def do_function_starts(self, in_memory):
"""Run the binary, stop at our unstripped function,
make sure the caller has synthetic symbols"""
exe = self.getBuildArtifact(exe_name)
# Now strip the binary, but leave externals so we can break on dont_strip_me.
try:
fail_str = system([["strip", "-u", "-x", "-S", exe]])
except CalledProcessError as cmd_error:
self.fail("Strip failed: %d" % (cmd_error.returncode))
# Use a file as a synchronization point between test and inferior.
pid_file_path = lldbutil.append_to_process_working_directory(
self, "token_pid_%d" % (int(os.getpid())))
self.addTearDownHook(
lambda: self.run_platform_command("rm %s" % (pid_file_path)))
popen = self.spawnSubprocess(exe, [pid_file_path])
self.addTearDownHook(self.cleanupSubprocesses)
# Wait until process has fully started up.
pid = lldbutil.wait_for_file_on_target(self, pid_file_path)
if in_memory:
remove_file(exe)
target = self.dbg.CreateTarget(None)
self.assertTrue(target.IsValid(), "Got a vaid empty target.")
error = lldb.SBError()
attach_info = lldb.SBAttachInfo()
attach_info.SetProcessID(popen.pid)
attach_info.SetIgnoreExisting(False)
process = target.Attach(attach_info, error)
self.assertTrue(
error.Success(), "Didn't attach successfully to %d: %s" %
(popen.pid, error.GetCString()))
bkpt = target.BreakpointCreateByName("dont_strip_me", exe)
self.assertTrue(bkpt.GetNumLocations() > 0,
"Didn't set the dont_strip_me bkpt.")
threads = lldbutil.continue_to_breakpoint(process, bkpt)
self.assertEqual(len(threads), 1, "Didn't hit my breakpoint.")
# Our caller frame should have been stripped. Make sure we made a synthetic symbol
# for it:
thread = threads[0]
self.assertTrue(thread.num_frames > 1, "Couldn't backtrace.")
name = thread.frame[1].GetFunctionName()
self.assertTrue(name.startswith("___lldb_unnamed_symbol"))
self.assertTrue(name.endswith("$$StripMe"))
def do_function_starts(self, in_memory):
"""Run the binary, stop at our unstripped function,
make sure the caller has synthetic symbols"""
exe = self.getBuildArtifact(exe_name)
# Now strip the binary, but leave externals so we can break on dont_strip_me.
try:
fail_str = system([["strip", "-u", "-x", "-S", exe]])
except CalledProcessError as cmd_error:
self.fail("Strip failed: %d" % (cmd_error.returncode))
popen = self.spawnSubprocess(exe)
self.addTearDownHook(self.cleanupSubprocesses)
if in_memory:
remove_file(exe)
target = self.dbg.CreateTarget(None)
self.assertTrue(target.IsValid(), "Got a vaid empty target.")
error = lldb.SBError()
attach_info = lldb.SBAttachInfo()
attach_info.SetProcessID(popen.pid)
attach_info.SetIgnoreExisting(False)
process = target.Attach(attach_info, error)
self.assertTrue(
error.Success(), "Didn't attach successfully to %d: %s" %
(popen.pid, error.GetCString()))
bkpt = target.BreakpointCreateByName("dont_strip_me", exe)
self.assertTrue(bkpt.GetNumLocations() > 0,
"Didn't set the dont_strip_me bkpt.")
threads = lldbutil.continue_to_breakpoint(process, bkpt)
self.assertEqual(len(threads), 1, "Didn't hit my breakpoint.")
# Our caller frame should have been stripped. Make sure we made a synthetic symbol
# for it:
thread = threads[0]
self.assertTrue(thread.num_frames > 1, "Couldn't backtrace.")
name = thread.frame[1].GetFunctionName()
self.assertEqual("___lldb_unnamed_symbol1$$StripMe", name,
"Frame name not synthetic")
def main(argv):
description = '''Debugs a program using the LLDB python API and uses asynchronous broadcast events to watch for process state changes.'''
