本文整理汇总了Python中winappdbg.Debug类的典型用法代码示例。如果您正苦于以下问题:Python Debug类的具体用法?Python Debug怎么用?Python Debug使用的例子?那么恭喜您, 这里精选的类代码示例或许可以为您提供帮助。
在下文中一共展示了Debug类的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的Python代码示例。
示例1: intercept_wsmprovhost
def intercept_wsmprovhost(pid,eventHandler):
debug = Debug(eventHandler,bKillOnExit=True)
try:
debug.attach(int(pid))
debug.loop()
except Exception,e:
print "Error: ",str(e)
开发者ID:aliceicl,项目名称:powershade,代码行数:7,代码来源:powershade_client.py
示例2: simple_debugger
def simple_debugger(address_file, program_file, arg_check):
process = None
debug = Debug(HitTracerEventHandler(address_file, program_file, arg_check))
try:
# Lookup currently running processes
debug.system.scan_processes()
for (process, name) in debug.system.find_processes_by_filename(program_file):
print "[*] Found %d: %s" % (process.get_pid(), name)
# Attach to it
debug.attach(process.get_pid())
if process == None:
print "[*] Fatal. Process not found. Is it running?"
sys.exit(1)
# Wait for all debugees to finish
debug.loop()
# Cleanup actions
finally:
debug.stop()
开发者ID:buhtig314,项目名称:Python-to-the-rescue,代码行数:26,代码来源:Tracer.py
示例3: analyze_crash
def analyze_crash(cmd):
"""
This is called with the command line (including the filename)
which caused the crash before.
It is a late analysis routine which sorts the crashes.
"""
global file_info
global victim_filename
global crash_filename
# TODO: This may not always be the case
victim_filename, crash_filename = cmd
print "=== [*] Analyzing %s" % crash_filename
file_binary = fileops.get_base64_contents(crash_filename)
if file_binary:
file_info = (crash_filename, file_binary)
# Instance a Debug object, passing it the event handler callback.
debug = Debug(crash_event_handler, bKillOnExit = True)
try:
# Start a new process for debugging.
debug.execv(cmd)
# Wait for the debugee to finish.
debug.loop()
# Stop the debugger.
finally:
debug.stop()
开发者ID:BwRy,项目名称:NaFl,代码行数:32,代码来源:crash_analysis.py
示例4: Process
class Process(object):
def __init__(self, api_hooks=None):
System.request_debug_privileges()
self.api_hooks = api_hooks
self.hooks = []
self.debugger = None
def _loop(self):
try:
self.debugger.loop()
except KeyboardInterrupt:
self.debugger.stop()
def hook_function(self, address, pre_callback=None, post_callback=None, signature=None):
if not pre_callback and not post_callback:
return
self.hooks.append((address, pre_callback, post_callback, signature))
def start(self, path, kill_process_on_exit=True, anti_anti_debugger=False, blocking=True):
def function():
os.chdir(os.path.dirname(path))
self.debugger = Debug(HookingEventHandler(self.hooks, self.api_hooks), bKillOnExit=kill_process_on_exit, bHostileCode=anti_anti_debugger)
self.debugger.execv([path])
self._loop()
if blocking:
function()
start_new_thread(function)
def attach(self, pid, kill_process_on_exit=False, anti_anti_debugger=False, blocking=True):
def function():
self.debugger = Debug(HookingEventHandler(self.hooks, self.api_hooks), bKillOnExit=kill_process_on_exit, bHostileCode=anti_anti_debugger)
self.debugger.attach(pid)
self._loop()
if blocking:
function()
start_new_thread(function)
开发者ID:cryzed,项目名称:PyKit,代码行数:39,代码来源:process.py
示例5: simple_debugger
def simple_debugger( argv ):
# Instance a Debug object, passing it the event handler callback.
debug = Debug( my_event_handler, bKillOnExit = True )
try:
# Start a new process for debugging.
debug.execv( argv )
# Wait for the debugee to finish.
debug.loop()
# Stop the debugger.
finally:
debug.stop()
开发者ID:Kent1,项目名称:winappdbg,代码行数:15,代码来源:06_debug_events.py
示例6: simple_debugger
def simple_debugger( argv ):
# Instance a Debug object.
debug = Debug()
try:
# Start a new process for debugging.
debug.execv( argv )
