WinAppDbg module for Python

What is WinAppDbg? The WinAppDbg python module allows developers to quickly code instrumentation scripts in Python under a Windows environment. It uses ctypes to wrap many Win32 API calls related to debugging, and provides an object-oriented ... [More] abstraction layer to manipulate threads, libraries and processes, attach your script as a debugger, trace execution, hook API calls, handle events in your debugee and set breakpoints of different kinds (code, hardware and memory). Additionally it has no native code at all, making it easier to maintain or modify than other debuggers on Windows. The intended audience are QA engineers and software security auditors wishing to test / fuzz Windows applications with quickly coded Python scripts. Several ready to use utilities are shipped and can be used for this purposes. Current features also include disassembling x86/x64 native code, debugging multiple processes simultaneously and produce a detailed log of application crashes, useful for fuzzing and automated testing. What's new in this version? In a nutshell... full 64-bit support (including function hooks!) added support for Windows Vista and above. database code migrated to SQLAlchemy, tested on: MySQL SQLite 3 Microsoft SQL Server should work on other servers too (let me know if it doesn't!) added integration with more disassemblers: BeaEngine: http://www.beaengine.org/ Capstone: http://capstone-engine.org/ Libdisassemble: http://www.immunitysec.com/resources-freesoftware.shtml PyDasm: https://code.google.com/p/libdasm/ added support for postmortem (just-in-time) debugging added support for deferred breakpoints now fully supports manipulating and debugging system services the interactive command-line debugger is now launchable from your scripts (thanks Zen One for the idea!) more UAC-friendly, only requests the privileges it needs before any action added functions to work with UAC and different privilege levels, so it's now possible to run debugees with lower privileges than the debugger added memory search and registry search support added string extraction functionality added functions to work with DEP settings added a new event handler, EventSift, that can greatly simplify coding a debugger script to run multiple targets at the same time added new utility functions to work with colored console output several improvements to the Crash Logger tool integration with already open debugging sessions from other libraries is now possible improvements to the Process and GUI instrumentation functionality implemented more anti-antidebug tricks more tools and code examples, and improvements to the existing ones more Win32 API wrappers lots of miscellaneous improvements, more documentation and bugfixes as usual! Where can I find WinAppDbg? Project homepage: http://winappdbg.sourceforge.net/ Download links: Windows installer (32 bits) http://sourceforge.net/projects/winappdbg/files/WinAppDbg/1.5/winappdbg-1.5.win32.msi/download Windows installer (64 bits) http://sourceforge.net/projects/winappdbg/files/WinAppDbg/1.5/winappdbg-1.5.win-amd64.msi/download Source code http://sourceforge.net/projects/winappdbg/files/WinAppDbg/1.5/winappdbg-1.5.zip/download Documentation: Online http://winappdbg.sourceforge.net/doc/v1.5/tutorial http://winappdbg.sourceforge.net/doc/v1.5/reference Windows Help http://sourceforge.net/projects/winappdbg/files/WinAppDbg/1.5/winappdbg-1.5-tutorial.chm/download http://sourceforge.net/projects/winappdbg/files/WinAppDbg/1.5/winappdbg-1.5-reference.chm/download HTML format (offline) http://sourceforge.net/projects/winappdbg/files/WinAppDbg/1.5/winappdbg-1.5-tutorial.chm/download http://sourceforge.net/projects/winappdbg/files/WinAppDbg/1.5/winappdbg-1.5-reference.chm/download PDF format (suitable for printing) http://sourceforge.net/projects/winappdbg/files/WinAppDbg/1.5/winappdbg-1.5-tutorial.pdf/download http://sourceforge.net/projects/winappdbg/files/WinAppDbg/1.5/winappdbg-1.5-reference.pdf/download Acknowledgements Acknowledgements go to Arthur Gerkis, Chris Dietrich, Felipe Manzano, Francisco Falcon, @Ivanlef0u, Jean Sigwald, John Hernandez, Jun Koi, Michael Hale Ligh, Nahuel Riva, Peter Van Eeckhoutte, Randall Walls, Thierry Franzetti, Thomas Caplin, and many others I'm probably forgetting, who helped find and fix bugs in the almost eternal beta of WinAppDbg 1.5! ;) [Less]

What is WinAppDbg? The WinAppDbg python module allows developers to quickly code instrumentation scripts in Python under a Windows environment. It uses ctypes to wrap many Win32 API calls related to debugging, and provides an object-oriented ... [More] abstraction layer to manipulate threads, libraries and processes, attach your script as a debugger, trace execution, hook API calls, handle events in your debugee and set breakpoints of different kinds (code, hardware and memory). Additionally it has no native code at all, making it easier to maintain or modify than other debuggers on Windows. The intended audience are QA engineers and software security auditors wishing to test / fuzz Windows applications with quickly coded Python scripts. Several ready to use utilities are shipped and can be used for this purposes. Current features also include disassembling x86/x64 native code, debugging multiple processes simultaneously and produce a detailed log of application crashes, useful for fuzzing and automated testing. What's new in this version? In a nutshell... full 64-bit support (including function hooks!) added support for Windows Vista and above. database code migrated to SQLAlchemy, tested on: MySQL SQLite 3 Microsoft SQL Server should work on other servers too (let me know if it doesn't!) added integration with more disassemblers: BeaEngine: http://www.beaengine.org/ Capstone: http://capstone-engine.org/ Libdisassemble: http://www.immunitysec.com/resources-freesoftware.shtml PyDasm: https://code.google.com/p/libdasm/ added support for postmortem (just-in-time) debugging added support for deferred breakpoints now fully supports manipulating and debugging system services the interactive command-line debugger is now launchable from your scripts (thanks Zen One for the idea!) more UAC-friendly, only requests the privileges it needs before any action added functions to work with UAC and different privilege levels, so it's now possible to run debugees with lower privileges than the debugger added memory search and registry search support added string extraction functionality added functions to work with DEP settings added a new event handler, EventSift, that can greatly simplify coding a debugger script to run multiple targets at the same time added new utility functions to work with colored console output several improvements to the Crash Logger tool integration with already open debugging sessions from other libraries is now possible improvements to the Process and GUI instrumentation functionality implemented more anti-antidebug tricks more tools and code examples, and improvements to the existing ones more Win32 API wrappers lots of miscellaneous improvements, more documentation and bugfixes as usual! Where can I find WinAppDbg? Project homepage: http://winappdbg.sourceforge.net/ Download links: Windows installer (32 bits) http://sourceforge.net/projects/winappdbg/files/WinAppDbg/1.5/winappdbg-1.5.win32.msi/download Windows installer (64 bits) http://sourceforge.net/projects/winappdbg/files/WinAppDbg/1.5/winappdbg-1.5.win-amd64.msi/download Source code http://sourceforge.net/projects/winappdbg/files/WinAppDbg/1.5/winappdbg-1.5.zip/download Documentation: Online http://winappdbg.sourceforge.net/doc/v1.5/tutorial http://winappdbg.sourceforge.net/doc/v1.5/reference Windows Help http://sourceforge.net/projects/winappdbg/files/WinAppDbg/1.5/winappdbg-1.5-tutorial.chm/download http://sourceforge.net/projects/winappdbg/files/WinAppDbg/1.5/winappdbg-1.5-reference.chm/download HTML format (offline) http://sourceforge.net/projects/winappdbg/files/WinAppDbg/1.5/winappdbg-1.5-tutorial.chm/download http://sourceforge.net/projects/winappdbg/files/WinAppDbg/1.5/winappdbg-1.5-reference.chm/download PDF format (suitable for printing) http://sourceforge.net/projects/winappdbg/files/WinAppDbg/1.5/winappdbg-1.5-tutorial.pdf/download http://sourceforge.net/projects/winappdbg/files/WinAppDbg/1.5/winappdbg-1.5-reference.pdf/download Acknowledgements Acknowledgements go to Arthur Gerkis, Chris Dietrich, Felipe Manzano, Francisco Falcon, @Ivanlef0u, Jean Sigwald, John Hernandez, Jun Koi, Michael Hale Ligh, Nahuel Riva, Peter Van Eeckhoutte, Randall Walls, Thierry Franzetti, Thomas Caplin, and many others I'm probably forgetting, who helped find and fix bugs in the almost eternal beta of WinAppDbg 1.5! ;) [Less]

What is WinAppDbg? ================== The WinAppDbg python module allows developers to quickly code instrumentation scripts in Python under a Windows environment. It uses ctypes to wrap many Win32 API calls related to debugging, and provides an ... [More] object-oriented abstraction layer to manipulate threads, libraries and processes, attach your script as a debugger, trace execution, hook API calls, handle events in your debugee and set breakpoints of different kinds (code, hardware and memory). Additionally it has no native code at all, making it easier to maintain or modify than other debuggers on Windows. The intended audience are QA engineers and software security auditors wishing to test / fuzz Windows applications with quickly coded Python scripts. Several ready to use utilities are shipped and can be used for this purposes. Current features also include disassembling x86 native code (using the open source diStorm project, see http://ragestorm.net/distorm/), debugging multiple processes simultaneously and produce a detailed log of application crashes, useful for fuzzing and automated testing. Where can I find WinAppDbg? =========================== The WinAppDbg project is currently hosted at Sourceforge, and can be found at: http://winappdbg.sourceforge.net/ It's also hosted at the Python Package Index (PyPi): http://pypi.python.org/pypi/winappdbg/1.2 [Less]

The WinAppDbg package is now also hosted at the Python Package Index (PyPi). http://pypi.python.org/pypi?name=winappdbg&version=1.0&:action=display This means you can simply run the following command to install it: easy_install winappdbg

What is WinAppDbg? ================== The WinAppDbg python module allows developers to quickly code instrumentation scripts in Python under a Windows environment. It uses ctypes to wrap many Win32 API calls related to debugging, and provides an ... [More] object-oriented abstraction layer to manipulate threads, libraries and processes, attach your script as a debugger, trace execution, hook API calls, handle events in your debugee and set breakpoints of different kinds (code, hardware and memory). Additionally it has no native code at all, making it easier to maintain or modify than other debuggers on Windows. The intended audience are QA engineers and software security auditors wishing to test / fuzz Windows applications with quickly coded Python scripts. Several ready to use utilities are shipped and can be used for this purposes. Current features also include disassembling x86 native code (using the open source diStorm project, see http://ragestorm.net/distorm/), debugging multiple processes simultaneously and produce a detailed log of application crashes, useful for fuzzing and automated testing. Where can I find WinAppDbg? =========================== The WinAppDbg project is currently hosted at Sourceforge, and can be found at: http://winappdbg.sourceforge.net/ [Less]

What is WinAppDbg? ================== The WinAppDbg python module allows developers to quickly code instrumentation scripts in Python under a Windows environment. It uses ctypes to wrap many Win32 API calls related to debugging, and provides an ... [More] object-oriented abstraction layer to manipulate threads, libraries and processes, attach your script as a debugger, trace execution, hook API calls, handle events in your debugee and set breakpoints of different kinds (code, hardware and memory). Additionally it has no native code at all, making it easier to maintain or modify than other debuggers on Windows. The intended audience are QA engineers and software security auditors wishing to test / fuzz Windows applications with quickly coded Python scripts. Several ready to use utilities are shipped and can be used for this purposes. Current features also include disassembling x86 native code (using the open source diStorm project, see http://ragestorm.net/distorm/), debugging multiple processes simultaneously and produce a detailed log of application crashes, useful for fuzzing and automated testing. What's new in this version? =========================== In a nutshell... * fully supports Python 2.4 through 2.7 * fully supports Windows XP through Windows 7, 32 and 64 bit editions * crash report tool now supports MSSQL (requires pyodbc) * now supports downloading debugging symbols from Microsoft (thanks Neitsa!) * new tool: sehtest.py (Windows SEH buffer overflow jump address bruteforcer, inspired by the same tool by Nicolas Economou) * the tutorial is now available in chm and pdf formats * now with only one MSI installer for all supported Python versions * added support for diStorm 3 (falls back to the old version if not found) * now using cerealizer instead of pickle whenever possible * added new command to the command line debugger to show the SEH chain * a few more anti-anti-debug tricks were added, still more to go! * several improvements to the Window instrumentation classes * more code examples * more Win32 API wrappers * lots of miscellaneous improvements, more documentation and bugfixes as usual! Entire changelog for all versions (slow!): http://p.sf.net/winappdbg/changelog Where can I find WinAppDbg? =========================== Project homepage: ----------------- http://tinyurl.com/winappdbg Download links: --------------- Windows installer (32 bits) http://sourceforge.net/projects/winappdbg/files/WinAppDbg/1.4/winappdbg-1.4.win32.exe/download http://sourceforge.net/projects/winappdbg/files/WinAppDbg/1.4/winappdbg-1.4.win32.msi/download Windows installer (64 bits) http://sourceforge.net/projects/winappdbg/files/WinAppDbg/1.4/winappdbg-1.4.win-amd64.exe/download http://sourceforge.net/projects/winappdbg/files/WinAppDbg/1.4/winappdbg-1.4.win-amd64.msi/download Source code http://sourceforge.net/projects/winappdbg/files/WinAppDbg/1.4/winappdbg-1.4.zip/download http://sourceforge.net/projects/winappdbg/files/WinAppDbg/1.4/winappdbg-1.4.tar.bz2/download Documentation: -------------- Online http://winappdbg.sourceforge.net/doc/v1.4/tutorial http://winappdbg.sourceforge.net/doc/v1.4/reference For download http://sourceforge.net/projects/winappdbg/files/WinAppDbg/1.4/winappdbg-tutorial-1.4.chm/download http://sourceforge.net/projects/winappdbg/files/WinAppDbg/1.4/winappdbg-reference-1.4.chm/download http://sourceforge.net/projects/winappdbg/files/WinAppDbg/1.4/winappdbg-tutorial-1.4.pdf/download http://sourceforge.net/projects/winappdbg/files/WinAppDbg/1.4/winappdbg-reference-1.4.pdf/download [Less]

What is WinAppDbg? ================== The WinAppDbg python module allows developers to quickly code instrumentation scripts in Python under a Windows environment. It uses ctypes to wrap many Win32 API calls related to debugging, and provides an ... [More] object-oriented abstraction layer to manipulate threads, libraries and processes, attach your script as a debugger, trace execution, hook API calls, handle events in your debugee and set breakpoints of different kinds (code, hardware and memory). Additionally it has no native code at all, making it easier to maintain or modify than other debuggers on Windows. The intended audience are QA engineers and software security auditors wishing to test / fuzz Windows applications with quickly coded Python scripts. Several ready to use utilities are shipped and can be used for this purposes. Current features also include disassembling x86 native code (using the open source diStorm project, see http://ragestorm.net/distorm/), debugging multiple processes simultaneously and produce a detailed log of application crashes, useful for fuzzing and automated testing. Where can I find WinAppDbg? =========================== The WinAppDbg project is currently hosted at Sourceforge, and can be found at: http://winappdbg.sourceforge.net/ It's also hosted at the Python Package Index (PyPi): http://pypi.python.org/pypi/winappdbg/1.1 [Less]

What is WinAppDbg? ================== The WinAppDbg python module allows developers to quickly code instrumentation scripts in Python under a Windows environment. It uses ctypes to wrap many Win32 API calls related to debugging, and provides ... [More] an object-oriented abstraction layer to manipulate threads, libraries and processes, attach your script as a debugger, trace execution, hook API calls, handle events in your debugee and set breakpoints of different kinds (code, hardware and memory). Additionally it has no native code at all, making it easier to maintain or modify than other debuggers on Windows. The intended audience are QA engineers and software security auditors wishing to test / fuzz Windows applications with quickly coded Python scripts. Several ready to use utilities are shipped and can be used for this purposes. Current features also include disassembling x86 native code (using the open source diStorm project, see http://ragestorm.net/distorm/), debugging multiple processes simultaneously and produce a detailed log of application crashes, useful for fuzzing and automated testing. Where can I find WinAppDbg? =========================== Project homepage: ----------------- http://tinyurl.com/winappdbg Download links: --------------- Windows installer (32 bits) http://sourceforge.net/projects/winappdbg/files/WinAppDbg/1.3/winappdbg-1.3.win32.msi/download http://sourceforge.net/projects/winappdbg/files/WinAppDbg/1.3/winappdbg-1.3.win32.exe/download Windows installer (64 bits) http://sourceforge.net/projects/winappdbg/files/WinAppDbg/1.3/winappdbg-1.3.win-amd64.msi/download http://sourceforge.net/projects/winappdbg/files/WinAppDbg/1.3/winappdbg-1.3.win-amd64.exe/download Source code http://sourceforge.net/projects/winappdbg/files/WinAppDbg/1.3/winappdbg-1.3.zip/download http://sourceforge.net/projects/winappdbg/files/WinAppDbg/1.3/winappdbg-1.3.tar.bz2/download Documentation: -------------- Online http://winappdbg.sourceforge.net/doc/v1.3/ http://sourceforge.net/apps/trac/winappdbg/wiki/ProgrammingGuide For download: http://sourceforge.net/projects/winappdbg/files/WinAppDbg/1.3/winappdbg-1.3.chm/download http://sourceforge.net/projects/winappdbg/files/WinAppDbg/1.3/winappdbg-1.3.pdf/download What's new in this version? =========================== In a nutshell... * 64 bits support. * Windows Vista and 7 support. * Memory dumping support. * Wait chain support. * New tool: SelectMyParent (based on the tool by Didier Stevens). * More code examples. * Supports detecting the current processor architecture and Windows version. * Crash logger works with SQLite databases in addition to the old DBM format. It also has a smaller memory footprint now. * Win32 API wrappers were refactored and improved. Many new definitions and API calls were added, up to Windows 7. * Many bugfixes as usual... :) also several improvements to make the code more robust. Here's the full changelog: http://sourceforge.net/apps/trac/winappdbg/log/trunk?verbose=on&format=changelog&stop_rev=237&limit=300&mode=stop_on_copy [Less]

What is WinAppDbg? ================== The WinAppDbg python module allows developers to quickly code instrumentation scripts in Python under a Windows environment. It uses ctypes to wrap many Win32 API calls related to debugging, and provides ... [More] an object-oriented abstraction layer to manipulate threads, libraries and processes, attach your script as a debugger, trace execution, hook API calls, handle events in your debugee and set breakpoints of different kinds (code, hardware and memory). Additionally it has no native code at all, making it easier to maintain or modify than other debuggers on Windows. The intended audience are QA engineers and software security auditors wishing to test / fuzz Windows applications with quickly coded Python scripts. Several ready to use utilities are shipped and can be used for this purposes. Current features also include disassembling x86 native code (using the open source diStorm project, see http://ragestorm.net/distorm/), debugging multiple processes simultaneously and produce a detailed log of application crashes, useful for fuzzing and automated testing. Where can I find WinAppDbg? =========================== Project homepage: ----------------- http://tinyurl.com/winappdbg Download links: --------------- Windows installer (32 bits) http://sourceforge.net/projects/winappdbg/files/WinAppDbg/1.3/winappdbg-1.3.win32.msi/download http://sourceforge.net/projects/winappdbg/files/WinAppDbg/1.3/winappdbg-1.3.win32.exe/download Windows installer (64 bits) http://sourceforge.net/projects/winappdbg/files/WinAppDbg/1.3/winappdbg-1.3.win-amd64.msi/download http://sourceforge.net/projects/winappdbg/files/WinAppDbg/1.3/winappdbg-1.3.win-amd64.exe/download Source code http://sourceforge.net/projects/winappdbg/files/WinAppDbg/1.3/winappdbg-1.3.zip/download http://sourceforge.net/projects/winappdbg/files/WinAppDbg/1.3/winappdbg-1.3.tar.bz2/download Documentation: -------------- Online http://winappdbg.sourceforge.net/doc/v1.3/ http://sourceforge.net/apps/trac/winappdbg/wiki/ProgrammingGuide For download: http://sourceforge.net/projects/winappdbg/files/WinAppDbg/1.3/winappdbg-1.3.chm/download http://sourceforge.net/projects/winappdbg/files/WinAppDbg/1.3/winappdbg-1.3.pdf/download What's new in this version? =========================== In a nutshell... * 64 bits support. * Windows Vista and 7 support. * Memory dumping support. * Wait chain support. * New tool: SelectMyParent (based on the tool by Didier Stevens). * More code examples. * Supports detecting the current processor architecture and Windows version. * Crash logger works with SQLite databases in addition to the old DBM format. It also has a smaller memory footprint now. * Win32 API wrappers were refactored and improved. Many new definitions and API calls were added, up to Windows 7. * Many bugfixes as usual... :) also several improvements to make the code more robust. Here's the full changelog: http://sourceforge.net/apps/trac/winappdbg/log/trunk?verbose=on&format=changelog&stop_rev=237&limit=300&mode=stop_on_copy [Less]

What is WinAppDbg? ================== The WinAppDbg python module allows developers to quickly code instrumentation scripts in Python under a Windows environment. It uses ctypes to wrap many Win32 API calls related to debugging, and provides an ... [More] object-oriented abstraction layer to manipulate threads, libraries and processes, attach your script as a debugger, trace execution, hook API calls, handle events in your debugee and set breakpoints of different kinds (code, hardware and memory). Additionally it has no native code at all, making it easier to maintain or modify than other debuggers on Windows. The intended audience are QA engineers and software security auditors wishing to test / fuzz Windows applications with quickly coded Python scripts. Several ready to use utilities are shipped and can be used for this purposes. Current features also include disassembling x86 native code (using the open source diStorm project, see http://ragestorm.net/distorm/), debugging multiple processes simultaneously and produce a detailed log of application crashes, useful for fuzzing and automated testing. Where can I find WinAppDbg? =========================== The WinAppDbg project is currently hosted at Sourceforge, and can be found at: http://winappdbg.sourceforge.net/ It's also hosted at the Python Package Index (PyPi): http://pypi.python.org/pypi/winappdbg/1.2 [Less]