In order to hack the Windows applications with Python, you
should take advantage of the window functions in the Windows DLL. Python
natively supports an FFI (Foreign Function Interface) package called ctypes,
through which it is possible to use a DLL and the data type of the C language. Also
ctypes can be used to implement the extension module only with pure Python
code. However, in order to use the Windows DLL using the ctypes directly, it is
necessary to gather a great amount of knowledge of the window function. For
example, you must declare the structure and the union to call the function, and
you need to implement a callback function. Therefore, rather than using ctypes
directly, it is preferable to install the Python modules that have been
developed in advance.
The start hacking with Python, you can install a Third Party
Library. First, the PyDbg module is installed as an open source Python
debugger, and it is often used in applications for hacking and reverse
engineering. Let's create a simple test code. PyDbg is a sub-module of the
PaiMei framework that was introduced by Pedram Amini in RECON2006. PaiMei is
composed of three core components, including PyDbg, pGRAPH, PIDA and three
extended components such as Utilities, Console, and Scripts. PaiMei is also a
framework that was developed by using pure Python. PyDbg, which supports
powerful debugging capabilities, can implement a user defined function through
a callback function extension.
To install the program, download
the installation file “PaiMei-1.1-REV122.zip” from the open-source site
“http://www.openrce.org/downloads/details/208/PaiMei”.
www.openrce.org
You
can easily install it by unzipping the downloaded file and clicking on the
executable file.
Installation
File
PaiMei
requires a little bit of extra work to maintain compatibility with Python
2.7.x. Open the “__init__.py” file in the “Python directory\Lib\ctypes” folder
and then add the following two lines of code.
|
###################################################################### # This
file should be kept compatible with Python 2.3, see PEP 291. # ###################################################################### """create and manipulate C data
types in Python""" import os as _os, sys as _sys __version__ = "1.1.0" from _ctypes import Union, Structure, Array from _ctypes import _Pointer from _ctypes import CFuncPtr as _CFuncPtr from _ctypes import __version__ as
_ctypes_version from _ctypes import RTLD_LOCAL, RTLD_GLOBAL from _ctypes import ArgumentError from _ctypes import Structure as _ctypesStructure #add
for paimei from struct import calcsize as _calcsize class Structure(_ctypesStructure): pass #add
for paimei if __version__ != _ctypes_version:
raise Exception("Version number mismatch", __version__,
_ctypes_version) |
__init__.py
Download
the pydasm.pyd file that has been re-built for Python version 2.7.x, and copy
it to the “Python directory\Lib\site-packages\pydbg” folder. The pydasm.pyd
file can be easily found on the Internet, and if the message “hello pydbg” is printed,
installation can be determined to have been successful.
|
import pydbg print "hello pydbg" >>> hello pydbg |
Testing
the Installation
Pydbg
can be used to easily implement various hacking techniques including Key
Logging and API Hooking.
