Comments for thatsBroken http://thatsbroken.com Breaking things that go beep since 1996 Mon, 23 Aug 2010 14:33:47 +0000 hourly 1 http://wordpress.org/?v=3.0.1 Comment on Step Six: Checking Prerequisites by jRichards http://thatsbroken.com/?p=122&cpage=1#comment-79915 jRichards Mon, 23 Aug 2010 14:33:47 +0000 http://thatsbroken.com/?p=122#comment-79915 Thanks for the info f0s Thanks for the info f0s

]]> Comment on Step Six: Checking Prerequisites by f0s http://thatsbroken.com/?p=122&cpage=1#comment-79914 f0s Sat, 21 Aug 2010 12:59:23 +0000 http://thatsbroken.com/?p=122#comment-79914 thanks a lot for your nice tut;) it saves me some time to reinstall paimei regarding the error msg "looking for pydot … Couldn’t import dot_parser, loading of dot files will not be possible." install pyparsing, that's all!;) http://pypi.python.org/pypi/pyparsing/1.5.5 in your case the python 2.5 compilation regarding pydasm: open pydasm.pyd in your hex editor and search for “26.dll". replace 26 with 25. you have to do it twice, once in "C:\Python25\Lib\site-packages" and of course in your local svn directory paimei after all you get this nice console output: C:\fuzzers\paimei>__install_requirements.py looking for ctypes ... FOUND looking for pydot ... FOUND looking for wxPython ... FOUND looking for MySQLdb ... FOUND looking for GraphViz in default directory ... FOUND looking for Oreas GDE in default directory ... FOUND looking for uDraw(Graph) in default directory ... FOUND looking for PaiMei -> PyDbg ... FOUND looking for PaiMei -> PIDA ... FOUND looking for PaiMei -> pGRAPH ... FOUND looking for PaiMei -> Utilities ... FOUND ;) thanks a lot for your nice tut;)
it saves me some time to reinstall paimei

regarding the error msg
“looking for pydot … Couldn’t import dot_parser, loading of dot files will not be possible.”

install pyparsing, that’s all!;)
http://pypi.python.org/pypi/pyparsing/1.5.5
in your case the python 2.5 compilation

regarding pydasm:
open pydasm.pyd in your hex editor and search for “26.dll”. replace 26 with 25. you have to do it twice, once in “C:\Python25\Lib\site-packages” and of course in your local svn directory paimei

after all you get this nice console output:
C:\fuzzers\paimei>__install_requirements.py
looking for ctypes … FOUND
looking for pydot … FOUND
looking for wxPython … FOUND
looking for MySQLdb … FOUND
looking for GraphViz in default directory … FOUND
looking for Oreas GDE in default directory … FOUND
looking for uDraw(Graph) in default directory … FOUND
looking for PaiMei -> PyDbg … FOUND
looking for PaiMei -> PIDA … FOUND
looking for PaiMei -> pGRAPH … FOUND
looking for PaiMei -> Utilities … FOUND

;)

]]> Comment on Creating a PIDA File by jRichards http://thatsbroken.com/?p=203&cpage=1#comment-79909 jRichards Fri, 06 Aug 2010 16:05:09 +0000 http://thatsbroken.com/?p=203#comment-79909 friko, I haven't seen this myself so we will have to do some debugging. They key error happens when we look in the dictionary and ref points to a key that doesn't exist... a couple things may be happening... from_func.startEA[] may be borked ref may be borked. can you debug and check to see what these values are? ================ EDIT ================ I've been able to replicate this now. When doing a PIDAdump on the new srv.sys that ws patch on tuesday I'm getting the same error. The code causing this is in module.py and here is the weird thing... I put in some debug code and it started working... --------------------------------------------------------------------------- Using FLIRT signature: SEH for vc7/8 Propagating type information... 5F8D0: propagate_stkargs: function is already typed Function argument information has been propagated The initial autoanalysis has been finished. Analyzing IDB... Analyzing functions... Enumerating imports... Enumerating RPC interfaces... Enumerating intramodular cross references... Traceback (most recent call last): File "<string>", line 1, in <module> File "C:\Program Files\IDA\python\init.py", line 65, in runscript execfile(script, g) File "C:/code/paimei/pida_dump.py", line 71, in <module> module = pida.module(GetInputFile(), signature, depth, analysis) File "C:/code/paimei\pida\module.py", line 125, in __init__ if not self.nodes[from_func.startEA].outbound_eas.has_key(ref): KeyError: 372574 Analyzing IDB... Analyzing functions... Enumerating imports... Enumerating RPC interfaces... Enumerating intramodular cross references... Done. Completed in 98.406000 seconds. Saving to file... 25% 50% 75% Done. Completed in 14.406000 seconds. friko,

I haven’t seen this myself so we will have to do some debugging.

