"Gray Hat Python" is awesome book. This tells us how Python script language helps, extends, and automates reverse engineering and debugging works.
Python and reverse engineering tools presented in this book are almost opensource project (except IDA Pro), so you can begin your Gray-Hat-Python exercize without any moneys, dollers, yens.

#amazon||>
<iframe style="width:120px;height:240px;" marginwidth="0" marginheight="0" scrolling="no" frameborder="0" src="//rcm-fe.amazon-adsystem.com/e/cm?lt1=_blank&bc1=000000&IS2=1&bg1=FFFFFF&fc1=000000&lc1=0000FF&t=glamenvseptze-22&o=9&p=8&l=as4&m=amazon&f=ifr&ref=as_ss_li_til&asins=1593271921&linkId=de21271cfc3d1352f99b9538cfcaec0d"></iframe>
||<

But sadly, there's some errors in example script and unexpected runtime-errors. Some of them are purely mistaken, some of them are caused by tools/libs version ups (we can't stop these version ups, because it's open-source.).
So I left my reading memos, covering these errors and avoiding affections from version-ups per every chapters.

And 1st, I reccomend you to read update informations from official "Gray Hat Python" book site:
- Gray Hat Python:
-- http://nostarch.com/ghpython.htm

I bought this book at 2010.06.27. If you buy newer version than me, some problems/errors in this article may have been fixed.

And my environment:
 OS : Windows XP SP3 Japanese
 CPU : Intel PentiumM (cenntrino) 1.2GHz
 RAM : 1GB
 Python : Python 2.5 (MSI installer), C:\Python25\python.exe
 (Python 2.5.2 (r252:60911, Feb 21 2008, 13:11:45) [MSC v.1310 32 bit (Intel)] on win32)
 
 Compiler : Microsoft Visual C++ 2008 Express Edition SP1
 > cl 
 Microsoft(R) 32-bit C/C++ Optimizing Compiler Version 15.00.30729.01 for 80x86
 Copyright (C) Microsoft Corporation.  All rights reserved.
 > link
 Microsoft (R) Incremental Linker Version 9.00.30729.01
 Copyright (C) Microsoft Corporation.  All rights reserved.

#more||
#outline||
----
* Chapter 3 : BUILDING A WINDOWS DEBUGGER

Install PyDBG HowTo : see [[13]]

: 32p, my_test.py : #block||>
 debugger.attach(...)
 debugger.detach()
→
 debugger.attach(...)
 debugger.run()
 debugger.detach()
||<
: 46p, printf_loop.py : #block||>

 while 1:
     msvcrt.printf("Loop iteration %d!\n" % counter)
→
 while 1:
     msvcrt.printf("Loop iteration %d!\n", counter)

Later, in "Chapter 4" 58p printf_random.py exercise, upper version doesn't work as this book shows, but 2nd version works.
(This problem has been fixed in zip archive which you download from official site.)

||<
: 46p - 47p, 0xCC is not restored : #block||>
Software breakpoints, 0xCC is not restored yet, so execution flow becomes illegal errors.
||<
: 46p - 47p, output messages : #block||>
Displayed output messages are different from what you punched from source code in this book.
In this step, you should download source code from official site ( http://nostarch.com/ghpython.htm ).
||<
: 49p, my_debugger.py : #block||>

 elif self.exception == exception_single_steop:
    self.exception_handler_single_step()
→
 elif self.exception == exception_single_steop:
    continue_status = self.exception_handler_single_step()

||<
: 50p, my_debugger.py : #block||>

"DBG_EXCEPTION_NOT_HANDLED" 1st appears, but my_debugger_defines.py downloaded from official site doesn't include this definition.
Add to your my_debugger_defines.py by hand : 
 DBG_EXCEPTION_NOT_HANDLED = 0x80010001

||<
: 53p, "VirtualQuery" prototype : #block||>

 SIZE_T WINAPI VirtualQuery(
     HANDLE hProcess,
     ...
→
 SIZE_T WINAPI VirtualQueryEx(
     HANDLE hProcess,
     ...

"VirtualQuery()" doesn't take other process handle, but "VirtualQueryEx()" does.
||<

* Chapter 7 : DLL AND CODE INJECTION

: 102p, code_injection.py : #block||>

 kernel32      = windll.kernel32
 pid           = int(sys.argv[1])
 pid_to_kill   = sys.argv[2]
 
 if not sys.argv[1] or not sys.argv[2]:
     print "Code Injector: ./code_injector.py <PID to inject> <PID to Kill>"
     sys.exit(0)
"sys.argv" check timing is wrong.
→
 if len(sys.argv) < 3:
     print "Code Injector: ./codeinjector.py <PID to inject> <PID to kill>"
     sys.exit(0)
 
 kernel32 = windll.kernel32
 pid = sys.argv[1]
 pid_to_kill = sys.argv[2]

||<
: 106p, backdoor.py : #block||>

In book version:
 PAGE_EXECUTE_READWRITE = 0x40
 ...
     arg_address = kernel32.VirtualAllocEx(
         h_process, 0, len(data), VIRTUAL_MEM,  PAGE_EXECUTE_READWRITE)
It's correct. Memory area for code injection must be allocated with executable flag.

But zip archive version is wrong:
 PAGE_READWRITE     =     0x04
 ...
     arg_address = kernel32.VirtualAllocEx( 
     h_process, 0, len(data), VIRTUAL_MEM, PAGE_READWRITE)

For backdoor.py, I recommend not to believe zip version backdoor.py.
||<

* Chapter 9 : SULLEY

How to install pcapy on my environment with WinPcap-4.1.x ? : [[14]]

: 131p, ftp_session.py : #block||>

Book version is correct, but in zip archive version, double quotation became '“' and '”'. This result:
 SyntaxError: Non-ASCII character '\xe2'
→ Fix it by hand, or, punch book version from scratch.

||<

* Chapter 10 : FUZZING WINDOWS DRIVERS

: 143p : #block||>

 C:\WINDOWS\System32\beep.sys
→ In my Windows XP SP3, beep.sys exists:
 C:\WINDOWS\System32\drivers\beep.sys

||<
: 142p - : #block||>

(This is NOT book error, but driverlib.py error in ImmunityDebugger.)

In Nov.2010, I downloaded Immunity Debugger Ver 1.73.
driverlib.py included in v1.73 has some these log() lines : 
 self.imm.log("...(mes)...", address=...)
This makes errors.

"imm", "immlib.Debugger" class instance, has 2 log methods:
 def log(self, msg)
and
 def Log(self, msg, address = 0xbadf00d ,highlight = False, gray = False , focus = 0)

"log()" (all small case) takes only 1 string argument, but "Log()" (heading char is large case) takes other default arguments.

Now, grep "log" in your driverlib.py (C:\Program Files\Immunity Inc\Immunity Debugger\Libs\driverlib.py) and replace "log()" to "Log()" if it passes other arguments.

||<