Gray Hat Python By Justin Seitz

Gray Hat Python By Justin Seitz

Gray Hat Python (Python Programming for Hackers and Reverse Engineers) by Justin SeitzContents:==========Chapter 1: SETTING UP YOUR DEVELOPMENT ENVIRONMENT (1)1.1 Operating System Requirements1.2 Obtaining and Installing Python 2.51.2.1 Installing Python on Windows1.2.2 Installing Python for Linux1.3 Setting Up Eclipse and PyDev1.3.1 The Hacker’s Best Friend: ctypes1.3.2 Using Dynamic Libraries1.3.3 Constructing C Datatypes1.3.4 Passing Parameters by Reference1.3.5 Defining Structures and UnionsChapter 2: DEBUGGERS AND DEBUGGER DESIGN (13)2.1 General-Purpose CPU Registers2.2 The Stack2.3 Debug Events2.4 Breakpoints2.4.1 Soft Breakpoints2.4.2 Hardware Breakpoints2.4.3 Memory BreakpointsChapter 3: BUILDING A WINDOWS DEBUGGER (25)3.1 Debuggee, Where Art Thou?3.2 Obtaining CPU Register State3.2.1 Thread Enumeration3.2.2 Putting It All Together3.3 Implementing Debug Event Handlers3.4 The Almighty Breakpoint3.4.1 Soft Breakpoints3.4.2 Hardware Breakpoints3.4.3 Memory Breakpoints3.5 ConclusionChapter 4: PYDBG—A PURE PYTHON WINDOWS DEBUGGER (57)4.1 Extending Breakpoint Handlers4.2 Access Violation Handlers4.3 Process Snapshots4.3.1 Obtaining Process Snapshots4.3.2 Putting It All TogetherChapter 5: MMUNITY DEBUGGER—THE BEST OF BOTH WORLDS (69)5.1 Installing Immunity Debugger5.2 Immunity Debugger 1015.2.1 PyCommands5.2.2 PyHooks5.3 Exploit Development5.3.1 Finding Exploit-Friendly Instructions5.3.2 Bad-Character Filtering5.3.3 Bypassing DEP on Windows5.4 Defeating Anti-Debugging Routines in Malware5.4.1 IsDebuggerPresent5.4.2 Defeating Process IterationChapter 6: HOOKING (85)6.1 Soft Hooking with PyDbg6.2 Hard Hooking with Immunity DebuggerChapter 7: DLL AND CODE INJECTION (97)7.1 Remote Thread Creation7.1.1 DLL Injection7.1.2 Code Injection7.2 Getting Evil7.2.1 File Hiding7.2.2 Coding the Backdoor7.2.3 Compiling with py2exeChapter 8: FUZZING (111)8.1 Bug Classes8.1.1 Buffer Overflows8.1.2 Integer Overflows8.1.3 Format String Attacks8.2 File Fuzzer8.3 Future Considerations8.3.1 Code Coverage8.3.2 Automated Static AnalysisChapter 9: SULLEY (123)9.1 Sulley Installation9.2 Sulley Primitives9.2.1 Strings9.2.2 Delimiters9.2.3 Static and Random Primitives9.2.4 Binary Data9.2.5 Integers9.2.6 Blocks and Groups9.3 Slaying WarFTPD with Sulley9.3.1 FTP 1019.3.2 Creating the FTP Protocol Skeleton9.3.3 Sulley Sessions9.3.4 Network and Process Monitoring9.3.5 Fuzzing and the Sulley Web InterfaceChapter 10: FUZZING WINDOWS DRIVERS (137)10.1 Driver Communication10.2 Driver Fuzzing with Immunity Debugger10.3 Driverlib—The Static Analysis Tool for Drivers10.3.1 Discovering Device Names10.3.2 Finding the IOCTL Dispatch Routine10.3.3 Determining Supported IOCTL Codes10.4 Building a Driver FuzzerChapter 11: IDAPYTHON—SCRIPTING IDA PRO (153)11.1 IDAPython Installation11.2 IDAPython Functions11.2.1 Utility Functions11.2.2 Segments11.2.3 Functions11.2.4 Cross-References11.2.5 Debugger Hooks11.3 Example Scripts11.3.1 Finding Dangerous Function Cross-References11.3.2 Function Code Coverage11.3.3 Calculating Stack SizeChapter 12: PYEMU—THE SCRIPTABLE EMULATOR (163)12.1 Installing PyEmu12.2 PyEmu Overview
Basılı kopya

Diğer Kitaplar