Flag: Tornado!
Hurricane!
|
|
| debugtrick.py |
2 KB |
Oct 17 2005 |
What it is:
This is a small python script that will allow you to attach your debugger nearly anywhere. It is currently Windows-only, and has only been tested on Windows XP. It depends on my 'process' module.
How to use it:
All you need is the PID or executable name of the program to attach in, the address at which you wish you attach and the address of a byte of data which you can modify (it will be restored to its original (at the time this script is run) value after the code you're attaching to is run.
Follow the instructions given.
How it works:
This script modifies the code at the address you wish to attach to and inserts an infinite loop that modifies the data byte you specified to a fixed byte, then a MOV that sets that data byte to the original. Once this infinite loop is hit (the point you wish to attach to is run) the data byte is changed and the script picks up on this. It will then ask you to attach your debugger and jump to the MOV after the infinite loop, which tells the script you're attached, and execute nothing after this. Once the script detects you're attached, it replaces the original instructions, and you can jump back to the address you want to attach to and step through.
Limitations:
If the code you want to attach to is self-modifying, the patches could be overwritten.
If the code you want to attach to is checksummed while running, the patches could be detected.
You have to have a data byte you can modify at will.
Todo:
Add functionality to allow injecting a DLL containing the data byte to modify.
Make it work on platforms other than Windows (Mac OS X will be my next target, if I can ever figure out how to pull it off) |
| process.py |
13 KB |
Oct 17 2005 |
What it is:
This is a simple python module that allows you to work with Windows processes.
How to use it:
The file is commented fairly heavily, so any Python hacker should be able to jump in and work with it, in theory. You can also reference my debugtrick.py file for a reference as to how to use it. |
|
|
|
|
There are 31,328 total registered users.
|
|
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}