from my_debugger_defines import *
from ctypes import *
import sys
# whether or not using the debugger, Debugger 상태에 대한 체크를 위한 Bool 변수
debugger_active = False
# Allocate the variable which is DEBUG_EVENT Structure, DEBUG_EVENT 구조체 할당
debug_event=DEBUG_EVENT()
continue_status=DBG_CONTINUE
# To use the APIs of kernel32 Library, kernel32.dll 사용하고 싶으면 이걸 해야지!
kernel32 = windll.kernel32
# the pid value inputted by user convert to Integer, pid 값을 인자 값으로 받아서 처리
pid = int(sys.argv[1])
# Process Open and Result, Debug 하려면 OpenProcess를 PROCESS_ALL_ACCESS로 하라는 ..
test = kernel32.OpenProcess(PROCESS_ALL_ACCESS,False,pid)
print '[*] OpenProcess() Result : %d' % test
# Process Attach, 디버거에 입력 받은 프로세스(pid)를 붙인다. debugger_active 변수를 True로
if kernel32.DebugActiveProcess(pid):
print '[*] DebugActiveProcess Start !'
debugger_active = True
# If Process Attach is successful, then
while debugger_active == True:
# Wait for receiving specific Debug Event From Debugee, it is like WaitForSingleObject()
if kernel32.WaitForDebugEvent(byref(debug_event),100):
print ' [**] dwDebugEventCode : %d' % debug_event.dwDebugEventCode
print ' [**] dwProcessId : %d' % debug_event.dwProcessId
print ' [**] dwThreadId : %d' % debug_event.dwThreadId
# To Release the Infinite Loop status
# When specific keys pushed, debugger_active status changes False from True
raw_input('Press a key to continue...')
debugger_active=False
# Resume the Debugee's running
kernel32.ContinueDebugEvent(\
debug_event.dwProcessId,\
debug_event.dwThreadId,\
continue_status)
if kernel32.DebugActiveProcessStop(pid):
print '[*] DebugActiveProcess Stop !'
my_debugger_yong.py