def check_cpu(self):
while True:
try:
if self.pid is None:
time.sleep(0.2)
continue
proc = psutil.Process(self.pid)
if proc is None:
break
cpu = 0
l = []
for x in xrange(20):
tmp = int(proc.cpu_percent(interval=0.1))
cpu += tmp
l.append(tmp)
if cpu is not None and (cpu <= 100 or l.count(0) > 10):
log("CPU at 0%, killing")
self.do_stop = True
pykd.breakin()
break
else:
time.sleep(0.5)
except psutil.NoSuchProcess:
self.do_stop = True
break
def _kill_all_processes(self):
'''
kill all processes with the same name
:return: True if all matching processes were killed properly, False otherwise
'''
if self._process:
try:
status = self._get_exe_status()
self.logger.debug("Current status is %s start kill process" %
status)
if status == 'Break':
self.logger.info(
"Process is in break status, kill process now")
pykd.killAllProcesses()
self._pid = None
self._process = None
else:
self.logger.info("Break in process, kill process now")
pykd.breakin()
self._wait_break()
# TODO: need find a way to replace time.sleep
time.sleep(0.05)
pykd.killAllProcesses()
self._pid = None
self._process = None
except:
self.logger.error('failed to kill process [%s]' %
traceback.format_exc())
return False
return True
def _kill_all_processes(self):
'''
kill all processes with the same name
:return: True if all matching processes were killed properly, False otherwise
'''
if self._process:
try:
status = self._get_exe_status()
self.logger.debug("Current status is %s start kill process" % status)
if status == 'Break':
self.logger.info("Process is in break status, kill process now")
pykd.killAllProcesses()
self._pid = None
self._process = None
else:
self.logger.info("Break in process, kill process now")
pykd.breakin()
self._wait_break()
# TODO: need find a way to replace time.sleep
time.sleep(0.05)
pykd.killAllProcesses()
self._pid = None
self._process = None
except:
self.logger.error('failed to kill process [%s]' % traceback.format_exc())
return False
return True
def timeout_func(self):
log("Timeout (%d seconds), killing the target..." % self.timeout)
self.do_stop = True
try:
pykd.breakin()
except:
# A race condition might happen in the timeout function and in
# such cases we must ignore the error.
pass
def timeout_func(self):
log("Timeout (%d seconds), killing the target..." % self.timeout)
self.do_stop = True
try:
pykd.breakin()
except:
# A race condition might happen in the timeout function and in
# such cases we must ignore the error.
pass
def check_cpu(self):
while True:
try:
proc = psutil.Process(self.pid)
cpu = all(0 == proc.cpu_percent(interval=0.1) for x in xrange(20))
if cpu is not None and cpu is True:
self.do_stop = True
pykd.breakin()
break
else:
time.sleep(0.2)
except psutil.NoSuchProcess:
self.do_stop = True
def check_cpu(self):
while True:
try:
proc = psutil.Process(self.pid)
cpu = all(0 == proc.cpu_percent(interval=0.1)
for x in xrange(20))
if cpu is not None and cpu is True:
self.do_stop = True
pykd.breakin()
break
else:
time.sleep(0.2)
except psutil.NoSuchProcess:
self.do_stop = True
def update_state(self): self.context() pykd.breakin()
def timeout_func(self):
log("Timeout (%d seconds), killing the target..." % self.timeout)
self.do_stop = True
pykd.breakin()
def timeout_func(self):
log("Timeout (%d seconds), killing the target..." % self.timeout)
self.do_stop = True
pykd.breakin()
def onBreak(self):
pykd.breakin()
def run(self):
self.do_stop = False
try:
self.id = self.start_process()
self.pid = self.get_pid()
except:
log("Error launching process! %s" % str(sys.exc_info()[1]))
return None
if self.handler is None:
self.handler = ExceptionHandler()
if self.timeout is not None:
if str(self.timeout).lower() == "auto":
self.thread = Thread(target=self.check_cpu)
self.thread.start()
else:
self.timer = Timer(self.timeout, self.timeout_func)
self.timer.start()
while not self.handler.exception_occurred and not self.do_stop:
try:
pykd.go()
except:
break
if self.do_stop:
try:
pykd.dbgCommand(".kill")
except:
log("Exception killing target: %s" % str(sys.exc_info()[1]))
return None
if self.timer is not None:
self.timer.cancel()
ret = None
if self.handler.exception_occurred:
try:
pykd.breakin()
pykd.breakin()
except:
pass
tmp = pykd.dbgCommand("k 1")
if tmp.find("Wow64NotifyDebugger") > -1:
pykd.dbgCommand(".effmach x86")
registers = pykd.dbgCommand("r")
stack_trace = pykd.dbgCommand("k")
exploitable = None
msec_path = None
if self.exploitable_path is None:
if self.mode == 32:
msec_path = os.path.join(self.windbg_path, r"Debuggers\x86\winext")
elif self.mode == 64:
msec_path = os.path.join(self.windbg_path, r"Debuggers\x64\winext")
elif self.mode == "arm":
msec_path = os.path.join(self.windbg_path, r"Debuggers\arm\winext")
else:
raise Exception("Unknown mode %s, known ones are 32, 64 or 'arm'." % self.mode)
else:
msec_path = self.exploitable_path
if msec_path is not None:
full_msec_path = os.path.join(msec_path, r"msec.dll")
if os.path.exists(full_msec_path):
try:
msec_handle = pykd.loadExt(full_msec_path)
commandOutput = pykd.callExt(msec_handle, "exploitable", "")
exploitable = commandOutput
except:
log("Error loading extension: " + str(sys.exc_info()[1]))
try:
if self.minidump_path is not None:
pykd.dbgCommand(r".dump /m /u %s\\" % self.minidump_path)
log("*** Minidump written at %s" % self.minidump_path)
except:
log("!!! Error saving minidump:" + str(sys.exc_info()[1]))
ret = self.create_crash_data(registers, stack_trace, exploitable)
print pykd.dbgCommand("k 10")
print pykd.dbgCommand("r")
print exploitable
try:
pykd.killAllProcesses()
except:
log("Error killing processes: " + str(sys.exc_info()[1]))
crash_data_buf = self.crash_data.dump_json()
ret = self.crash_data.dump_dict()
print
print "Yep, we got a crash! \o/"
print
return ret
def breakin():
pykd.breakin()
def breakin(self):
pykd.breakin()