They key error happens when we look in the dictionary and ref points to a key that doesn’t exist… a couple things may be happening…

from_func.startEA[] may be borked
ref may be borked.

can you debug and check to see what these values are?
================
EDIT
================

I’ve been able to replicate this now. When doing a PIDAdump on the new srv.sys that ws patch on tuesday I’m getting the same error.

The code causing this is in module.py and here is the weird thing… I put in some debug code and it started working…

—————————————————————————
Using FLIRT signature: SEH for vc7/8
Propagating type information…
5F8D0: propagate_stkargs: function is already typed
Function argument information has been propagated
The initial autoanalysis has been finished.
Analyzing IDB…
Analyzing functions…
Enumerating imports…
Enumerating RPC interfaces…
Enumerating intramodular cross references…
Traceback (most recent call last):
File ““, line 1, in
File “C:\Program Files\IDA\python\init.py”, line 65, in runscript
execfile(script, g)
File “C:/code/paimei/pida_dump.py”, line 71, in
module = pida.module(GetInputFile(), signature, depth, analysis)
File “C:/code/paimei\pida\module.py”, line 125, in __init__
if not self.nodes[from_func.startEA].outbound_eas.has_key(ref):
KeyError: 372574
Analyzing IDB…
Analyzing functions…
Enumerating imports…
Enumerating RPC interfaces…
Enumerating intramodular cross references…
Done. Completed in 98.406000 seconds.

Saving to file… 25% 50% 75% Done. Completed in 14.406000 seconds.

]]> Comment on Creating a PIDA File by friko http://thatsbroken.com/?p=203&cpage=1#comment-79907 friko Sat, 31 Jul 2010 12:11:53 +0000 http://thatsbroken.com/?p=203#comment-79907 When I try to generate the PIDA file, i got this: <code> Analyzing IDB... Analyzing functions... Enumerating imports... Enumerating RPC interfaces... Enumerating intramodular cross references... Traceback (most recent call last): File "", line 1, in File "C:\Program Files (x86)\IDA\python\init.py", line 65, in runscript execfile(script, g) File "C:/paimei/pida_dump.py", line 71, in module = pida.module(GetInputFile(), signature, depth, analysis) File "C:/paimei\pida\module.py", line 125, in __init__ if not self.nodes[from_func.startEA].outbound_eas.has_key(ref): KeyError: 1864419200 </code> It is a .dll binary. I'm using IDA Pro 5.5 and python 2.5 When I try to generate the PIDA file, i got this:

Analyzing IDB...
Analyzing functions...
Enumerating imports...
Enumerating RPC interfaces...
Enumerating intramodular cross references...
Traceback (most recent call last):
File "", line 1, in
File "C:\Program Files (x86)\IDA\python\init.py", line 65, in runscript
execfile(script, g)
File "C:/paimei/pida_dump.py", line 71, in
module = pida.module(GetInputFile(), signature, depth, analysis)
File "C:/paimei\pida\module.py", line 125, in __init__
if not self.nodes[from_func.startEA].outbound_eas.has_key(ref):
KeyError: 1864419200

It is a .dll binary. I’m using IDA Pro 5.5 and python 2.5

]]> Comment on Step One: Getting the PaiMei Source by Installing Pydbg - Powered Security http://thatsbroken.com/?p=26&cpage=1#comment-73987 Installing Pydbg - Powered Security Thu, 01 Jul 2010 03:20:02 +0000 http://thatsbroken.com/?p=26#comment-73987 [...] Trying to install the Paimei framework today because I needed Pydbg to do some fuzzing. Had so many problems with this task and getting dependencies to work with it, that I spent quite a lot of time, researching the issue and testing various things before finding this amazing link. [...] [...] Trying to install the Paimei framework today because I needed Pydbg to do some fuzzing. Had so many problems with this task and getting dependencies to work with it, that I spent quite a lot of time, researching the issue and testing various things before finding this amazing link. [...]

