OpenRCE

📚 OpenRCE is preserved as a read-only archive. Launched at RECon Montreal in 2005. Registration and posting are disabled.

About Articles Book Store Distributed RCE Downloads Event Calendar Forums Live Discussion Reference Library RSS Feeds Search Users What's New

Customize Theme

Flag: Tornado! Hurricane!

Topic created on: August 8, 2006 15:26 CDT by mgrafton .

When I attempt to run the sample script program in the documentation I receive an error trying to add a breakpoint to the function ws2_32.  I get the following error:

Traceback (most recent call last):
  File "C:\Documents and Settings\mgrafton\My Documents\JeffProject\Software\paimei\mg_test.py", line 21, in ?
    dbg.bp_set(recv)
  File "C:\Documents and Settings\mgrafton\My Documents\JeffProject\Software\paimei\pydbg\pydbg.py",
line 416, in bp_set
    raise pdx("Failed setting breakpoint at %08x" % address)
pydbg.pdx.pdx: Failed setting breakpoint at 71ab615a

pedram		August 8, 2006 16:23.18 CDT
That snippet was really there to demonstrate the ease of use. Taking a look at it I see there are two silly errors (I'll fix this in the next release of the documentation). The last line should be dbg.xxxx and the log() function is not defined, switch it to a print. ie: from pydbg import * from pydbg.defines import * def handler_breakpoint (pydbg): # ignore the first windows driven breakpoint. if pydbg.first_breakpoint: return DBG_CONTINUE print "ws2_32.recv() called from thread %d @%08x" % (pydbg.dbg.dwThreadId, pydbg.exception_address) return DBG_CONTINUE dbg = pydbg() # register a breakpoint handler function. dbg.set_callback(EXCEPTION_BREAKPOINT, handler_breakpoint) dbg.attach(1780) recv = dbg.func_resolve("ws2_32", "recv") dbg.bp_set(recv) dbg.debug_event_loop() Look like you fixed those bugs in your test case, since the error is happening later. The code snippet works perfectly for me, and the address that PyDbg resolved looks correct. Not quite sure why it's failing for you. Drop me an e-mail with the exact script you are using.

morphique		August 8, 2006 17:10.03 CDT
I think recv is not resolved properly to it address. Try to print recv before dbg.bp_set(recv).

mgrafton		August 9, 2006 08:46.25 CDT
When I print recv I get the following value: recv: 1907056986 Is this not the address for ws2_32? How can I find out the address?

morphique		August 9, 2006 09:49.07 CDT
It works fine for me. try this script: from pydbg import * from pydbg.defines import * import sys def handler_breakpoint (dbg): # ignore the first windows driven breakpoint. #if pydbg.first_breakpoint: #return DBG_CONTINUE callee = dbg.get_arg(0) print "recv was called from %08x" % callee return DBG_CONTINUE dbg = pydbg() if len(sys.argv) != 2: sys.stderr.write("USAGE: FILENAME PID" + "\n") try: pid = int(sys.argv[1]) except: sys.stderr.write("USAGE: FILENAME PID" + "\n") # register a breakpoint handler function. dbg.set_callback(EXCEPTION_BREAKPOINT, handler_breakpoint) dbg.attach(pid) recv = dbg.func_resolve("ws2_32", "recv") print "recv = 0x%08x" % recv dbg.bp_set(recv) dbg.run()

mgrafton		August 9, 2006 10:34.10 CDT
I got it working for dbg.func_resolve("ntdll", "RtlAllocateHeap") but not ws2_32, fails setting at 71ab615a Since I was only trying to get familar with the debugger, I guess testing AllocateHeap is fine. Just odd that it doesn't work for ws2_32.

otto		August 10, 2006 05:14.45 CDT
This may be due to the fact that ws2_32.dll is located at different base adresss. Have you tried using func_resolve_debuggee?

mgrafton		August 10, 2006 09:27.20 CDT
Sorry guys, this was user error which I'm sure you suspected. I added some printouts in func_resolve_debuggee, and discovered that if the process doesn't use ws2_32 then it returns none. So I went back and chose a process that does and it ran fine for both calls to func_resolve and func_resolve_debuggee. Thanks everyone for your help.

Note: Registration is required to post to the forums.

There are 31,328 total registered users.

Recently Created Topics
[help] Unpacking VMP...	Mar/12
Reverse Engineering ...	Jul/06
let 'IDAPython' impo...	Sep/24
set 'IDAPython' as t...	Sep/24
GuessType return une...	Sep/20
About retrieving the...	Sep/07
How to find specific...	Aug/15
How to get data depe...	Jul/07
Identify RVA data in...	May/06
Question about memor...	Dec/12

Recent Forum Posts
Finding the procedur...	rolEYder
Question about debbu...	rolEYder
Identify RVA data in...	sohlow
let 'IDAPython' impo...	sohlow
How to find specific...	hackgreti
Problem with ollydbg	sh3dow
How can I write olly...	sh3dow
New LoadMAP plugin v...	mefisto...
Intel pin in loaded ...	djnemo
OOP_RE tool available?	Bl4ckm4n

Recent Blog Entries
	halsten	Mar/14
Breaking IonCUBE VM
	oleavr	Oct/24
Anatomy of a code tracer
	hasherezade	Sep/24
IAT Patcher - new tool for ...
	oleavr	Aug/27
CryptoShark: code tracer ba...
	oleavr	Jun/25
Build a debugger in 5 minutes
More ...

Recent Blog Comments
	nieo on:	Mar/22
IAT Patcher - new tool for ...
	djnemo on:	Nov/17
Kernel debugger vs user mod...
	acel on:	Nov/14
Kernel debugger vs user mod...
	pedram on:	Dec/21
frida.github.io: scriptable...
	capadleman on:	Jun/19
Using NtCreateThreadEx for ...
More ...

Imagery

SoySauce Blueprint
Jun 6, 2008

[+] expand

View Gallery (11) / Submit