Python-Ptrace - PtraceProcess.cont() 之后会发生什么?
Python-Ptrace - What happens after PtraceProcess.cont()?
我正在看 python-ptrace 的游戏。我不想断开与服务器的连接,所以在附加到进程后,我立即调用 cont() 以允许它保持 运行.
在这种状态下,我仍然可以读取内存,但无法写入。
有没有办法打回进程然后读取内存?我试过重新添加进程,调用 detach() 然后重新添加。唯一有效的是完全关闭 Python 并重新打开它并重新打开进程。
互动示例:
>>> from ptrace.debugger import PtraceDebugger
>>> dbg = PtraceDebugger()
>>> proc = dbg.addProcess(35765, False)
>>> proc.writeBytes(0x185e8c08, '\x00\x40\x1c\x46')
>>> proc.cont()
>>> proc.writeBytes(0x185e8c08, '\x00\x40\x1c\x46')
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/local/lib/python2.7/dist-packages/ptrace/debugger/process.py", line 630, in writeBytes
self.writeWord(address, bytes2word(word))
File "/usr/local/lib/python2.7/dist-packages/ptrace/debugger/process.py", line 700, in writeWord
ptrace_poketext(self.pid, address, word)
File "/usr/local/lib/python2.7/dist-packages/ptrace/binding/func.py", line 184, in ptrace_poketext
_poke(PTRACE_POKETEXT, pid, address, word)
File "/usr/local/lib/python2.7/dist-packages/ptrace/binding/func.py", line 172, in _poke
ptrace(command, pid, address, word)
File "/usr/local/lib/python2.7/dist-packages/ptrace/binding/func.py", line 148, in ptrace
raise PtraceError(message, errno=errno, pid=pid)
ptrace.error.PtraceError: ptrace(cmd=4, pid=35765, 408849416, 4142814460058025984) error #3: No such process
>>> proc.detach()
>>> proc = dbg.addProcess(35765, False)
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/local/lib/python2.7/dist-packages/ptrace/debugger/debugger.py", line 75, in addProcess
process = PtraceProcess(self, pid, is_attached, parent=parent)
File "/usr/local/lib/python2.7/dist-packages/ptrace/debugger/process.py", line 167, in __init__
self.attach()
File "/usr/local/lib/python2.7/dist-packages/ptrace/debugger/process.py", line 184, in attach
ptrace_attach(self.pid)
File "/usr/local/lib/python2.7/dist-packages/ptrace/binding/func.py", line 155, in ptrace_attach
ptrace(PTRACE_ATTACH, pid)
File "/usr/local/lib/python2.7/dist-packages/ptrace/binding/func.py", line 148, in ptrace
raise PtraceError(message, errno=errno, pid=pid)
ptrace.error.PtraceError: ptrace(cmd=16, pid=35765, 0, 0) error #1: Operation not permitted
>>> proc = dbg.deleteProcess(proc)
>>> proc = dbg.addProcess(35765, False)
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/local/lib/python2.7/dist-packages/ptrace/debugger/debugger.py", line 75, in addProcess
process = PtraceProcess(self, pid, is_attached, parent=parent)
File "/usr/local/lib/python2.7/dist-packages/ptrace/debugger/process.py", line 167, in __init__
self.attach()
File "/usr/local/lib/python2.7/dist-packages/ptrace/debugger/process.py", line 184, in attach
ptrace_attach(self.pid)
File "/usr/local/lib/python2.7/dist-packages/ptrace/binding/func.py", line 155, in ptrace_attach
ptrace(PTRACE_ATTACH, pid)
File "/usr/local/lib/python2.7/dist-packages/ptrace/binding/func.py", line 148, in ptrace
raise PtraceError(message, errno=errno, pid=pid)
ptrace.error.PtraceError: ptrace(cmd=16, pid=35765, 0, 0) error #1: Operation not permitted
关于如何在它仍然是 运行 时对其进行编辑的任何建议?
我没有看到 break() 函数可以中断进程。
这里有不错的文档字符串:
https://github.com/qikon/python-ptrace/blob/master/ptrace/debugger/debugger.py
https://github.com/qikon/python-ptrace/blob/master/ptrace/debugger/process.py
我 运行 在第一次使用 python-ptrace 时遇到了同样的问题。我最终想通了并且可以成功修改另一个进程代码。我没有直接使用 PtraceDebugger,而是直接访问了 ptrace.binding 函数。以下是我的代码。
import time
from ptrace.linux_proc import * # For the searchProcessByName func
from ptrace.binding import * # For ptrace funcs
def checkVal(value):
# Check value bounds and such here
if value is good:
return True
def main():
pid = searchProcessByName("nameofprocess") #or pid = 56437
addr = 0x32323232 # Note: poke/peek_text requires the address to be aligned
while True: # This may require some modifications to your new value as well
newVal = input("What do you want the new value to be?")
if checkVal(newVal):
ptrace_attach(pid) # Attach
time.sleep(.001) # For some reason, I needed this for it to work
ptrace_peektext(pid,addr) # Read word at addr
ptrace_poketext(pid,addr,newVal) # Write newVal at addr
ptrace_detach(pid) # Let the process resume
那是我的代码的一个极其精简的版本。我建议在 ptrace 内容周围添加一些 try/excepts 以在出现问题时提供帮助。我希望这有帮助!
