Python Programming for
Hackers and Reverse Engineers
Justin Seitz
 |
| Gray Hat Python |
All rights reserved. No part of this work may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage or retrieval system, without the prior written permission of the copyright owner and the publisher.
No Starch Press, Inc.
555 De Haro Street, Suite 250, San Francisco, CA 94107
phone: 415.863.9900; fax: 415.863.9950;
Foreword by Dave Aitel..... xiii
Acknowledgments .....xvii
Introduction ......xix
Chapter 1: Setting Up Your Development Environment ...1
Chapter 2: Debuggers and Debugger Design ....13
Chapter 3: Building a Windows Debugger ....25
Chapter 4: PyDbg—A Pure Python Windows Debugger...57
Chapter 5: Immunity Debugger—The Best of Both Worlds ...69
Chapter 6: Hooking ....85
Chapter 7: DLL and Code Injection.....97
Chapter 8: Fuzzing .....111
Chapter 9: Sulley .....123
Chapter 10: Fuzzing Windows Drivers ....137
Chapter 11: IDAPython—Scripting IDA Pro ....153
Chapter 12: PyEmu—The Scriptable Emulator.....163
Index ..........183
CONTENTS IN DETAIL
FOREWORD by Dave Aitel xiii
ACKNOWLEDGMENTS xvii
INTRODUCTION xix
1 SETTING UP YOUR DEVELOPMENT ENVIRONMENT
1.1 Operating System Requirements
1.2 Obtaining and Installing Python 2.5
1.2.1 Installing Python on Windows
1.2.2 Installing Python for Linux
1.3 Setting Up Eclipse and PyDev
1.3.1 The Hacker’s Best Friend: ctypes
1.3.2 Using Dynamic Libraries
1.3.3 Constructing C Datatypes
1.3.4 Passing Parameters by Reference
1.3.5 Defining Structures and Unions
2 DEBUGGERS AND DEBUGGER DESIGN
2.1 General-Purpose CPU Registers
2.2 The Stack
2.3 Debug Events
2.4 Breakpoints
2.4.1 Soft Breakpoints
2.4.2 Hardware Breakpoints
2.4.3 Memory Breakpoints
3 BUILDING A WINDOWS DEBUGGER
3.1 Debuggee, Where Art Thou?
3.2 Obtaining CPU Register State
3.2.1 Thread Enumeration
3.2.2 Putting It All Together
3.3 Implementing Debug Event Handlers
3.4 The Almighty Breakpoint
3.4.1 Soft Breakpoints
3.4.2 Hardware Breakpoints
3.4.3 Memory Breakpoints
3.5 Conclusion
4 PYDBG—A PURE PYTHON WINDOWS DEBUGGER
4.1 Extending Breakpoint Handlers
4.2 Access Violation Handlers
4.3 Process Snapshots
4.3.1 Obtaining Process Snapshots
4.3.2 Putting It All Together
5 MMUNITY DEBUGGER—THE BEST OF BOTH WORLDS
5.1 Installing Immunity Debugger
5.2 Immunity Debugger 101
5.2.1 PyCommands
5.2.2 PyHooks
5.3 Exploit Development
5.3.1 Finding Exploit-Friendly Instructions
5.3.2 Bad-Character Filtering
5.3.3 Bypassing DEP on Windows
5.4 Defeating Anti-Debugging Routines in Malware
5.4.1 IsDebuggerPresent
5.4.2 Defeating Process Iteration
6 HOOKING
6.1 Soft Hooking with PyDbg
6.2 Hard Hooking with Immunity Debugger
7 DLL AND CODE INJECTION
7.1 Remote Thread Creation
7.1.1 DLL Injection
7.1.2 Code Injection
7.2 Getting Evil
7.2.1 File Hiding
7.2.2 Coding the Backdoor
7.2.3 Compiling with py2exe
8 FUZZING
8.1 Bug Classes
8.1.1 Buffer Overflows
8.1.2 Integer Overflows
8.1.3 Format String Attacks
8.2 File Fuzzer
8.3 Future Considerations
8.3.1 Code Coverage
8.3.2 Automated Static Analysis
9 SULLEY
9.1 Sulley Installation
9.2 Sulley Primitives
9.2.1 Strings
9.2.2 Delimiters
9.2.3 Static and Random Primitives
9.2.4 Binary Data
9.2.5 Integers
9.2.6 Blocks and Groups
9.3 Slaying WarFTPD with Sulley
9.3.1 FTP 101
9.3.2 Creating the FTP Protocol Skeleton
9.3.3 Sulley Sessions
9.3.4 Network and Process Monitoring
9.3.5 Fuzzing and the Sulley Web Interface
10 FUZZING WINDOWS DRIVERS
10.1 Driver Communication