epilog = '''Examples:
#----------------------------------------------------------------------
# Run "/bin/ls" with the arguments "-lAF /tmp/", and set a breakpoint
# at "malloc" and backtrace and read all registers each time we stop
#----------------------------------------------------------------------
% ./process_events.py --breakpoint malloc --stop-command bt --stop-command 'register read' -- /bin/ls -lAF /tmp/
'''
optparse.OptionParser.format_epilog = lambda self, formatter: self.epilog
parser = optparse.OptionParser(
description=description,
prog='process_events',
usage='usage: process_events [options] program [arg1 arg2]',
epilog=epilog)
parser.add_option(
'-v',
'--verbose',
action='store_true',
dest='verbose',
help="Enable verbose logging.",
default=False)
parser.add_option(
'-b',
'--breakpoint',
action='append',
type='string',
metavar='BPEXPR',
dest='breakpoints',
help='Breakpoint commands to create after the target has been created, the values will be sent to the "_regexp-break" command which supports breakpoints by name, file:line, and address.')
parser.add_option(
'-a',
'--arch',
type='string',
dest='arch',
help='The architecture to use when creating the debug target.',
default=None)
parser.add_option(
'--platform',
type='string',
metavar='platform',
dest='platform',
help='Specify the platform to use when creating the debug target. Valid values include "localhost", "darwin-kernel", "ios-simulator", "remote-freebsd", "remote-macosx", "remote-ios", "remote-linux".',
default=None)
parser.add_option(
'-l',
'--launch-command',
action='append',
type='string',
metavar='CMD',
dest='launch_commands',
help='LLDB command interpreter commands to run once after the process has launched. This option can be specified more than once.',
default=[])
parser.add_option(
'-s',
'--stop-command',
action='append',
type='string',
metavar='CMD',
dest='stop_commands',
help='LLDB command interpreter commands to run each time the process stops. This option can be specified more than once.',
default=[])
parser.add_option(
'-c',
'--crash-command',
action='append',
type='string',
metavar='CMD',
dest='crash_commands',
help='LLDB command interpreter commands to run in case the process crashes. This option can be specified more than once.',
default=[])
parser.add_option(
'-x',
'--exit-command',
action='append',
type='string',
metavar='CMD',
dest='exit_commands',
help='LLDB command interpreter commands to run once after the process has exited. This option can be specified more than once.',
default=[])
parser.add_option(
'-T',
'--no-threads',
action='store_false',
dest='show_threads',
help="Don't show threads when process stops.",
default=True)
parser.add_option(
'--ignore-errors',
action='store_false',
dest='stop_on_error',
help="Don't stop executing LLDB commands if the command returns an error. This applies to all of the LLDB command interpreter commands that get run for launch, stop, crash and exit.",
default=True)
parser.add_option(
'-n',
'--run-count',
type='int',
dest='run_count',
metavar='N',
help='How many times to run the process in case the process exits.',
default=1)
parser.add_option(
'-t',
'--event-timeout',
type='int',
dest='event_timeout',
metavar='SEC',
help='Specify the timeout in seconds to wait for process state change events.',
default=lldb.UINT32_MAX)
parser.add_option(
'-e',
'--environment',
action='append',
type='string',
metavar='ENV',
dest='env_vars',
help='Environment variables to set in the inferior process when launching a process.')
parser.add_option(
'-d',
'--working-dir',
type='string',
metavar='DIR',
dest='working_dir',
help='The the current working directory when launching a process.',
default=None)
parser.add_option(
'-p',
'--attach-pid',
type='int',
dest='attach_pid',
metavar='PID',
help='Specify a process to attach to by process ID.',
default=-1)
parser.add_option(
'-P',
'--attach-name',
type='string',
dest='attach_name',
metavar='PROCESSNAME',
help='Specify a process to attach to by name.',
default=None)
parser.add_option(
'-w',
'--attach-wait',
action='store_true',
dest='attach_wait',
help='Wait for the next process to launch when attaching to a process by name.',
default=False)
try:
(options, args) = parser.parse_args(argv)
except:
return
attach_info = None
launch_info = None
exe = None
if args:
exe = args.pop(0)
launch_info = lldb.SBLaunchInfo(args)
if options.env_vars:
launch_info.SetEnvironmentEntries(options.env_vars, True)
if options.working_dir:
launch_info.SetWorkingDirectory(options.working_dir)
elif options.attach_pid != -1:
if options.run_count == 1:
attach_info = lldb.SBAttachInfo(options.attach_pid)
else:
print("error: --run-count can't be used with the --attach-pid option")
sys.exit(1)
elif not options.attach_name is None:
if options.run_count == 1:
attach_info = lldb.SBAttachInfo(
options.attach_name, options.attach_wait)
else:
print("error: --run-count can't be used with the --attach-name option")
sys.exit(1)
else:
print('error: a program path for a program to debug and its arguments are required')
sys.exit(1)
# Create a new debugger instance
debugger = lldb.SBDebugger.Create()
debugger.SetAsync(True)
command_interpreter = debugger.GetCommandInterpreter()
# Create a target from a file and arch
if exe:
print("Creating a target for '%s'" % exe)
error = lldb.SBError()
target = debugger.CreateTarget(
exe, options.arch, options.platform, True, error)
if target:
# Set any breakpoints that were specified in the args if we are launching. We use the
# command line command to take advantage of the shorthand breakpoint
# creation
if launch_info and options.breakpoints:
for bp in options.breakpoints:
debugger.HandleCommand("_regexp-break %s" % (bp))
run_commands(command_interpreter, ['breakpoint list'])
for run_idx in range(options.run_count):
# Launch the process. Since we specified synchronous mode, we won't return
# from this function until we hit the breakpoint at main
error = lldb.SBError()
if launch_info:
if options.run_count == 1:
print('Launching "%s"...' % (exe))
else:
print('Launching "%s"... (launch %u of %u)' % (exe, run_idx + 1, options.run_count))
process = target.Launch(launch_info, error)
else:
if options.attach_pid != -1:
print('Attaching to process %i...' % (options.attach_pid))
else:
if options.attach_wait:
print('Waiting for next to process named "%s" to launch...' % (options.attach_name))
else:
print('Attaching to existing process named "%s"...' % (options.attach_name))
process = target.Attach(attach_info, error)
# Make sure the launch went ok
if process and process.GetProcessID() != lldb.LLDB_INVALID_PROCESS_ID:
pid = process.GetProcessID()
print('Process is %i' % (pid))
if attach_info:
# continue process if we attached as we won't get an
# initial event
process.Continue()
listener = debugger.GetListener()
# sign up for process state change events
stop_idx = 0
done = False
while not done:
event = lldb.SBEvent()
if listener.WaitForEvent(options.event_timeout, event):
if lldb.SBProcess.EventIsProcessEvent(event):
state = lldb.SBProcess.GetStateFromEvent(event)
if state == lldb.eStateInvalid:
# Not a state event
print('process event = %s' % (event))
else:
print("process state changed event: %s" % (lldb.SBDebugger.StateAsCString(state)))
if state == lldb.eStateStopped:
if stop_idx == 0:
if launch_info:
print("process %u launched" % (pid))
run_commands(
command_interpreter, ['breakpoint list'])
else:
print("attached to process %u" % (pid))
for m in target.modules:
print(m)
if options.breakpoints:
for bp in options.breakpoints:
debugger.HandleCommand(
"_regexp-break %s" % (bp))
run_commands(
command_interpreter, ['breakpoint list'])
run_commands(
command_interpreter, options.launch_commands)
else:
if options.verbose:
print("process %u stopped" % (pid))
run_commands(
command_interpreter, options.stop_commands)
stop_idx += 1
print_threads(process, options)
print("continuing process %u" % (pid))
process.Continue()
elif state == lldb.eStateExited:
exit_desc = process.GetExitDescription()
if exit_desc:
print("process %u exited with status %u: %s" % (pid, process.GetExitStatus(), exit_desc))
else:
print("process %u exited with status %u" % (pid, process.GetExitStatus()))
run_commands(
command_interpreter, options.exit_commands)
done = True
elif state == lldb.eStateCrashed:
print("process %u crashed" % (pid))
print_threads(process, options)
run_commands(
command_interpreter, options.crash_commands)
done = True
elif state == lldb.eStateDetached:
print("process %u detached" % (pid))
done = True
elif state == lldb.eStateRunning:
# process is running, don't say anything,
# we will always get one of these after
# resuming
if options.verbose:
print("process %u resumed" % (pid))
elif state == lldb.eStateUnloaded:
print("process %u unloaded, this shouldn't happen" % (pid))
done = True
elif state == lldb.eStateConnected:
print("process connected")
elif state == lldb.eStateAttaching:
print("process attaching")
elif state == lldb.eStateLaunching:
print("process launching")
else:
print('event = %s' % (event))
else:
# timeout waiting for an event
print("no process event for %u seconds, killing the process..." % (options.event_timeout))
done = True
# Now that we are done dump the stdout and stderr
process_stdout = process.GetSTDOUT(1024)
if process_stdout:
print("Process STDOUT:\n%s" % (process_stdout))
while process_stdout:
process_stdout = process.GetSTDOUT(1024)
print(process_stdout)
process_stderr = process.GetSTDERR(1024)
if process_stderr:
print("Process STDERR:\n%s" % (process_stderr))
while process_stderr:
process_stderr = process.GetSTDERR(1024)
print(process_stderr)
process.Kill() # kill the process
else:
if error:
print(error)
else:
if launch_info:
print('error: launch failed')
else:
print('error: attach failed')
lldb.SBDebugger.Terminate()
def main(argv):
description = '''Debugs a program using the LLDB python API and does crash analysis on stop events'''
epilog = '''Examples:
% ./exploitaben.py -- /path/to/app -infile file_that_causes.crash
'''
optparse.OptionParser.format_epilog = lambda self, formatter: self.epilog
parser = optparse.OptionParser(
description=description,
prog='process_events',
usage='usage: process_events [options] program [arg1 arg2]',
epilog=epilog)
parser.add_option('-v',
'--verbose',
action='store_true',
dest='verbose',
help="Enable verbose logging.",
default=False)
parser.add_option(
'-b',
'--breakpoint',
action='append',
type='string',
metavar='BPEXPR',
dest='breakpoints',
help=
'Breakpoint commands to create after the target has been created, the values will be sent to the "_regexp-break" command which supports breakpoints by name, file:line, and address.'