我正在看 python-ptrace 的游戏。我不想断开与服务器的连接,所以在附加到进程后,我立即调用 cont() 以允许它保持 运行.
在这种状态下,我仍然可以读取内存,但无法写入。
有没有办法打回进程然后读取内存?我试过重新添加进程,调用 detach() 然后重新添加。唯一有效的是完全关闭 Python 并重新打开它并重新打开进程。
互动示例:
>>> from ptrace.debugger import PtraceDebugger
>>> dbg = PtraceDebugger()
>>> proc = dbg.addProcess(35765, False)
>>> proc.writeBytes(0x185e8c08, '\x00\x40\x1c\x46')
>>> proc.cont()
>>> proc.writeBytes(0x185e8c08, '\x00\x40\x1c\x46')
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/local/lib/python2.7/dist-packages/ptrace/debugger/process.py", line 630, in writeBytes
self.writeWord(address, bytes2word(word))
File "/usr/local/lib/python2.7/dist-packages/ptrace/debugger/process.py", line 700, in writeWord
ptrace_poketext(self.pid, address, word)
File "/usr/local/lib/python2.7/dist-packages/ptrace/binding/func.py", line 184, in ptrace_poketext
_poke(PTRACE_POKETEXT, pid, address, word)
File "/usr/local/lib/python2.7/dist-packages/ptrace/binding/func.py", line 172, in _poke
ptrace(command, pid, address, word)
File "/usr/local/lib/python2.7/dist-packages/ptrace/binding/func.py", line 148, in ptrace
raise PtraceError(message, errno=errno, pid=pid)
ptrace.error.PtraceError: ptrace(cmd=4, pid=35765, 408849416, 4142814460058025984) error #3: No such process
>>> proc.detach()
>>> proc = dbg.addProcess(35765, False)
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/local/lib/python2.7/dist-packages/ptrace/debugger/debugger.py", line 75, in addProcess
process = PtraceProcess(self, pid, is_attached, parent=parent)
File "/usr/local/lib/python2.7/dist-packages/ptrace/debugger/process.py", line 167, in __init__
self.attach()
File "/usr/local/lib/python2.7/dist-packages/ptrace/debugger/process.py", line 184, in attach
ptrace_attach(self.pid)
File "/usr/local/lib/python2.7/dist-packages/ptrace/binding/func.py", line 155, in ptrace_attach
ptrace(PTRACE_ATTACH, pid)
File "/usr/local/lib/python2.7/dist-packages/ptrace/binding/func.py", line 148, in ptrace
raise PtraceError(message, errno=errno, pid=pid)
ptrace.error.PtraceError: ptrace(cmd=16, pid=35765, 0, 0) error #1: Operation not permitted
>>> proc = dbg.deleteProcess(proc)
>>> proc = dbg.addProcess(35765, False)
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/local/lib/python2.7/dist-packages/ptrace/debugger/debugger.py", line 75, in addProcess
process = PtraceProcess(self, pid, is_attached, parent=parent)
File "/usr/local/lib/python2.7/dist-packages/ptrace/debugger/process.py", line 167, in __init__
self.attach()
File "/usr/local/lib/python2.7/dist-packages/ptrace/debugger/process.py", line 184, in attach
ptrace_attach(self.pid)
File "/usr/local/lib/python2.7/dist-packages/ptrace/binding/func.py", line 155, in ptrace_attach
ptrace(PTRACE_ATTACH, pid)
File "/usr/local/lib/python2.7/dist-packages/ptrace/binding/func.py", line 148, in ptrace
raise PtraceError(message, errno=errno, pid=pid)
ptrace.error.PtraceError: ptrace(cmd=16, pid=35765, 0, 0) error #1: Operation not permitted
关于如何在它仍然是 运行 时对其进行编辑的任何建议?
我没有看到 break() 函数可以中断进程。
这里有不错的文档字符串:
https://github.com/qikon/python-ptrace/blob/master/ptrace/debugger/debugger.py
https://github.com/qikon/python-ptrace/blob/master/ptrace/debugger/process.py
我 运行 在第一次使用 python-ptrace 时遇到了同样的问题。我最终想通了并且可以成功修改另一个进程代码。我没有直接使用 PtraceDebugger,而是直接访问了 ptrace.binding 函数。以下是我的代码。
import time
from ptrace.linux_proc import * # For the searchProcessByName func
from ptrace.binding import * # For ptrace funcs
def checkVal(value):
# Check value bounds and such here
if value is good:
return True
def main():
pid = searchProcessByName("nameofprocess") #or pid = 56437
addr = 0x32323232 # Note: poke/peek_text requires the address to be aligned
while True: # This may require some modifications to your new value as well
newVal = input("What do you want the new value to be?")
if checkVal(newVal):
ptrace_attach(pid) # Attach
time.sleep(.001) # For some reason, I needed this for it to work
ptrace_peektext(pid,addr) # Read word at addr
ptrace_poketext(pid,addr,newVal) # Write newVal at addr
ptrace_detach(pid) # Let the process resume
那是我的代码的一个极其精简的版本。我建议在 ptrace 内容周围添加一些 try/excepts 以在出现问题时提供帮助。我希望这有帮助!