'공부' 카테고리의 글 목록 (24 Page)

공부

[Python] Debug Programming 2014.08.08
[Python] Debugging Source 2014.08.07
[Python] pydbg 모듈 설치 2014.08.07
[Python] Code Injection 관련 블로그 2014.08.07

[Python] Debug Programming

johnst 2014. 8. 8. 16:20

2014. 8. 8. 16:20

from my_debugger_defines import *
from ctypes import *
import sys

# whether or not using the debugger, Debugger 상태에 대한 체크를 위한 Bool 변수
debugger_active = False

# Allocate the variable which is DEBUG_EVENT Structure, DEBUG_EVENT 구조체 할당
debug_event=DEBUG_EVENT()
continue_status=DBG_CONTINUE

# To use the APIs of kernel32 Library, kernel32.dll 사용하고 싶으면 이걸 해야지!
kernel32 = windll.kernel32

# the pid value inputted by user convert to Integer, pid 값을 인자 값으로 받아서 처리
pid = int(sys.argv[1])

# Process Open and Result, Debug 하려면 OpenProcess를 PROCESS_ALL_ACCESS로 하라는 ..
test = kernel32.OpenProcess(PROCESS_ALL_ACCESS,False,pid)
print '[*] OpenProcess() Result : %d' % test

# Process Attach, 디버거에 입력 받은 프로세스(pid)를 붙인다. debugger_active 변수를 True로
if kernel32.DebugActiveProcess(pid):
print '[*] DebugActiveProcess Start !'
debugger_active = True

# If Process Attach is successful, then
while debugger_active == True:

# Wait for receiving specific Debug Event From Debugee, it is like WaitForSingleObject()
if kernel32.WaitForDebugEvent(byref(debug_event),100):
  print ' [**] dwDebugEventCode : %d' % debug_event.dwDebugEventCode
  print ' [**] dwProcessId : %d' % debug_event.dwProcessId
  print ' [**] dwThreadId : %d' % debug_event.dwThreadId

  # To Release the Infinite Loop status
  # When specific keys pushed, debugger_active status changes False from True
  raw_input('Press a key to continue...')
        debugger_active=False

  # Resume the Debugee's running
        kernel32.ContinueDebugEvent(\
                debug_event.dwProcessId,\
                debug_event.dwThreadId,\
                continue_status)

if kernel32.DebugActiveProcessStop(pid):
print '[*] DebugActiveProcess Stop !'