# Launch the interactive debugger.
debug.interactive()
# Stop the debugger.
finally:
debug.stop()
开发者ID:hatRiot,项目名称:winappdbg,代码行数:15,代码来源:05_interactive.py
示例7: __init__
def __init__(self, name, process_path, process_args=[], sql_crash_db='sqlite:///crashes.sqlite', logger=None):
'''
:param name: name of the object
:param process_path: path to the target executable
:param process_args: arguments to pass to the process
:param attach: try to attach if process path
:param sql_crash_db: sql alchemy connection string to crash db (default:sqlite:///crashes.sqlite)
:param logger: logger for this object (default: None)
'''
super(WinAppDbgController, self).__init__(name, logger)
assert(process_path)
assert(os.path.exists(process_path))
self._process_path = process_path
self._process_name = os.path.basename(process_path)
self._process_args = process_args
self._process = None
self._sql_crash_db = sql_crash_db
self._crash_event_complete = threading.Event()
self._server_is_up = threading.Event()
self._crash_event_complete.set()
self._debug = Debug(lambda x: _my_event_handler(self, x), bKillOnExit=True)
开发者ID:cisco-sas,项目名称:katnip,代码行数:21,代码来源:windbgcontroller.py
示例8: main
def main( ):
set_logger()
args = parse_args()
pid = get_pid(args)
logging.debug( "about to connect to pid %(pid)s" % locals() )
dbg = None
try:
dbg = Debug( event_handler.RPCEventHandler(), bKillOnExit = False)
dbg.attach(pid)
dbg.loop()
finally:
if dbg != None:
logging.debug ("About to detach from pid %(pid)s" % locals() )
dbg.detach(pid)
logging.info("Finished")
开发者ID:AdiKo,项目名称:RPCSniffer,代码行数:22,代码来源:main.py
示例9: DAMAGES
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
from winappdbg import Debug
import sys
# Get the process filename from the command line.
filename = sys.argv[1]
# Instance a Debug object.
debug = Debug()
try:
# Lookup the currently running processes.
debug.system.scan_processes()
# For all processes that match the requested filename...
for ( process, name ) in debug.system.find_processes_by_filename( filename ):
print process.get_pid(), name
# Attach to the process.
debug.attach( process.get_pid() )
# Wait for all the debugees to finish.
debug.loop()
开发者ID:cgiogkarakis,项目名称:winappdbg,代码行数:30,代码来源:03_find_and_attach.py
示例10: Debug
else:
event.debug.pmf.append("Path","contains", value, "EXCLUDE")
elif subsystem == 3:
#Registry
if semantics[semantic] == 'REG_ALLOW_READONLY':
event.debug.pmf.append("Path","contains", value, "EXCLUDE")
elif semantics[semantic] == 'REG_ALLOW_ANY':
event.debug.pmf.append("Path","contains", value, "INCLUDE")
else:
pass
if __name__ == '__main__':
print "Wellcome. Using Winappdbg version", version
#Instantiate the debugger
debug = Debug(bKillOnExit=True, bHostileCode=True)
#Build the basic set of filter rules
pmf = PMF('policy.pmf')
pmf.clear()
pmf.append('Process Name','is', 'Procmon.exe', 'EXCLUDE')
pmf.append('Process Name','is', 'System', 'EXCLUDE')
pmf.append('Operation','begins with', 'IRP_MJ_', 'EXCLUDE')
pmf.append('Operation','begins with', 'FASTIO_', 'EXCLUDE')
pmf.append('Result','begins with', 'FAST IO', 'EXCLUDE')
pmf.append('Path','ends with', 'pagefile.sys', 'EXCLUDE')
pmf.append('Path','ends with', '$Mft', 'EXCLUDE')
pmf.append('Path','ends with', '$MftMirr', 'EXCLUDE')
pmf.append('Path','ends with', '$LogFile', 'EXCLUDE')
pmf.append('Path','ends with', '$Volume', 'EXCLUDE')
pmf.append('Path','ends with', '$AttrDef', 'EXCLUDE')
pmf.append('Path','ends with', '$Root', 'EXCLUDE')
开发者ID:feliam,项目名称:ReaderSandboxExceptions,代码行数:31,代码来源:getReaderSandboxExceptions.py
示例11: __init__
class Coverage:
verbose = False
bbFiles = {}
bbFilesBreakpints = []
bbFilesData = {}
bbOriginalName = {}
modules = []
fileOutput = None
#Construct
def __init__(self):
self.debugger = Debug( bKillOnExit = True )
def setVerbose(self, val):
self.verbose = val
#cuts after .
def cutDot(self, input):
if (input.find(".") == -1):
return input
return input[0:input.find(".")]
#load basic blocks
def loadBB(self, baseBbDir):
self.bbFiles = {}
count = 0
print "baseBbDir:"+baseBbDir
for bbFile in os.listdir(baseBbDir):
print "bbFile:" + bbFile
f = open(baseBbDir + "/" + bbFile, "r")
fname = f.readline().strip().lower()
#fname = f.readline().strip()
fnameOrig = fname
if ".dll" not in fname and ".exe" not in fname: #Stupid hack to avoid problems in loading libs with other extensions then .dll
fname = self.cutDot(fname) + ".dll"
self.bbOriginalName[fname] = fnameOrig
self.bbFiles[fname] = count
self.bbFilesBreakpints.append({})
rvaHighest = 0
for line in f:
try:
rva = int(line[0:8], 16)
val = int(line[18:20], 16)
self.bbFilesBreakpints[count][rva] = val
if rva > rvaHighest:
rvaHighest = rva
except Exception:
continue
self.bbFilesData[fname] = [rvaHighest + 10, count]
if self.verbose:
print "Loaded breakpoints for %s with index %02X" % (fname, count)
count += 1
f.close()
#Register module (original exe image or dll)
def registerModule(self, filename, baseaddr):
filename = filename.lower()
if ".dll" not in filename and ".exe" not in filename: #Stupid hack to avoid problems in loading libs with other extensions then .dll
filename = self.cutDot(filename) + ".dll"
if filename not in self.bbFiles:
return
if self.verbose:
print " Image %s has breakpoints defined" % filename
self.modules.append([baseaddr,baseaddr+self.bbFilesData[filename][0], self.bbFilesData[filename][1]])
if self.verbose:
print " Image has breakpoints from %08X to %08X with index %02X" % (baseaddr,baseaddr+self.bbFilesData[filename][0],self.bbFilesData[filename][1])
#Handle a breakpoint
def breakpoint(self, location):
index = None
for i in xrange(len(self.modules)):
if location>=self.modules[i][0] and location<=self.modules[i][1]:
index = i
break
if index == None:
return None
rva = location - self.modules[index][0]
index = self.modules[index][2]
if rva not in self.bbFilesBreakpints[index]:
return None
self.fileOutput.write("%02X|%08X\n" % (index, rva))
return self.bbFilesBreakpints[index][rva]
def startFileRec(self, filename):
self.modules = []
self.fileOutput = open(filename, "w")
for image in self.bbFiles:
self.fileOutput.write("%s|%02X\n" % (self.bbOriginalName[image], self.bbFiles[image]))
def endFileRec(self):
self.fileOutput.close()
#Start program
def start(self, execFile, waitTime = 6, recFilename = "output.txt", kill = True):
self.startFileRec(recFilename)
mainProc = self.debugger.execv( execFile, bFollow = True )
event = None
endTime = time() + waitTime
while time() < endTime:
if not mainProc.is_alive():
#.........这里部分代码省略.........
开发者ID:riusksk,项目名称:honggfuzz,代码行数:101,代码来源:StartProcess.py
示例12: len
print i.replace('\x00','')
found = []
# Looking for Password:
pass_pattern = '([0-9]\x00){4}\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x07\x00\x00'
for address in process.search_regexp( pass_pattern ):
found += [process.read(address[0]-3,16)]
if found:
print '\nPassword:'
if len(found) > 1:
s = list(set([x for x in found if found.count(x) > 1]))
for i in s:
pwd = re.findall('[0-9]{4}',i.replace('\x00',''))[0]
print pwd
else:
print re.findall('[0-9]{4}',found[0].replace('\x00',''))[0]
return found
debug = Debug()
try:
# Lookup the currently running processes.
debug.system.scan_processes()
# For all processes that match the requested filename...
for ( process, name ) in debug.system.find_processes_by_filename( filename ):
pid = process.get_pid()
memory_search(pid)
finally:
debug.stop()
开发者ID:AlexxNica,项目名称:exploit-database,代码行数:31,代码来源:40342.py
示例13: DAMAGES
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
# This line is needed in Python 2.5 to use the "with" statement.
from __future__ import with_statement
from winappdbg import Debug
import sys
# Instance a Debug object, set the kill on exit property to True.
debug = Debug( bKillOnExit = True )
# The user can stop debugging with Control-C.
try:
print "Hit Control-C to stop debugging..."
