Menu
▾
▴
Re: [Pypeelf-users] Featuers for v1.0
|
From: +NCR/CRC! [ReVeRsEr] <nah...@gm...> - 2009-10-09 23:47:50
|
the tests i made were in Windows 7 x64. i talked with mario (winappdbg main developer) and it seems there are several things in winappdbg that does't work in windows versions > XP x64. For example, the PEB struct in Vista / 7 / 2008 is greater that the one in xp, so he told me that he is working on this to support Vista and newer Windows versions. we will need to wait a little bit to see what happens. On Fri, Oct 9, 2009 at 3:17 PM, +NCR/CRC! [ReVeRsEr] <nah...@gm...>wrote: > > Finally!, > > after a long figth with python packages i'm currently running pypeelf under > x64, all with native x64 packages. > > There is a small issue in the Task List viewver when it tries to get the > image base of a module, winappdbg raise an error like this: > > C:\pypeelf\trunk>python PyPeElfMain.py > Traceback (most recent call last): > File "C:\pypeelf\trunk\pypeelf_maindlg.py", line 166, in OnTaskMenuItem > taskDlg = tasks.create(self) > File "C:\pypeelf\trunk\tasks.py", line 42, in create > return task_viewer(parent) > File "C:\pypeelf\trunk\tasks.py", line 170, in __init__ > self.loadProcesses() > File "C:\pypeelf\trunk\tasks.py", line 199, in loadProcesses > image_base = hex_up_8(p.get_image_base()) > File "C:\pypeelf\trunk\app\process.py", line 88, in get_image_base > return self.process.get_image_base() > File "C:\Python26\lib\site-packages\winappdbg\system.py", line 3575, in > get_im > age_base > return self.get_peb().ImageBaseAddress > File "C:\Python26\lib\site-packages\winappdbg\system.py", line 3549, in > get_pe > b > return self.read_structure(self.get_peb_address(), win32.PEB) > File "C:\Python26\lib\site-packages\winappdbg\system.py", line 3560, in > get_pe > b_address > win32.ProcessBasicInformation) > File "C:\Python26\lib\site-packages\winappdbg\win32\ntdll.py", line 1285, > in N > tQueryInformationProcess > raise ctypes.WinError( RtlNtStatusToDosError(ntstatus) ) > WindowsError: [Error 24] The program issued a command but the command > length is > incorrect. > > > On Thu, Oct 8, 2009 at 3:19 PM, +NCR/CRC! [ReVeRsEr] <nah...@gm... > > wrote: > >> nop, i'm working with v1.2, i will try it with v1.3b and i will let you >> know!. >> >> >> On Thu, Oct 8, 2009 at 3:16 PM, Matias Bordese <mbo...@gm...>wrote: >> >>> I'm not sure, but maybe you can confirm :) >>> It seems like 64 bits support for winappdbg wasn't there for the 1.2 >>> version (that was the one we started to develop with); from what I can >>> see in the winappdbg site/tickets there is some work in progress and >>> 1.3beta partially works on win64. Are you trying this winappdbg >>> version? Could you check that? >>> >>> On Thu, Oct 8, 2009 at 3:03 PM, +NCR/CRC! [ReVeRsEr] >>> <nah...@gm...> wrote: >>> > C:\pypeelf\third-party\winappdbg-1.2\examples\instrumentation>python >>> > example1.py >>> > >>> > Traceback (most recent call last): >>> > File "example1.py", line 38, in <module> >>> > System.request_debug_privileges() >>> > File "C:\Python25\Lib\site-packages\winappdbg\system.py", line 5586, >>> in >>> > reques >>> > t_debug_privileges >>> > win32.TOKEN_ADJUST_PRIVILEGES) >>> > File "C:\Python25\Lib\site-packages\winappdbg\win32\advapi32.py", >>> line >>> > 131, in >>> > OpenProcessToken >>> > raise ctypes.WinError() >>> > WindowsError: [Error 6] The handle is invalid. >>> > >>> > On Thu, Oct 8, 2009 at 3:02 PM, +NCR/CRC! [ReVeRsEr] < >>> nah...@gm...> >>> > wrote: >>> >> >>> >> currently, winappdbg is raising an exception and i'm sure that is >>> ctypes >>> >> fault!. >>> >> >>> >> On Thu, Oct 8, 2009 at 3:00 PM, Matias Bordese <mbo...@gm...