本文整理匯總了Python中winappdbg.Debug.break_at方法的典型用法代碼示例。如果您正苦於以下問題:Python Debug.break_at方法的具體用法?Python Debug.break_at怎麽用?Python Debug.break_at使用的例子?那麽, 這裏精選的方法代碼示例或許可以為您提供幫助。您也可以進一步了解該方法所在類winappdbg.Debug的用法示例。
在下文中一共展示了Debug.break_at方法的3個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Python代碼示例。
示例1: Debug
# 需要導入模塊: from winappdbg import Debug [as 別名]
# 或者: from winappdbg.Debug import break_at [as 別名]
# Specify a key file
keyfile = "pwsafe.key"
try:
debug = Debug()
# Start a new process for debugging
# Allocate 20 bytes for the words
if os.path.isfile(keyfile):
print "[+] Keyfile Loaded: '" + keyfile + "'"
aProcess = debug.execv(["KeePass.exe", "Database.kdb", "-keyfile:" + keyfile, "-pw:".ljust(WORD_SIZE + 4)])
else:
print "[+] Specified keyfile '" + keyfile + "' does not exist, ignoring argument"
aProcess = debug.execv(["KeePass.exe", "Database.kdb", "-pw:".ljust(WORD_SIZE + 4)])
# Set the breakpoints
debug.break_at(aProcess.get_pid(), 0x004DC395, action_0)
debug.break_at(aProcess.get_pid(), 0x004D77A0, action_1)
debug.break_at(aProcess.get_pid(), 0x004D6684, action_2)
debug.break_at(aProcess.get_pid(), 0x004DC39A, action_3)
# Wait for the debugee to finish
t1 = time.clock()
debug.loop()
finally:
debug.stop()
print "Finished in " + repr(time.clock() - t1) + " seconds!"
示例2: action_0
# 需要導入模塊: from winappdbg import Debug [as 別名]
# 或者: from winappdbg.Debug import break_at [as 別名]
def action_0( event ):
global debug
aThread = event.get_thread()
aProcess = event.get_process()
r_eax = aThread.get_register("Eax")
r_ecx = aThread.get_register("Ecx")
r_edx = aThread.get_register("Edx")
debug.dont_break_at(aProcess.get_pid() , 0x0043F90F)
words = open('dic.txt', "r").readlines() #lengthall
print "[+] Words Loaded:",len(words)
try:
debug = Debug()
# Start a new process for debugging
p = debug.execv( ['TrueCrypt.exe', '/v', 'test.tc', '/lx', '/p', "".ljust(WORD_SIZE) ,'/q', '/s'])
debug.break_at(p.get_pid() , 0x0043F90F, action_0) #save state
debug.break_at(p.get_pid() , 0x0043F929, action_1) #save buffer addres
debug.break_at(p.get_pid() , 0x0043F93E, action_2) #check result, restore state, change eip
# Wait for the debugee to finish
t1 = time.clock()
debug.loop()
finally:
debug.stop()
print 'Finished in ' + repr(time.clock() - t1) + ' seconds!'
示例3:
# 需要導入模塊: from winappdbg import Debug [as 別名]
# 或者: from winappdbg.Debug import break_at [as 別名]
try:
debug.dispatch(event)
# add breakpoint when acrord32 gets loaded
if event.get_event_code() == 3:
process = event.get_process()
base_address = event.get_image_base()
print "AcroRd32 Main module found at %08x"%base_address
# Hint: Use the string "Check failed: policy_." to hunt
# the function that adds a new policy
breakpoint_offsets = { "10.1.3": 0x21260,
"10.1.4": 0x21630,
"10.1.5": 0x1fca0,
"11.0.0": 0x20370,
"11.0.1": 0x18350, }
breakpoint_address = base_address + breakpoint_offsets[version]
#setting breakpoint
print "Setting breakpoint at %08x"%breakpoint_address
debug.break_at(process.get_pid(), breakpoint_address, print_policy)
except Exception,e:
print "Exception in user code:",e
finally:
debug.cont(event)
# Stop the debugger.
debug.stop()
pmf.commit()