Winpwn
windows debug and exploit toolset for both user and kernel mode
Install / Use
/learn @Byzero512/WinpwnREADME
winpwn: pwntools for windows
windows debug and exploit toolset for both user and kernel mode
pre
- support python2/python3
- support windbg/windbgx
setup
- pip/pip3 install winpwn
- optional:
- launch debugger: modify file .winpwn and copy it to windows <b>HOMEDIR</b>(python:
os.path.expanduser("~\\.winpwn")) - pip install pefile
- pip install keystone
- pip install capstone
- launch debugger: modify file .winpwn and copy it to windows <b>HOMEDIR</b>(python:
usage
process
p = process("./pwn")
p = process(["./pwn", "argv[1]", "argv[2]"])
p.readm(addr, n) # read process memory
p.writem(addr, con = "") # write process memory
remote
r = remote("127.0.0.1", 65535)
context
context.timeout = 512
context.debugger = "gdb" # or "windbg" or "x64dbg" or "windbgx"
context.endian = "little"
context.log_level = "" # or "debug"
context.terminal = []
context.newline = "\r\n"
context.arch = "i386" # or "amd64"
content.pie = None
context.dbginit = None # used to set debugger init script
context.windbg = None # set debugger path, or use .winpwn to find debugger path
context.windbgx = None
content.gdb = None
context.x64dbg = None
context.nocolor = None # if set, will print non-colorful output to terminal
debug: windbg/windbgx
for details, take a look at dbg.py
windbgx.attach(p, script = "bp 0x401000") # debug local process
windbgx.remote("127.0.0.1,1234") # attach to dbgsrv to debug process remotely
windbgx.com(...) # debug kernel with serial port
windbgx.net(...) # debug kernel with kdnet
asm/disasm:
asm("push ebp")
disasm("\x55")
configure
if you want to use debugger like gdb-peda, you need to deal with the deps yourself
windbgx/windbg
photos
windbgx/windbg
refs
- https://github.com/masthoon/pwintools
- https://github.com/hakril/PythonForWindows