)
# parser.add_option('-a', '--arch', type='string', dest='arch', help='The architecture to use when creating the debug target.', default=None)
# parser.add_option('--platform', type='string', metavar='platform', dest='platform', help='Specify the platform to use when creating the debug target. Valid values include "localhost", "darwin-kernel", "ios-simulator", "remote-freebsd", "remote-macosx", "remote-ios", "remote-linux".', default=None)
# parser.add_option('-l', '--launch-command', action='append', type='string', metavar='CMD', dest='launch_commands', help='LLDB command interpreter commands to run once after the process has launched. This option can be specified more than once.', default=[])
# parser.add_option('-s', '--stop-command', action='append', type='string', metavar='CMD', dest='stop_commands', help='LLDB command interpreter commands to run each time the process stops. This option can be specified more than once.', default=[])
parser.add_option(
'-c',
'--crash-command',
action='append',
type='string',
metavar='CMD',
dest='crash_commands',
help=
'LLDB command interpreter commands to run in case the process crashes. This option can be specified more than once.',
default=[])
parser.add_option(
'-x',
'--exit-command',
action='append',
type='string',
metavar='CMD',
dest='exit_commands',
help=
'LLDB command interpreter commands to run once after the process has exited. This option can be specified more than once.',
default=[])
# parser.add_option('-T', '--no-threads', action='store_false', dest='show_threads', help="Don't show threads when process stops.", default=True)
parser.add_option(
'--ignore-errors',
action='store_false',
dest='stop_on_error',
help=
"Don't stop executing LLDB commands if the command returns an error. This applies to all of the LLDB command interpreter commands that get run for launch, stop, crash and exit.",
default=True)
# parser.add_option('-n', '--run-count', type='int', dest='run_count', metavar='N', help='How many times to run the process in case the process exits.', default=1)
parser.add_option(
'-t',
'--event-timeout',
type='int',
dest='event_timeout',
metavar='SEC',
help=
'Specify the timeout in seconds to wait for process state change events.',
default=lldb.UINT32_MAX)
parser.add_option(
'-e',
'--environment',
action='append',
type='string',
metavar='ENV',
dest='env_vars',
help=
'Environment variables to set in the inferior process when launching a process.'
