def set_bp(pid, func, size): process = Process(pid) search_dll, search_func = _split_dll_func(func) print search_dll, ":", search_func if search_dll is None or search_func is None: print "%s not found!" % arg sys.exit(-1) dict = {} for file, file_addr in process.get_modules(): if ismatch(file, ".*" + search_dll + "$") or ismatch( file, ".*" + search_dll + ".dll$"): module = Module(file_addr, process=process, fileName=file) module.get_symbols() print file, "!", file_addr, " > ", search_dll, " > ", search_func for func, addr, _ in module.iter_symbols(): if ismatch(func, search_func + ".*"): dict[hex(addr)] = func print "%s : [%s] %s" % (hex(addr), addr, func) print "len", len(dict) if len(dict) == 1: break_addr, break_func = dict.items()[0] print " : ", break_addr, "", break_func do_bp(process, break_addr) else: i = 0 for key in dict.keys(): print "%d : %s!%s" % (i, key, dict[key]) i += 1 number = int(raw_input("What is your Number? ")) print break_addr, break_func = dict.items()[number] print break_func, ":", break_addr if do_bp(process, break_addr[:-1]) == True: print_breakpoints()
def search_string(pid, func, size): process = Process(pid) print "get_image_base:", hex(process.get_image_base()) print "get_main_module:", process.get_main_module() dosheader = process.read(process.get_image_base(), 100) print ''.join(["%02X " % ord(x) for x in dosheader]).strip() sys.exit(0) search_dll, search_func = _split_dll_func(func) print search_dll, ":", search_func if search_dll is None or search_func is None: print "%s not found!" % arg sys.exit(-1) dict = {} for file, file_addr in process.get_modules(): if ismatch(file, ".*" + search_dll + "$") or ismatch( file, ".*" + search_dll + ".dll$"): print file, " : ", hex(file_addr), " (", file_addr, ")" return ""