.Greeting everyone,
First of all, great job for site, this is one the only real community I've found so far around pydbg, anyways I just started playing with pydbg not too long ago (after reading Gray Hat Python). I need to get information for a Windows app. API hooking will not work in this case, so I am forced to go lower and get the data from the stack. The main thread does not contain the information I am looking for, it is in one of its child processes. Anyways, the approach I am trying to follow goes something like this:
1. Attach to the main process
2. Find the Thread I am interested on
3. Set some event handlers to know when an event has happened (I guess the appropiate way would be to use breakpoints, but at this point I dont know where exactly put them)
4. Look over the stack for ASCII/UNICODE text until I find what I am interested on.
The problem I am encountering is on how to print the stack for strings that I am interested on. As I understand, on pydbg, you have to first stop all the threads, take a snapshot (then is when you get the context) and finally resume the threads. My problem is that I can not seem to initialize a context for any of the threads (neither the father nor the childs).
At this point I am stuck, I am aware this is not the most elegant way to do it, but it is the only I could think on.
Any feedback or suggestions are more than welcome!
Thank you very much!
Miguel
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}