File: usage.rst

package info (click to toggle)
python-ptrace 0.9.9-0.3
  • links: PTS
  • area: main
  • in suites: forky, sid
  • size: 808 kB
  • sloc: python: 10,167; ansic: 263; makefile: 164
file content (76 lines) | stat: -rw-r--r-- 2,460 bytes parent folder | download | duplicates (5) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
 
+++++++++++++++++++
python-ptrace usage
+++++++++++++++++++

Hello World
===========

Short example attaching a running process. It gets the instruction pointer,
executes a single step, and gets the new instruction pointer::

    import ptrace.debugger
    import signal
    import subprocess
    import sys

    def debugger_example(pid):
        debugger = ptrace.debugger.PtraceDebugger()

        print("Attach the running process %s" % pid)
        process = debugger.addProcess(pid, False)
        # process is a PtraceProcess instance
        print("IP before: %#x" % process.getInstrPointer())

        print("Execute a single step")
        process.singleStep()
        # singleStep() gives back control to the process. We have to wait
        # until the process is trapped again to retrieve the control on the
        # process.
        process.waitSignals(signal.SIGTRAP)
        print("IP after: %#x" % process.getInstrPointer())

        process.detach()
        debugger.quit()

    def main():
        args = [sys.executable, '-c', 'import time; time.sleep(60)']
        child_popen = subprocess.Popen(args)
        debugger_example(child_popen.pid)
        child_popen.kill()
        child_popen.wait()

    if __name__ == "__main__":
        main()


API
===

PtraceProcess
-------------

The PtraceProcess class is an helper to manipulate a traced process.

Example::

    tracer = PtraceProcess(pid)              # attach the process
    tracer.singleStep()                      # execute one instruction
    tracer.cont()                            # continue execution
    tracer.syscall()                         # break at next syscall
    tracer.detach()                          # detach process

    # Get status
    tracer.getreg('al')                      # get AL register value
    regs = tracer.getregs()                  # read all registers
    bytes = tracer.readBytes(regs.ax, 10)    # read 10 bytes
    tracer.dumpCode()                        # dump code (as assembler or hexa is the disassembler is missing)
    tracer.dumpStack()                       # dump stack (memory words around ESP)

    # Modify the process
    shellcode = '...'
    ip = tracer.getInstrPointer()            # get EIP/RIP register
    bytes = tracer.writeBytes(ip, shellcode) # write some bytes
    tracer.setreg('ebx', 0)                  # set EBX register value to zero

Read ``ptrace/debugger/process.py`` source code to see more methods.