masthoon / pwintools Goto Github PK

Python 2&3: PythonForWindows won't install automatically

If I do,

pip install pwintools

or

cd pwintools
pip install .

The installation will fail because Pip will fail to find a PythonForWindows package (not only of v0.4, but any)

However, if I download the repo off Github (whether master or dev. Dev supports Py3), and then manually install it, and then install pwintools, having removed PythonForWindows lines from setup.py, the installation and, most importantly, usage of pwintools gets set up correctly

I wonder if anyone else experiences the same issue

This commit 5dada36 has some good features like remove string not set with bytes.

Sadly it also decrase the python3 style.

xrange is a python2 stuff and should be removed. I want to avoid that developper in the future spend hours to understand how xrange works to finally realize this is a python2 stuff.

I have already removed it in an old commit but somebody has put it back. So instead of remove it again and start a war I decided to open an issue to discuss and debate on what is the best between range and xrange.

I would like to share the possible solution for the encoding issue with the spawn_debugger() using python3.10.

PROBLEM

The below code triggers an error, because of no encoding in the spawn_debugger().

from pwintools import *
p = Process(b"C:\\Users\\karol\\Desktop\\t\\ch72.exe")
p.debuggerpath = b"C:\\Program Files (x86)\\Windows Kits\\10\\Debuggers\\x86\\windbg.exe"
p.spawn_debugger(breakin = True, dbg_cmd = None)

Traceback (most recent call last):
  File "C:\Users\karol\Desktop\t\a.py", line 34, in <module>
    p.spawn_debugger(breakin = True, dbg_cmd = None)
  File "C:\Program Files\Python310\lib\site-packages\pwintools-0.5-py3.10.egg\pwintools.py", line 915, in spawn_debugger
  File "C:\Program Files\Python310\lib\site-packages\pwintools-0.5-py3.10.egg\pwintools.py", line 656, in __init__
  File "C:\Program Files\Python310\lib\site-packages\pwintools-0.5-py3.10.egg\pwintools.py", line 698, in _create_process
  File "C:\Program Files\Python310\lib\site-packages\pwintools-0.5-py3.10.egg\pwintools.py", line 698, in <listcomp>
TypeError: string argument without an encoding

SOLUTION

I modified the spawn_debugger() like below, adding the encode() and b for all strings:

    def spawn_debugger(self, breakin=True, dbg_cmd=None):
        """spawn_debugger(breakin = True, dbg_cmd = None) spawns Windbg (self.debuggerpath) to debug the process"""
        cmd = [self.debuggerpath, b'-p', str(self.pid).encode()]
        if not breakin:
            cmd.append(b'-g')
        if dbg_cmd:
            cmd.append(b'-c')
            cmd.append(dbg_cmd.encode())
        self.debugger = Process(cmd, nostdhandles=True)
        # Give time to the debugger
        time.sleep(1)

After that, I reinstalled the library, and the problem was solved:

pip uninstall pwintools
python setup.py install

Thought I'd throw it in here. Someone may find it useful.

To use the spawn_debugger() function we need to have wingdb installed in 'C:\Program Files (x86)\Windows Kits\10\Debuggers\x64\windbg.exe' this is not mentionned nowhere.

I also suggest to check in the code and notify the user if this is not installed.

Waiting for next release of PythonForWindows with python 3 support.

https://github.com/mhammond/pywin32 seem more mature than pythonForWindows. In my humble opinion we could use it.

Fell free to give your opinion.

This is a really neat project! I used to have some basic support for targeting Windows binaries (rather than running against them).

It would be really neat to get your shellcode imported into the main Pwntools repository, as a starting point.

Pipe() could be replaced by os.pipe and Minilogger could be repalced by print or another built in function. This code is useless.

Wanted to ask if there is a way that windbg reamain opened from spawn_debugger or if there are other functions that help with debugging,.
Thanks in advance

I have already seriously started to integrate pwintools on pwntools as asked in this issue: #4. See these PRs: Gallopsled/pwntools#1959 and Gallopsled/pwntools#1978.

In my humble opinion, this is now useless to continue to work on pwintools. This is now just a duplicate of pwntools. You can set the repo in read only and tell why in the readme to ensure that nobody will work for nothing.

Pwintools was useful to see how PythonForWindows can interact for pwntools.

This was a great experience. Nice to meet you.