Last active
April 25, 2017 10:03
-
-
Save RobinDavid/9213756 to your computer and use it in GitHub Desktop.
Pydbg: sample hook exception (access violation)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ''' | |
| #This commented program is vulnerable to a buffer overflow (copy it in a separate file) | |
| from ctypes import * | |
| msvcrt = cdll.msvcrt | |
| raw_input("Once the debbuger is attached press any key") # Give the debugger time to attach, then hit a button | |
| buffer = c_char_p("AAAAA") # Create the 5-byte destination buffer | |
| #The Overflow string | |
| overflow = 'A' * 100 | |
| msvcrt.strcpy(buffer,overflow) #Run the overflow | |
| ''' | |
| ''' | |
| Main program that handle the access violation: | |
| ''' | |
| from pydbg import * | |
| from pydbg.defines import * | |
| import utils #Utility libraries included with PyDbg | |
| # This is our access violation handler | |
| def check_accessv(dbg): | |
| # We skip first-chance exceptions | |
| if dbg.dbg.u.Exception.dwFirstChance: | |
| return DBG_EXCEPTION_NOT_HANDLED | |
| crash_bin = utils.crash_binning.crash_binning() | |
| crash_bin.record_crash(dbg) | |
| print crash_bin.crash_synopsis() | |
| dbg.terminate_process() | |
| return DBG_EXCEPTION_NOT_HANDLED | |
| pid = raw_input("Enter the PID: ") | |
| dbg = pydbg() | |
| dbg.attach(int(pid)) | |
| dbg.set_callback(EXCEPTION_ACCESS_VIOLATION,check_accessv) #Create the callback for the exception access violation | |
| dbg.run() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment