def testBreakpointEnum(self): b1 = pykd.setBp(self.targetModule.CdeclFunc) b2 = pykd.setBp(self.targetModule.CdeclFunc + 1) b3 = pykd.setBp(self.targetModule.CdeclFunc + 2) self.assertEqual(3, pykd.getNumberBreakpoints()) bpLst = [pykd.getBp(i) for i in range(3)] self.assertEqual(3, len(bpLst)) for bp in bpLst: bp.remove() self.assertEqual(0, pykd.getNumberBreakpoints())
def breakpoints(self, target_id=0): """ Return a list of breakpoints. Returns data in the following structure: [ { "id": 1, "enabled": True, "one_shot": False, "hit_count": 5, "locations": [ { "address": 0x100000cf0, "name": 'main' } ] } ] """ breakpoints = [] for i in range(0, pykd.getNumberBreakpoints()): b = pykd.getBp(i) addr = b.getOffset() name = hex(addr) try: name = pykd.findSymbol(addr) except: log.exception( "No symbol found for address {}".format(addr)) pass breakpoints.append({ 'id': i, 'enabled': True, 'one_shot': False, 'hit_count': '-', 'locations': [{ "address": addr, "name": name }] }) return breakpoints
def breakpoints(self, target_id=0): """ Return a list of breakpoints. Returns data in the following structure: [ { "id": 1, "enabled": True, "one_shot": False, "hit_count": 5, "locations": [ { "address": 0x100000cf0, "name": 'main' } ] } ] """ breakpoints = [] for i in range(0, pykd.getNumberBreakpoints()): b = pykd.getBp(i) addr = b.getOffset() name = hex(addr) try: name = pykd.findSymbol(addr) except: log.exception("No symbol found for address {}".format(addr)) pass breakpoints.append({ 'id': i, 'enabled': True, 'one_shot': False, 'hit_count': '-', 'locations': [{ "address": addr, "name": name }] }) return breakpoints
def Tracer(): global ImageBase print "[*] VMP Entrypoint\n\t[-] " + pykd.dbgCommand("u @rip l2") EndIopLoadDriver = pykd.getBp(1).getOffset() pykd.dbgCommand("eb KdDebuggerEnabled 0") count = 0 while(1): ReturnLogPath = PathInform(LogPath[0]) JumpLogPath = PathInform(LogPath[1]) JumpRLogPath = PathInform(LogPath[2]) CallLogPath = PathInform(LogPath[3]) Disassem = pykd.disasm() Instruction = Disassem.instruction() CurrentOffset = pykd.reg("rip") - ImageBase CurrentInstruction = pykd.reg("rip") pCallStack = pykd.reg("rsp") # IopLoadDriver+4c2, End driver load if CurrentInstruction == EndIopLoadDriver: break # Another module CurrentSection = VMPTracingSub.GetSectionName(CurrentInstruction) if CurrentSection == "Not Found Section": print "[*] Check Log.." pykd.dbgCommand("pt") continue if "call" in Instruction: CallLog = open(CallLogPath,'a+') CurrentSection = VMPTracingSub.GetSectionName(CurrentInstruction) # Call register if "call r" in Instruction: idx = Instruction.find("call r") reg = Instruction[idx+8:] regOffset = pykd.reg(reg)-ImageBase data = "\n[*] Call Register\n\t[*] Current Section : %s\n\t[*] Current Instruction offset : %X\n\t[-] Count : %d\n\t[-] Registry : %s(Offset : %X, Value : %X)\n\n[*] Current Instruction : %s\n\n"%(CurrentSection,CurrentOffset,count+1,reg,regOffset,pykd.reg(reg),Instruction) CallLog.write(data) CallLog.write(pykd.dbgCommand("r")) CallLog.write("\n\n[*] Current Disassembly\n\n") CallLog.write(pykd.dbgCommand("u @"+reg+" L10")) CallLog.close() pykd.dbgCommand("th") count+=1 continue # Call address else: data = "\n[*] Call Instruction\n\t[*] Current Section : %s\n\t[*] Current Instruction Offset : %X\n\t[-] Count : %d\n\n[*] Current Instruction :%s\n\n"%(CurrentSection,CurrentOffset,count+1,Instruction) CallLog.write(data) CallLog.write(pykd.dbgCommand("r")) CallLog.write("\n\n[*] Current Disassembly\n\n") CallLog.write(pykd.dbgCommand("u @rip L5")) CallLog.close() pykd.dbgCommand("th") count+=1 continue if "ret" in Instruction: ReturnLog = open(ReturnLogPath,'a+') CallStack = pykd.ptrPtr(pCallStack) CallStackOffset = CallStack - ImageBase CurrentSection = VMPTracingSub.GetSectionName(CurrentInstruction) returnSection = VMPTracingSub.GetSectionName(CallStack) data = "\n[*] Return Instruction\n\t[*] Current Section : %s\n\t[*] Return Section : %s\n\t[+] Current Instruction Offset : %X \n\t[-] Count :%d\n\t[*] Disassembly Offset : %X\n\n"%(CurrentSection,returnSection,CurrentOffset,count+1,CallStackOffset) ReturnLog.write(data) ReturnLog.write("\n") ReturnLog.write(pykd.dbgCommand("r")) ReturnLog.write("\n\n[*] Return Disassembly\n") ReturnLog.write(pykd.dbgCommand("u poi(@rsp) L10")) ReturnLog.close() pykd.dbgCommand("th") count+=1 continue pykd.dbgCommand("th") count+=1 return
def BPsSet(): """List breakpoint sets through setBp API.""" BPs = [] for i in xrange(0, pykd.getNumberBreakpoints()): BPs.append(pykd.getBp(i).getOffset()) return BPs
def testRemoveByIndex(self): bp1 = pykd.setBp(self.targetModule.CdeclFunc) bp2 = pykd.getBp(0) bp2.remove() self.assertEqual(pykd.executionStatus.NoDebuggee, pykd.go())
def testBpCommand(self): pykd.dbgCommand("bp 0x100") self.assertEqual(1, pykd.getNumberBreakpoints()) bp = pykd.getBp(0) self.assertEqual(0x100, bp.getOffset())