def analyze_crash(cmd): """ This is called with the command line (including the filename) which caused the crash before. It is a late analysis routine which sorts the crashes. """ global file_info global victim_filename global crash_filename # TODO: This may not always be the case victim_filename, crash_filename = cmd print "=== [*] Analyzing %s" % crash_filename file_binary = fileops.get_base64_contents(crash_filename) if file_binary: file_info = (crash_filename, file_binary) # Instance a Debug object, passing it the event handler callback. debug = Debug(crash_event_handler, bKillOnExit = True) try: # Start a new process for debugging. debug.execv(cmd) # Wait for the debugee to finish. debug.loop() # Stop the debugger. finally: debug.stop()
def main( argv ): # Parse the command line arguments options = parse_cmdline(argv) # Create the event handler object eventHandler = Tracer() eventHandler.options = options # Create the debug object debug = Debug(eventHandler, bHostileCode = options.hostile) try: # Attach to the targets for pid in options.attach: debug.attach(pid) for argv in options.console: debug.execv(argv, bConsole = True, bFollow = options.follow) for argv in options.windowed: debug.execv(argv, bConsole = False, bFollow = options.follow) # Make sure the debugees die if the debugger dies unexpectedly debug.system.set_kill_on_exit_mode(True) # Run the debug loop debug.loop() # Stop the debugger finally: if not options.autodetach: debug.kill_all(bIgnoreExceptions = True) debug.stop()
def main(argv): # Parse the command line arguments options = parse_cmdline(argv) # Create the event handler object eventHandler = Tracer() eventHandler.options = options # Create the debug object debug = Debug(eventHandler, bHostileCode=options.hostile) try: # Attach to the targets for pid in options.attach: debug.attach(pid) for argv in options.console: debug.execv(argv, bConsole=True, bFollow=options.follow) for argv in options.windowed: debug.execv(argv, bConsole=False, bFollow=options.follow) # Make sure the debugees die if the debugger dies unexpectedly debug.system.set_kill_on_exit_mode(True) # Run the debug loop debug.loop() # Stop the debugger finally: if not options.autodetach: debug.kill_all(bIgnoreExceptions=True) debug.stop()
def simple_debugger(address_file, program_file, arg_check): process = None debug = Debug(HitTracerEventHandler(address_file, program_file, arg_check)) try: # Lookup currently running processes debug.system.scan_processes() for (process, name) in debug.system.find_processes_by_filename(program_file): print "[*] Found %d: %s" % (process.get_pid(), name) # Attach to it debug.attach(process.get_pid()) if process == None: print "[*] Fatal. Process not found. Is it running?" sys.exit(1) # Wait for all debugees to finish debug.loop() # Cleanup actions finally: debug.stop()
def simple_debugger(argv): # Instance a Debug object. debug = Debug() try: # Start a new process for debugging. debug.execv(argv) # Launch the interactive debugger. debug.interactive() # Stop the debugger. finally: debug.stop() return
def extract_payload(file_path): """ Function that'll handle winappdbg debug :param file_path: path of QuantLoader :return: bool """ debug = Debug(QHandler()) try: debug.execv([file_path]) debug.loop() finally: debug.stop()
def simple_debugger(argv): # Instance a Debug object, passing it the MyEventHandler instance debug = Debug(MyEventHandler()) try: debug.execv(argv) debug.loop() # Stop the debugger finally: debug.stop()
def debug_ovas(ovas_pid, test_payload, test_char, good_chars): # Instance a Debug object. debug = Debug(functools.partial(bad_characters_handler, test_payload, test_char, good_chars), bKillOnExit=True) try: # Attach to a running process. debug.attach(ovas_pid) # Wait for the debugee to finish. debug.loop() finally: # Stop the debugger. debug.stop()
def simple_debugger( argv ): # Instance a Debug object, passing it the event handler callback. debug = Debug( my_event_handler, bKillOnExit = True ) try: # Start a new process for debugging. debug.execv( argv ) # Wait for the debugee to finish. debug.loop() # Stop the debugger. finally: debug.stop()
def simple_debugger(argv): # Instance a Debug object, passing it the event handler callback. debug = Debug(my_event_handler, bKillOnExit=True) try: # Start a new process for debugging. debug.execv(argv) # Wait for the debugee to finish. debug.loop() # Stop the debugger. finally: debug.stop()
def simple_debugger( argv ): # Instance a Debug object. debug = Debug() try: # Start a new process for debugging. debug.execv( argv ) # Launch the interactive debugger. debug.interactive() # Stop the debugger. finally: debug.stop()
def DebugProgram(filepath): #Instance a Debug object. debug_args = list() debug_args.insert(0,PROGRAM_PATH) debug_args.insert(len(debug_args),filepath) debug = Debug(AccessViolationHandlerWINAPPDBG, bKillOnExit = True) #debug.system.load_dbghelp("C:\\Program Files\\Debugging Tools for Windows (x86)\\dbghelp.dll") System.fix_symbol_store_path(symbol_store_path = "C:\\ProgramData\\Dbg\\sym",remote = True,force = True) #enter local symbol path here if you have downloaded symbols System.set_kill_on_exit_mode(True) try: # The execution time limit is 5 seconds. maxTime = time() + 5 # Start a new process for debugging. debug.execv(debug_args) # Wait for the debugee to finish. #debug.loop() # Loop while calc.exe is alive and the time limit wasn't reached. while debug and time() < maxTime: try: # Get the next debug event. debug.wait(1000) # 1 second accuracy # Show the current time on screen. #print time() # If wait() times out just try again. # On any other error stop debugging. except WindowsError, e: if e.winerror in (win32.ERROR_SEM_TIMEOUT, win32.WAIT_TIMEOUT): continue raise # Dispatch the event and continue execution. try: debug.dispatch() finally: debug.cont() # Stop the debugger. finally: debug.stop()
def simple_debugger(argv): # Instance a Debug object, passing it the event handler callback. debug = Debug(my_event_handler, bKillOnExit=True) timer = threading.Timer(2.0, killProc, [ os.path.basename(argv[0]), ]) try: # Start a new process for debugging. debug.execv(argv) timer.start() # Wait for the debugee to finish. debug.loop() # Stop the debugger. finally: debug.stop() print " [*]kill timer" timer.cancel() # cancle是每一轮fuzzing之后都会执行?
def main(argv): options = parse_cmdline(argv) # Create the event handler object eventHandler = EventForwarder(MemoryWatcher, options) # Create the debug object debug = Debug(eventHandler, bKillOnExit=True) try: # Attach to the targets for pid in options.attach: logger.log_text("Attaching to %d" % pid) debug.attach(pid) # Run the debug loop debug.loop() # Stop the debugger finally: debug.stop()
class WinAppDbgController(BaseController): ''' WinAppDbgController controls a server process by starting it on setup making sure it stays up. It uses winappdbg to attach to the target processes. ''' def __init__(self, name, process_path, process_args=[], sql_crash_db='sqlite:///crashes.sqlite', logger=None): ''' :param name: name of the object :param process_path: path to the target executable :param process_args: arguments to pass to the process :param attach: try to attach if process path :param sql_crash_db: sql alchemy connection string to crash db (default:sqlite:///crashes.sqlite) :param logger: logger for this object (default: None) ''' super(WinAppDbgController, self).