def parse_cmdline(argv): # Help message and version string version = ("Process execution tracer\n" "by Mario Vilas (mvilas at gmail.com)\n" "%s\n") % winappdbg.version usage = ( "\n" "\n" " Create a new process (parameters for the target must be escaped):\n" " %prog [options] -c <executable> [parameters for the target]\n" " %prog [options] -w <executable> [parameters for the target]\n" "\n" " Attach to a running process (by filename):\n" " %prog [options] -a <executable>\n" "\n" " Attach to a running process (by ID):\n" " %prog [options] -a <process id>") ## formatter = optparse.IndentedHelpFormatter() ## formatter = optparse.TitledHelpFormatter() parser = optparse.OptionParser( usage=usage, version=version, ## formatter=formatter, ) # Commands commands = optparse.OptionGroup(parser, "Commands") commands.add_option("-a", "--attach", action="append", type="string", metavar="PROCESS", help="Attach to a running process") commands.add_option("-w", "--windowed", action="callback", type="string", metavar="CMDLINE", callback=callback_execute_target, help="Create a new windowed process") commands.add_option("-c", "--console", action="callback", type="string", metavar="CMDLINE", callback=callback_execute_target, help="Create a new console process [default]") parser.add_option_group(commands) # Tracing options tracing = optparse.OptionGroup(parser, "Tracing options") tracing.add_option("--trace", action="store_const", const="trace", dest="mode", help="Set the single step mode [default]") if System.arch == win32.ARCH_I386: tracing.add_option( "--branch", action="store_const", const="branch", dest="mode", help= "Set the step-on-branch mode (doesn't work on virtual machines)") tracing.add_option("--syscall", action="store_const", const="syscall", dest="mode", help="Set the syscall trap mode") ## tracing.add_options("--module", action="append", metavar="MODULES", ## dest="modules", ## help="only trace into these modules (comma-separated)") ## debugging.add_option("--from-start", action="store_true", ## help="start tracing when the process is created [default]") ## debugging.add_option("--from-entry", action="store_true", ## help="start tracing when the entry point is reached") parser.add_option_group(tracing) # Debugging options debugging = optparse.OptionGroup(parser, "Debugging options") debugging.add_option( "--autodetach", action="store_true", help="automatically detach from debugees on exit [default]") debugging.add_option( "--follow", action="store_true", help="automatically attach to child processes [default]") debugging.add_option("--trusted", action="store_false", dest="hostile", help="treat debugees as trusted code [default]") debugging.add_option( "--dont-autodetach", action="store_false", dest="autodetach", help="don't automatically detach from debugees on exit") debugging.add_option("--dont-follow", action="store_false", dest="follow", help="don't automatically attach to child processes") debugging.add_option("--hostile", action="store_true", help="treat debugees as hostile code") parser.add_option_group(debugging) # Defaults parser.set_defaults( autodetach=True, follow=True, hostile=False, windowed=list(), console=list(), attach=list(), ## modules = list(), mode="trace", ) # Parse and validate the command line options if len(argv) == 1: argv = argv + ['--help'] (options, args) = parser.parse_args(argv) args = args[1:] if not options.windowed and not options.console and not options.attach: if not args: parser.error("missing target application(s)") options.console = [args] else: if args: parser.error("don't know what to do with extra parameters: %s" % args) # Get the list of attach targets system = System() system.request_debug_privileges() system.scan_processes() attach_targets = list() for token in options.attach: try: dwProcessId = HexInput.integer(token) except ValueError: dwProcessId = None if dwProcessId is not None: if not system.has_process(dwProcessId): parser.error("can't find process %d" % dwProcessId) try: process = Process(dwProcessId) process.open_handle() process.close_handle() except WindowsError as e: parser.error("can't open process %d: %s" % (dwProcessId, e)) attach_targets.append(dwProcessId) else: matched = system.find_processes_by_filename(token) if not matched: parser.error("can't find process %s" % token) for process, name in matched: dwProcessId = process.get_pid() try: process = Process(dwProcessId) process.open_handle() process.close_handle() except WindowsError as e: parser.error("can't open process %d: %s" % (dwProcessId, e)) attach_targets.append(process.get_pid()) options.attach = attach_targets # Get the list of console programs to execute console_targets = list() for vector in options.console: if not vector: parser.error("bad use of --console") filename = vector[0] if not ntpath.exists(filename): try: filename = win32.SearchPath(None, filename, '.exe')[0] except WindowsError as e: parser.error("error searching for %s: %s" % (filename, str(e))) vector[0] = filename console_targets.append(vector) options.console = console_targets # Get the list of windowed programs to execute windowed_targets = list() for vector in options.windowed: if not vector: parser.error("bad use of --windowed") filename = vector[0] if not ntpath.exists(filename): try: filename = win32.SearchPath(None, filename, '.exe')[0] except WindowsError as e: parser.error("error searching for %s: %s" % (filename, str(e))) vector[0] = filename windowed_targets.append(vector) options.windowed = windowed_targets # If no targets were set at all, show an error message if not options.attach and not options.console and not options.windowed: parser.error("no targets found!") return options
def parse_cmdline( argv ): # Help message and version string version = ( "Process execution tracer\n" "by Mario Vilas (mvilas at gmail.com)\n" "%s\n" ) % winappdbg.version usage = ( "\n" "\n" " Create a new process (parameters for the target must be escaped):\n" " %prog [options] -c <executable> [parameters for the target]\n" " %prog [options] -w <executable> [parameters for the target]\n" "\n" " Attach to a running process (by filename):\n" " %prog [options] -a <executable>\n" "\n" " Attach to a running process (by ID):\n" " %prog [options] -a <process id>" ) ## formatter = optparse.IndentedHelpFormatter() ## formatter = optparse.TitledHelpFormatter() parser = optparse.OptionParser( usage=usage, version=version, ## formatter=formatter, ) # Commands commands = optparse.OptionGroup(parser, "Commands") commands.add_option("-a", "--attach", action="append", type="string", metavar="PROCESS", help="Attach to a running process") commands.add_option("-w", "--windowed", action="callback", type="string", metavar="CMDLINE", callback=callback_execute_target, help="Create a new windowed process") commands.add_option("-c", "--console", action="callback", type="string", metavar="CMDLINE", callback=callback_execute_target, help="Create a new console process [default]") parser.add_option_group(commands) # Tracing options tracing = optparse.OptionGroup(parser, "Tracing options") tracing.add_option("--trace", action="store_const", const="trace", dest="mode", help="Set the single step mode [default]") if System.arch == win32.ARCH_I386: tracing.add_option("--branch", action="store_const", const="branch", dest="mode", help="Set the step-on-branch mode (doesn't work on virtual machines)") tracing.add_option("--syscall", action="store_const", const="syscall", dest="mode", help="Set the syscall trap mode") ## tracing.add_options("--module", action="append", metavar="MODULES", ## dest="modules", ## help="only trace into these modules (comma-separated)") ## debugging.add_option("--from-start", action="store_true", ## help="start tracing when the process is created [default]") ## debugging.add_option("--from-entry", action="store_true", ## help="start tracing when the entry point is reached") parser.add_option_group(tracing) # Debugging options debugging = optparse.OptionGroup(parser, "Debugging options") debugging.add_option("--autodetach", action="store_true", help="automatically detach from debugees on exit [default]") debugging.add_option("--follow", action="store_true", help="automatically attach to child processes [default]") debugging.add_option("--trusted", action="store_false", dest="hostile", help="treat debugees as trusted code [default]") debugging.add_option("--dont-autodetach", action="store_false", dest="autodetach", help="don't automatically detach from debugees on exit") debugging.add_option("--dont-follow", action="store_false", dest="follow", help="don't automatically attach to child processes") debugging.add_option("--hostile", action="store_true", help="treat debugees as hostile code") parser.add_option_group(debugging) # Defaults parser.set_defaults( autodetach = True, follow = True, hostile = False, windowed = list(), console = list(), attach = list(), ## modules = list(), mode = "trace", ) # Parse and validate the command line options if len(argv) == 1: argv = argv + [ '--help' ] (options, args) = parser.parse_args(argv) args = args[1:] if not options.windowed and not options.console and not options.attach: if not args: parser.error("missing target application(s)") options.console = [ args ] else: if args: parser.error("don't know what to do with extra parameters: %s" % args) # Get the list of attach targets system = System() system.request_debug_privileges() system.scan_processes() attach_targets = list() for token in options.attach: try: dwProcessId = HexInput.integer(token) except ValueError: dwProcessId = None if dwProcessId is not None: if not system.has_process(dwProcessId): parser.error("can't find process %d" % dwProcessId) try: process = Process(dwProcessId) process.open_handle() process.close_handle() except WindowsError, e: parser.error("can't open process %d: %s" % (dwProcessId, e)) attach_targets.append(dwProcessId) else: matched = system.find_processes_by_filename(token) if not matched: parser.error("can't find process %s" % token) for process, name in matched: dwProcessId = process.get_pid() try: process = Process(dwProcessId) process.open_handle() process.close_handle() except WindowsError, e: parser.error("can't open process %d: %s" % (dwProcessId, e)) attach_targets.append( process.get_pid() )
def main(argv): script = os.path.basename(argv[0]) params = argv[1:] print "Process killer" print "by Mario Vilas (mvilas at gmail.com)" print if len(params) == 0 or '-h' in params or '--help' in params or \ '/?' in params: print "Usage:" print " %s <process ID or name> [process ID or name...]" print print "If a process name is given instead of an ID all matching processes are killed." exit() # Scan for active processes. # This is needed both to translate names to IDs, and to validate the user-supplied IDs. s = System() s.request_debug_privileges() s.scan_processes() # Parse the command line. # Each ID is validated against the list of active processes. # Each name is translated to an ID. # On error, the program stops before killing any process at all. targets = set() for token in params: try: pid = HexInput.integer(token) except ValueError: pid = None if pid is None: matched = s.find_processes_by_filename(token) if not matched: print "Error: process not found: %s" % token exit() for (process, name) in matched: targets.add(process.get_pid()) else: if not s.has_process(pid): print "Error: process not found: 0x%x (%d)" % (pid, pid) exit() targets.add(pid) targets = list(targets) targets.sort() count = 0 # Try to terminate the processes using the TerminateProcess() API. next_targets = list() for pid in targets: next_targets.append(pid) try: # Note we don't really need to call open_handle and close_handle, # but it's good to know exactly which API call it was that failed. process = Process(pid) process.open_handle() try: process.kill(-1) next_targets.pop() count += 1 print "Terminated process %d" % pid try: process.close_handle() except WindowsError, e: print "Warning: call to CloseHandle() failed: %s" % str(e) except WindowsError, e: print "Warning: call to TerminateProcess() failed: %s" % str(e) except WindowsError, e: print "Warning: call to OpenProcess() failed: %s" % str(e)
def main(argv): script = os.path.basename(argv[0]) params = argv[1:] print "Process killer" print "by Mario Vilas (mvilas at gmail.com)" print if len(params) == 0 or '-h' in params or '--help' in params or \ '/?' in params: print "Usage:" print " %s <process ID or name> [process ID or name...]" % script print print "If a process name is given instead of an ID all matching processes are killed." exit() # Scan for active processes. # This is needed both to translate names to IDs, and to validate the user-supplied IDs. s = System() s.request_debug_privileges() s.scan_processes() # Parse the command line. # Each ID is validated against the list of active processes. # Each name is translated to an ID. # On