try: path = program_files + r"\Adobe\Reader 11.0\Reader\AcroRd32.exe" version = versions[hashlib.md5(file( path, "rb").read()).hexdigest()] #raise if version not supported except: path = program_files + r"\Adobe\Reader 10.0\Reader\AcroRd32.exe" version = versions[hashlib.md5(file( path, "rb").read()).hexdigest()] #raise if version not supported print "Adobe Reader X %s" % version semantics = semantics[version] #Run the reader! debug.execl(path) debug.pmf = pmf broker = Process(debug.get_debugee_pids()[0]) print "Broker PID: %d" % broker.get_pid() # Loop while calc.exe is alive and the time limit wasn't reached. while debug: # Get the next debug event. event = debug.wait() # Dispatch the event and continue execution. try: debug.dispatch(event) # add breakpoint when acrord32 gets loaded if event.get_event_code() == 3: process = event.get_process() base_address = event.get_image_base() print "AcroRd32 Main module found at %08x" % base_address
class WinBasic: debugger = None mainProc = None alwaysCatchExceptions = [ win32.STATUS_ACCESS_VIOLATION, win32.STATUS_ILLEGAL_INSTRUCTION, win32.STATUS_ARRAY_BOUNDS_EXCEEDED, ] def __init__(self, killOnExit=True): self.debugger = Debug(bKillOnExit=killOnExit) self.mainProcs = [] def run(self, executable, children=True): tmp = self.debugger.execv(executable, bFollow=children) self.mainProcs.append(tmp) return tmp.get_pid() def attachPid(self, pid): self.mainProcs.append(self.debugger.attach(pid)) def attachImg(self, img): self.debugger.system.scan_processes() for (process, name) in self.debugger.system.find_processes_by_filename(img): self.attachPid(process.get_pid()) def close(self, kill=True, taskkill=True, forced=True): pids = self.debugger.get_debugee_pids() self.debugger.detach_from_all(True) for pid in pids: if kill: try: proc = self.debugger.system.get_process(pid) proc.kill() except: pass # Taskkill if taskkill and not forced: subprocess.call(["taskkill", "/pid", str(pid)], stdout=subprocess.PIPE, stderr=subprocess.PIPE) if taskkill and forced: subprocess.call(["taskkill", "/f", "/pid", str(pid)], stdout=subprocess.PIPE, stderr=subprocess.PIPE) def waitForCrash(self, waitTime=4, checkAlive=False): event = None endDebuging = False endTime = time() + waitTime while time() < endTime: if checkAlive: for proc in self.mainProcs: if not proc.is_alive(): return None try: event = self.debugger.wait(1000) except WindowsError, e: if e.winerror in (win32.ERROR_SEM_TIMEOUT, win32.WAIT_TIMEOUT): continue raise crash = self.handler(event) if crash != None: return crash else: try: self.debugger.dispatch() except: pass finally: self.debugger.cont() return None
class WinBasic: debugger = None mainProc = None alwaysCatchExceptions=[win32.STATUS_ACCESS_VIOLATION, win32.STATUS_ILLEGAL_INSTRUCTION, win32.STATUS_ARRAY_BOUNDS_EXCEEDED] def __init__(self, killOnExit = True): self.debugger = Debug(bKillOnExit = killOnExit) self.mainProcs = [] def run(self, executable, children = True): tmp = self.debugger.execv(executable, bFollow = children ) self.mainProcs.append(tmp) return tmp.get_pid() def attachPid(self, pid): self.mainProcs.append(self.debugger.attach(pid)) def attachImg(self, img): self.debugger.system.scan_processes() for ( process, name ) in self.debugger.system.find_processes_by_filename( img ): self.attachPid(process.get_pid()) def close(self, kill = True, taskkill = True, forced = True): pids = self.debugger.get_debugee_pids() self.debugger.detach_from_all( True ) for pid in pids: if kill: try: proc = self.debugger.system.get_process(pid) proc.kill() except: pass #Taskkill if taskkill and not forced: subprocess.call(["taskkill", "/pid", str(pid)], stdout=subprocess.PIPE, stderr=subprocess.PIPE) if taskkill and forced: subprocess.call(["taskkill", "/f", "/pid", str(pid)], stdout=subprocess.PIPE, stderr=subprocess.PIPE) def waitForCrash(self, waitTime = 4, checkAlive = False): event = None endDebuging = False endTime = time() + waitTime while time() < endTime: if checkAlive: for proc in self.mainProcs: if not proc.is_alive(): return None try: event = self.debugger.wait(1000) except WindowsError, e: if e.winerror in (win32.ERROR_SEM_TIMEOUT, win32.WAIT_TIMEOUT): continue raise crash = self.handler(event) if crash != None: return crash else: try: self.debugger.dispatch() except: pass finally: self.debugger.cont() return None
if os.path.exists(r"C:\Program Files (x86)"): program_files = r"C:\Program Files (x86)" try: path = program_files+r"\Adobe\Reader 11.0\Reader\AcroRd32.exe" version = versions[hashlib.md5(file(path,"rb").read()).hexdigest()] #raise if version not supported except: path = program_files+r"\Adobe\Reader 10.0\Reader\AcroRd32.exe" version = versions[hashlib.md5(file(path,"rb").read()).hexdigest()] #raise if version not supported print "Adobe Reader X %s"%version semantics = semantics[version] #Run the reader! debug.execl(path) debug.pmf = pmf broker = Process(debug.get_debugee_pids()[0]) print "Broker PID: %d"%broker.get_pid() # Loop while calc.exe is alive and the time limit wasn't reached. while debug: # Get the next debug event. event = debug.wait() # Dispatch the event and continue execution. try: debug.dispatch(event) # add breakpoint when acrord32 gets loaded if event.get_event_code() == 3: process = event.get_process() base_address = event.get_image_base() print "AcroRd32 Main module found at %08x"%base_address