malwaremusings / unpacker Goto Github PK

C:\Python27\lib\site-packages\winappdbg\event.py:1855: EventCallbackWarning: Event handler pre-callback <main.MyEventHandler object at 0x00B18210> raised an exception: Traceback (most recent call last):
File "C:\Python27\lib\site-packages\winappdbg\event.py", line 1850, in dispatch
returnValue = self.eventHandler(event)
File "C:\Python27\lib\site-packages\winappdbg\event.py", line 1467, in __call
return method(event)
File "E:\unpack.py", line 895, in exit_process
log("[*] <%d:%d> Exit process event for %s: %d" % (pid,tid,event.get_filename(),event.get_exit_code()))
File "C:\Python27\lib\site-packages\winappdbg\event.py", line 926, in get_filename
return self.get_module().get_filename()
File "C:\Python27\lib\site-packages\winappdbg\event.py", line 947, in get_module
return self.get_process().get_main_module()
File "C:\Python27\lib\site-packages\winappdbg\process.py", line 931, in get_main_module
return self.get_module(self.get_image_base())
File "C:\Python27\lib\site-packages\winappdbg\module.py", line 907, in get_module
raise KeyError(msg)
KeyError: 'Unknown DLL base address 00400000'

File "unpack.py", line 927, in create_thread
"module_base": event.get_module_base(),
AttributeError: 'CreateThreadEvent' object has no attribute 'get_module_base'

File "e:\unpack.py", line 728, in post_InternetOpen
log("[*] <%d:%d> 0x%x: InternetOpen("%s",0x%x,"%s","%s",0x%x) = 0x%x" % (pid,tid,ra,szAgent,dwAccessType,szProxyName,szProxyByp
ass,dwFlags,retval))
NameError: global name 'pid' is not defined

create_process
exit_process
create_thread
load_dll
unhandled event

I stopped WinAppDbg attaching to child processes for some reason, but lately I've needed it, so will turn it back on again.
If I find situations where attaching to child processes isn't useful, again, I'll make this optional.

Hi,

It is not an issue per say and I did not try the tool yet.

The idea is very good and I would like to support the project.

Maybe it is worse to try this approach with r2pipe for radare2? This way we will get a multi-platform solution.

BZW: I am interested to learn you better and I like your reverse engineering skills. How can I contact you directly?

Greetings,
Tolik