Package winappdbg

[frames] | no frames]

Package winappdbg

source code

Windows application debugging engine for Python.

by Mario Vilas (mvilas at gmail.com)

Project: http://sourceforge.net/projects/winappdbg/

Web: http://winappdbg.sourceforge.net/

Blog: http://breakingcode.wordpress.com

Submodules

[hide private]

winappdbg.breakpoint: Breakpoints.
winappdbg.crash: Crash dump support.
winappdbg.debug: Debugging.
winappdbg.disasm: Binary code disassembly.
winappdbg.event: Event handling module.
winappdbg.interactive: Interactive debugging console.
winappdbg.module: Module instrumentation.
winappdbg.process: Process instrumentation.
winappdbg.registry: Registry access.
winappdbg.search: Process memory search.
winappdbg.sql: SQL database storage support.
winappdbg.system: System settings.
winappdbg.textio: Functions for text input, logging or text output.
winappdbg.thread: Thread instrumentation.
winappdbg.util: Miscellaneous utility classes and functions.
winappdbg.window: Window instrumentation.

Win32 API wrappers

winappdbg.win32: Debugging API wrappers in ctypes.
- winappdbg.win32.advapi32: Wrapper for advapi32.dll in ctypes.
- winappdbg.win32.context_amd64: CONTEXT structure for amd64.
- winappdbg.win32.context_i386: CONTEXT structure for i386.
- winappdbg.win32.dbghelp: Wrapper for dbghelp.dll in ctypes.
- winappdbg.win32.defines: Common definitions.
- winappdbg.win32.gdi32: Wrapper for gdi32.dll in ctypes.
- winappdbg.win32.kernel32: Wrapper for kernel32.dll in ctypes.
- winappdbg.win32.ntdll: Wrapper for ntdll.dll in ctypes.
- winappdbg.win32.peb_teb: PEB and TEB structures, constants and data types.
- winappdbg.win32.psapi: Wrapper for psapi.dll in ctypes.
- winappdbg.win32.shell32: Wrapper for shell32.dll in ctypes.
- winappdbg.win32.shlwapi: Wrapper for shlwapi.dll in ctypes.
- winappdbg.win32.user32: Wrapper for user32.dll in ctypes.
- winappdbg.win32.version: Detect the current architecture and operating system.
- winappdbg.win32.wtsapi32: Wrapper for wtsapi32.dll in ctypes.

Classes

[hide private]

Debugging

Debug
The main debugger class.

EventHandler
Base class for debug event handlers.

EventSift
Event handler that allows you to use customized event handlers for each process you're attached to.

DebugLog
Static functions for debug logging.

Instrumentation

Module
Interface to a DLL library loaded in the context of another process.

Process
Interface to a process.

Registry
Exposes the Windows Registry as a Python container.

System
Interface to a batch of processes, plus some system wide settings.

Thread
Interface to a thread in another process.

Window
Interface to an open window in the current desktop.

Disassemblers

PyDasmEngine
Integration with PyDasm: Python bindings to libdasm.

Disassembler
Generic disassembler.

DistormEngine
Integration with the diStorm disassembler by Gil Dabah.

BeaEngine
Integration with the BeaEngine disassembler by Beatrix.

Crash reporting

CrashDictionary
Dictionary-like persistence interface for Crash objects.

Crash
Represents a crash, bug, or another interesting event in the debugee.

CrashDump
Static functions for crash dumps.

CrashDAO
Data Access Object to read, write and search for Crash objects in a database.

Memory search

Search
Static class to group the search functionality.

TextPattern
Text pattern.

Pattern
Base class for search patterns.

BytePattern
Fixed byte pattern.

HexPattern
Hexadecimal pattern.

RegExpPattern
Regular expression pattern.

Debug events

UnloadDLLEvent
Module unload event.

ExitThreadEvent
Thread termination event.

OutputDebugStringEvent
Debug string output event.

RIPEvent
RIP event.

ExitProcessEvent
Process termination event.

CreateProcessEvent
Process creation event.

LoadDLLEvent
Module load event.

Event
Event object.

ExceptionEvent
Exception event.

CreateThreadEvent
Thread creation event.

Win32 API wrappers

Handle
Encapsulates Win32 handles to avoid leaking them.

ProcessHandle
Win32 process handle.

ThreadHandle
Win32 thread handle.

FileHandle
Win32 file handle.

Helpers

HexDump
Static functions for hexadecimal dumps.

Color
Colored console output.

HexOutput
Static functions for user output parsing.

Table
Text based table.

HexInput
Static functions for user input parsing.

Logger
Logs text to standard output and/or a text file.

MemoryAddresses
Class to manipulate memory addresses.

DebugRegister
Class to manipulate debug registers.

PathOperations
Static methods for filename and pathname manipulation.

Warnings

BreakpointWarning
This warning is issued when a non-fatal error occurs that's related to breakpoints.

BreakpointCallbackWarning
This warning is issued when an uncaught exception was raised by a breakpoint's user-defined callback.

CrashWarning
An error occurred while gathering crash data.

MixedBitsWarning
This warning is issued when mixing 32 and 64 bit processes.

EventCallbackWarning
This warning is issued when an uncaught exception was raised by a user-defined event handler.

DebugSymbolsWarning
This warning is issued if the support for debug symbols isn't working properly.

Deprecated classes

CrashTableMSSQL
Old crash dump persistencer using a Microsoft SQL Server database.

