windows debug and exploit toolset for both user and kernel mode
- support python2/python3
- support windbg/windbgx
- pip/pip3 install winpwn
- optional:
- launch debugger: modify file .winpwn and copy it to windows HOMEDIR(python:
os.path.expanduser("~\\.winpwn")) - pip install pefile
- pip install keystone
- pip install capstone
- launch debugger: modify file .winpwn and copy it to windows HOMEDIR(python:
p = process("./pwn")
p = process(["./pwn", "argv[1]", "argv[2]"])
p.readm(addr, n) # read process memory
p.writem(addr, con = "") # write process memoryr = remote("127.0.0.1", 65535)context.timeout = 512
context.debugger = "gdb" # or "windbg" or "x64dbg" or "windbgx"
context.endian = "little"
context.log_level = "" # or "debug"
context.terminal = []
context.newline = "\r\n"
context.arch = "i386" # or "amd64"
content.pie = None
context.dbginit = None # used to set debugger init script
context.windbg = None # set debugger path, or use .winpwn to find debugger path
context.windbgx = None
content.gdb = None
context.x64dbg = None
context.nocolor = None # if set, will print non-colorful output to terminalfor details, take a look at dbg.py
windbgx.attach(p, script = "bp 0x401000") # debug local process
windbgx.remote("127.0.0.1,1234") # attach to dbgsrv to debug process remotely
windbgx.com(...) # debug kernel with serial port
windbgx.net(...) # debug kernel with kdnetasm("push ebp")
disasm("\x55")if you want to use debugger like gdb-peda, you need to deal with the deps yourself