__init__(name, logger) assert(process_path) assert(os.path.exists(process_path)) self._process_path = process_path self._process_name = os.path.basename(process_path) self._process_args = process_args self._process = None self._sql_crash_db = sql_crash_db self._crash_event_complete = threading.Event() self._server_is_up = threading.Event() self._crash_event_complete.set() self._debug = Debug(lambda x: _my_event_handler(self, x), bKillOnExit=True) def _debug_server(self): ''' debugger thread ''' try: self._process = None # Start a new process for debugging. argv = [self._process_path] + self._process_args self.logger.debug('debugger starting server: %s' % argv) try: self._process = self._debug.execv(argv, bFollow=True) except WindowsError: self.logger.error('debug_server received exception', traceback.fmt_exc()) self._pid = self._process.get_pid() self.logger.info('process started. pid=%d' % self._pid) # Wait for the debugee to finish. self._server_is_up.set() self._debug.loop() except: self.logger.error('Got an exception in _debug_server') self.logger.error(traceback.format_exc()) # Stop the debugger. finally: self._debug.stop() self._process = None self._pid = -1 self._crash_event_complete.set() def _start_server_thread(self): ''' start the server thread ''' self._server_is_up.clear() self.server_thread = FuncThread(self._debug_server) self.server_thread.start() self.logger.info('waiting for server to be up') self._server_is_up.wait() self.logger.info('server should be up') def _kill_all_processes(self): ''' kill all processes with the same name :return: True if all matching processes were killed properly, False otherwise ''' res = True # Lookup the currently running processes. self._debug.system.scan_processes() # For all processes that match the requested filename... for (process, name) in self._debug.system.find_processes_by_filename(self._process_name): process_pid = process.get_pid() self.logger.info('found process %s (%d) - trying to kill it' % (name, process_pid)) try: process.kill() self.logger.info('successfully killed %s (%d)' % (name, process_pid)) except: self.logger.error('failed to kill %s (%d) [%s]' % (name, process_pid, traceback.format_exc())) res = False return res def setup(self): ''' Called at the beginning of a fuzzing session. Will start the server up. ''' self._stop_process() self._start_server_thread() def teardown(self): self._stop_process() self._process = None super(WinAppDbgController, self).teardown() def pre_test(self, test_number): super(WinAppDbgController, self).pre_test(test_number) if not self._is_victim_alive(): self.logger.error('victim is dead, restarting...') # self.report.failed('server is down during pre_test - failure it probably from previous test (%d)' % (test_number-1)) self._restart() self._crash_event_complete.set() else: self.logger.debug('victim is alive (pid=%d)' % self._pid) def post_test(self): self.logger.debug('in') time.sleep(1) self.logger.debug('after sleep') res = self._crash_event_complete.wait() self.logger.debug('after wait') if not res: self.report.failed('incomplete crash detected') super(WinAppDbgController, self).post_test() self.logger.debug('out') def _stop_process(self): ''' Stop the process (if running) ''' return self._kill_all_processes() def _stop_process_old(self): ''' :return: True if process was killed, False otherwise ''' if self._is_victim_alive(): self._process.kill() time.sleep(0.5) if self._is_victim_alive(): self._process.kill() time.sleep(0.5) if self._is_victim_alive(): raise Exception('Failed to kill client process') self._debug.stop() return True else: self._debug.stop() return False def _restart(self): ''' restart the process ''' self._stop_process() self.server_thread.join(1) time.sleep(3) self._server_is_up.clear() self._start_server_thread() def _is_victim_alive(self): ''' check if process running ''' if self._process: self.logger.debug('process pid: %d' % self._pid) is_alive = self._process.is_alive() is_debugee_started = self._debug.is_debugee_started(self._pid) self.logger.debug('is_alive = %s' % is_alive) self.logger.debug('is_debugee_started = %s' % is_debugee_started) return (is_alive and is_debugee_started) else: self.logger.debug('_process is None') return False
