for CTF windows pwn
- there are two versions of winpwn: winpwn-deps and winpwn-nodeps
- for winpwn-deps:
- based on pwintools,but I complete the IO interactive and debug module
- have bug, and I will not update it anymore, so I suggest you use winpwn-nodeps
- not support python3 and just can install from source code
- for winpwn-nodeps: written by myself.
- just use ctypes to invoke Windows API.
- support python2.7 and python3
- can use pip to install winpwn-nodeps
- for debug
- if you install by source code, modify the PATH of debugger in winpwn/var.py
- or if you use winpwn-nodeps, touch a json file in HOMEDIR(named ".winpwn") whose content format refers winpwn-nodeps/.winpwn
- I just test winpwn on cmder(if use cmder , please must use it on "cmd::cmder as Admin", not bash)
- pip install winpwn
- or pip3 install winpwn
- git clone https://github.com/Byzero512/winpwn.git
- cd winpwn\winpwn-nodeps
- python setup.py install / python3 setup.py install
1. process
+ process("./pwn")
+ process(["./pwn"])
2. remote
+ remote("127.0.0.1", 65535)
3. context
+ context.timeout=512
+ context.debugger="gdb" # or "windbg" or "x64dbg"
+ context.endian="little"
+ context.log_level="" # or "debug"
+ context.terminal=[ ]
+ context.newline="\r\n"
4. dbg: gdb(mingw gdb), windbg, x64dbg
+ gdb.attach(p, script="b *0x401000")
+ windbg.attach(p,script="bp 0x123456")
+ x64dbg.attach(p) #can not parse script file yet
if you want to use debugger like gdb-peda, you need to deal with the deps yourself
for gdb-peda like show as bellow, you need:
- mingw-gdb installer:
- https://github.com/Byzero512/wibe (a gdb-peda like gdb-script supports mingw-gdb on windows)
- https://github.com/Byzero512/vmmap-win-cmd (for the command "vmmap" in wibe)
- pykd
- TWindbg: https://github.com/bruce30262/TWindbg
because lacks some commandline options, so just can use x64dbg attach to process and can not deliver init script yet