Page 11 of 11 FirstFirst ... 4567891011
Results 151 to 164 of 164

Thread: PAIMEI INFO

  1. #151
    Good hanging in there. Looks like you are getting to the bottom of the issue.

    Regards,
    JMI

  2. #152
    Hanging in (aka stubbornness) comes naturally to a Scotsman. Would be nice if I knew a little more about what I was doing?

  3. #153
    Quote Originally Posted by WaxfordSqueers View Post
    Hanging in (aka stubbornness) comes naturally to a Scotsman. Would be nice if I knew a little more about what I was doing?
    I'm back to tracing through python code, trying to track down where Paimei fails on my computer. One problem I am encountering is the over-bloated nature of Python. If you thought MFC was bad, wait till you trace through python24.dll. For anyone who thinks I'm crazy doing that, it's just for chuckles. You'd have to enjoy the NY Times crossword to know what I mean.

    This line is missing from the log window in PStalker (in Paimei) when the app fails:
    [*] Setting 683 breakpoints on basic blocks in main module

    For some reason, the apps that fail bypass that part of the code, then fail. They don't fail immediately at that point, but after loading a few imports. I want to trace the code to that point to see why the breakpoints are not being set in the apps that fail. It seems to me there should be an error generated if the app can't set the breakpoints...if the PIDA is bad, for example.

    A quick digression. The PIDA seems to be packed with zlib but I don't think there are headers on the file. Any ideas on how to decompress it? My plan is to watch it load into memory and dump it, if I ever get there. I'm getting caught up in the Python garbage collector code.

    There are only a few functions marked in the python dll, but I have a solution at hand. I have compiled the Python files from source with the hope of getting a good PDB file. My first choice was the debug version, but now I am wondering. I don't know a whole lot about the ins and outs of debugging and could use some advice.

    Would I be better off compiling the release version and using the generated PDB file from that for an nms file, or using the debug version? IDA does a reasonable job but there aren't many function landmarks for breakpoints in the release version. If I use the debug version, I don't know how many system files I'd have to recompile to make my present setup functional. Could I just replace the base files like Python.exe, pythonw.exe and python24.dll with their debug counterparts?

    The source files for the Windows Python24 install are setup very nicely. I can simply load them in the free VC 2008 and they compile like a charm.

  4. #154

    USING PAIMEI (PYDBG)

    This is a tutorial from ABBSHA, a member of crackslatinos who win the weekly contest for make an pydbg script to reach the oep of a simpleUPX packed program, and print the list of apis of the iat names and addresses

    http://storage2.ricardonarvaja.com.ar/web/CURSO%20NUEVO/TEORIAS%20NUMERADAS/1001-1100/1005-USANDO%20PYDBG-%20Script%20de%20Python%20por%20ABSSHA.rar

    Thanks to ABBSHA
    ricnar

  5. #155
    Thanks for sharing Ricardo.

    Regards,
    JMI

  6. #156
    and thanks to ABSSHA the author.

    ricnar

  7. #157
    emperor
    Guest

    to : Ricardo Narvaja

    tnx ricardo for all tut but i have very #$%#45 problem when run PAIMEIconsole.pyw pstalker... did`nt com into my modules why ? and i get flowin error :


    Traceback (most recent call last):
    File "C:\FUZZERS\PaiMei-1.1-REV122\console\PAIMEIconsole.pyw", line 409, in __init__
    exec("from %s import *" % module)
    File "<string>", line 1, in ?
    File "modules\PAIMEIpstalker.py", line 27, in ?
    import _PAIMEIpstalker
    File "modules\_PAIMEIpstalker\__init__.py", line 10, in ?
    import ProcessListCtrl
    File "modules\_PAIMEIpstalker\ProcessListCtrl.py", line 32, in ?
    class ProcessListCtrl (wx.ListCtrl, ListCtrlAutoWidthMixin):
    File "modules\_PAIMEIpstalker\ProcessListCtrl.py", line 37, in ProcessListCtrl
    FUNCTIONS = utils.process_stalker.FUNCTIONS
    AttributeError: 'module' object has no attribute 'process_stalker'


    can u help me to slave this #@$%#$% problem ???
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  8. #158

    how

    how do you run process stalker? in the console there is an icon for start, i don' t understand how you start the consola and how you run proces stalker you can explain me?

    ricnar

  9. #159
    I forgot to mention, thanks Ricardo for the Awesome tutorials. This surely can get a PAIMEI newbie started in a short amount of time. Also, I love your tuts for having a lot of pics, very easy to follow. Thanks again!

  10. #160
    emperor
    Guest
    Ricardo i only click on PAIMEIconsole.pyw conslo loaded show me some error and at last i see paimei gui (sorry for poor eng)

    - i do any thing ex instal sql instal wx.. and all other requerment and and run __re...py and shome everythin is OK and install paimei .

    i reed all paimei but i dosn`t have any sens to me .
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  11. #161

    are you sure

    you install paimei and other complements in the correct versions? in the tut i use python 2.4 and all package have the option to install in 2.4 or 2.5, always is needed the 2.4 version

    http://pedram.redhive.com/PyDbg/docs/installation.html

    look the packages needed in the page of paimei and verify all are installed in correct versions.

    ricnar

  12. #162
    Chuck B.
    Guest
    Hey everyone, I just wanted to throw down a quick note that I'm in the process of going over and semi-translating Ricardo's excellent tutorials - I'm not finished yet with them but there's a few up on my blog. I'm posting them as I go through them.

    Please keep in mind I do not speak Spanish very well at all. When translating them I just used google translate - and tried to fix them a bit by hand for some obvious things they came out sort of decent. One that doesn’t know Spanish could pretty much follow along using a bit of common sense, the google translation, and by looking at the screenshots and examples.

    If someone else did a better job - let me know and I can post those instead.

    They can be found here:

    http://anautonomouszone.com/blog/tutorials

    Cheers,

    Chuck B.
    Last edited by Chuck B.; July 18th, 2008 at 12:43.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  13. #163
    good job thanks

    ricnar

  14. #164
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Location
    Ring -1
    Posts
    4,206
    Blog Entries
    5
    And for everyone reading this thread just to get their hands on these process stalking features, but still don't want to deal with any Python crap and the assorted problems it brings, take a look at this instead:

    http://www.woodmann.com/forum/showthread.php?t=11306

    "Give a man a quote from the FAQ, and he'll ignore it. Print the FAQ, shove it up his ass, kick him in the balls, DDoS his ass and kick/ban him, and the point usually gets through eventually."

Similar Threads

  1. HASP DMP to Emulator_NOT B-studio & cool INFO By ME )
    By minawahib1 in forum Advanced Reversing and Programming
    Replies: 6
    Last Post: May 6th, 2006, 04:06
  2. UK-INFO (PC F*Rmat Mag Sept 2001
    By Scally6 in forum Malware Analysis and Unpacking Forum
    Replies: 0
    Last Post: September 20th, 2001, 13:19
  3. [INFO] new forum for OllyDbg users
    By TBD in forum Tools of Our Trade (TOT) Messageboard
    Replies: 0
    Last Post: December 28th, 2000, 18:33

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •