TypeError: object of type '_ctypes.PyCSimpleType' has no len()

[digdugg]

I get the following error when trying to run/hook API for LoadLibraryA/W per the example code provided in 09_api_hook.py. Here is the following error.

C:\code\bad_rtf>c:\code\Anaconda\python.exe py_hookz.py "c:\Program Files (x86)
Microsoft Office\Office15\WINWORD.EXE"
c:\code\Anaconda\lib\site-packages\sqlalchemy\sql\base.py:291: SAWarning: Can't
validate argument 'drizzle_engine'; can't locate any SQLAlchemy dialect named 'd
rizzle'
(k, dialect_name))
c:\code\Anaconda\lib\site-packages\winappdbg\debug.py:502: MixedBitsWarning: Mix
ture of 32 and 64 bits is considered experimental. Use at your own risk!
warnings.warn(msg, MixedBitsWarning)
c:\code\Anaconda\lib\site-packages\winappdbg\event.py:1855: EventCallbackWarning
: Event handler pre-callback <main.MyEventHandler object at 0x0000000002E740
B8> raised an exception: Traceback (most recent call last):
File "c:\code\Anaconda\lib\site-packages\winappdbg\event.py", line 1850, in di
spatch
returnValue = self.eventHandler(event)
File "c:\code\Anaconda\lib\site-packages\winappdbg\event.py", line 1461, in __
call
self.hook_dll(event)
File "c:\code\Anaconda\lib\site-packages\winappdbg\event.py", line 1436, in __
hook_dll
hook_api_stub.hook(debug, pid)
File "c:\code\Anaconda\lib\site-packages\winappdbg\breakpoint.py", line 1724,
in hook
aProcess.get_arch() )
File "c:\code\Anaconda\lib\site-packages\winappdbg\breakpoint.py", line 1044,
in __new
return _Hook_i386(_argv, *_argd)
File "c:\code\Anaconda\lib\site-packages\winappdbg\breakpoint.py", line 1134,
in init
self._signature = self._calc_signature(signature)
File "c:\code\Anaconda\lib\site-packages\winappdbg\breakpoint.py", line 1436,
in _calc_signature
self._cast_signature_pointers_to_void(signature)
File "c:\code\Anaconda\lib\site-packages\winappdbg\breakpoint.py", line 1144,
in _cast_signature_pointers_to_void
for i in xrange(len(signature)):
TypeError: object of type '_ctypes.PyCSimpleType' has no len()

warnings.warn(msg, EventCallbackWarning)

Running the following Python distribution.

C:\code\bad_rtf>c:\code\Anaconda\python.exe
Python 2.7.10 |Anaconda 2.3.0 (64-bit)| (default, May 28 2015, 16:44:52) [MSC v.
1500 64 bit (AMD64)] on win32
Type "help", "copyright", "credits" or "license" for more information.
Anaconda is brought to you by Continuum Analytics.
Please check out: http://continuum.io/thanks and https://binstar.org

exit()

This may be a byproduct of 'mixed bits mode' as warned at the script start. The attatched script is here.

Py_hookz.py
http://paste2.org/KaL7cdGF

[MarioVilas]

I see the problem, it's a typo in the script. Should be:

( 'LoadLibraryW' , (PVOID,) ),
( 'LoadLibraryA' , (PVOID,) ),

Note the comma after PVOID. This is because in Python you need that trailing comma to indicate you want a tuple, rather than just surrounding an expression in parens. :)