Skip to content
Permalink
Fetching contributors…
Cannot retrieve contributors at this time
executable file 75 lines (55 sloc) 2.64 KB
draft toc comments categories tags title wip snippet
false
false
false
Reverse engineering
winappdbg
WinAppDbg Notes
false

WinAppDbg

Main guide is here: http://winappdbg.readthedocs.io/en/latest/ProgrammingGuide.html

32-bit and 64-bit Python

Generally you want to debug 32-bit applications in 32-bit Python. You can have both of them together on one machine. When installing the 2nd Python, uncheck register extensions in the installer. On a VM it does not really matter because you can install/uninstall Python 32 and 64 bit versions at will.

Installation

Pip installed version 1.5.

To get 1.6, we use the github repo at https://github.com/MarioVilas/winappdbg. Clone and run install.bat.

According to the installation documentation we may benefit from additional software.

https://breakingcode.wordpress.com/2012/04/08/quickpost-installer-for-beaenginepython/

Has installers for the rest.


Debugging

This is what I want:

from winappdbg.win32 import *


# Create a snapshot of the process, only take the heap list.
hSnapshot = CreateToolhelp32Snapshot( TH32CS_SNAPHEAPLIST, pid )
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.