def print_state( process_name ):
# Request debug privileges.
System.request_debug_privileges()
# Find the first process that matches the requested name.
system = System()
process, filename = system.find_processes_by_filename( process_name )[ 0 ]
# Suspend the process execution.
process.suspend()
try:
# For each thread in the process...
for thread in process.iter_threads():
# Get the thread state.
tid = thread.get_tid()
eip = thread.get_pc()
code = thread.disassemble_around( eip )
context = thread.get_context()
# Display the thread state.
print
print "-" * 79
print "Thread: %s" % HexDump.integer( tid )
print
print CrashDump.dump_registers( context )
print CrashDump.dump_code( code, eip ),
print "-" * 79
# Resume the process execution.
finally:
process.resume()
def __dump(self, event, label = None):
thread = event.get_thread()
trace = thread.get_stack_trace_with_labels()
ctx = thread.get_context(win32.CONTEXT_FULL)
if not label:
label = thread.get_label_at_pc()
print label
print CrashDump.dump_registers(ctx)
print CrashDump.dump_stack_trace_with_labels(trace),
print "-" * 79
def print_thread(title, thread):
tid = thread.get_tid()
eip = thread.get_pc()
context = thread.get_context()
handle = thread.get_handle()
code = thread.disassemble_around(eip)
print("%s %s - %s " % (title, HexDump.integer(tid), handle))
print CrashDump.dump_registers(context)
print CrashDump.dump_code(code, eip),
def access_violation(self, evt):
thread = evt.get_thread()
tid = thread.get_tid()
code = thread.disassemble_around_pc()
context = thread.get_context()
print
print "-" * 79
print "Thread: %s" % HexDump.integer(tid)
print
print CrashDump.dump_registers(context)
print CrashDump.dump_code(code)
print "-" * 79
def print_thread_context(tid):
System.request_debug_privileges()
thread = Thread(tid)
thread.suspend()
try:
context = thread.get_context()
finally:
thread.resume()
print
print CrashDump.dump_registers(context)
def danger_handler(self, evt):
thread = evt.get_thread()
proc = evt.get_process()
pc = thread.get_pc()
registers = thread.get_context()
if pc in self.resolved_funcs:
print "[*] hit %s" % self.resolved_funcs[pc]
CrashDump.dump_registers(registers)
# record process memory
try:
proc.suspend()
self.snapshot = proc.take_memory_snapshot()
finally:
proc.resume()
def print_thread_context( tid ):
# Request debug privileges.
System.request_debug_privileges()
# Instance a Thread object.
thread = Thread( tid )
# Suspend the thread execution.
thread.suspend()
# Get the thread context.
try:
context = thread.get_context()
# Resume the thread execution.
finally:
thread.resume()
# Display the thread context.
print
print CrashDump.dump_registers( context ),
def create_thread(self, event):
process = event.get_process()
thread = event.get_thread()
context = thread.get_context()
eip = thread.get_pc()
tid = event.get_tid()
filename = process.get_filename()
print "process:%s" % filename
# pid = event.get_pid()
start = event.get_start_address()
if start:
with warnings.catch_warnings():
warnings.simplefilter("ignore")
start = event.get_process().get_label_at_address(start)
print "Started thread %d at %s" % (tid, start)
else:
print "Attached to thread %d" % tid
print CrashDump.dump_registers(context)
#print_thread('asm', thread)
"""
