本文整理汇总了Python中winappdbg.System.request_debug_privileges方法的典型用法代码示例。如果您正苦于以下问题:Python System.request_debug_privileges方法的具体用法?Python System.request_debug_privileges怎么用?Python System.request_debug_privileges使用的例子?那么恭喜您, 这里精选的方法代码示例或许可以为您提供帮助。您也可以进一步了解该方法所在类winappdbg.System
的用法示例。
在下文中一共展示了System.request_debug_privileges方法的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: print_api_address
# 需要导入模块: from winappdbg import System [as 别名]
# 或者: from winappdbg.System import request_debug_privileges [as 别名]
def print_api_address( pid, modName, procName ):
# Request debug privileges.
System.request_debug_privileges()
# Instance a Process object.
process = Process( pid )
# Lookup it's modules.
process.scan_modules()
# Get the module.
module = process.get_module_by_name( modName )
if not module:
print "Module not found: %s" % modName
return
# Resolve the requested API function address.
address = module.resolve( procName )
# Print the address.
if address:
print "%s!%s == 0x%.08x" % ( modName, procName, address )
else:
print "Could not resolve %s in module %s" % (procName, modName)
示例2: main
# 需要导入模块: from winappdbg import System [as 别名]
# 或者: from winappdbg.System import request_debug_privileges [as 别名]
def main():
print "Process string extractor"
print "by Mario Vilas (mvilas at gmail.com)"
print
if len(sys.argv) != 2:
script = os.path.basename(sys.argv[0])
print " %s <pid>" % script
print " %s <process.exe>" % script
return
System.request_debug_privileges()
try:
pid = HexInput.integer(sys.argv[1])
except Exception, e:
s = System()
s.scan_processes()
pl = s.find_processes_by_filename(sys.argv[1])
if not pl:
print "Process not found: %s" % sys.argv[1]
return
if len(pl) > 1:
print "Multiple processes found for %s" % sys.argv[1]
for p, n in pl:
print "\t%s: %s" % (p.get_pid(), n)
return
pid = pl[0][0].get_pid()
s.clear()
del s
示例3: print_thread_disassembly
# 需要导入模块: from winappdbg import System [as 别名]
# 或者: from winappdbg.System import request_debug_privileges [as 别名]
def print_thread_disassembly( tid ):
# Request debug privileges.
System.request_debug_privileges()
# Instance a Thread object.
thread = Thread( tid )
# Suspend the thread execution.
thread.suspend()
# Get the thread's currently running code.
try:
eip = thread.get_pc()
code = thread.disassemble_around( eip )
# You can also do this:
# code = thread.disassemble_around_pc()
# Or even this:
# process = thread.get_process()
# code = process.disassemble_around( eip )
# Resume the thread execution.
finally:
thread.resume()
# Display the disassembled code.
print
print CrashDump.dump_code( code, eip ),
示例4: print_state
# 需要导入模块: from winappdbg import System [as 别名]
# 或者: from winappdbg.System import request_debug_privileges [as 别名]
def print_state( process_name ):
# Request debug privileges.
System.request_debug_privileges()
# Find the first process that matches the requested name.
system = System()
process, filename = system.find_processes_by_filename( process_name )[ 0 ]
# Suspend the process execution.
process.suspend()
try:
# For each thread in the process...
for thread in process.iter_threads():
# Get the thread state.
tid = thread.get_tid()
eip = thread.get_pc()
code = thread.disassemble_around( eip )
context = thread.get_context()
# Display the thread state.
print
print "-" * 79
print "Thread: %s" % HexDump.integer( tid )
print
print CrashDump.dump_registers( context )
print CrashDump.dump_code( code, eip ),
print "-" * 79
# Resume the process execution.
finally:
process.resume()
示例5: get_explorer_pid
# 需要导入模块: from winappdbg import System [as 别名]
# 或者: from winappdbg.System import request_debug_privileges [as 别名]
def get_explorer_pid():
# Request debug privileges.
System.request_debug_privileges()
# Scan for running processes.
system = System()
try:
system.scan_processes()
#system.scan_process_filenames()
except WindowsError:
system.scan_processes_fast()
# For each running process...
for process in system.iter_processes():
try:
pid = process.get_pid()
if pid in (0, 4, 8):
continue
if dev:
print "* Process:", process.get_filename(), "Pid:", pid, "Time:", process.get_running_time()
if process.get_filename() == "explorer.exe":
if process.get_running_time() < 300000:
return pid
# Skip processes we don't have permission to access.
except WindowsError, e:
if e.winerror == ERROR_ACCESS_DENIED:
continue
raise
示例6: __init__
# 需要导入模块: from winappdbg import System [as 别名]
# 或者: from winappdbg.System import request_debug_privileges [as 别名]
class TSMonitorHandler:
def __init__(self):
self._system = System()
self._system.request_debug_privileges()
self._process = {}
for process in self._system:
self._process[process.get_pid()] = process
def ping(self):
print "function ping called."
