Category Archives: python

Python and DDK

There is no easy way to call DDK functions from python. In the end, we need to create an extension for python and use that to call these functions. I have used ActivePython for that. Here is a simple python … Continue reading

Posted in python, Windows, Windows VC++ | Tagged , , , , | Leave a comment

Visual Studio linking error with .lib files

Recently when I was developing a small python extension code , I faced a linking error. I looked into the functions and other things. Everything was looking good. In the end, I noticed that library I am including is for … Continue reading

Posted in python, Windows, Windows VC++ | Tagged , , , , , | Leave a comment

Simple python script to read procmon/autoscansc xml files

  ParseProcmon.py from xml.etree.ElementTree import ElementTreeimport xml.etree.ElementTreeimport sysimport osimport re def usage():    print ”’Usage: %s xmlfilename    ”’.strip() % sys.argv[0] if len(sys.argv) < 2 or not os.path.isfile(sys.argv[1]):    #print len(sys.argv)    usage()    sys.exit() tree = ElementTree()tree= xml.etree.ElementTree.parse(sys.argv[1])#print “parsed the xml file” if tree:    … Continue reading

Posted in python | Tagged , | Leave a comment

Get the list of Hooked library functions

Most of the library hooking mechanism uses inline patching. Most of the time it uses x86 “jmp” instructions to hook the first instruction in the function. Here is a simple Immunity debugger script to find those hooked functions. import pefile … Continue reading

Posted in python, Reversing | Tagged , , | Leave a comment

netcat (tcp) recursive

Simple Netcat recursive script: import socket import sys import os import re import string def netcat(hostname, port, content):     #print content     s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)     s.connect((hostname, port))     s.setblocking(0)     s.sendall(content)     #s.shutdown(socket.SHUT_WR)     while 0:         #s.settimeout(1) … Continue reading

Posted in python | Tagged , | Leave a comment

Script to automatically extract the IDL from the installation folder.

  Auditing an application is mixture of source code analysis and binary analysis. When you auditing a new application , it is good to know the COM interfaces in the application. I extract the MSI/zip files into a folder and … Continue reading

Posted in COM, ole, python, Tools | Tagged , , , , , , | Leave a comment