def debugger(dbg, kill=0): dbg.suspend() prog_base_addr = dbg.base_address print "[+] Base address: " + hex(prog_base_addr) print hex(dbg.base_address) program = dbg.dump_binary() output = file("output.bin", "w+").write(program) print "ALL DONE!" dbg.detach() if __name__ == "__main__": if len(sys.argv) < 2: print "USAGE [pid]" exit() pid = int(sys.argv[1]) dbg = MacDbg() dbg.attach(pid) if dbg.task == 0: print "Failed to attach Check PID" exit(0) pid = dbg.pid print "[+] Attached to task # %s\n" % str(dbg.task) debugger(dbg, 1)
prog_base_addr = dbg.base_address print "[+] Base address: " + hex(prog_base_addr) print hex(dbg.base_address) program = dbg.dump_binary() output = file("decrypt.bin", "w+").write(program) print "ALL DONE!" dbg.detach() if __name__ == "__main__": if len(sys.argv) < 2: print "USAGE [pid]" exit() pid = int(sys.argv[1]) dbg = MacDbg() dbg.attach(pid) if dbg.task == 0: print "Failed to attach Check PID" exit(0) pid = dbg.pid print "[+] Attached to task # %s\n" % str(dbg.task) raw_input("press enter to continue") dbg.reload() debugger(dbg, 1)
print "MAL ADDRESS: " + hex(l) #BUT ITS NOT NEEDED WITH SYMBOLS dbg.add_breakpoint("malloc@PLT", PERSISTENT, mal_break) print "RESUMING TASK" dbg.resume() while(1): continue if __name__ == "__main__": argv = sys.argv cmd = "./test_prog.app" dbg = MacDbg() pid = int(argv[1]) dbg.attach(pid, 1) if dbg.task == 0: print "Failed to attach Check PID" exit(0) dbg.load_symbols() pid = dbg.pid print "[+] Attached to task # %s\n" % str(dbg.task) debugger(dbg, pid, dbg.task, 1)
print "CONTINUING" #start(task, infoPid); dbg.resume() time.sleep(10) dbg.detach(kill) except NameError as e: # except: # e = sys.exc_info()[0] print e raw_input("?") if __name__ == "__main__": argv = sys.argv cmd = "./test_prog.app" dbg = MacDbg() if (len(argv) < 2): arr = (c_char_p * 2)() arr[0] = cmd arr[1] = 0 dbg.run(arr[0], arr) pid = dbg.pid else: pid = int(argv[1]) dbg.attach(pid) if dbg.task == 0: print "Failed to attach Check PID" exit(0)
proc_t_info = dbg.get_proc_threadinfo(thread_handle) print "pth User time:", dbg.color_pink(str(proc_t_info.pth_user_time)), "pth Sys time:", dbg.color_pink(str(proc_t_info.pth_system_time)) print "pth priority:", dbg.color_pink(str(proc_t_info.pth_priority)), "pth max priority:", dbg.color_pink(str(proc_t_info.pth_maxpriority)) print "Program pid == " + dbg.color_pink(str(dbg.find_pid())) region_info = dbg.get_region_info(prog_base_addr) print dbg.color_red(dbg.protection_to_string(region_info.protection)) dbg.detach(kill) if __name__ == "__main__": argv = sys.argv cmd = "./test_prog.app" dbg = MacDbg() run = 0 # exit() if (len(argv) < 2): arr = (c_char_p * 2)() arr[0] = cmd arr[1] = 0 dbg.run(arr[0], arr) pid = dbg.pid run = 1 else: pid = int(argv[1]) dbg.attach(pid) if dbg.task == 0:
print "FIRST 20 0x41 bytes found:" tm = 30 search_byte = 0x41 search_results = dbg.search_mem(search_byte, search_type=c_byte) for i in search_results: print dbg.color_green(hex(i)), dbg.color_pink(dbg.hex_dump(i, 10)) tm -= 1 if tm == 0: break dbg.detach(kill) if __name__ == "__main__": argv = sys.argv cmd = "./test_prog.app" dbg = MacDbg() if (len(argv) < 2): arr = (c_char_p * 2)() arr[0] = cmd arr[1] = 0 run = 1 dbg.run(arr[0], arr) pid = dbg.pid else: pid = int(argv[1]) dbg.attach(pid) run = 0 if dbg.task == 0: print "FAILED TO ATTACH"
