本文整理匯總了Python中winappdbg.Debug.attach方法的典型用法代碼示例。如果您正苦於以下問題:Python Debug.attach方法的具體用法?Python Debug.attach怎麽用?Python Debug.attach使用的例子?那麽, 這裏精選的方法代碼示例或許可以為您提供幫助。您也可以進一步了解該方法所在類winappdbg.Debug的用法示例。
在下文中一共展示了Debug.attach方法的10個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Python代碼示例。
示例1: intercept_wsmprovhost
# 需要導入模塊: from winappdbg import Debug [as 別名]
# 或者: from winappdbg.Debug import attach [as 別名]
def intercept_wsmprovhost(pid,eventHandler):
debug = Debug(eventHandler,bKillOnExit=True)
try:
debug.attach(int(pid))
debug.loop()
except Exception,e:
print "Error: ",str(e)示例2: main
# 需要導入模塊: from winappdbg import Debug [as 別名]
# 或者: from winappdbg.Debug import attach [as 別名]
def main( argv ):
# Parse the command line arguments
options = parse_cmdline(argv)
# Create the event handler object
eventHandler = Tracer()
eventHandler.options = options
# Create the debug object
debug = Debug(eventHandler, bHostileCode = options.hostile)
try:
# Attach to the targets
for pid in options.attach:
debug.attach(pid)
for argv in options.console:
debug.execv(argv, bConsole = True, bFollow = options.follow)
for argv in options.windowed:
debug.execv(argv, bConsole = False, bFollow = options.follow)
# Make sure the debugees die if the debugger dies unexpectedly
debug.system.set_kill_on_exit_mode(True)
# Run the debug loop
debug.loop()
# Stop the debugger
finally:
if not options.autodetach:
debug.kill_all(bIgnoreExceptions = True)
debug.stop()示例3: simple_debugger
# 需要導入模塊: from winappdbg import Debug [as 別名]
# 或者: from winappdbg.Debug import attach [as 別名]
def simple_debugger(address_file, program_file, arg_check):
process = None
debug = Debug(HitTracerEventHandler(address_file, program_file, arg_check))
try:
# Lookup currently running processes
debug.system.scan_processes()
for (process, name) in debug.system.find_processes_by_filename(program_file):
print "[*] Found %d: %s" % (process.get_pid(), name)
# Attach to it
debug.attach(process.get_pid())
if process == None:
print "[*] Fatal. Process not found. Is it running?"
sys.exit(1)
# Wait for all debugees to finish
debug.loop()
# Cleanup actions
finally:
debug.stop()示例4: Process
# 需要導入模塊: from winappdbg import Debug [as 別名]
# 或者: from winappdbg.Debug import attach [as 別名]
class Process(object):
def __init__(self, api_hooks=None):
System.request_debug_privileges()
self.api_hooks = api_hooks
self.hooks = []
self.debugger = None
def _loop(self):
try:
self.debugger.loop()
except KeyboardInterrupt:
self.debugger.stop()
def hook_function(self, address, pre_callback=None, post_callback=None, signature=None):
if not pre_callback and not post_callback:
return
self.hooks.append((address, pre_callback, post_callback, signature))
def start(self, path, kill_process_on_exit=True, anti_anti_debugger=False, blocking=True):
def function():
os.chdir(os.path.dirname(path))
self.debugger = Debug(HookingEventHandler(self.hooks, self.api_hooks), bKillOnExit=kill_process_on_exit, bHostileCode=anti_anti_debugger)
self.debugger.execv([path])
self._loop()
if blocking:
function()
start_new_thread(function)
def attach(self, pid, kill_process_on_exit=False, anti_anti_debugger=False, blocking=True):
def function():
self.debugger = Debug(HookingEventHandler(self.hooks, self.api_hooks), bKillOnExit=kill_process_on_exit, bHostileCode=anti_anti_debugger)
self.debugger.attach(pid)
self._loop()
if blocking:
function()
start_new_thread(function)示例5: main
# 需要導入模塊: from winappdbg import Debug [as 別名]
# 或者: from winappdbg.Debug import attach [as 別名]
def main( ):
set_logger()
args = parse_args()
pid = get_pid(args)
logging.debug( "about to connect to pid %(pid)s" % locals() )
dbg = None
try:
dbg = Debug( event_handler.RPCEventHandler(), bKillOnExit = False)
dbg.attach(pid)
dbg.loop()
finally:
if dbg != None:
logging.debug ("About to detach from pid %(pid)s" % locals() )
dbg.detach(pid)
logging.info("Finished")示例6: parse_hook_spec
# 需要導入模塊: from winappdbg import Debug [as 別名]
# 或者: from winappdbg.Debug import attach [as 別名]
if options.functions:
hooks = parse_hook_spec(options.functions)
if len(hooks) == 0:
sys.exit()
else:
myevent.set_hooks(hooks)
# Instance a Debug object, passing it the MyEventHandler instance
debug = Debug( myevent )
try:
if options.pid:
debug.attach(options.pid)
print_threads_and_modules(options.pid, debug)
elif options.program:
procs = list_processes(options.program)
if len(procs) == 0:
print "[E] no matching process"
elif len(procs) == 1:
debug.attach(procs[0].get_pid())
print_threads_and_modules(procs[0].get_pid(), debug)
else:
print "[E] ambigious"
elif options.command:
p = debug.execv( options.command, bFollow = True )
