M
MalC0de
Hello there, I'm writting a debugger,
the problem is there no good interpretation ...
here's the codes:
my_debugger.py :
#!/usr/bin/env python
from ctypes import *
from my_debugger_defines import *
kernel32 = windll.kernel32
class debugger():
def __init__(self):
self.h_process = None
self.pid = None
self.debugger_active = False
pass
def load(self,path_to_exe):
creation_flags = DEBUG_PROCESS
startupinfo = STARTUPINFO()
process_information = PROCESSINFORMATION()
startupinfo.dwFlags = 0x1
startupinfo.wShowWindow = 0x0
startupinfo.cb = sizeof(startupinfo)
if kernel32.CreateProcessA(path_to_exe,
None,
None,
None,
None,
creation_flags,
None,
None,
byref(startupinfo),
byref(process_information)):
print "[*]we have sucessfully launched the process"
print "[*]PID %d" % process_information.dwProcessId
self.h_process = self.open_process
(process_information.dwProcessId)
else:
print"[*]Error 0x%08x." % kernel32.GetLastError()
def Open_process(self,pid):
h_process = kernel32.OpenProcess(PROCESS_ALL_ACCESS,pid,False)
return h_process
def attach(self,pid):
self.h_process = self.open_process(pid)
# We attempt to attach to the process
# if this fails we exit the call
if kernel32.DebugActiveProcess(pid):
self.debugger_active = True
self.pid = int(pid)
else:
print "[*] Unable to attach to the process."
def run(self):
while self.debugger_active == True:
self.get_debug_event()
def get_debug_event(self):
debug_event = DEBUG_EVENT()
continue_status = DBG_CONTINUE
if kernel32.WaitForDebugEvent(byref(debug_event),INFINITE):
raw_input("Press a key to continue ...")
self.debugger_active = False
kernel32.ContinueDebugEvent
(debug_event.dwProdcessid,debug_event.dwThreadId,continue_status)
def detach(self):
if kernel32.DeugActiveProcessStop(self.pid):
print "[*]Finished debugging. exiting ..."
return True
else:
print "there was an error"
return false
it's already have a method named : Attach ...
ok, the next source ,
my_test.py which lead python to launching the calc.exe for testing
purpose .
my_test.py :
#!/usr/bin/python
import my_debugger
debugger = my_debugger.debugger()
pid = raw_input("Enter the PID of the process to attach to :")
debugger.attach(int(pid))
debugger.detach()
and finally the essential definitions into my_debugger_defines.py
#!/usr/bin/env python
from ctypes import *
WORD = c_ushort
DWORD = c_ulong
LPBYTE = POINTER(c_ubyte)
LPTSTR = POINTER(c_char)
HANDLE = c_void_p
DEBUG_PROCESS = 0x00000001
CREATE_NEW_CONSOLE = 0x00000010
class STARTUPINFO(Structure):
_fielnds_ = [
("cb", DWORD),
("lpReserved", LPTSTR),
("lpDesktop", LPTSTR),
("lpTitle", LPTSTR),
("dwX", DWORD),
("dwY", DWORD),
("dwXSize", DWORD),
("dwYSize", DWORD),
("dwXCountChars", DWORD),
("dwFillAttribute", DWORD),
("dwFlags", DWORD),
("wShowWindow", WORD),
("cbReserved2", WORD),
("lpReserved2", LPBYTE),
("hStdInput", HANDLE),
("hStdOutput", HANDLE),
("hStdError", HANDLE),
]
class PROCESSINFORMATION(Structure):
_fields_ = [
("hProcess", HANDLE),
("hThread", HANDLE),
("dwProcessId", DWORD),
("dwThreadId", DWORD),
]
when you type : python my_test.py it must run without any problem, but
seems errors occures while interpretation :
Enter the PID of the process to attach to :212
Traceback (most recent call last):
File "C:\python25\2\my_Test.py", line 5, in <module>
debugger.attach(int(pid))
AttributeError: debugger instance has no attribute 'attach'
it's nasty shit !
the my_debugger is already has a definition for attach() ,
please help me up,
thanks ...