error, the program stops before killing any process at all. targets = set() for token in params: try: pid = HexInput.integer(token) except ValueError: pid = None if pid is None: matched = s.find_processes_by_filename(token) if not matched: print "Error: process not found: %s" % token exit() for (process, name) in matched: targets.add(process.get_pid()) else: if not s.has_process(pid): print "Error: process not found: 0x%x (%d)" % (pid, pid) exit() targets.add(pid) targets = list(targets) targets.sort() count = 0 # Try to terminate the processes using the TerminateProcess() API. next_targets = list() for pid in targets: next_targets.append(pid) try: # Note we don't really need to call open_handle and close_handle, # but it's good to know exactly which API call it was that failed. process = Process(pid) process.open_handle() try: process.kill(-1) next_targets.pop() count += 1 print "Terminated process %d" % pid try: process.close_handle() except WindowsError, e: print "Warning: call to CloseHandle() failed: %s" % str(e) except WindowsError, e: print "Warning: call to TerminateProcess() failed: %s" % str(e) except WindowsError, e: print "Warning: call to OpenProcess() failed: %s" % str(e)
def parse_cmdline(argv): # Help message and version string version = ("In Memory fuzzer\n") usage = ("\n" "\n" " Attach to a running process (by filename):\n" " %prog [options] -a <executable>\n" "\n" " Attach to a running process (by ID):\n" " %prog [options] -a <process id>") parser = optparse.OptionParser( usage=usage, version=version, ) # Commands commands = optparse.OptionGroup(parser, "Commands") commands.add_option("-a", "--attach", action="append", type="string", metavar="PROCESS", help="Attach to a running process") parser.add_option_group(commands) # SEH test options fuzzer_opts = optparse.OptionGroup(parser, "Fuzzer options") fuzzer_opts.add_option("--snapshot_address", metavar="ADDRESS", help="take snapshot point address") fuzzer_opts.add_option("--restore_address", metavar="ADDRESS", help="restore snapshot point address") fuzzer_opts.add_option( "--buffer_address", metavar="ADDRESS", help="address of the buffer to be modified in memory") fuzzer_opts.add_option("--buffer_size", metavar="ADDRESS", help="size of the buffer to be modified in memory") fuzzer_opts.add_option("-o", "--output", metavar="FILE", help="write the output to FILE") fuzzer_opts.add_option("--debuglog", metavar="FILE", help="set FILE as a debug log (extremely verbose!)") parser.add_option_group(fuzzer_opts) # Debugging options debugging = optparse.OptionGroup(parser, "Debugging options") debugging.add_option( "--follow", action="store_true", help="automatically attach to child processes [default]") debugging.add_option("--dont-follow", action="store_false", dest="follow", help="don't automatically attach to child processes") parser.add_option_group(debugging) # Defaults parser.set_defaults( follow=True, attach=list(), output=None, debuglog=None, ) # Parse and validate the command line options if len(argv) == 1: argv = argv + ['--help'] (options, args) = parser.parse_args(argv) args = args[1:] if not options.attach: if not args: parser.error("missing target application(s)") options.console = [args] else: if args: parser.error("don't know what to do with extra parameters: %s" % args) if not options.snapshot_address: parser.error("Snapshot address not specified") if not options.restore_address: parser.error("Restore address not specified") if not options.buffer_address: parser.error("Buffer address not specified") if not options.buffer_size: parser.error("Buffser size not specified") global logger if options.output: logger = Logger(logfile=options.output, verbose=logger.verbose) # Open the debug log file if requested if options.debuglog: logger = Logger(logfile=options.debuglog, verbose=logger.verbose) # Get the list of attach targets system = System() system.request_debug_privileges() system.scan_processes() attach_targets = list() for token in options.attach: try: dwProcessId = HexInput.integer(token) except ValueError: dwProcessId = None if dwProcessId is not None: if not system.has_process(dwProcessId): parser.error("can't find process %d" % dwProcessId) try: process = Process(dwProcessId) process.open_handle() process.close_handle() except WindowsError, e: parser.error("can't open process %d: %s" % (dwProcessId, e)) attach_targets.append(dwProcessId) else: matched = system.find_processes_by_filename(token) if not matched: parser.error("can't find process %s" % token) for process, name in matched: dwProcessId = process.get_pid() try: process = Process(dwProcessId) process.open_handle() process.close_handle() except WindowsError, e: parser.error("can't open process %d: %s" % (dwProcessId, e)) attach_targets.append(process.get_pid())