)
parser.add_option(
'-d',
'--working-dir',
type='string',
metavar='DIR',
dest='working_dir',
help='The the current working directory when launching a process.',
default=None)
parser.add_option('-p',
'--attach-pid',
type='int',
dest='attach_pid',
metavar='PID',
help='Specify a process to attach to by process ID.',
default=-1)
parser.add_option('-P',
'--attach-name',
type='string',
dest='attach_name',
metavar='PROCESSNAME',
help='Specify a process to attach to by name.',
default=None)
parser.add_option(
'-w',
'--attach-wait',
action='store_true',
dest='attach_wait',
help=
'Wait for the next process to launch when attaching to a process by name.',
default=False)
parser.add_option(
'-O',
'--show-output',
action='store_true',
dest='show_output',
help='Print the captured stdout/stderr from the target at exit.',
default=False)
try:
(options, args) = parser.parse_args(argv)
except:
return
options.run_count = 1
# I used a closure because we need to wait until options have been parsed
def debug(str):
if options.verbose:
print str
attach_info = None
launch_info = None
exe = None
if args:
exe = args.pop(0)
launch_info = lldb.SBLaunchInfo(args)
if options.env_vars:
launch_info.SetEnvironmentEntries(options.env_vars, True)
if options.working_dir:
launch_info.SetWorkingDirectory(options.working_dir)
elif options.attach_pid != -1:
if options.run_count == 1:
attach_info = lldb.SBAttachInfo(options.attach_pid)
else:
print "error: --run-count can't be used with the --attach-pid option"
sys.exit(1)
elif options.attach_name is not None:
attach_info = lldb.SBAttachInfo(options.attach_name,
options.attach_wait)
if options.attach_wait:
waiting = True
else:
print 'error: a program path for a program to debug and its arguments are required'
sys.exit(1)
# Create a new debugger instance
debugger = lldb.SBDebugger.Create()
debugger.SetAsync(True)
command_interpreter = debugger.GetCommandInterpreter()
# Create a target from a file and arch
if exe:
debug("Creating a target for '%s'" % exe)
error = lldb.SBError()
target = debugger.CreateTarget(exe, None, None, True, error)
if target:
# Set any breakpoints that were specified in the args if we are launching. We use the
# command line command to take advantage of the shorthand breakpoint creation
if launch_info and options.breakpoints:
for bp in options.breakpoints:
debugger.HandleCommand("_regexp-break %s" % (bp))
run_commands(command_interpreter, ['breakpoint list'])
for run_idx in range(options.run_count):
# Launch the process. Since we specified synchronous mode, we won't return
# from this function until we hit the breakpoint at main
error = lldb.SBError()
if launch_info:
if options.run_count == 1:
debug('Launching "%s"...' % (exe))
else:
debug('Launching "%s"... (launch %u of %u)' %
(exe, run_idx + 1, options.run_count))
process = target.Launch(launch_info, error)
else:
if options.attach_pid != -1:
debug('Attaching to process %i...' % (options.attach_pid))
else:
if options.attach_wait:
debug(
'Waiting for next to process named "%s" to launch...'
% (options.attach_name))
else:
debug('Attaching to existing process named "%s"...' %
(options.attach_name))
process = target.Attach(attach_info, error)
# Make sure the launch went ok
if process and options.attach_wait or process.GetProcessID(
) != lldb.LLDB_INVALID_PROCESS_ID:
pid = process.GetProcessID()
listener = debugger.GetListener()
# sign up for process state change events
done = False
# moved this outside the main event loop so we re-use one C++
# object. Saves a lot of __init__ calls.
event = lldb.SBEvent()
while not done:
if listener.WaitForEvent(options.event_timeout, event):
if lldb.SBProcess.EventIsProcessEvent(event):
state = lldb.SBProcess.GetStateFromEvent(event)
if state == lldb.eStateInvalid:
# Not a state event
debug('process event = %s' % (event))
else:
# don't call StateAsCString in the critical path!
# debug("process state changed event: %s" % (lldb.SBDebugger.StateAsCString(state)))
if state == lldb.eStateStopped:
debug("process %u stopped" % (pid))
# handle initial stop event after attach ( including attach_wait )
if options.attach_name:
debug("Attached to {}!".format(
options.attach_name))
# clobber the attach_name option to save using a scratch variable ;)
options.attach_name = False
process.Continue()
continue
# OK, now it's a 'real' stop.
# skip ahead to the first faulting thread. Not perfect, but better
# than nothing.
# TODO: Handle cases where multiple threads have a StopReason
# ( need to find one first )
for thread in process:
if thread.GetStopReason(
) != lldb.eStopReasonNone:
process.SetSelectedThread(thread)