class WinAppDbgTarget(ServerTarget): def __init__(self, name, process_path, process_args=[], sql_crash_db="sqlite:///crashes.sqlite", logger=None): """ :param name: name of the object :param process_path: path to the target executable :param process_args: arguments to pass to the process :param sql_crash_db: sql alchemy connection string to crash db (default:sqlite:///crashes.sqlite) :param logger: logger for this object (default: None) """ super(WinAppDbgTarget, self).__init__(name, logger) assert process_path assert (os.path.exists(process_path)) self._process_path = process_path self._process_name = os.path.basename(process_path) self._process_args = process_args self._process = None self._sql_crash_db = sql_crash_db self._crash_event_complete = threading.Event() self._server_is_up = threading.Event() self._crash_event_complete.set() self._debug = Debug(lambda x: _my_event_handler(self, x), bKillOnExit=True) def _debug_server(self): """ debugger thread """ try: self._process = None # Start a new process for debugging. argv = [self._process_path] + self._process_args self.logger.debug("debugger starting server: %s" % argv) try: self._process = self._debug.execv(argv, bFollow=True) except WindowsError: self.logger.error("debug_server received exception", traceback.fmt_exc()) self._pid = self._process.get_pid() self.logger.info("process started. pid=%d" % self._pid) # Wait for the debugee to finish. self._server_is_up.set() self._debug.loop() except: self.logger.error("Got an exception in _debug_server") self.logger.error(traceback.format_exc()) # Stop the debugger. finally: self._debug.stop() self._process = None self._pid = -1 self._crash_event_complete.set() def _start_server_thread(self): """ start the server thread """ self._server_is_up.clear() self.server_thread = FuncThread(self._debug_server) self.server_thread.start() self.logger.info("waiting for server to be up") self._server_is_up.wait() self.logger.info("server should be up") def _kill_all_processes(self): """ kill all processes with the same name :return: True if all matching processes were killed properly, False otherwise """ res = True # Lookup the currently running processes. self._debug.system.scan_processes() # For all processes that match the requested filename... for (process, name) in self._debug.system.find_processes_by_filename( self._process_name): process_pid = process.get_pid() self.logger.info("found process %s (%d) - trying to kill it" % (name, process_pid)) try: process.kill() self.logger.info("successfully killed %s (%d)" % (name, process_pid)) except: self.logger.error("failed to kill %s (%d) [%s]" % (name, process_pid, traceback.format_exc())) res = False return res def teardown(self): self._stop_process() self._process = None super(WinAppDbgTarget, self).teardown() def pre_test(self, test_number): super(WinAppDbgTarget, self).pre_test(test_number) if not self._is_victim_alive(): self.logger.error("victim is dead, restarting...") # self.report.failed("server is down during pre_test - failure it probably from previous test (%d)" % (test_number-1)) self._restart() self._crash_event_complete.set() else: self.logger.debug("victim is alive (pid=%d)" % self._pid) def post_test(self, test_num): self.logger.debug("in") time.sleep(1) self.logger.debug("after sleep") res = self._crash_event_complete.wait() self.logger.debug("after wait") if not res: self.report.failed("incomplete crash detected") super(WinAppDbgTarget, self).post_test(test_num) self.logger.debug("out") def _send_to_target(self, data): """ this is the key off windbgtarget :param data: data is the file path """ self.logger.info("send called") """ starting """ self._process_args = [] # this may need implement self._start_server_thread() def _stop_process(self): """ Stop the process (if running) """ return self._kill_all_processes() def _stop_process_old(self): """ :return: True if process was killed, False otherwise """ if