OpenRCE_jms
November 24th, 2007, 18:50
Just waiting for Pedram to update SVN, but I thought I would post quickly. Some additions to PyDBG:
1) pydbg.pid_to_port(pid)
This function returns a list of tuples with the protocol, bound address and port number that a given process owns. So the following (originally from Pedram) for the [System] process:
Then its trivial to enumerate all processes and retrieve each process's listening ports.
2) utils.hooking.inject()
This is a migration of my PyFault code to allow for dll injection and ejection. Again pretty straightforward:
So nothing earth shattering but some quick and dirty utility functions. Now I will get on Pedram's case about committing the changes
https://www.openrce.org/blog/view/859/Small_PyDBG_Enhancements_Incoming
1) pydbg.pid_to_port(pid)
This function returns a list of tuples with the protocol, bound address and port number that a given process owns. So the following (originally from Pedram) for the [System] process:
Code:
import pydbg
dbg = pydbg.pydbg()
for proto, addr, port in dbg.pid_to_port(4):
print proto, addr, port
OUTPUT:
TCP 0.0.0.0 445
TCP 192.168.216.1 139
TCP 192.168.202.1 139
TCP 10.77.0.6 139
TCP 192.168.7.98 139
UDP 0.0.0.0 445
Then its trivial to enumerate all processes and retrieve each process's listening ports.
2) utils.hooking.inject()
This is a migration of my PyFault code to allow for dll injection and ejection. Again pretty straightforward:
Code:
import utils
import time
injector = utils.hooking.inject()
injector.inject_dll("C:\\testdll.dll",pid)
time.sleep(10)
injector.eject_dll("testdll.dll",pid)
So nothing earth shattering but some quick and dirty utility functions. Now I will get on Pedram's case about committing the changes
https://www.openrce.org/blog/view/859/Small_PyDBG_Enhancements_Incoming