10.2 Driver Fuzzing with Immunity Debugger
10.3 Driverlib—The Static Analysis Tool for Drivers
10.3.1 Discovering Device Names
10.3.2 Finding the IOCTL Dispatch Routine
10.3.3 Determining Supported IOCTL Codes
10.4 Building a Driver Fuzzer
11 IDAPYTHON—SCRIPTING IDA PRO
11.1 IDAPython Installation
11.2 IDAPython Functions
11.2.1 Utility Functions
11.2.2 Segments
11.2.3 Functions
11.2.4 Cross-References
11.2.5 Debugger Hooks
11.3 Example Scripts
11.3.1 Finding Dangerous Function Cross-References
11.3.2 Function Code Coverage
11.3.3 Calculating Stack Size
12 PYEMU—THE SCRIPTABLE EMULATOR
12.1 Installing PyEmu
12.2 PyEmu Overview
12.2.1 PyCPU
12.2.2 PyMemory
12.2.3 PyEmu
12.2.4 Execution
12.2.5 Memory and Register Modifiers
12.2.6 Handlers
12.3 IDAPyEmu
12.3.1 Function Emulation
12.3.2 PEPyEmu
12.3.3 Executable Packers
12.3.4 UPX Packer
12.3.5 Unpacking UPX with PEPyEmu
INDEX
ACKNOWLEDGMENTS
I would like to thank my family for tolerating me throughout the whole process of writing this book. My four beautiful children, Emily, Carter, Cohen, and Brady, you helped give Dad a reason to keep writing this book, and I love you very much for being the great kids you are. My brothers and sister, thanks for encouraging me through the process. You guys have written some tomes yourselves, and it was always helpful to have someone who understands the rigor needed to put out any kind of technical work—I love you guys. To my Dad, your sense of humor helped me through a lot of the days when I didn’t feel like writing—I love ya Harold; don’t stop making everyone around you laugh.
For all those who helped this fledgling security researcher along the way—Jared DeMott, Pedram Amini, Cody Pierce, Thomas Heller (the uber Python man), Charlie Miller—I owe all you guys a big thanks. Team Immunity, without question you’ve been incredibly supportive of me writing this book, and you have helped me tremendously in growing not only as a Python dude but as a developer and researcher as well. A big thanks to Nico and Dami for the extra time you spent helping me out. Dave Aitel, my technical editor, helped drive this thing to completion and made sure that it makes sense and is readable; a huge thanks to Dave. To another Dave, Dave Falloon, thanks so much for reviewing the book, making me laugh at my own mistakes, saving my laptop at CanSecWest, and just being the oracle of network knowledge that you are.
Finally, and I know they always get listed last, the team at No Starch Press. Tyler for putting up with me through the whole book (trust me, Tyler is the most patient guy you’ll ever meet), Bill for the great Perl mug and the words of encouragement, Megan for helping wrap up this book as painlessly as possible, and the rest of the crew who I know works behind the scenes to help put out all their great titles. A huge thanks to all you guys; I appreciate everything you have done for me. Now that the acknowledgments have taken as long as a Grammy acceptance speech, I’ll wrap it up by saying thanks to all the rest of the folks who helped me and who I probably forgot to add to the list—you know who you are.
● Screenshot ●
 |
Purchase Now !
Just with Paypal
Just with Paypal
Product details
Price
|
|
|---|---|
File Size
| 3,110 KB |
Print Length
|
220 pages |
File Type
|
PDF format |
ISBN-10
ISBN-13 | 1-59327-192-1 978-1-59327-192-3 |
Copyright
|
2009 by Justin Seitz
|
●▬▬❂❂▬▬●
●▬❂▬●
●❂●
═════● ●═════
