windows debug and exploit toolset for both user and kernel mode
- support python2 and python3
- support windbg/windbgx/x64dbg/mingw-gdb
- pip/pip3 install winpwn
- optional:
- launch debugger: modify file .winpwn and copy it to windows HOMEDIR(python:
os.path.expanduser("~\\.winpwn")) - pip install pefile
- pip install keystone
- pip install capstone
- launch debugger: modify file .winpwn and copy it to windows HOMEDIR(python:
process("./pwn")
process(["./pwn", "argv[1]", "argv[2]"])
p.readm(addr, n) # read process memory
p.writem(addr, con = "") # write process memoryremote("127.0.0.1", 65535)context.timeout = 512
context.debugger = "gdb" # or "windbg" or "x64dbg" or "windbgx"
context.endian = "little"
context.log_level = "" # or "debug"
context.terminal = []
context.newline = "\r\n"
context.arch = "i386" # or "amd64"
content.pie = None
context.dbginit = None # used to set debugger init script
context.windbg = None # set debugger path, or use .winpwn to find debugger path
context.windbgx = None
content.gdb = None
context.x64dbg = None
context.nocolor = None # if set, will print non-colorful output to terminalfor details, take a look at dbg
windbgx.attach(p,script = "bp 0x401000") # debug local process
windbgx.remote("127.0.0.1,1234") # attach to dbgsrv to debug process remotely
windbgx.com(...) # debug kernel with serial port
windbgx.net(...) # debug kernel with kdnetPIE(exe_fpath = "")
NOPIE(exe_fpath = "")asm("push ebp")
disasm("\x55")winfile.symbols["CreateProcessA"] # return symbol's IAT/EAT offset of CreateProcessA by image basewincs(ip = None, port = 512) #run a server to asm/disasm in remote machine for client where does not install keystone/capstone
wincs(ip = '123.123.123.123', 512) # create a client to connet to server
wincs.asm(asmcode = 'push ebp')
wincs.disasm(machinecode = '\x55')if you want to use debugger like gdb-peda, you need to deal with the deps yourself