DummyCrashContainer
Fakes a database of volatile Crash objects, trying to mimic part of it's interface, but doesn't actually store anything.

VolatileCrashContainer
Old in-memory crash dump storage.

CrashTable
Old crash dump persistencer using a SQLite database.

CrashContainer
Old crash dump persistencer using a DBM database.

Functions

[hide private]

Helpers

generator of win32.MemoryBasicInformation

WriteableAddressIterator(memory_map)
Generator function that iterates through a memory map, returning only those memory blocks that are writeable.

source code

generator of win32.MemoryBasicInformation

CustomAddressIterator(memory_map, condition)
Generator function that iterates through a memory map, filtering memory region blocks by any given condition.

source code

generator of win32.MemoryBasicInformation

MappedAddressIterator(memory_map)
Generator function that iterates through a memory map, returning only those memory blocks that belong to memory mapped files.

source code

generator of win32.MemoryBasicInformation

ExecutableAddressIterator(memory_map)
Generator function that iterates through a memory map, returning only those memory blocks that are executable.

source code

generator of win32.MemoryBasicInformation

ReadableAddressIterator(memory_map)
Generator function that iterates through a memory map, returning only those memory blocks that are readable.

source code

generator of win32.MemoryBasicInformation

DataAddressIterator(memory_map)
Generator function that iterates through a memory map, returning only those memory blocks that contain data.

source code

generator of win32.MemoryBasicInformation

ExecutableAndWriteableAddressIterator(memory_map)
Generator function that iterates through a memory map, returning only those memory blocks that are executable and writeable.

source code

generator of win32.MemoryBasicInformation

ImageAddressIterator(memory_map)
Generator function that iterates through a memory map, returning only those memory blocks that belong to executable images.

source code

Variables

[hide private]

__revision__ = '$Id: __init__.py 1303 2013-12-20 12:14:40Z qva...

float version_number = 1.5
This WinAppDbg major and minor version, as a floating point number.

str version = 'Version 1.5'
This WinAppDbg release version, as a printable string.

__package__ = 'winappdbg'

Function Details

[hide private]

WriteableAddressIterator(memory_map)

source code

Generator function that iterates through a memory map, returning only those memory blocks that are writeable.

Parameters:

memory_map (list( win32.MemoryBasicInformation )) - List of memory region information objects. Returned by Process.get_memory_map.

Returns: generator of win32.MemoryBasicInformation

Generator object to iterate memory blocks.

Note: Writeable memory is always readable too.

CustomAddressIterator(memory_map, condition)

source code

Generator function that iterates through a memory map, filtering memory region blocks by any given condition.

Parameters:

memory_map (list( win32.MemoryBasicInformation )) - List of memory region information objects. Returned by Process.get_memory_map.
condition (function) - Callback function that returns True if the memory block should be returned, or False if it should be filtered.

Returns: generator of win32.MemoryBasicInformation

Generator object to iterate memory blocks.

MappedAddressIterator(memory_map)

source code

Generator function that iterates through a memory map, returning only those memory blocks that belong to memory mapped files.

Parameters:

memory_map (list( win32.MemoryBasicInformation )) - List of memory region information objects. Returned by Process.get_memory_map.

Returns: generator of win32.MemoryBasicInformation

Generator object to iterate memory blocks.

ExecutableAddressIterator(memory_map)

source code

Generator function that iterates through a memory map, returning only those memory blocks that are executable.

Parameters:

memory_map (list( win32.MemoryBasicInformation )) - List of memory region information objects. Returned by Process.get_memory_map.

Returns: generator of win32.MemoryBasicInformation

Generator object to iterate memory blocks.

Note: Executable memory is always readable too.

ReadableAddressIterator(memory_map)

source code

Generator function that iterates through a memory map, returning only those memory blocks that are readable.

Parameters:

memory_map (list( win32.MemoryBasicInformation )) - List of memory region information objects. Returned by Process.get_memory_map.

Returns: generator of win32.MemoryBasicInformation

Generator object to iterate memory blocks.

DataAddressIterator(memory_map)

source code

Generator function that iterates through a memory map, returning only those memory blocks that contain data.

Parameters:

memory_map (list( win32.MemoryBasicInformation )) - List of memory region information objects. Returned by Process.get_memory_map.

Returns: generator of win32.MemoryBasicInformation

Generator object to iterate memory blocks.

ExecutableAndWriteableAddressIterator(memory_map)

source code

Generator function that iterates through a memory map, returning only those memory blocks that are executable and writeable.

Parameters:

memory_map (list( win32.MemoryBasicInformation )) - List of memory region information objects. Returned by Process.get_memory_map.

Returns: generator of win32.MemoryBasicInformation

Generator object to iterate memory blocks.

Note: The presence of such pages make memory corruption vulnerabilities much easier to exploit.

ImageAddressIterator(memory_map)

source code

Generator function that iterates through a memory map, returning only those memory blocks that belong to executable images.

Parameters:

memory_map (list( win32.MemoryBasicInformation )) - List of memory region information objects. Returned by Process.get_memory_map.

Returns: generator of win32.MemoryBasicInformation

Generator object to iterate memory blocks.

Variables Details

[hide private]

revision

Value:

'$Id: __init__.py 1303 2013-12-20 12:14:40Z qvasimodo $'

version_number

This WinAppDbg major and minor version, as a floating point number. Use this for compatibility checking.

Type:: float

Value:

1.5

version

This WinAppDbg release version, as a printable string. Use this to show to the user.

Type:: str

Value:

'Version 1.5'