gr ay hat master the Professional g r Py thon hacker’s Python toolkit a y Justin Python Programming for hackers and h reverse engineers seitz a Python is fast becoming the programming You’ll learn how to: t language of choice for hackers, reverse > Automate tedious reversing and engineers, and software testers because P security tasks it’s easy to write quickly, and it has the > Design and program your own debugger y low-level support and libraries that make > Learn how to fuzz Windows drivers and t hackers happy. But until now, there has create powerful fuzzers from scratch been no real manual on how to use Python h > Have fun with code and library injection, for a variety of hacking tasks. You had to soft and hard hooking techniques, and o dig through forum posts and man pages, other software trickery n endlessly tweaking your own code to get > Sniff secure traffic out of an encrypted everything working. Not anymore. web browser session Gray Hat Python explains the concepts > Use PyDBG, Immunity Debugger, behind hacking tools and techniques like Sulley, IDAPython, PyEMU, and more debuggers, trojans, fuzzers, and emulators. But author Justin Seitz goes beyond theory, The world’s best hackers are using Python showing you how to harness existing to do their handiwork. Shouldn’t you? Python-based security tools — and how to build your own when the pre-built ones won’t cut it. Justin seitz is a senior security researcher for immunity, inc., where he spends his time bug hunting, reverse engineering, writing exploits, and coding Python. THE FINEST IN GEEK ENTERTAINMENT™ “I LAY FLAT.” s www.nostarch.com This book uses RepKover — a durable binding e that won’t snap shut. i t z $39.95 ($49.95 CDN) shelve in: COMPUTERS/SECURiTy ISBN: 978-1-59327-192-3 53995 9 781593 271923 6 89145 71921 5 GRAY HAT PYTHON GR AY HAT PY THON Python Programming for Hackers and Reverse Engineers by Justin Seitz San Francisco GRAY HAT PYTHON. Copyright © 2009 by Justin Seitz. All rights reserved. No part of this work may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage or retrieval system, without the prior written permission of the copyright owner and the publisher. 13 12 11 10 09 1 2 3 4 5 6 7 8 9 ISBN-10: 1-59327-192-1 ISBN-13: 978-1-59327-192-3 Publisher: William Pollock Production Editor: Megan Dunchak Cover Design: Octopod Studios Developmental Editor: Tyler Ortman Technical Reviewer: Dave Aitel Copyeditor: Linda Recktenwald Compositors: Riley Hoffman and Kathleen Mish Proofreader: Rachel Kai Indexer: Fred Brown, Allegro Technical Indexing For information on book distributors or translations, please contact No Starch Press, Inc. directly: No Starch Press, Inc. 555 De Haro Street, Suite 250, San Francisco, CA 94107 phone: 415.863.9900; fax: 415.863.9950; [email protected]; www.nostarch.com Library of Congress Cataloging-in-Publication Data: Seitz, Justin. Gray hat Python : Python programming for hackers and reverse engineers / Justin Seitz. p. cm. ISBN-13: 978-1-59327-192-3 ISBN-10: 1-59327-192-1 1. Computer security. 2. Python (Computer program language) I. Title. QA76.9.A25S457 2009 005.8--dc22 2009009107 No Starch Press and the No Starch Press logo are registered trademarks of No Starch Press, Inc. Other product and company names mentioned herein may be the trademarks of their respective owners. Rather than use a trademark symbol with every occurrence of a trademarked name, we are using the names only in an editorial fashion and to the benefit of the trademark owner, with no intention of infringement of the trademark. The information in this book is distributed on an “As Is” basis, without warranty. While every precaution has been taken in the preparation of this work, neither the author nor No Starch Press, Inc. shall have any liability to any person or entity with respect to any loss or damage caused or alleged to be caused directly or indirectly by the information contained in it. Mom, If there’s one thing I wish for you to remember, it’s that I love you very much. Alzheimer Society of Canada—www.alzheimers.ca B R I E F C O N T E N T S Foreword by Dave Aitel................................................................................................xiii Acknowledgments........................................................................................................xvii Introduction..................................................................................................................xix Chapter 1: Setting Up Your Development Environment.........................................................1 Chapter 2: Debuggers and Debugger Design...................................................................13 Chapter 3: Building a Windows Debugger......................................................................25 Chapter 4: PyDbg—A Pure Python Windows Debugger.....................................................57 Chapter 5: Immunity Debugger—The Best of Both Worlds..................................................69 Chapter 6: Hooking......................................................................................................85 Chapter 7: DLL and Code Injection..................................................................................97 Chapter 8: Fuzzing.....................................................................................................111 Chapter 9: Sulley........................................................................................................123 Chapter 10: Fuzzing Windows Drivers..........................................................................137 Chapter 11: IDAPython—Scripting IDA Pro....................................................................153 Chapter 12: PyEmu—The Scriptable Emulator.................................................................163 Index.........................................................................................................................183