self._is_victim_alive(): self._process.kill() time.sleep(0.5) if self._is_victim_alive(): self._process.kill() time.sleep(0.5) if self._is_victim_alive(): raise Exception("Failed to kill client process") self._debug.stop() return True else: self._debug.stop() return False def _restart(self): """ restart the process """ self._stop_process() # self.server_thread.join(1) time.sleep(3) self._server_is_up.clear() self._start_server_thread() def _is_victim_alive(self): """ check if process running """ if self._process: self.logger.debug("process pid: %d" % self._pid) is_alive = self._process.is_alive() is_debugee_started = self._debug.is_debugee_started(self._pid) self.logger.debug("is_alive = %s" % is_alive) self.logger.debug("is_debugee_started = %s" % is_debugee_started) return is_alive and is_debugee_started else: self.logger.debug("_process is None") return False
found = [] # Looking for Password: pass_pattern = '([0-9]\x00){4}\x00\x00\x00\x00\x00\x00\x00\x00\x04\x00\x00\x00\x07\x00\x00' for address in process.search_regexp( pass_pattern ): found += [process.read(address[0]-3,16)] if found: print '\nPassword:'******'[0-9]{4}',i.replace('\x00',''))[0] print pwd else: print re.findall('[0-9]{4}',found[0].replace('\x00',''))[0] return found debug = Debug() try: # Lookup the currently running processes. debug.system.scan_processes() # For all processes that match the requested filename... for ( process, name ) in debug.system.find_processes_by_filename( filename ): pid = process.get_pid() memory_search(pid) finally: debug.stop()
class CEdenEternalDebugger(): def __init__(self,pFilename): System.request_debug_privileges() self.hSendAddress = "0x2" self.hRecvAddress = "0x4" self.bQueueStarted = False self.bStartLog = False self.bSend = False self.bBlock = False self.lBlockSend = [] self.lBlockRecv =[] self.lBlock = [] try: self.oDebug = Debug(self.handlerEvent) self.oDebug.system.scan_processes() for ( process, name ) in self.oDebug.system.find_processes_by_filename( pFilename ): self.oDebug.attach(process.get_pid()) stackDbg.put("MSG_INJECTED") self.bQueueStarted = True self.checkThread = threading.Thread(target=self.handleQueue) self.checkThread.start() self.oDebug.loop() finally: stackDbg.put("MSG_NOT_INJECTED") self.bQueueStarted = False self.oDebug.stop() def handleQueue(self): while self.bQueueStarted: sMsg = gui.stackGui.get() if(sMsg == "MSG_START_LOG"): self.bStartLog = True elif(sMsg == "MSG_STOP_LOG"): self.bStartLog = False elif(sMsg == "MSG_EXIT"): self.oDebug.stop() elif(sMsg[:8] == "MSG_SEND"): sSend = sMsg.split('|') self.bSend = True self.sSendMsg = sSend[1] elif(sMsg[:9] == "MSG_BLOCK"): sBlock = sMsg[10:] split = sBlock.split('|') if(split[0]=="[C->S]"): self.lBlockSend.append(split[1]) elif(split[0]=="[S->C]"): self.lBlockRecv.append(split[1]) elif(sMsg == "MSG_RBLOCK"): self.bBlock = True elif(sMsg == "MSG_SBLOCK"): self.bBlock = False del self.lBlock[:] del self.lBlockRecv[:] del self.lBlockSend[:] def handlerEvent(self,event): nPid = event.get_pid() if(self.bStartLog ==True): event.debug.break_at(nPid,self.hSendAddress,self.recvOutPackets) event.debug.break_at(nPid,self.hRecvAddress,self.recvInPackets) else: event.debug.dont_break_at(nPid,self.hSendAddress) event.debug.dont_break_at(nPid,self.hRecvAddress) def recvOutPackets(self,event): nPid = event.get_pid() oProcess = Process(nPid) if(self.bStartLog ==True): stackMem = event.get_thread().get_sp() address = event.get_process().read_pointer( stackMem+0x4 ) if(oProcess.is_address_readable(address)): hPacket = self.checkOutPacket(address,oProcess) if(self.bBlock==True): if(len(self.lBlockSend)>0): for pck in self.lBlockSend: if(hPacket == pck): bytes = len(hPacket)/2 packie = hPacket[:4] for i in range(0,bytes-2): packie +="00" if(len(packie) % 2 == 0): blockPacket = binascii.unhexlify(packie) oProcess.write(address,blockPacket) else: packie +="0" blockPacket = binascii.unhexlify(packie) oProcess.write(address,blockPacket) hPacket = self.checkOutPacket(address,oProcess) if(hPacket[:2]=="01"): if(self.bSend==True): sSendPacket = self.sendPacket(oProcess,address) if(sSendPacket!