return 0
def refresh(self):
print "function refresh called."
self.__init__()
return 0
def process(self, id):
p = self._process[id]
process = tsm.Process()
process.id = id
if id == 0:
process.name = "System Idle Process"
elif id == 4:
process.name = "System"
else:
process.name = os.path.basename(p.get_filename())
p.scan_threads()
tids = p.get_thread_ids()
#tids.sort()
process.num_threads = len(tids)
process.thread = []
for tid in tids:
# Suspend the thread executior
try:
th = p.get_thread(tid)
th.suspend()
stack_limit, stack_base = th.get_stack_range()
thread = tsm.Thread()
thread.id = tid
thread.stack_size = stack_base - stack_limit
process.thread.append(thread)
except WindowsError:
thread = tsm.Thread()
thread.id = tid
thread.stack_size = -1
process.thread.append(thread)
# Resume the thread execution
finally:
th.resume()
return process
示例7: main
# 需要导入模块: from winappdbg import System [as 别名]
# 或者: from winappdbg.System import request_debug_privileges [as 别名]
def main():
print "Process memory reader"
print "by Mario Vilas (mvilas at gmail.com)"
print
if len(sys.argv) not in (4, 5):
script = os.path.basename(sys.argv[0])
print " %s <pid> <address> <size> [binary output file]" % script
print " %s <process.exe> <address> <size> [binary output file]" % script
return
System.request_debug_privileges()
try:
pid = HexInput.integer(sys.argv[1])
except:
s = System()
s.scan_processes()
pl = s.find_processes_by_filename(sys.argv[1])
if not pl:
print "Process not found: %s" % sys.argv[1]
return
if len(pl) > 1:
print "Multiple processes found for %s" % sys.argv[1]
for p,n in pl:
print "\t%s: %s" % (HexDump.integer(p),n)
return
pid = pl[0][0].get_pid()
try:
address = HexInput.integer(sys.argv[2])
except Exception:
print "Invalid value for address: %s" % sys.argv[2]
return
try:
size = HexInput.integer(sys.argv[3])
except Exception:
print "Invalid value for size: %s" % sys.argv[3]
return
p = Process(pid)
data = p.read(address, size)
## data = p.peek(address, size)
print "Read %d bytes from PID %d" % (len(data), pid)
if len(sys.argv) == 5:
filename = sys.argv[4]
open(filename, 'wb').write(data)
print "Written %d bytes to %s" % (len(data), filename)
else:
if win32.sizeof(win32.LPVOID) == win32.sizeof(win32.DWORD):
width = 16
else:
width = 8
print
print HexDump.hexblock(data, address, width = width)
示例8: show
# 需要导入模块: from winappdbg import System [as 别名]
# 或者: from winappdbg.System import request_debug_privileges [as 别名]
def show(search = None, wide = True):
'show a table with the list of services'
# Take a snapshot of the running processes.
s = System()
s.request_debug_privileges()
try:
s.scan_processes()
s.scan_process_filenames()
except WindowsError:
s.scan_processes_fast()
pid_list = s.get_process_ids()
pid_list.sort()
if not pid_list:
print "Unknown error enumerating processes!"
return
# Get the filename of each process.
filenames = dict()
for pid in pid_list:
p = s.get_process(pid)
