def main(): import sys if len(sys.argv) < 3: usage(sys) command = sys.argv[1].lower() pid = int(sys.argv[2]) func = sys.argv[2] if len(sys.argv) > 2 else "" addr = sys.argv[3] if len(sys.argv) > 3 else hex( Process(pid).get_entry_point()) print "addr:", addr, "" size = sys.argv[4] if len(sys.argv) > 4 else 10 if command == 'l' or command == 'll': Flag = False if command == 'll': Flag = True str = show_disassemble(pid, addr, int(size), Flag) print hex_string(pid, addr, int(size)) print print strhex(str) process = Process(pid) for tid in process.iter_thread_ids(): print tid elif command == 'i': proces_info(pid, addr) elif command == 'rs': read_string(pid, addr) elif command == 'ws': write_string(pid, addr, size) print read_string(pid, addr) elif command == 'wa': alloc_string(pid, addr, size) elif command == 'ps': push_addr(pid, addr, size) elif command == 'h': hex_string(pid, addr, int(size), 1) print hex_string(pid, addr, int(size), 2) print hex_string(pid, addr, int(size), 3) elif command == 'hs': hex_string(pid, addr, int(size), 1) elif command == 'hw': hex_string(pid, addr, int(size), 2) elif command == 'hd': hex_string(pid, addr, int(size), 3) elif command == 's': address = search_string(pid, addr, int(size)) #print "bp :", hex(address), " : ", address #show_disassemble(pid, address, 10) #hex_string(pid, address, 10, 1) elif command == 'b': set_bp(pid, addr, int(size)) elif command == 'bb': debug = winappdbg.Debug() debug.attach(pid) debug.break_at(pid, addr)