the problem is there no good interpretation ...
here's the codes:
my_debugger.py :
#!/usr/bin/env python
from ctypes import *
from my_debugger_defines import *
kernel32 = windll.kernel32
class debugger():
def __init__(self):
self.h_process = None
self.pid = None
self.debugger_active = False
pass
def load(self,path_to_exe):
creation_flags = DEBUG_PROCESS
startupinfo = STARTUPINFO()
process_information = PROCESSINFORMATION()
startupinfo.dwFlags = 0x1
startupinfo.wShowWindow = 0x0
startupinfo.cb = sizeof(startupinfo)
if kernel32.CreateProcessA(path_to_exe,
None,
None,
None,
None,
creation_flags,
None,
None,
byref(startupinfo),
byref(process_information)):
print "[*]we have sucessfully launched the process"
print "[*]PID %d" % process_information.dwProcessId
self.h_process = self.open_process
(process_information.dwProcessId)
else:
print"[*]Error 0x%08x." % kernel32.GetLastError()
def Open_process(self,pid):
h_process = kernel32.OpenProcess(PROCESS_ALL_ACCESS,pid,False)
return h_process
def attach(self,pid):
self.h_process = self.open_process(pid)
# We attempt to attach to the process
# if this fails we exit the call
if kernel32.DebugActiveProcess(pid):
self.debugger_active = True
self.pid = int(pid)
else:
print "[*] Unable to attach to the process."
def run(self):
while self.debugger_active == True:
self.get_debug_event()
def get_debug_event(self):
debug_event = DEBUG_EVENT()
continue_status = DBG_CONTINUE
if kernel32.WaitForDebugEvent(byref(debug_event),INFINITE):
raw_input("Press a key to continue ...")
self.debugger_active = False
kernel32.ContinueDebugEvent
(debug_event.dwProdcessid,debug_event.dwThreadId,continue_status)
def detach(self):
if kernel32.DeugActiveProcessStop(self.pid):
print "[*]Finished debugging. exiting ..."
return True
else:
print "there was an error"
return false
it's already have a method named : Attach ...
ok, the next source ,
my_test.py which lead python to launching the calc.exe for testing
purpose .
my_test.py :
#!/usr/bin/python
import my_debugger
debugger = my_debugger.debugger()
pid = raw_input("Enter the PID of the process to attach to :")
debugger.attach(int(pid))
debugger.detach()
and finally the essential definitions into my_debugger_defines.py
#!/usr/bin/env python
from ctypes import *
WORD = c_ushort
DWORD = c_ulong
LPBYTE = POINTER(c_ubyte)
LPTSTR = POINTER(c_char)
HANDLE = c_void_p
DEBUG_PROCESS = 0x00000001
CREATE_NEW_CONSOLE = 0x00000010
class STARTUPINFO(Structure):
_fielnds_ = [
("cb", DWORD),
("lpReserved", LPTSTR),
("lpDesktop", LPTSTR),
("lpTitle", LPTSTR),
("dwX", DWORD),
("dwY", DWORD),
("dwXSize", DWORD),
("dwYSize", DWORD),
("dwXCountChars", DWORD),
("dwFillAttribute", DWORD),
("dwFlags", DWORD),
("wShowWindow", WORD),
("cbReserved2", WORD),
("lpReserved2", LPBYTE),
("hStdInput", HANDLE),
("hStdOutput", HANDLE),
("hStdError", HANDLE),
]
class PROCESSINFORMATION(Structure):
_fields_ = [
("hProcess", HANDLE),
("hThread", HANDLE),
("dwProcessId", DWORD),
("dwThreadId", DWORD),
]
when you type : python my_test.py it must run without any problem, but
seems errors occures while interpretation :
Enter the PID of the process to attach to :212
Traceback (most recent call last):
File "C:\python25\2\my_Test.py", line 5, in <module>
debugger.attach(int(pid))
AttributeError: debugger instance has no attribute 'attach'
it's nasty shit !
the my_debugger is already has a definition for attach() ,
please help me up,
thanks ...