PWiNTOOLS is a very basic implementation of pwntools for Windows to play with local processes and remote sockets.

Windows is not yet supported in the official pwntools: Minimal support for Windows #996.

Feel free to contribute or report bugs.

Read the code :)

from pwintools import *

DEBUG = True
if DEBUG:
	r = Process("chall.exe") # Spawn chall.exe process
	r.spawn_debugger(breakin=False)
	log.info("WinExec @ 0x{:x}".format(r.symbols['kernel32.dll']['WinExec']))
else:
	r = Remote("challenge.remote.service", 8080)

r.sendline('ID123456789') # send / write
if r.recvline().strip() == 'GOOD': # recv / read / recvn / recvall / recvuntil
	log.success('Woot password accepted!')
	r.send(shellcraft.amd64.WinExec('cmd.exe'))
else:
	log.failure('Bad password')

log.info('Starting interactive mode ...')
r.interactive() # interactive2 for Remote available

The test directory provides some examples of usage:

• test_pwn_pe spawns pwn.exe and exploits it (pwn.exe can be build using tests/build_pwn_pe.py requires LIEF)
• test_remote is a basic TCP connection and interaction
• test_shellcode injects shellcodes into notepad.exe to test them locally
• exemple_rop is a example of exploit script for the associated vulnerable exemple_rop

PythonForWindows providing a Python implementation to play with Windows.

Optionals:

• capstone
• keystone

	Improve 32 bits support and testing
	Support local Context like pwntools
	Improve Shellcraft to avoid NULL bytes (xor_pair)
	Provide examples with Python Debugger
	Integrate gadgets tool support (rp++)
	Process mitigation (appcontainer / Force ASLR rebase / Job sandboxing ...)
	pip install pwintools :)
	`Port` the project to pwntools

• Mastho
• Geluchat