]]> Comment on Step Six: Checking Prerequisites by john_rambo http://thatsbroken.com/?p=122&cpage=1#comment-71838 john_rambo Tue, 22 Jun 2010 08:13:28 +0000 http://thatsbroken.com/?p=122#comment-71838 Well, today I did it. Problem laid in pydasm. Solution? I downloaded pydasm from here http://ashine.springnote.com/pages/5925085 and copy-paste it to Lib\site-packages\pydbg, after that PaiMei launches. (Although still print NOT FOUND along with pydbg in install_requir.) Well, today I did it. Problem laid in pydasm. Solution? I downloaded pydasm from here http://ashine.springnote.com/pages/5925085 and copy-paste it to Lib\site-packages\pydbg, after that PaiMei launches. (Although still print NOT FOUND along with pydbg in install_requir.)

]]> Comment on Step Six: Checking Prerequisites by john_rambo http://thatsbroken.com/?p=122&cpage=1#comment-71714 john_rambo Mon, 21 Jun 2010 19:20:30 +0000 http://thatsbroken.com/?p=122#comment-71714 Hi, I tried to install PaiMei but I'm stuck on step when I need edit PyDBG file in order to get FOUND instead NOT FOUND by PaiMei requirements. I did what you told (I pasted class Structure(Structure): [INSERT TAB] pass above this line) but I still get NOT FOUND. Any ideas? Hi, I tried to install PaiMei but I’m stuck on step when I need edit PyDBG file in order to get FOUND instead NOT FOUND by PaiMei requirements. I did what you told (I pasted class Structure(Structure):
[INSERT TAB] pass above this line) but I still get NOT FOUND. Any ideas?

]]> Comment on Reversing the iPhone Device Service (AppleMobileDeviceService.exe) by extraexploit http://thatsbroken.com/?p=296&cpage=1#comment-66001 extraexploit Sun, 30 May 2010 14:59:20 +0000 http://thatsbroken.com/?p=296#comment-66001 Hi, thank you very much for sharing your stuff related to Paimei. Regards Hi,
thank you very much for sharing your stuff related to Paimei.

Regards

]]> Comment on Creating a PIDA File by Amit Khanna http://thatsbroken.com/?p=203&cpage=1#comment-14618 Amit Khanna Mon, 08 Mar 2010 11:55:52 +0000 http://thatsbroken.com/?p=203#comment-14618 Hi I tried your solution but it still doesn't work I got the same problem again: File "C:\Python25\Lib\site-packages\pida\function.py", line 318, in _branches_from if len(list(xrefs)) == 1 and list(xrefs)[0] == NextNotTail(ea): TypeError: object of type 'generator' has no len() Is there any other way to fix this? Thanks Amit Khanna Hi

I tried your solution but it still doesn’t work I got the same problem again:

File “C:\Python25\Lib\site-packages\pida\function.py”, line 318, in _branches_from
if len(list(xrefs)) == 1 and list(xrefs)[0] == NextNotTail(ea):
TypeError: object of type ‘generator’ has no len()

Is there any other way to fix this?

Thanks
Amit Khanna

]]> Comment on Creating a PIDA File by jRichards http://thatsbroken.com/?p=203&cpage=1#comment-7888 jRichards Mon, 01 Mar 2010 16:06:32 +0000 http://thatsbroken.com/?p=203#comment-7888 Hello Amit, Thankfully this is a fairly simple thing to fix. This error if "TypeError: object of type ‘generator’ has no len()" is due to a change in the way IDAPython generates xrefs. In older versions of IDAPython the returned data was a list. Now it returns a generator which can not be passed directly to len (). The offending line, "len(xrefs) == 1 and xrefs[0] == NextNotTail(ea):" can simply be changed to: len(list(xrefs)) == 1 and list(xrefs)[0] == NextNotTail(ea): Thanks for bringing this to my attention. I'll fix it up in the source so that we can eventually get all of these changes up in a repo somewhere. I'm pinging Pedram again today. You'll notice I fixed a very similar problem in proc_peek_recon.py <a href="http://thatsbroken.com/?p=224" rel="nofollow">here</a>. Hello Amit,

Thankfully this is a fairly simple thing to fix.

This error if “TypeError: object of type ‘generator’ has no len()” is due to a change in the way IDAPython generates xrefs. In older versions of IDAPython the returned data was a list. Now it returns a generator which can not be passed directly to len ().

The offending line, “len(xrefs) == 1 and xrefs[0] == NextNotTail(ea):” can simply be changed to:

len(list(xrefs)) == 1 and list(xrefs)[0] == NextNotTail(ea):

Thanks for bringing this to my attention. I’ll fix it up in the source so that we can eventually get all of these changes up in a repo somewhere. I’m pinging Pedram again today. You’ll notice I fixed a very similar problem in proc_peek_recon.py here.

]]>