CODEWITHSUNDEEP
pythonwindowsdebugging32bit-64bit
Clex
Clex

Reputation: 63

PythonDebugger from Gray Hat Python

I am reading Gray Hat Python I copied the code form the book but it dosen't seem to work. Other people are having problems with this book too, but not at the stage where i am at. I copied the my_debugger_defines.py as described in the book from here: http://dpunkt.de/leseproben/3245/Quellcodes.zip There is a my_debugger.py inside too and I also tried it, dosen't work. Yes I am using Python 2.5 as required The Problem is that it puts out : "[*] Unable to attach to the process. There was an error" And i honestly have no idea where the problem could be. Here is my version of the my_debugger.py (don't worry about german comments)

from ctypes import *
from my_debugger_defines import *

kernel32 = windll.kernel32

class debugger():

def __init__(self):
    self.h_process          = None
    self.pid                = None
    self.debugger_active    = False

def load(self, path_to_exe):
    #Bestimmt wie der Prozess zu erzeugen ist, zb CREATE_NEW_CONSOLE
    creation_flags = DEBUG_PROCESS 
    #Strukturen instanzieren
    startupinfo = STARTUPINFO()
    process_information = PROCESS_INFORMATION()
    #die beiden flags ermoeglichen es den prozess in einem eigenen fenster da zu stellen
    startupinfo.dwFlags = 0x1
    startupinfo.wShowWindow = 0x0
    #cb Countbyte
    startupinfo.cb = sizeof(startupinfo)

    if kernel32.CreateProcessA(path_to_exe,
                               None,
                               None,
                               None,
                               None,
                               creation_flags,
                               None,
                               None,
                               byref(startupinfo),
                               byref(process_information)
                              ):
        print "[*] Process erfolgreich gestarted"
        print "[*] PID: %d" % process_information.dwProcessId
    else:
        print "[*] Erorr: 0x%08x" % kernel32.GetLastError()

    #Anfordern des gewuenschten Access fuer einen Prozess mit der angegeben pid
def open_process(self, pid):
    h_process = kernel32.OpenProcess(PROCESS_ALL_ACCESS,False,pid)
    return h_process

def attach(self, pid):
    #oeffnen des Processhandels mit dem gewuenschten recht
    self.h_process = self.open_process(pid)

    #Versuch sich an den Process anzukopeln
    if kernel32.DebugActiveProcess(pid):
        self.debugger_active = True
        self.pid             = int(pid)
    else:
        print "[*] Unable to attach to the process"

def run(self):
    #Waren auf DebugEvents
    while self.debugger_active:
        self.get_debug_event()

def get_debug_event(self):
    debug_event     = DEBUG_EVENT()
    continue_status = DBG_CONTINUE

    if kernel32.WaitForDebugEvent(byref(debug_event), INFINITE):
        raw_input("Press a key to continue...")
        self.debugger_active = False
        kernel32.ContiuneDebugEvent(\
                                    debug_event.dwProcessId, \
                                    debug_event.dwThreadId, \
                                    continue_status)


def detach(self):
    if kernel32.DebugActiveProcessStop(self.pid):
        print "[*] Finished debugging. Exiting..."
        return True
    else:
        print "Error"
        return False

And here is the code i test it with

import my_debugger

debugger = my_debugger.debugger()

pid = raw_input("Enter PID of process to attach to:")

debugger.attach(int(pid))

debugger.detach()

Thanks for your help :)

Upvotes: 3

Views: 2133

Answers (3)

Mohit Dabas
Mohit Dabas

Reputation: 2361

I Was Also Coding A Simple Debugger In C. But It Was Showing Error Code 87 When I was Using DebugActiveProcess(pi.dwProcessId). The Problem With My Programme is of bits.It depends on whether the you are compiling your debugger in 64 bit mode on a 64 bit operating system. Since Python Is An Interpreted Language you must see how it is compiled .if python is 32 bit compiled then you must choose 32 bit programme to be debugged

Upvotes: 0

rrock
rrock

Reputation: 21

If you are running Windows 7(64 bit os), run the calc out of the Windows/sysWOW64 dir, which is the 32bit files, you can tell its the 32bit version of calc by looking at the task manager, and it will show *32 next to the 32 bit version, anyway when I used that calc, the program worked for me

Upvotes: 2

xirrad
xirrad

Reputation: 11

I just ran into this problem using Window 7, and it has something to do with these debugging functions not working for 64 Bit programs.

You can get a report as to what error it is by changing the line, as follows:

print "[*] Unable to attach to the process [%d] - %s" % (int(pid), FormatError(kernel32.GetLastError()))

If you try to attach to 32 bit programs owned by something other than your user, e.g., SYSTEM, that doesn't work - you get 'Access Denied'.

I tried it on "Immunity Debugger" (as in, I loaded Immunity and attached to its process), and that did work, so I assume it's fine for all *32 processes owned by you.

Upvotes: 1

Related Questions