="NOWRITE"): if(sSendPacket!=None): stackDbg.put("SND|"+sSendPacket) else: stackDbg.put("SND|"+hPacket) else: stackDbg.put("SND|"+hPacket) else: stackDbg.put("SND|"+hPacket) else: event.debug.dont_break_at(nPid,self.hSendAddress) def recvInPackets(self,event): nPid = event.get_pid() oProcess = Process(nPid) if(self.bStartLog ==True): #RECV_LENGTH_ADDRESS = 0x0018FC04 #RECV_ADDRESS = 0x0018FC10 RECV_LENGTH_ADDRESS = 0x0018FC14 RECV_ADDRESS = 0x0018FC20 if(oProcess.is_address_readable(RECV_ADDRESS)): address = oProcess.read_pointer(RECV_ADDRESS) if(oProcess.is_address_readable(address)): sLength = oProcess.read(RECV_LENGTH_ADDRESS,1) nLength = int(toHex(sLength),16) if(nLength>0): file = open("config/recv.cfg", "r") hPacket = self.checkInPacket(address,oProcess,nLength) if(self.bBlock==True): if(len(self.lBlockRecv)>0): for pck in self.lBlockRecv: if(hPacket == pck): bytes = len(hPacket)/2 packie = "" for i in range(0,bytes): packie +="00" print packie blockPacket = binascii.unhexlify(packie) oProcess.write(address,blockPacket) hPacket = self.checkInPacket(address,oProcess,nLength) if(hPacket[0:4]=='2901'): stackDbg.put("RCV|"+hPacket) self.recvQuests(hPacket) elif(hPacket[0:4]=='5401'): stackDbg.put("RCV|"+hPacket) self.editQuests(hPacket) elif(hPacket[0:2]=='36'): stackDbg.put("RCV|"+hPacket) else: stackDbg.put("RCV|"+hPacket) else: event.debug.dont_break_at(nPid,self.hRecvAddress) def checkOutPacket(self,pAddress,pProcess): sLength = pProcess.read(pAddress-2,1) nLength = int(toHex(sLength),16) sPacket = pProcess.read(pAddress,nLength) hPacket = HexDump.hexadecimal(sPacket) return hPacket def checkInPacket(self,pAddress,pProcess,pLength): sPacket = pProcess.read(pAddress,pLength) hPacket = HexDump.hexadecimal(sPacket) return hPacket def recvQuests(self,pPacket): i = 8 sQuests = "" bRecv = True while bRecv: sWord = pPacket[i:i+4] i +=8 if(sWord=="0106"): bRecv = False else: sQuests +=sWord i = 0 for z in range(len(sQuests)/4): sLeft = sQuests[i*4:(i*4)+2] sRight = sQuests[(i*4)+2:(i*4)+4] sID = sRight + sLeft stackDbg.put("QUEST_RCV|"+sID) i += 1 def editQuests(self,pPacket): sQuest = pPacket[6:10] sAction = pPacket[14:16] sLeft = sQuest[:2] sRight = sQuest[2:] sID = sRight+sLeft stackDbg.put("EDIT_QUEST|"+sID+"|"+sAction) def sendPacket(self,pProcess,pAddress): sText = self.sSendMsg sPackets = sText.split("\n") nLength = len(sPackets) global nPacketCounter sHeader = "1a00" try: sSendPacket = sHeader+str(sPackets[nPacketCounter]) if(str(sPackets[nPacketCounter])!=""): if((len(sSendPacket)/2)<26): for i in range(1, 31-(len(sSendPacket)/2)): sSendPacket +="00" hPacket = binascii.unhexlify(sSendPacket) pProcess.write(pAddress-2,hPacket) nPacketCounter += 1 if nPacketCounter == nLength-1: self.bSend=False self.sSendMsg = "" nPacketCounter = 0 if(str(sPackets[nPacketCounter])!=""): return sSendPacket[4:] else: return "NOWRITE" except IndexError: print "packet sending error!" self.bSend = False self.sSendMsg = "" nPacketCounter = 0
class WinAppDbgTarget(ServerTarget): def __init__(self, name, process_path, process_args=[], sql_crash_db='sqlite:///crashes.sqlite', logger=None): ''' :param name: name of the object :param process_path: path to the target executable :param process_args: arguments to pass to the process :param attach: try to attach if process path :param sql_crash_db: sql alchemy connection string to crash db (default:sqlite:///crashes.sqlite) :param logger: logger for this object (default: None) ''' super(WinAppDbgTarget, self).