python for exploitation and RE?

[Kiuhnm]

When I used to crack software I wrote all my code (loaders, etc...) in C++.
It seems that many now use Python, but is it really a good alternative?
I'd like to write a script which searches for a pattern in the .text section of a given module of a given process.
In C++ I used Win32 API directly. What's the right way in Python?

[Deque]

The best PE library for Python is this: https://code.google.com/p/pefile/
I am not sure that it does what you need. It is for static parsing and editing.

[TheWormKill]

I'd say either use something like Capstone (a disassembly library) to get your information from the file (probably using pefile, too) and afterwards write the analysis in Python, or load your file in IDA and use IDAPython to do your analysis. Either way, python is very good for what you want to accomplish.

[Kiuhnm]

Capstone is certainly something I need, but I'm not so sure about IDA and pefile. I need to examine memory, not files on disk. A file could be packed, encrypted, etc... so it wouldn't be the same thing.

[TheWormKill]

ah. Sorry, seems I've read too fast. What about PyDbg? it's a debugger, so memory access is possible, as well as "intelligent" analysis.

Might I ask, what you're doing? You made me curious.

[Kiuhnm]

Thanks. Sounds perfect.

edit: PyDbg isn't maintained anymore. I'm going to use WinAppDbg.

[Kiuhnm]

Might I ask, what you're doing? You made me curious.

I'm trying to learn exploitation in Windows. There are many little tools available to search for "pop pop ret", "jmp esp", etc..., but I want to write my own tools because writing them is very instructive and it gives me more control.
For instance, why should I search only for "pop pop ret" and not "pop inc pop ret"?
As an example, metasploit has a pattern generator that's limited to 20280 bytes, so I wrote one that supports more than 5 million bytes (https://github.com/mtomassoli/pattern).