from libs.const import * from subprocess import Popen, PIPE # Scan system and check for libraries loaded at same base address def base_addr(dbg, name): if dbg.base_address == 0x100000000: print dbg.color_red("BASE ADDRESS == LOAD ADDRESS :( -- PID - " + str(dbg.pid)), dbg.color_green(" - NAME " + name) dbg.detach() if __name__ == "__main__": tmp = MacDbg() process = Popen(["ps", "aux"], stdout=PIPE) (output, err) = process.communicate() pids = output.split("\n") for i in pids: x = i.split() try: pid = x[1] name = x[10] name = name[name.find("/")+1:] tmp.attach(int(pid), 1) except: continue
def debugger(dbg, search): print hex(dbg.base_address) search_results = dbg.search_string(search, dbg.base_address, dbg.get_image_size()*1000) print "Searching memory...." for i in search_results: print dbg.color_green(hex(i)) + " --> " + dbg.color_pink(dbg.read_memory(i, 200)) print "Done" dbg.detach() if __name__ == "__main__": if len(sys.argv) < 3: print "USAGE [pid] [search_string]" exit() dbg = MacDbg() pid = int(sys.argv[1]) dbg.attach(pid) if dbg.task == 0: exit(0) print "[+] Attached to task # %s\n" % str(dbg.task) debugger(dbg, sys.argv[2]) print "\n[+] Done!"
search_results = dbg.search_string(search, dbg.base_address, dbg.get_image_size()*1000) if len(search_results) > 0: for i in search_results: print dbg.color_green(hex(i)) + " --> " + dbg.color_pink(dbg.read_memory(i, 40)) dbg.detach() return 1 else: dbg.detach() return 0 if __name__ == "__main__": print "Usage ./search_multiple.py [search]" search = sys.argv[1] tmp = MacDbg() pids = file("pid").readlines() debuggers = [] print tmp.color_red("Searching for string: " + search) count = 0 for i in pids: print tmp.color_green("ATTACHING TO: " + str(int(i))) tmp.attach(int(i), 1) if tmp.task == 0: raw_input("????") tmp.color_red("BAD PID EXITING") x = search_mem(tmp, search) if x == 1: print tmp.color_pink("FOUND PROG PID = " + str(i))
print dbg.hex_dump(x, 10) l = struct.unpack("<q", dbg.read_memory(x, 8))[0] print "MAL ADDRESS: " + hex(l) #BUT ITS NOT NEEDED WITH SYMBOLS dbg.add_breakpoint("malloc@PLT", PERSISTENT, mal_break) print "RESUMING TASK" dbg.resume() while (1): continue if __name__ == "__main__": argv = sys.argv cmd = "./test_prog.app" dbg = MacDbg() pid = int(argv[1]) dbg.attach(pid, 1) if dbg.task == 0: print "Failed to attach Check PID" exit(0) dbg.load_symbols() pid = dbg.pid print "[+] Attached to task # %s\n" % str(dbg.task) debugger(dbg, pid, dbg.task, 1)
return 1 def debugger(dbg, infoPid, task, kill = 0): dbg.suspend() prog_base_addr = dbg.base_address print "[+] Base address: " + hex(prog_base_addr) dbg.add_breakpoint_library("libmozglue.dylib", "moz_xmalloc", PERSISTENT, generic_callback) dbg.resume() while(1): continue if __name__ == "__main__": argv = sys.argv cmd = "./test_prog.app" dbg = MacDbg() pid = int(argv[1]) dbg.attach(pid, 1) if dbg.task == 0: print "Failed to attach Check PID" exit(0) pid = dbg.pid print "[+] Attached to task # %s\n" % str(dbg.task) debugger(dbg, pid, dbg.task, 1)
# BYTE SEARCH TEST print "FIRST 20 0x41 bytes found:" tm = 30 search_byte = 0x41 search_results = dbg.search_mem(search_byte, search_type=c_byte) for i in search_results: print dbg.color_green(hex(i)), dbg.color_pink(dbg.hex_dump(i, 10)) tm -= 1 if tm == 0: break dbg.detach(kill) if __name__ == "__main__": argv = sys.argv cmd = "./test_prog.app" dbg = MacDbg() if (len(argv) < 2): arr = (c_char_p * 2)() arr[0] = cmd arr[1] = 0 run = 1 dbg.run(arr[0], arr) pid = dbg.pid else: pid = int(argv[1]) dbg.attach(pid) run = 0 if dbg.task == 0: