Is there a fundamental challenge in the way of windows / PE support or is it just a matter of contribution?

[jt0dd]

After learning about pwntools I was impressed with how much easier it makes the manual process of exploit development. Then I tried using it for a PE file to do some Windows exploit development and was disappointed to find there doesn't seem to be support for it. Well in pen-testing world, most corporate environments are not Linux. So it seems like obviously if there weren't some fundamental challenge making this capability harder to achieve within windows, someone would've added support for it here.

Just in case some features support PE or something, I'll show an example of the features that only seem to not work for Windows exploit dev:

from pwn import *

elf = ELF("./exploit") # reminds the user that only ELFs are supported,
# I presume. There appears to be no PE class

p = process("./exploit")
p.sendline(cyclic(200, n=8))
p.wait()

core = p.corefile

print(cyclic_find(core.read(core.rsp, 8), n=8))

So I'm just curious, what is the challenge? Why is there support for ELF files and not PE? Is it just a matter of someone putting in the work or is there something fundamentally more difficult for supporting PE files?

[zachriggle]

Windows doesn't drop core files in the traditional sense, and debugging symbols are generally detached as .PDB whereas Linux DWARF symbols are generally included (or absent on purpose).

PE / MachO support would be very nice to add to Pwntools, but would need a major revision (i.e. Pwntools v4.0) to release them as fully baked.

See #1147 for more information. I still think LIEF is the correct approach for this, and we could bend the pwnlib.elf.ELF class into being backward-compatible (mostly) with LIEF instead of pyelftools. This also has the desirable effect of avoiding dependencies on pyelftools since they have (on at least two occasions) completely broken Pwntools requiring re-releases of the stable branch.