# Wait for the debugee to finish示例7: Debug
# 需要導入模塊: from winappdbg import Debug [as 別名]
# 或者: from winappdbg.Debug import attach [as 別名]
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
from winappdbg import Debug
import sys
# Get the process filename from the command line.
filename = sys.argv[1]
# Instance a Debug object.
debug = Debug()
try:
# Lookup the currently running processes.
debug.system.scan_processes()
# For all processes that match the requested filename...
for ( process, name ) in debug.system.find_processes_by_filename( filename ):
print process.get_pid(), name
# Attach to the process.
debug.attach( process.get_pid() )
# Wait for all the debugees to finish.
debug.loop()
# Stop the debugger.
finally:
debug.stop()
示例8: MyEventHandler
# 需要導入模塊: from winappdbg import Debug [as 別名]
# 或者: from winappdbg.Debug import attach [as 別名]
class MyEventHandler( EventHandler ):
def load_dll( self, event ):
module = event.get_module() # modulebis gatoleba
if module.match_name("nss3.dll"): # vnaxulobt tu aris nss3.dll
pid = event.get_pid()
address = module.resolve( "PR_Write" ) # vigebt PR_Write funqcii misamart
print '[+] Found PR_Write at addr ' + str(address)
event.debug.hook_function( pid, address, preCB=PR_Write, postCB=None ,paramCount=3,signature=None)
# movaxditon egred wodebuli funqciis mokauweba (hook) rodesac kodi sheexeba breakpoint -is
# da funqciis 3 parametris mnishvneloba gadavcet chvnes call back funqcias romelsac igeve saxeli vuwodet PR_Write
while True:
time.sleep(2) # yovel 2 wamshi sheamowmos aris tu ara gashvebui firefox brauzeri
debug = Debug(MyEventHandler()) # vqmnit degub obieqts
if debug.system.find_processes_by_filename( "firefox.exe" ): # tu ar aris jer firefox gashebuli velodebit
time.sleep(3) # rom agmoachens rom gashvebulia daicados 3 wami ( rom yvelaferi chaitvirtos da erro ar miigot )
try:
for ( process, name ) in debug.system.find_processes_by_filename( "firefox.exe" ): # vigebt procesis shesabamis PID -s da saxels
print '[+] Found Firefox PID is ' + str (process.get_pid())
debug.attach( process.get_pid() ) # vaketebt procesiss Attach -s
debug.loop()
finally:
debug.stop()示例9: __init__
# 需要導入模塊: from winappdbg import Debug [as 別名]
# 或者: from winappdbg.Debug import attach [as 別名]
class WinBasic:
debugger = None
mainProc = None
alwaysCatchExceptions = [
win32.STATUS_ACCESS_VIOLATION,
win32.STATUS_ILLEGAL_INSTRUCTION,
win32.STATUS_ARRAY_BOUNDS_EXCEEDED,
]
def __init__(self, killOnExit=True):
self.debugger = Debug(bKillOnExit=killOnExit)
self.mainProcs = []
def run(self, executable, children=True):
tmp = self.debugger.execv(executable, bFollow=children)
self.mainProcs.append(tmp)
return tmp.get_pid()
def attachPid(self, pid):
self.mainProcs.append(self.debugger.attach(pid))
def attachImg(self, img):
self.debugger.system.scan_processes()
for (process, name) in self.debugger.system.find_processes_by_filename(img):
self.attachPid(process.get_pid())
def close(self, kill=True, taskkill=True, forced=True):
pids = self.debugger.get_debugee_pids()
self.debugger.detach_from_all(True)
for pid in pids:
if kill:
try:
proc = self.debugger.system.get_process(pid)
proc.kill()
except:
pass
# Taskkill
if taskkill and not forced:
subprocess.call(["taskkill", "/pid", str(pid)], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
if taskkill and forced:
subprocess.call(["taskkill", "/f", "/pid", str(pid)], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
def waitForCrash(self, waitTime=4, checkAlive=False):
event = None
endDebuging = False
endTime = time() + waitTime
while time() < endTime:
if checkAlive:
for proc in self.mainProcs:
if not proc.is_alive():
return None
try:
event = self.debugger.wait(1000)
except WindowsError, e:
if e.winerror in (win32.ERROR_SEM_TIMEOUT, win32.WAIT_TIMEOUT):
continue
raise
crash = self.handler(event)
if crash != None:
return crash
else:
try:
self.debugger.dispatch()
except:
pass
finally:
self.debugger.cont()
return None示例10: DAMAGES
# 需要導入模塊: from winappdbg import Debug [as 別名]
# 或者: from winappdbg.Debug import attach [as 別名]
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
from winappdbg import Debug
import sys
# Get the process ID from the command line.
pid = int( sys.argv[1] )
# Instance a Debug object.
debug = Debug()
try:
# Attach to a running process.
debug.attach( pid )
# Wait for the debugee to finish.
debug.loop()
# Stop the debugger.
finally:
debug.stop()