def run_pykd(py, dll, output, align):
cmd = [
sys.executable,
py,
f"--dll=\"{dll}\"",
f"--output=\"{output}\"",
f"--align=\"{align}\"",
]
base = get_image_base(dll)
breakpoints = {"yz1": [(0x10011270 - base, rewrite_filename)]}
pykd.initialize()
pykd.handler = EventHandler(breakpoints)
pykd.startProcess(" ".join(str(x) for x in cmd))
pykd.go()
def _debug_server(self):
'''
debugger thread
'''
self._system_pid = None
self.logger.info('Init pykd environment')
pykd.initialize()
try:
# Start a new process for debugging
argv = [self._process_path
] + self._process_args + self.process_data
argv = ' '.join(argv)
self.logger.debug('Debugger starting server: %s' % argv)
try:
self.logger.info('Start running program with cmd:"%s"' % argv)
self.report.add('cmd', argv)
self._pid = pykd.startProcess(argv)
self._get_correct_process_id()
self.logger.debug('Process started. pykd_pid=%d' % self._pid)
self._process = pykd.getCurrentProcess()
self.logger.debug('Process is %s' % hex(self._process))
except WindowsError:
self.logger.error('debug_server received exception',
traceback.fmt_exc())
# Get Process System ID
self._wait_break()
while self._system_pid is None:
try:
self._system_pid = pykd.getProcessSystemID(self._pid)
self.logger.info('process system_id=%d' % self._system_pid)
except Exception as err:
self.logger.debug("Get system id fail because of: %s" %
err)
continue
# Set break points
if self._wait_break():
self.logger.info(
"Server is in break status setting break points")
for bp in self._break_points:
pykd.setBp(bp)
self.logger.info("Start register event handle")
# This will register our handle
handler = self._handler(self)
self.logger.debug('Handler object is : %s' % handler)
self.logger.info('Go !!!!!')
pykd.go()
except:
self.logger.error('Got an exception in _debug_server')
self.logger.error(traceback.format_exc())
def Monitor():
print "[*] Attaching to TaniumReceiver.exe"
process = filter(lambda p: p.name() == "TaniumReceiver.exe",
psutil.process_iter())
for process_id in process:
print "[*] PID: %s" % process_id.pid
pykd.initialize()
Handler = ExceptionHandler()
try:
pykd.attachProcess(process_id.pid)
except:
print "[!] Error attaching to process"
sys.exit(1)
print "[*] Success!"
pykd.go()
def Monitor():
testcase = "Testcases\\Test.txt"
try:
pykd.initialize()
Handler = ExceptionHandler()
print "[*] Starting Scan64.exe"
pykd.startProcess(
"C:\\Program Files (x86)\\McAfee\\VirusScan Enterprise\\x64\\Scan64.Exe "
+ testcase)
pykd.dbgCommand(".childdbg 1")
except:
print "[!] Error starting process"
sys.exit(1)
print "[*] Success!"
pykd.go()
def main():
pykd.initialize()
pykd.handler = ExceptionHandler()
pykd.startProcess("hello.exe")
targetModule = pykd.module("hello")
targetModule.reload()
breakCount = callCounter()
b1 = pykd.setBp(targetModule.offset('add'), breakCount) # The b1 cannot be commented
print "There is %d breakpoint" % pykd.getNumberBreakpoints()
pykd.go()
print breakCount.count
targetModule = None
pykd.killAllProcesses()
def main():
pykd.initialize()
pykd.handler = ExceptionHandler()
pykd.startProcess("hello.exe")
targetModule = pykd.module("hello")
targetModule.reload()
breakCount = callCounter()
b1 = pykd.setBp(targetModule.offset('add'),
breakCount) # The b1 cannot be commented
print "There is %d breakpoint" % pykd.getNumberBreakpoints()
pykd.go()
print breakCount.count
targetModule = None
pykd.killAllProcesses()
def _debug_server(self):
'''
debugger thread
'''
self._system_pid = None
self.logger.info('Init pykd environment')
pykd.initialize()
try:
# Start a new process for debugging
argv = [self._process_path] + self._process_args + self.process_data
argv = ' '.join(argv)
self.logger.debug('Debugger starting server: %s' % argv)
try:
self.logger.info('Start running program with cmd:"%s"' % argv)
self.report.add('cmd', argv)
self._pid = pykd.startProcess(argv)
self._get_correct_process_id()
self.logger.debug('Process started. pykd_pid=%d' % self._pid)
self._process = pykd.getCurrentProcess()
self.logger.debug('Process is %s' % hex(self._process))
except WindowsError:
self.logger.error('debug_server received exception', traceback.fmt_exc())
# Get Process System ID
self._wait_break()
while self._system_pid is None:
try:
self._system_pid = pykd.getProcessSystemID(self._pid)
self.logger.info('process system_id=%d' % self._system_pid)
except Exception as err:
self.logger.debug("Get system id fail because of: %s" % err)
continue
# Set break points
if self._wait_break():
self.logger.info("Server is in break status setting break points")
for bp in self._break_points:
pykd.setBp(bp)
self.logger.info("Start register event handle")
# This will register our handle
handler = self._handler(self)
self.logger.debug('Handler object is : %s' % handler)
self.logger.info('Go !!!!!')
pykd.go()
except:
self.logger.error('Got an exception in _debug_server')
self.logger.error(traceback.format_exc())
def Monitor(self):
Generator = TestcaseGenerator()
Generator.CheckDir()
pykd.initialize()
Handler = ExceptionHandler()
testcase = os.listdir("Queue")[0]
try:
print "[*] Starting Scan64.exe"
pykd.startProcess("C:\\Program Files (x86)\\McAfee\\VirusScan Enterprise\\x64\\Scan64.Exe " + testcase)
pykd.dbgCommand(".childdbg 1")
except:
print "[!] Error starting process"
sys.exit(1)
try:
while Handler.keep_running:
self.GetProcess() # Get PID
print "[*] Attaching Debugger"
print "[*] Success!"
pykd.go()
print "[*] Killing pykd..."
pykd.killAllProcesses()
finally:
return
def __init__(self):
pykd.initialize()
self._process_id = None
self._event_handler = ExceptionHandler()
self._crash_occurred = False
self._logger = logging.getLogger(__name__)
import intbase
import memtest
import moduletest
import typeinfo
import typedvar
import breakpoint
import regtest
import stacktest
import customtypestest
import mspdbtest
import excepttest
import targetprocess
import ehloadtest
import synsymtest
pykd.initialize()
class StartProcessWithoutParamsTest(unittest.TestCase):
def testStart(self):
target.processId = pykd.startProcess( target.appPath )
target.module = pykd.module( target.moduleName )
target.module.reload();
# print "\n" + str( pykd.getSystemVersion() )
pykd.go()
class TerminateProcessTest(unittest.TestCase):
def testKill(self):
pykd.killProcess( target.processId )
def getTestSuite( singleName = "" ):
if singleName == "":