def main(argv): script = os.path.basename(argv[0]) params = argv[1:] print("Process killer") print("by Mario Vilas (mvilas at gmail.com)") print if len(params) == 0 or '-h' in params or '--help' in params or \ '/?' in params: print("Usage:") print(" %s <process ID or name> [process ID or name...]" % script) print print( "If a process name is given instead of an ID all matching processes are killed." ) exit() # Scan for active processes. # This is needed both to translate names to IDs, and to validate the user-supplied IDs. s = System() s.request_debug_privileges() s.scan_processes() # Parse the command line. # Each ID is validated against the list of active processes. # Each name is translated to an ID. # On error, the program stops before killing any process at all. targets = set() for token in params: try: pid = HexInput.integer(token) except ValueError: pid = None if pid is None: matched = s.find_processes_by_filename(token) if not matched: print("Error: process not found: %s" % token) exit() for (process, name) in matched: targets.add(process.get_pid()) else: if not s.has_process(pid): print("Error: process not found: 0x%x (%d)" % (pid, pid)) exit() targets.add(pid) targets = list(targets) targets.sort() count = 0 # Try to terminate the processes using the TerminateProcess() API. next_targets = list() for pid in targets: next_targets.append(pid) try: # Note we don't really need to call open_handle and close_handle, # but it's good to know exactly which API call it was that failed. process = Process(pid) process.open_handle() try: process.kill(-1) next_targets.pop() count += 1 print("Terminated process %d" % pid) try: process.close_handle() except WindowsError as e: print("Warning: call to CloseHandle() failed: %s" % str(e)) except WindowsError as e: print("Warning: call to TerminateProcess() failed: %s" % str(e)) except WindowsError as e: print("Warning: call to OpenProcess() failed: %s" % str(e)) targets = next_targets # Try to terminate processes by injecting a call to ExitProcess(). next_targets = list() for pid in targets: next_targets.append(pid) try: process = Process(pid) process.scan_modules() try: module = process.get_module_by_name('kernel32') pExitProcess = module.resolve('ExitProcess') try: process.start_thread(pExitProcess, -1) next_targets.pop() count += 1 print("Forced process %d exit" % pid) except WindowsError as e: print( "Warning: call to CreateRemoteThread() failed %d: %s" % (pid, str(e))) except WindowsError as e: print( "Warning: resolving address of ExitProcess() failed %d: %s" % (pid, str(e))) except WindowsError as e: print("Warning: scanning for loaded modules failed %d: %s" % (pid, str(e))) targets = next_targets # Attach to every process. # print(a message on error, but don't stop.) next_targets = list() for pid in targets: try: win32.DebugActiveProcess(pid) count += 1 print("Attached to process %d" % pid) except WindowsError as e: next_targets.append(pid) print("Warning: error attaching to %d: %s" % (pid, str(e))) targets = next_targets # Try to call the DebugSetProcessKillOnExit() API. # # Since it's defined only for Windows XP and above, # on earlier versions we just ignore the error, # since the default behavior on those platforms is # already what we wanted. # # This must be done after attaching to at least one process. # # http://msdn.microsoft.com/en-us/library/ms679307(VS.85).aspx try: win32.DebugSetProcessKillOnExit(True) except AttributeError: pass except WindowsError as e: print("Warning: call to DebugSetProcessKillOnExit() failed: %s" % str(e)) if count == 0: print("Failed! No process was killed.") elif count == 1: print("Successfully killed 1 process.") else: print("Successfully killed %d processes." % count) # Exit the current thread. # This will kill all the processes we have attached to. exit()