# Special process IDs.
# PID 0: System Idle Process. Also has a special meaning to the
# toolhelp APIs (current process).
# PID 4: System Integrity Group. See this forum post for more info:
# http://tinyurl.com/ycza8jo
# (points to social.technet.microsoft.com)
# Only on XP and above
# PID 8: System (?) only in Windows 2000 and below AFAIK.
# It's probably the same as PID 4 in XP and above.
if pid in (0, 4, 8):
fileName = ""
# Get the filename for all other processes.
else:
fileName = p.get_filename()
if fileName:
fileName = PathOperations.pathname_to_filename(fileName)
else:
fileName = ""
# Remember the filename.
filenames[pid] = fileName
# Make the search string lowercase if given.
if search is not None:
search = search.lower()
# Get the list of services.
try:
services = System.get_services()
except WindowsError, e:
print str(e)
return
示例9: main
# 需要导入模块: from winappdbg import System [as 别名]
# 或者: from winappdbg.System import request_debug_privileges [as 别名]
def main(argv):
# Print the banner.
print "SelectMyParent: Start a program with a selected parent process"
print "by Mario Vilas (mvilas at gmail.com)"
print "based on a Didier Stevens tool (https://DidierStevens.com)"
print
# Check the command line arguments.
if len(argv) < 3:
script = os.path.basename(argv[0])
print " %s <pid> <process.exe> [arguments]" % script
return
# Request debug privileges.
system = System()
system.request_debug_privileges()
# Parse the parent process argument.
try:
dwParentProcessId = HexInput.integer(argv[1])
except ValueError:
dwParentProcessId = None
if dwParentProcessId is not None:
dwMyProcessId = win32.GetProcessId( win32.GetCurrentProcess() )
if dwParentProcessId != dwMyProcessId:
system.scan_processes_fast()
if not system.has_process(dwParentProcessId):
print "Can't find process ID %d" % dwParentProcessId
return
else:
system.scan_processes()
process_list = system.find_processes_by_filename(argv[1])
if not process_list:
print "Can't find process %r" % argv[1]
return
if len(process_list) > 1:
print "Too many processes found:"
for process, name in process_list:
print "\t%d:\t%s" % (process.get_pid(), name)
return
dwParentProcessId = process_list[0][0].get_pid()
# Parse the target process argument.
filename = argv[2]
if not os.path.exists(filename):
try:
filename = win32.SearchPath(None, filename, '.exe')[0]
except WindowsError, e:
print "Error searching for %s: %s" % (filename, str(e))
return
argv = list(argv)
argv[2] = filename
示例10: testRunningProcesses
# 需要导入模块: from winappdbg import System [as 别名]
# 或者: from winappdbg.System import request_debug_privileges [as 别名]
def testRunningProcesses(self):
validator = MemoryValidatorClass()
validator.Initialize("c:\\mem\\user\\")
CounterMonitor.Start()
System.request_debug_privileges()
with UpdateCounterForScope("main"):
system = System()
system.scan_processes()
totalProcesses = system.get_process_count()
for processIndex, process in enumerate(system.iter_processes()):
fileName = getattr(process, "fileName")
pid = getattr(process, "dwProcessId")
if not fileName or not pid:
continue
validator.ImageName = fileName
logging.info("---------------------------------------------")
validator.Message = "[{}] fileName:{} pid:{}".format(processIndex, fileName, pid)
logging.info(validator.Message)
if not any(s in fileName for s in self.PROCESS_TO_SCAN):
continue
print "------process {}/{} {}-------".format(processIndex, totalProcesses, fileName)
with validator.ExceptionHandler("Failed comparing {0}".format(fileName)):
process.scan_modules()
mods = {}
for module in process.iter_modules():
baseDllName = ntpath.basename(module.get_filename().lower())
mod = {
"BaseDllName": baseDllName,
"FullDllName": module.get_filename().lower(),
"StartAddr": module.get_base(),
"EndAddr": module.get_base() + module.get_size(),
"SizeOfImage": module.get_size(),
}
if not mods.get(baseDllName):
mods[baseDllName] = []
mods[baseDllName].append(mod)
validator.BuildLoadedModuleAddressesFromWinAppDbg(mods)
totalMods = len(mods)
for modIndex, modList in enumerate(mods.itervalues()):
print "module {}/{} {}".format(modIndex, totalMods, modList[0]["BaseDllName"])
for modIndex, mod in enumerate(modList):
validator.InitializeModuleInfoFromWinAppDbg(mod)
with validator.ExceptionHandler("failed comparing {0}".format(mod)):
memoryData = process.read(validator.DllBase, validator.SizeOfImage)
if not memoryData:
validator.Warn("failed to read memory data")
continue
validator.CompareExe(memoryData, validator.FullDllPath)
CounterMonitor.Stop()
validator.DumpFinalStats()
示例11: main
# 需要导入模块: from winappdbg import System [as 别名]
# 或者: from winappdbg.System import request_debug_privileges [as 别名]
def main():
print "Process memory writer"
print "by Mario Vilas (mvilas at gmail.com)"
print
if len(sys.argv) < 4:
script = os.path.basename(sys.argv[0])
print " %s <pid> <address> {binary input file / hex data}" % script
print " %s <process.exe> <address> {binary input file / hex data}" % script
return
System.request_debug_privileges()
try:
pid = HexInput.integer(sys.argv[1])
except Exception:
s = System()
s.scan_processes()
pl = s.find_processes_by_filename(sys.argv[1])
if not pl:
print "Process not found: %s" % sys.argv[1]
return
if len(pl) > 1:
print "Multiple processes found for %s" % sys.argv[1]
for p,n in pl:
print "\t%s: %s" % (HexDump.integer(p),n)
return
pid = pl[0][0].get_pid()
try:
address = HexInput.integer(sys.argv[2])
except Exception:
print "Invalid value for address: %s" % sys.argv[2]
return
filename = ' '.join(sys.argv[3:])
if os.path.exists(filename):
data = open(filename, 'rb').read()
print "Read %d bytes from %s" % (len(data), filename)
else:
try:
data = HexInput.hexadecimal(filename)
except Exception:
print "Invalid filename or hex block: %s" % filename
return
p = Process(pid)
p.write(address, data)
print "Written %d bytes to PID %d" % (len(data), pid)
示例12: print_label_address
# 需要导入模块: from winappdbg import System [as 别名]
# 或者: from winappdbg.System import request_debug_privileges [as 别名]
def print_label_address( pid, label ):
# Request debug privileges.
System.request_debug_privileges()
# Instance a Process object.
process = Process( pid )
# Lookup it's modules.
process.scan_modules()
# Resolve the requested label address.
address = process.resolve_label( label )
# Print the address.
print "%s == 0x%.08x" % ( label, address )
示例13: main
# 需要导入模块: from winappdbg import System [as 别名]
# 或者: from winappdbg.System import request_debug_privileges [as 别名]
def main():
"""TODO
"""
print "...as script dumper for as3s.exe..."
if len(sys.argv) != 2:
print "usage: %s swf.as" % sys.argv[0]
return
try:
s = System()
s.request_debug_privileges()
s.scan()
p = s.find_processes_by_filename("as3s.exe")[0][0]
except Exception, e:
print "[-] oops..." % str(e)
return
示例14: main
# 需要导入模块: from winappdbg import System [as 别名]
# 或者: from winappdbg.System import request_debug_privileges [as 别名]
def main():
print "Process DLL injector"
print "by Mario Vilas (mvilas at gmail.com)"
print
if len(sys.argv) != 3:
script = os.path.basename(sys.argv[0])
print "Injects a DLL into a running process."
print " %s <pid> <library.dll>" % script
print " %s <process.exe> <library.dll>" % script
return
System.request_debug_privileges()
try:
pid = HexInput.integer(sys.argv[1])
except Exception:
s = System()
s.scan_processes()
pl = s.find_processes_by_filename(sys.argv[1])
if not pl:
print "Process not found: %s" % sys.argv[1]
return
if len(pl) > 1:
print "Multiple processes found for %s" % sys.argv[1]
for p,n in pl:
print "\t%12d: %s" % (p,n)
return
pid = pl[0][0].get_pid()
print "Using PID %d (0x%x)" % (pid, pid)
dll = sys.argv[2]
print "Using DLL %s" % dll
p = Process(pid)
b = p.get_bits()
if b != System.bits:
print (
"Cannot inject into a %d bit process from a %d bit Python VM!"
% (b, System.bits)
)
return
p.scan_modules()
p.inject_dll(dll)
示例15: find_hook_pid
# 需要导入模块: from winappdbg import System [as 别名]
# 或者: from winappdbg.System import request_debug_privileges [as 别名]
def find_hook_pid( procname ):
global gpid
global xp
global oldpid
s = System()
s.request_debug_privileges()
try:
s.scan_processes()
s.scan_process_filenames()
except WindowsError:
s.scan_processes_fast()
pid_list = s.get_process_ids()
pid_list.sort(reverse=True)
if not pid_list:
print "Unknown error enumerating processes!"
# s = raw_input()
sys.exit(1)
for pid in pid_list:
p = s.get_process(pid)
fileName = p.get_filename()
fname = str(fileName).lower()
if dev:
print "Process:", fname, "Pid:", pid
if fname.find(procname) >= 0:
if int(pid) != int(gpid):
oldpid = gpid
gpid = pid
if procname.find("svchost.exe") >= 0:
gpid = int(get_svchost_pid())
return gpid
elif procname.find("explorer.exe") >= 0:
gpid = int(get_explorer_pid())
return gpid
else:
return pid
return 0