__init__(name, logger) assert (process_path) assert (os.path.exists(process_path)) self._process_path = process_path self._process_name = os.path.basename(process_path) self._process_args = process_args self._process = None self._sql_crash_db = sql_crash_db self._crash_event_complete = threading.Event() self._server_is_up = threading.Event() self._crash_event_complete.set() self._debug = Debug(lambda x: _my_event_handler(self, x), bKillOnExit=True) def _debug_server(self): ''' debugger thread ''' try: self._process = None # Start a new process for debugging. argv = [self._process_path] + self._process_args self.logger.debug('debugger starting server: %s' % argv) try: self._process = self._debug.execv(argv, bFollow=True) except WindowsError: self.logger.error('debug_server received exception', traceback.fmt_exc()) self._pid = self._process.get_pid() self.logger.info('process started. pid=%d' % self._pid) # Wait for the debugee to finish. self._server_is_up.set() self._debug.loop() except: self.logger.error('Got an exception in _debug_server') self.logger.error(traceback.format_exc()) # Stop the debugger. finally: self._debug.stop() self._process = None self._pid = -1 self._crash_event_complete.set() def _start_server_thread(self): ''' start the server thread ''' self._server_is_up.clear() self.server_thread = FuncThread(self._debug_server) self.server_thread.start() self.logger.info('waiting for server to be up') self._server_is_up.wait() self.logger.info('server should be up') def _kill_all_processes(self): ''' kill all processes with the same name :return: True if all matching processes were killed properly, False otherwise ''' res = True # Lookup the currently running processes. self._debug.system.scan_processes() # For all processes that match the requested filename... for (process, name) in self._debug.system.find_processes_by_filename( self._process_name): process_pid = process.get_pid() self.logger.info('found process %s (%d) - trying to kill it' % (name, process_pid)) try: process.kill() self.logger.info('successfully killed %s (%d)' % (name, process_pid)) except: self.logger.error('failed to kill %s (%d) [%s]' % (name, process_pid, traceback.format_exc())) res = False return res def teardown(self): self._stop_process() self._process = None super(WinAppDbgTarget, self).teardown() def pre_test(self, test_number): # we need kill all process before fuzzing super(WinAppDbgTarget, self).pre_test(test_number) self._stop_process() def post_test(self, test_num): self.logger.debug('in') time.sleep(1) self.logger.debug('after sleep') res = self._crash_event_complete.wait() self.logger.debug('after wait') if not res: self.report.failed('incomplete crash detected') super(WinAppDbgTarget, self).post_test(test_num) self.logger.debug('out') def _send_to_target(self, data): ''' this is the key off windbgtarget :param data: data is the file path ''' self.logger.info('send called') ''' starting ''' self._process_args = [data] # this may need implement self._start_server_thread() def _stop_process(self): ''' Stop the process (if running) ''' return self._kill_all_processes() def _stop_process_old(self): ''' :return: True if process was killed, False otherwise ''' if self._is_victim_alive(): self._process.kill() time.sleep(0.5) if self._is_victim_alive(): self._process.kill() time.sleep(0.5) if self._is_victim_alive(): raise Exception('Failed to kill client process') self._debug.stop() return True else: self._debug.stop() return False def _restart(self): ''' restart the process ''' self._stop_process() self.server_thread.join(1) time.sleep(3) self._server_is_up.clear() self._start_server_thread() def _is_victim_alive(self): ''' check if process running ''' if self._process: self.logger.debug('process pid: %d' % self._pid) is_alive = self._process.is_alive() is_debugee_started = self._debug.is_debugee_started(self._pid) self.logger.debug('is_alive = %s' % is_alive) self.logger.debug('is_debugee_started = %s' % is_debugee_started) return (is_alive and is_debugee_started) else: self.logger.debug('_process is None') return False