break
# Adding some parser sugar...
print "Stack trace:"
run_commands(command_interpreter,
['bt 25'])
print "Nearby code:"
try:
run_commands(
command_interpreter,
['disass -p -c 10 -b -F intel'])
except:
print "<disassembly failed>"
run_commands(command_interpreter,
['reg read'])
print "Hash: %s" % stack_hash(
process.selected_thread)
analyzer = lldbx86.Analyzer(target)
print "ANALYSIS INDICATORS:"
print "--------------------"
print "StopDesc: %s" % analyzer.getStopDescription(
)
print "AvNearNull: %s" % analyzer.isAvNearNull(
)
print "AvNearSP: %s" % analyzer.isAvNearSP(
)
print "BadBeef: %s" % analyzer.isAvBadBeef(
)
print "Access Type: %s" % analyzer.getAccessType(
analyzer.getCurrentInstruction())
regs = analyzer.getInsnRegisters(
analyzer.getCurrentInstruction())
print "Registers: %s" % ' '.join(
map(
lambda r: "{}={}".format(
r, regs[r]), regs.keys()))
print "BlockMov: %s" % analyzer.isBlockMove(
)
print "Weird PC: %s" % analyzer.isPcWeird(
)
print "Weird SP: %s" % analyzer.isSpWeird(
)
print "Suspicious Funcs: %s" % " ".join(
analyzer.getSuspiciousStackFuncs())
print "Illegal Insn: %s" % analyzer.isIllegalInstruction(
)
print "Huge Stack: %s" % analyzer.isStackHuge(
)
done = True
elif state == lldb.eStateExited:
exit_desc = process.GetExitDescription()
if exit_desc:
debug(
"process %u exited with status %u: %s"
% (pid, process.GetExitStatus(),
exit_desc))
else:
debug(
"process %u exited with status %u"
% (pid, process.GetExitStatus()))
run_commands(command_interpreter,
options.exit_commands)
done = True
elif state == lldb.eStateCrashed:
# TODO no idea when this happens without first hitting a stop event
debug("process %u crashed" % (pid))
print_threads(process, options)
run_commands(command_interpreter,
options.crash_commands)
done = True
elif state == lldb.eStateDetached:
debug("process %u detached" % (pid))
done = True
elif state == lldb.eStateRunning:
debug("process %u resumed" % (pid))
elif state == lldb.eStateUnloaded:
debug(
"process %u unloaded, this shouldn't happen"
% (pid))
done = True
elif state == lldb.eStateConnected:
debug("process connected")
elif state == lldb.eStateAttaching:
debug("process attaching")
elif state == lldb.eStateLaunching:
debug("process launching")
else:
debug('event = %s' % (event))
else:
# timeout waiting for an event
print "no process event for %u seconds, killing the process..." % (
options.event_timeout)
done = True
if options.show_output:
process_stdout = process.GetSTDOUT(1024)
if process_stdout:
print "Process STDOUT:\n%s" % (process_stdout)
while process_stdout:
process_stdout = process.GetSTDOUT(1024)
print process_stdout
process_stderr = process.GetSTDERR(1024)
if process_stderr:
print "Process STDERR:\n%s" % (process_stderr)
while process_stderr:
process_stderr = process.GetSTDERR(1024)
print process_stderr
process.Kill()
else:
if error:
print error
else:
if launch_info:
print 'error: launch failed'
else:
print 'error: attach failed'
lldb.SBDebugger.Terminate()
def main(argv):
##
#--breakpoint begin_funcion --normal_end [end_function] --spin_end [end_function]
#--pid attached_process
##
parser = optparse.OptionParser()
parser.add_option('-b',
'--breakpoint',
dest='breakpoint',
type='string',
help='Trace calls from the breakpoint',
metavar='BPEXPR',
default=None)
parser.add_option('-n',
'--normal_end',
dest='normal_endf',
type='string',
help='End function in normal execution',
metavar='NORMEND',
default=None)
parser.add_option('-s',
'--spin_end',
dest='spin_endf',
type='string',
help='End function in spinning execution',
metavar='SPINEND',
default=None)
parser.add_option('-p',
'--pid',
dest='pid',
type='int',
help='Process to attach',
metavar='PID',
default=-1)
(options, args) = parser.parse_args(argv)
if options.pid == -1:
sys.exit(1)
debugger = lldb.SBDebugger.Create()
debugger.SetAsync(False)
command_interpreter = debugger.GetCommandInterpreter()
#attach to target process
attach_info = lldb.SBAttachInfo(options.pid)
error = lldb.SBError()
target = debugger.CreateTarget(None, 'x86_64', None, True, error)
print 'Create target: ', error
process = target.Attach(attach_info, error)
print 'Attach to process: ', error
if process and process.GetProcessID() != lldb.LLDB_INVALID_PROCESS_ID:
pid = process.GetProcessID()
print 'Process is ', pid
else:
print 'Fail to attach lldb to ', options.pid
set_breakpoint(debugger, options)
process.Continue()
check_notification_post(process, debugger, options)
lldb.SBDebugger.Terminate()
