search

corelan / mona

Corelan Repository for mona.py
BSD 3-Clause "New" or "Revised" License
1.7k stars 565 forks source link

Errors running !py mona rop #4

Closed clymb3r closed 8 years ago

clymb3r commented 9 years ago

I'm trying to see if Mona has installed correctly by running simply commands against Notepad++. Below is the output that Mona gives me when I run the rop command (other commands that need module information appear to give similar output). This is on Windows 8.1 x64 (running a 32bit debugger).

0:009> !py mona rop Hold on... [+] Command used: !py C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x86\mona.py rop

---------- Mona command started on 2015-05-02 13:15:18 (v2.0, rev 557) ---------- [+] Processing arguments and criteria

Traceback (most recent call last): File "C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x86\mona.py", line 17996, in main commands[command].parseProc(opts) File "C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x86\mona.py", line 11257, in procROP findROPGADGETS(modulecriteria,criteria,endings,maxoffset,depth,split,thedistance,fast,mode) File "C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x86\mona.py", line 5961, in findROPGADGETS modulestosearch = getModulesToQuery(modulecriteria) File "C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x86\mona.py", line 5373, in getModulesToQuery populateModuleInfo() File "C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x86\mona.py", line 5488, in populateModuleInfo thismod = MnModule(key) File "C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x86\mona.py", line 2493, in init mzbase = mod.getBaseAddress() AttributeError: 'NoneType' object has no attribute 'getBaseAddress'

corelanc0d3r commented 9 years ago

Good catch, apparently windbg doesn't like '+' in the filename. Fixed - https://github.com/corelan/windbglib/commit/8d531071aa8d14a499994656c01bed07d9f6a344 Please run !py mona up and try again

clymb3r commented 9 years ago

This doesn't appear to have fixed the issue for me. I tried running the command against another 32bit windbg process with the exact same result:

0:004> !py mona rop Hold on... [+] Command used: !py C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x86\mona.py rop

---------- Mona command started on 2015-05-02 14:50:05 (v2.0, rev 557) ---------- [+] Processing arguments and criteria

Traceback (most recent call last): File "C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x86\mona.py", line 17996, in main commands[command].parseProc(opts) File "C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x86\mona.py", line 11257, in procROP findROPGADGETS(modulecriteria,criteria,endings,maxoffset,depth,split,thedistance,fast,mode) File "C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x86\mona.py", line 5961, in findROPGADGETS modulestosearch = getModulesToQuery(modulecriteria) File "C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x86\mona.py", line 5373, in getModulesToQuery populateModuleInfo() File "C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x86\mona.py", line 5488, in populateModuleInfo thismod = MnModule(key) File "C:\Program Files (x86)\Windows Kits\8.1\Debuggers\x86\mona.py", line 2493, in init mzbase = mod.getBaseAddress() AttributeError: 'NoneType' object has no attribute 'getBaseAddress'

corelanc0d3r commented 9 years ago

mind sharing which process you're attached to ?

corelanc0d3r commented 9 years ago

windbg seems to convert "-" to "_" as well... mind trying again with the latest version of windbglib ?

corelanc0d3r commented 8 years ago

closing for now. if you feel the issue is not solved, please let me know

zjr-g commented 2 years ago

Good catch, apparently windbg doesn't like '+' in the filename. Fixed - corelan/windbglib@8d53107 Please run !py mona up and try again

Yes!This windbglib.py can deal with the problem.

corelanc0d3r commented 2 years ago

awesome, thanks for confirming!