.corelan-consulting.com
from winappdbg import *
from time import time, sleep
import sys
import string
import os
import subprocess
class Dbg:
def __init__(self, app, delay=7):
self.app = app
self.delay = delay
self.current_file = ''
def event_handler(self, event):
code = event.get_event_code()
if code == win32.EXCEPTION_DEBUG_EVENT and event.is_last_chance():
print("********************* Crash detected!!! ************************")
# Get the thread which generated the event
thread = Thread(event.get_tid())
# Get basic infomation about the event
msg = str(Crash(event))
try:
eip = thread.get_pc()
code = thread.disassemble_around_pc(eip)
msg += str(CrashDump.dump_code(code, eip))
except WindowsError as e:
pass
print msg
# Log information about the crash (registers, disassemby, so on)
#logger = Logger('crashes/' + filename + '.log')
#logger.log_event(event, msg)
# Attempt to kill the process
event.get_process().kill()
def run(self):
testcase = 1
while True:
with Debug(self.event_handler, bKillOnExit=True) as dbg:
System.set_kill_on_exit_mode(True)
# get next case file...
# for the sake of the exercise, we'll use the same file every time
self.current_file = r'C:\Users\blackleitus\Desktop\fuzzing\fuzzing\CRASH_POC\\crash_0a06fc26-a8fa-4e91-bec1-5090a50c6289.dat'
print("Case #%d: running %s %s" % (testcase, self.app, self.current_file))
dbg.execv([self.app] + [self.current_file])
max_time = time() + self.delay
while dbg and time() < max_time:
try:
# Get the next debug event.
dbg.wait(1000) # 1 second accuracy
# If wait() times out just try again. On any other error stop debugging.
except WindowsError, e:
if e.winerror in (win32.ERROR_SEM_TIMEOUT, win32.WAIT_TIMEOUT):
continue
raise
# Dispatch the event and continue execution.
try:
dbg.dispatch()
finally:
dbg.cont()
testcase += 1
# Kill any existing process of our target
for (process, name) in dbg.system.find_processes_by_filename('fuzzme.exe'):
#print process.get_pid(), name
pid = process.get_pid()
dbg.detach(process.get_pid())
with open(os.devnull, "w") as fnull:
subprocess.call(['taskkill', '/F', '/T', '/PID', str(pid)], stdout = fnull, stderr = fnull)
dbgengine = Dbg(r'C:\Users\blackleitus\Desktop\fuzzing\fuzzing\fuzzme.exe')
dbgengine.run()