Topic created on: April 10, 2012 11:57 CDT by tosanjay  .
Hi,
Is it possible to use pydbg within IDA pro? I am using pydbg for hooking. The script runs fine normally, but when i try to use the same script within IDA pro, via IDAPython, it fails. any suggestions?
thanks
|
would be helpful if you could specify what exactly do you see, and what exactly the problem is.
|
> NirIzr: would be helpful if you could specify what exactly do you see, and what exactly the problem is.
Ok. As i mentioned, I am using pydbg to hook certain API, e.g. ReadFile. When i run the script under IDA, it is able to attach to the process, but after that it does nothing (though I am printing certain information). I see the dialog box which says that executing python script... When i cancel that box, the script fails with the following error:
---------------------------------
---------------------------------------------------------------------------
[*] Trying to attach to existing player.exe
[*] Attaching to player.exe (4816)
Traceback (most recent call last):
File "<string>", line 1, in <module>
File "C:Program FilesIDApythoninit.py", line 65, in runscript
execfile(script, g)
File "E:/readFileHook.py", line 379, in <module>
main()
File "E:/readFileHook.py", line 326, in main
hook_addressRead=dbg.func_resolve_debuggee("kernel32", "ReadFile")
File "C:Python25Libsite-packagespydbgpydbg.py", line 1785, in func_resolve_debuggee
dos_header = self.read_process_memory(base_address, 0x40)
File "C:Python25Libsite-packagespydbgpydbg.py", line 2811, in read_process_memory
raise pdx("ReadProcessMemory(%08x, %d, read=%d)" % (address, length, count.value), True)
pydbg.pdx.pdx: [6] ReadProcessMemory(7c800000, 64, read=0): The handle is invalid.
---------------------------------
From this, what I undersstand is that is it not able to find the address of the ReadFile function from kernel32.dll. Without IDA, it is working fine.
I am using IDA pro because I want to get some high level info regarding functions during pydbg run.
Any suggestions why it is failing?
thanks
|
|
The above problem is solved. there was an incorrect code in my script. But, now i am having another problem. In certain cases, IDA pro is itself terminating abnormally. Once I run my script, before i could start getting any information out of my script, I get an error message in IDA from saying "access violation in address xxxxxxx in hexrays.plw. Read of address 00000004." I have no idea why it is happening with certain exes. some help plz!!
|
> vavsnz:
there is an empty mail from you. Did you write something that got lost somehow? I asked this as I am waiting for someone to give some hints.
thanks
|
Note: Registration is required to post to the forums.
|
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}