Log in

View Full Version : Small PyDBG Enhancements Incoming


OpenRCE_jms
November 24th, 2007, 18:50
Just waiting for Pedram to update SVN, but I thought I would post quickly. Some additions to PyDBG:

1) pydbg.pid_to_port(pid)

This function returns a list of tuples with the protocol, bound address and port number that a given process owns. So the following (originally from Pedram) for the [System] process:

Code:

import pydbg

dbg = pydbg.pydbg()

for proto, addr, port in dbg.pid_to_port(4):
print proto, addr, port

OUTPUT:

TCP 0.0.0.0 445
TCP 192.168.216.1 139
TCP 192.168.202.1 139
TCP 10.77.0.6 139
TCP 192.168.7.98 139
UDP 0.0.0.0 445


Then its trivial to enumerate all processes and retrieve each process's listening ports.

2) utils.hooking.inject()

This is a migration of my PyFault code to allow for dll injection and ejection. Again pretty straightforward:

Code:

import utils
import time

injector = utils.hooking.inject()

injector.inject_dll("C:\\testdll.dll",pid)
time.sleep(10)
injector.eject_dll("testdll.dll",pid)



So nothing earth shattering but some quick and dirty utility functions. Now I will get on Pedram's case about committing the changes

https://www.openrce.org/blog/view/859/Small_PyDBG_Enhancements_Incoming