本文整理匯總了Python中winappdbg.Debug.get_debugee_pids方法的典型用法代碼示例。如果您正苦於以下問題:Python Debug.get_debugee_pids方法的具體用法?Python Debug.get_debugee_pids怎麽用?Python Debug.get_debugee_pids使用的例子?那麽, 這裏精選的方法代碼示例或許可以為您提供幫助。您也可以進一步了解該方法所在類winappdbg.Debug的用法示例。
在下文中一共展示了Debug.get_debugee_pids方法的2個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Python代碼示例。
示例1: __init__
# 需要導入模塊: from winappdbg import Debug [as 別名]
# 或者: from winappdbg.Debug import get_debugee_pids [as 別名]
class WinBasic:
debugger = None
mainProc = None
alwaysCatchExceptions = [
win32.STATUS_ACCESS_VIOLATION,
win32.STATUS_ILLEGAL_INSTRUCTION,
win32.STATUS_ARRAY_BOUNDS_EXCEEDED,
]
def __init__(self, killOnExit=True):
self.debugger = Debug(bKillOnExit=killOnExit)
self.mainProcs = []
def run(self, executable, children=True):
tmp = self.debugger.execv(executable, bFollow=children)
self.mainProcs.append(tmp)
return tmp.get_pid()
def attachPid(self, pid):
self.mainProcs.append(self.debugger.attach(pid))
def attachImg(self, img):
self.debugger.system.scan_processes()
for (process, name) in self.debugger.system.find_processes_by_filename(img):
self.attachPid(process.get_pid())
def close(self, kill=True, taskkill=True, forced=True):
pids = self.debugger.get_debugee_pids()
self.debugger.detach_from_all(True)
for pid in pids:
if kill:
try:
proc = self.debugger.system.get_process(pid)
proc.kill()
except:
pass
# Taskkill
if taskkill and not forced:
subprocess.call(["taskkill", "/pid", str(pid)], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
if taskkill and forced:
subprocess.call(["taskkill", "/f", "/pid", str(pid)], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
def waitForCrash(self, waitTime=4, checkAlive=False):
event = None
endDebuging = False
endTime = time() + waitTime
while time() < endTime:
if checkAlive:
for proc in self.mainProcs:
if not proc.is_alive():
return None
try:
event = self.debugger.wait(1000)
except WindowsError, e:
if e.winerror in (win32.ERROR_SEM_TIMEOUT, win32.WAIT_TIMEOUT):
continue
raise
crash = self.handler(event)
if crash != None:
return crash
else:
try:
self.debugger.dispatch()
except:
pass
finally:
self.debugger.cont()
return None示例2: Files
# 需要導入模塊: from winappdbg import Debug [as 別名]
# 或者: from winappdbg.Debug import get_debugee_pids [as 別名]
if os.path.exists(r"C:\Program Files (x86)"):
program_files = r"C:\Program Files (x86)"
try:
path = program_files+r"\Adobe\Reader 11.0\Reader\AcroRd32.exe"
version = versions[hashlib.md5(file(path,"rb").read()).hexdigest()] #raise if version not supported
except:
path = program_files+r"\Adobe\Reader 10.0\Reader\AcroRd32.exe"
version = versions[hashlib.md5(file(path,"rb").read()).hexdigest()] #raise if version not supported
print "Adobe Reader X %s"%version
semantics = semantics[version]
#Run the reader!
debug.execl(path)
debug.pmf = pmf
broker = Process(debug.get_debugee_pids()[0])
print "Broker PID: %d"%broker.get_pid()
# Loop while calc.exe is alive and the time limit wasn't reached.
while debug:
# Get the next debug event.
event = debug.wait()
# Dispatch the event and continue execution.
try:
debug.dispatch(event)
# add breakpoint when acrord32 gets loaded
if event.get_event_code() == 3:
process = event.get_process()
base_address = event.get_image_base()
print "AcroRd32 Main module found at %08x"%base_address