# Start a new process for debugging.
debug.execv( sys.argv[ 1 : ] )
# Wait for the debugee to finish.
debug.loop()
# If the user presses Control-C...
except KeyboardInterrupt:
print "Interrupted by user."
开发者ID:MarioVilas,项目名称:winappdbg,代码行数:30,代码来源:04_kill_on_exit.py
示例14: MyEventHandler
myevent = MyEventHandler()
myevent.dir = dir
myevent.report = report
myevent.myself = os.path.basename(sys.argv[1])
if options.functions:
hooks = parse_hook_spec(options.functions)
if len(hooks) == 0:
sys.exit()
else:
myevent.set_hooks(hooks)
# Instance a Debug object, passing it the MyEventHandler instance
debug = Debug( myevent )
try:
if options.pid:
debug.attach(options.pid)
print_threads_and_modules(options.pid, debug)
elif options.program:
procs = list_processes(options.program)
if len(procs) == 0:
print "[E] no matching process"
elif len(procs) == 1:
debug.attach(procs[0].get_pid())
print_threads_and_modules(procs[0].get_pid(), debug)
else:
开发者ID:nitram2342,项目名称:spooky-hook,代码行数:30,代码来源:spooky-hook.py
示例15: createDebugger
def createDebugger(self, command):
debug = Debug(self.debuggerEventHandler, bKillOnExit=True)
argv = command.split()
debug.execv(argv)
debug.loop()
开发者ID:van7hu,项目名称:fanca,代码行数:5,代码来源:wappdbger.py
示例16: MyEventHandler
class MyEventHandler( EventHandler ):
def load_dll( self, event ):
module = event.get_module() # modulebis gatoleba
if module.match_name("nss3.dll"): # vnaxulobt tu aris nss3.dll
pid = event.get_pid()
address = module.resolve( "PR_Write" ) # vigebt PR_Write funqcii misamart
print '[+] Found PR_Write at addr ' + str(address)
event.debug.hook_function( pid, address, preCB=PR_Write, postCB=None ,paramCount=3,signature=None)
# movaxditon egred wodebuli funqciis mokauweba (hook) rodesac kodi sheexeba breakpoint -is
# da funqciis 3 parametris mnishvneloba gadavcet chvnes call back funqcias romelsac igeve saxeli vuwodet PR_Write
while True:
time.sleep(2) # yovel 2 wamshi sheamowmos aris tu ara gashvebui firefox brauzeri
debug = Debug(MyEventHandler()) # vqmnit degub obieqts
if debug.system.find_processes_by_filename( "firefox.exe" ): # tu ar aris jer firefox gashebuli velodebit
time.sleep(3) # rom agmoachens rom gashvebulia daicados 3 wami ( rom yvelaferi chaitvirtos da erro ar miigot )
try:
for ( process, name ) in debug.system.find_processes_by_filename( "firefox.exe" ): # vigebt procesis shesabamis PID -s da saxels
print '[+] Found Firefox PID is ' + str (process.get_pid())
debug.attach( process.get_pid() ) # vaketebt procesiss Attach -s
debug.loop()
finally:
debug.stop()
开发者ID:giomke,项目名称:fbhack,代码行数:30,代码来源:mitb_fox.py
示例17: __init__
class WinBasic:
debugger = None
mainProc = None
alwaysCatchExceptions = [
win32.STATUS_ACCESS_VIOLATION,
win32.STATUS_ILLEGAL_INSTRUCTION,
win32.STATUS_ARRAY_BOUNDS_EXCEEDED,
]
def __init__(self, killOnExit=True):
self.debugger = Debug(bKillOnExit=killOnExit)
self.mainProcs = []
def run(self, executable, children=True):
tmp = self.debugger.execv(executable, bFollow=children)
self.mainProcs.append(tmp)
return tmp.get_pid()
def attachPid(self, pid):
self.mainProcs.append(self.debugger.attach(pid))
def attachImg(self, img):
self.debugger.system.scan_processes()
for (process, name) in self.debugger.system.find_processes_by_filename(img):
self.attachPid(process.get_pid())
def close(self, kill=True, taskkill=True, forced=True):
pids = self.debugger.get_debugee_pids()