> >>> wrote: >>> >>> >>> >>> > btw, i'm testing pypeelf in Windows 7 Ultimate RTM x64. If we >>> install >>> >>> > Python + wxPython + pefile + extra modules (x86 version) >>> everything >>> >>> > works >>> >>> > fine (i think) but i have a problem to run it in x64 native because >>> >>> > Python >>> >>> > wxPython x64 does not recognize the Python x64 installation, >>> besides, >>> >>> > it >>> >>> > seems that ctypes it has not x64 native version (fuck!) (am i right >>> >>> > matias?). >>> >>> >>> >>> You will probably need to install specifically the win64 version >>> (that >>> >>> you can download here: http://sourceforge.net/projects/ctypes/files/ >>> ), >>> >>> although it is the first version for 64 bits and it could have some >>> >>> problems >>> >>> ( >>> http://mail.python.org/pipermail/python-announce-list/2007-May/005852.html >>> ). >>> >>> >>> >>> Let me know! >>> >>> >>> >>> >>> >>> >>> ------------------------------------------------------------------------------ >>> >>> Come build with us! The BlackBerry(R) Developer Conference in SF, CA >>> >>> is the only developer event you need to attend this year. Jumpstart >>> your >>> >>> developing skills, take BlackBerry mobile applications to market and >>> stay >>> >>> ahead of the curve. Join us from November 9 - 12, 2009. Register now! >>> >>> http://p.sf.net/sfu/devconference >>> >>> _______________________________________________ >>> >>> Pypeelf-users mailing list >>> >>> Pyp...@li... >>> >>> https://lists.sourceforge.net/lists/listinfo/pypeelf-users >>> >> >>> >> >>> >> >>> >> -- >>> >> +NCR/CRC! [ReVeRsEr] // CracksLatinoS! 2003 - 2009 >>> >> >>> >> http://crackinglandia.blogspot.com >>> >> http://twitter.com/crackinglandia >>> >> http://www.reversinglabs.com.ar/blog >>> >> http://www.reversinglabs.com.ar/ncr >>> > >>> > >>> > >>> > -- >>> > +NCR/CRC! [ReVeRsEr] // CracksLatinoS! 2003 - 2009 >>> > >>> > http://crackinglandia.blogspot.com >>> > http://twitter.com/crackinglandia >>> > http://www.reversinglabs.com.ar/blog >>> > http://www.reversinglabs.com.ar/ncr >>> > >>> > >>> ------------------------------------------------------------------------------ >>> > Come build with us! The BlackBerry(R) Developer Conference in SF, CA >>> > is the only developer event you need to attend this year. Jumpstart >>> your >>> > developing skills, take BlackBerry mobile applications to market and >>> stay >>> > ahead of the curve. Join us from November 9 - 12, 2009. Register now! >>> > http://p.sf.net/sfu/devconference >>> > _______________________________________________ >>> > Pypeelf-users mailing list >>> > Pyp...@li... >>> > https://lists.sourceforge.net/lists/listinfo/pypeelf-users >>> > >>> > >>> >>> >>> ------------------------------------------------------------------------------ >>> Come build with us! The BlackBerry(R) Developer Conference in SF, CA >>> is the only developer event you need to attend this year. Jumpstart your >>> developing skills, take BlackBerry mobile applications to market and stay >>> ahead of the curve. Join us from November 9 - 12, 2009. Register now! >>> http://p.sf.net/sfu/devconference >>> _______________________________________________ >>> Pypeelf-users mailing list >>> Pyp...@li... >>> https://lists.sourceforge.net/lists/listinfo/pypeelf-users >>> >> >> >> >> -- >> +NCR/CRC! [ReVeRsEr] // CracksLatinoS! 2003 - 2009 >> >> http://crackinglandia.blogspot.com >> http://twitter.com/crackinglandia >> http://www.reversinglabs.com.ar/blog >> http://www.reversinglabs.com.ar/ncr >> > > > > -- > +NCR/CRC! [ReVeRsEr] // CracksLatinoS! 2003 - 2009 > > http://crackinglandia.blogspot.com > http://twitter.com/crackinglandia > http://www.reversinglabs.com.ar/blog > http://www.reversinglabs.com.ar/ncr > -- +NCR/CRC! [ReVeRsEr] // CracksLatinoS! 2003 - 2009 http://crackinglandia.blogspot.com http://twitter.com/crackinglandia http://www.reversinglabs.com.ar/blog http://www.reversinglabs.com.ar/ncr |
