If you’ve spent any time playing with PaiMei’s PEEK! Module you’ve no doubt run into bugs.
PEEK! has the ability to track and print to screen the registers and stack when calls to recv() and recvfrom() are made. When these functions return EAX holds the buffer length of the recieved packet… unless there is a failure and it returns -1 (or FFFFFFFF). Unfortunately pydbg is instructed to do this without first checking the value of length.:
read_buf = create_string_buffer(length)
Which results in this:
File “C:\Python25\lib\ctypes\__init__.py”, line 70, in create_string_buffer
buftype = c_char * init
OverflowError: cannot fit ‘long’ into an index-sized integer
What’s the right ay to fix this? Should we edit pydbg to make sure it doesnt try to create a buffer 4294967295 in length? Maybe… but for now we’ll edit PAIMEIpeek.py because its easier, faster, and I don’t have commit to the svn
To resolve this, I modified each hook container call back like so:
####################################################################################################################
def socket_logger_ws2_recvfrom (self, dbg, args, ret):
'''
Hook container call back.
'''
self.msg("ws2_32.recvfrom(buf=%08x, len=%d)" % (args[1], args[2]))
self.msg("Actually received %d bytes:" % ret)
if int(ret) == 4294967295:
self.msg("ERROR received from ws2_32:%d" % ret)
else:
self.msg(dbg.hex_dump(dbg.read(args[1], ret)))
####################################################################################################################
Yes, its a hack but it accomplishes what I need to continue monitoring so it’s good enough for now.
Previous 
Next 
Categories
Tag Cloud
Blog RSS
Comments RSS
Last 50 Posts
Back
Void 
Life 
Earth 
Wind 
Water 
Fire
Thought about uploading to github repo and committing your fixes and maybe any Sulley requests you’ve written? *nudge*
I’m talking to Pedram and I am working on getting the fixes into the repo… I agree we need more sulley request session example so I’ll work on getting those out as well. Thanks for the feedback