No doubt, PyDbg is a lovely User-Mode (Ring3) debugger available which is open source and completely scriptable in Python. If you want to parse the exe, decode instructions on the fly then this is the right choice for you! You can even code your own API Hooking, Monitoring tools (can be extended in various ways though) through PyDbg. However, today I will be explaining you the method on how we can install PyDbg and get our hands dirty. I have seen cases where most of the user’s get stuck while installing this tool. Even though the installation method is quite straight forward but proceeding with the wrong way can screw up your Python installation sometimes. Although PyDbg is supported for Python v2.4 only but there are various ways we can follow to run PyDbg even in Python v2.5 and so on. This post will focus on Python v2.4 version only.
To install PyDbg we need to have 3 packages handy with us:
- Python v2.4, of-course!
- PaiMei Framework (Download)
- ctypes (Download)
For the time being I am considering that you have chosen your default Python installation directory as “C:\Python24\”. Now we need to install Ctypes and PaiMei respectively.
NOTE: Correct order is necessary otherwise we might end up with a faulty installation!
- Run the ctypes installer executable, follow the instructions accordingly.
- Once the ctypes is installed successfully, extract the PaiMei zip archive file and cd to the directory where “setup.py” file is present.
- Once you are inside that directory (where you see setup.py is present in PWD), issue the following command to install the PaiMei framework into your host.
C:\Users\<UserID>\Desktop\PaiMei\python setup.py install
- If all goes well, then you have successfully installed PaiMei along with the PyDbg framework in your host! But do remember that if ctypes libraries are not installed properly, PaiMei installer won’t let you install itself into your target machine.
Once the installation is done, it time to check if you have successfully installed PyDbg into your host or not. In order to do that let’s write a small Python code (dbgtest.py) snippet for a test run and check if it gives us the desired output in the console.
from pydbg import * dbgObj = pydbg() # Create PyDbg object print dbgObj.enumerate_processes()# Lists all the current running processes along with the PIDs.</code></pre>
If it lists out all the running processes which are all running in your host currently, then you have successfully installed PyDbg.