def print_state( process_name ): # Request debug privileges. System.request_debug_privileges() # Find the first process that matches the requested name. system = System() process, filename = system.find_processes_by_filename( process_name )[ 0 ] # Suspend the process execution. process.suspend() try: # For each thread in the process... for thread in process.iter_threads(): # Get the thread state. tid = thread.get_tid() eip = thread.get_pc() code = thread.disassemble_around( eip ) context = thread.get_context() # Display the thread state. print print "-" * 79 print "Thread: %s" % HexDump.integer( tid ) print print CrashDump.dump_registers( context ) print CrashDump.dump_code( code, eip ), print "-" * 79 # Resume the process execution. finally: process.resume()
def __dump(self, event, label = None): thread = event.get_thread() trace = thread.get_stack_trace_with_labels() ctx = thread.get_context(win32.CONTEXT_FULL) if not label: label = thread.get_label_at_pc() print label print CrashDump.dump_registers(ctx) print CrashDump.dump_stack_trace_with_labels(trace), print "-" * 79
def print_thread(title, thread): tid = thread.get_tid() eip = thread.get_pc() context = thread.get_context() handle = thread.get_handle() code = thread.disassemble_around(eip) print("%s %s - %s " % (title, HexDump.integer(tid), handle)) print CrashDump.dump_registers(context) print CrashDump.dump_code(code, eip),
def access_violation(self, evt): thread = evt.get_thread() tid = thread.get_tid() code = thread.disassemble_around_pc() context = thread.get_context() print print "-" * 79 print "Thread: %s" % HexDump.integer(tid) print print CrashDump.dump_registers(context) print CrashDump.dump_code(code) print "-" * 79
def print_thread_context(tid): System.request_debug_privileges() thread = Thread(tid) thread.suspend() try: context = thread.get_context() finally: thread.resume() print print CrashDump.dump_registers(context)
def danger_handler(self, evt): thread = evt.get_thread() proc = evt.get_process() pc = thread.get_pc() registers = thread.get_context() if pc in self.resolved_funcs: print "[*] hit %s" % self.resolved_funcs[pc] CrashDump.dump_registers(registers) # record process memory try: proc.suspend() self.snapshot = proc.take_memory_snapshot() finally: proc.resume()
def print_thread_context( tid ): # Request debug privileges. System.request_debug_privileges() # Instance a Thread object. thread = Thread( tid ) # Suspend the thread execution. thread.suspend() # Get the thread context. try: context = thread.get_context() # Resume the thread execution. finally: thread.resume() # Display the thread context. print print CrashDump.dump_registers( context ),
def create_thread(self, event): process = event.get_process() thread = event.get_thread() context = thread.get_context() eip = thread.get_pc() tid = event.get_tid() filename = process.get_filename() print "process:%s" % filename # pid = event.get_pid() start = event.get_start_address() if start: with warnings.catch_warnings(): warnings.simplefilter("ignore") start = event.get_process().get_label_at_address(start) print "Started thread %d at %s" % (tid, start) else: print "Attached to thread %d" % tid print CrashDump.dump_registers(context) #print_thread('asm', thread) """