self.debugger.detach_from_all(True)
for pid in pids:
if kill:
try:
proc = self.debugger.system.get_process(pid)
proc.kill()
except:
pass
# Taskkill
if taskkill and not forced:
subprocess.call(["taskkill", "/pid", str(pid)], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
if taskkill and forced:
subprocess.call(["taskkill", "/f", "/pid", str(pid)], stdout=subprocess.PIPE, stderr=subprocess.PIPE)
def waitForCrash(self, waitTime=4, checkAlive=False):
event = None
endDebuging = False
endTime = time() + waitTime
while time() < endTime:
if checkAlive:
for proc in self.mainProcs:
if not proc.is_alive():
return None
try:
event = self.debugger.wait(1000)
except WindowsError, e:
if e.winerror in (win32.ERROR_SEM_TIMEOUT, win32.WAIT_TIMEOUT):
continue
raise
crash = self.handler(event)
if crash != None:
return crash
else:
try:
self.debugger.dispatch()
except:
pass
finally:
self.debugger.cont()
return None
开发者ID:JaanusFuzzing,项目名称:Vanapagan,代码行数:73,代码来源:WinBasic.py
示例18: open
aThread = event.get_thread()
aThread.set_register("Eax", r_eax)
aThread.set_register("Ecx", r_ecx)
aThread.set_register("Edx", r_edx)
aThread.set_register("Eip", 0x004DC395)
# Specify a dictionary here
words = open("dic.txt", "r").readlines()
print "[+] Words Loaded: ", len(words)
# Specify a key file
keyfile = "pwsafe.key"
try:
debug = Debug()
# Start a new process for debugging
# Allocate 20 bytes for the words
if os.path.isfile(keyfile):
print "[+] Keyfile Loaded: '" + keyfile + "'"
aProcess = debug.execv(["KeePass.exe", "Database.kdb", "-keyfile:" + keyfile, "-pw:".ljust(WORD_SIZE + 4)])
else:
print "[+] Specified keyfile '" + keyfile + "' does not exist, ignoring argument"
aProcess = debug.execv(["KeePass.exe", "Database.kdb", "-pw:".ljust(WORD_SIZE + 4)])
# Set the breakpoints
debug.break_at(aProcess.get_pid(), 0x004DC395, action_0)
debug.break_at(aProcess.get_pid(), 0x004D77A0, action_1)
debug.break_at(aProcess.get_pid(), 0x004D6684, action_2)
开发者ID:qprotex,项目名称:Keepass-Self-Bruteforce,代码行数:31,代码来源:KeePass-SB.py
示例19: DAMAGES
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
from winappdbg import Debug
import sys
# Get the process ID from the command line.
pid = int( sys.argv[1] )
# Instance a Debug object.
debug = Debug()
try:
# Attach to a running process.
debug.attach( pid )
# Wait for the debugee to finish.
debug.loop()
# Stop the debugger.
finally:
debug.stop()
开发者ID:Kent1,项目名称:winappdbg,代码行数:30,代码来源:02_attach.py
示例20: main
def main( argv ):
# Parse the command line arguments
options = parse_cmdline(argv)
# Create the event handler object
eventHandler = Tracer()
eventHandler.options = options
# Create the debug object
debug = Debug(eventHandler, bHostileCode = options.hostile)
try:
# Attach to the targets
for pid in options.attach:
debug.attach(pid)
for argv in options.console:
debug.execv(argv, bConsole = True, bFollow = options.follow)
for argv in options.windowed:
debug.execv(argv, bConsole = False, bFollow = options.follow)
# Make sure the debugees die if the debugger dies unexpectedly
debug.system.set_kill_on_exit_mode(True)
# Run the debug loop
debug.loop()
# Stop the debugger
finally:
if not options.autodetach:
debug.kill_all(bIgnoreExceptions = True)
debug.stop()
开发者ID:MarioVilas,项目名称:winappdbg,代码行数:32,代码来源:ptrace.py
注:本文中的winappdbg.Debug类示例由纯净天空整理自Github/MSDocs等源码及文档管理平台,相关代码片段筛选自各路编程大神贡献的开源项目,源码版权归原作者所有,传播和使用请参考对应项目的License;未经允许,请勿转载。 |
请发表评论