def testBreakpointEnum(self):
b1 = pykd.setBp(self.targetModule.CdeclFunc)
b2 = pykd.setBp(self.targetModule.CdeclFunc + 1)
b3 = pykd.setBp(self.targetModule.CdeclFunc + 2)
self.assertEqual(3, pykd.getNumberBreakpoints())
bpLst = [pykd.getBp(i) for i in range(3)]
self.assertEqual(3, len(bpLst))
for bp in bpLst:
bp.remove()
self.assertEqual(0, pykd.getNumberBreakpoints())
def breakpoints(self, target_id=0):
"""
Return a list of breakpoints.
Returns data in the following structure:
[
{
"id": 1,
"enabled": True,
"one_shot": False,
"hit_count": 5,
"locations": [
{
"address": 0x100000cf0,
"name": 'main'
}
]
}
]
"""
breakpoints = []
for i in range(0, pykd.getNumberBreakpoints()):
b = pykd.getBp(i)
addr = b.getOffset()
name = hex(addr)
try:
name = pykd.findSymbol(addr)
except:
log.exception(
"No symbol found for address {}".format(addr))
pass
breakpoints.append({
'id':
i,
'enabled':
True,
'one_shot':
False,
'hit_count':
'-',
'locations': [{
"address": addr,
"name": name
}]
})
return breakpoints
def breakpoints(self, target_id=0):
"""
Return a list of breakpoints.
Returns data in the following structure:
[
{
"id": 1,
"enabled": True,
"one_shot": False,
"hit_count": 5,
"locations": [
{
"address": 0x100000cf0,
"name": 'main'
}
]
}
]
"""
breakpoints = []
for i in range(0, pykd.getNumberBreakpoints()):
b = pykd.getBp(i)
addr = b.getOffset()
name = hex(addr)
try:
name = pykd.findSymbol(addr)
except:
log.exception("No symbol found for address {}".format(addr))
pass
breakpoints.append({
'id': i,
'enabled': True,
'one_shot': False,
'hit_count': '-',
'locations': [{
"address": addr,
"name": name
}]
})
return breakpoints
def Tracer():
global ImageBase
print "[*] VMP Entrypoint\n\t[-] " + pykd.dbgCommand("u @rip l2")
EndIopLoadDriver = pykd.getBp(1).getOffset()
pykd.dbgCommand("eb KdDebuggerEnabled 0")
count = 0
while(1):
ReturnLogPath = PathInform(LogPath[0])
JumpLogPath = PathInform(LogPath[1])
JumpRLogPath = PathInform(LogPath[2])
CallLogPath = PathInform(LogPath[3])
Disassem = pykd.disasm()
Instruction = Disassem.instruction()
CurrentOffset = pykd.reg("rip") - ImageBase
CurrentInstruction = pykd.reg("rip")
pCallStack = pykd.reg("rsp")
# IopLoadDriver+4c2, End driver load
if CurrentInstruction == EndIopLoadDriver:
break
# Another module
CurrentSection = VMPTracingSub.GetSectionName(CurrentInstruction)
if CurrentSection == "Not Found Section":
print "[*] Check Log.."
pykd.dbgCommand("pt")
continue
if "call" in Instruction:
CallLog = open(CallLogPath,'a+')
CurrentSection = VMPTracingSub.GetSectionName(CurrentInstruction)
# Call register
if "call r" in Instruction:
idx = Instruction.find("call r")
reg = Instruction[idx+8:]
regOffset = pykd.reg(reg)-ImageBase
data = "\n[*] Call Register\n\t[*] Current Section : %s\n\t[*] Current Instruction offset : %X\n\t[-] Count : %d\n\t[-] Registry : %s(Offset : %X, Value : %X)\n\n[*] Current Instruction : %s\n\n"%(CurrentSection,CurrentOffset,count+1,reg,regOffset,pykd.reg(reg),Instruction)
CallLog.write(data)
CallLog.write(pykd.dbgCommand("r"))
CallLog.write("\n\n[*] Current Disassembly\n\n")
CallLog.write(pykd.dbgCommand("u @"+reg+" L10"))
CallLog.close()
pykd.dbgCommand("th")
count+=1
continue
# Call address
else:
data = "\n[*] Call Instruction\n\t[*] Current Section : %s\n\t[*] Current Instruction Offset : %X\n\t[-] Count : %d\n\n[*] Current Instruction :%s\n\n"%(CurrentSection,CurrentOffset,count+1,Instruction)
CallLog.write(data)
CallLog.write(pykd.dbgCommand("r"))
CallLog.write("\n\n[*] Current Disassembly\n\n")
CallLog.write(pykd.dbgCommand("u @rip L5"))
CallLog.close()
pykd.dbgCommand("th")
count+=1
continue
if "ret" in Instruction:
ReturnLog = open(ReturnLogPath,'a+')
CallStack = pykd.ptrPtr(pCallStack)
CallStackOffset = CallStack - ImageBase
CurrentSection = VMPTracingSub.GetSectionName(CurrentInstruction)
returnSection = VMPTracingSub.GetSectionName(CallStack)
data = "\n[*] Return Instruction\n\t[*] Current Section : %s\n\t[*] Return Section : %s\n\t[+] Current Instruction Offset : %X \n\t[-] Count :%d\n\t[*] Disassembly Offset : %X\n\n"%(CurrentSection,returnSection,CurrentOffset,count+1,CallStackOffset)
ReturnLog.write(data)
ReturnLog.write("\n")
ReturnLog.write(pykd.dbgCommand("r"))
ReturnLog.write("\n\n[*] Return Disassembly\n")
ReturnLog.write(pykd.dbgCommand("u poi(@rsp) L10"))
ReturnLog.close()
pykd.dbgCommand("th")
count+=1
continue
pykd.dbgCommand("th")
count+=1
return
def BPsSet(): """List breakpoint sets through setBp API.""" BPs = [] for i in xrange(0, pykd.getNumberBreakpoints()): BPs.append(pykd.getBp(i).getOffset()) return BPs
def testRemoveByIndex(self):
bp1 = pykd.setBp(self.targetModule.CdeclFunc)
bp2 = pykd.getBp(0)
bp2.remove()
self.assertEqual(pykd.executionStatus.NoDebuggee, pykd.go())
def testBpCommand(self):
pykd.dbgCommand("bp 0x100")
self.assertEqual(1, pykd.getNumberBreakpoints())
bp = pykd.getBp(0)
self.assertEqual(0x100, bp.getOffset())
