.I am working with Greyhat Python and I can't get the book code or my own to properly attach to an existing program (calc.exe).
I am doing this within Visual Studio and have figured out that it is giving me error code 50 when I do this in Windows 8 64 bit. Looked up to mean 'not supported.'
Things I have tried:
Run VS in elevated and rerun
Looked up and added changes from book
Used book example source from website
used IDLE with/without elevation to run book and my code each.
All of which give errors when attaching. I discovered the error code by stepping through in Visual Studio.
Is there something special in Windows 8 preventing this from working?
Here is my code, it has a defines file (checked, that is fine) and another file to test this code with (just getting input, not the problem either).
Makes a call to 'attach' and 'detach' which is where the issues are.
My code (my_debugger.py)
from ctypes import *
from my_debugger_defines import *
kernel32 = windll.kernel32
class debugger():
def __init__(self):
self.h_process = None
self.pid = None
self.debugger_active = False
def load(self, path_to_exe):
# dwCreation flag determines how process is created
creation_flags = DEBUG_PROCESS
# instantiate structs
startupinfo = STARTUPINFO()
process_information = PROCESS_INFORMATION()
# Following: Allow process to be shown in seperate window
startupinfo.dwflags = 0x1
startupinfo.wShowWindow = 0x0
# initialize cb variable to size of struct
startupinfo.cb = sizeof(startupinfo)
if kernel32.CreateProcessA(path_to_exe,
None,
None,
None,
None,
creation_flags,
None,
None,
byref(startupinfo),
byref(process_information)):
print "[*] We have successfull launched the process!"
print "[*] PID: %d" % process_information.dwProcessId
self.h_process = self.open_process(process_information.dwProcessId)
else:
print "[*] Error: 0x%08x." % kernel32.GetLastError()
def open_process(self, pid):
h_process = kernel32.OpenProcess(PROCESS_ALL_ACCESS, False, pid)
return h_process
def attach(self, pid):
self.h_process = self.open_process(pid)
# Try to attach to process. if it fails we exit
resultAttach = kernel32.DebugActiveProcess(pid)
error = kernel32.GetLastError()
if resultAttach:
self.debugger_active = True
self.pid = int(pid)
#self.run()
else:
self.error = kernel32.GetLastError()
print "[*] Unable to attach to the process."
print "[*] Error: 0x%08x." % kernel32.GetLastError()
def run(self):
# poll for debug events
while self.debugger_active == True:
self.get_debug_event()
def get_debug_event(self):
debug_event = DEBUG_EVENT()
continue_status = DBG_CONTINUE
if kernel32.WaitForDebugEvent(byref(debug_event), INFINATE):
# No handlers yet
# let process resume
raw_input("Press a key to continue....")
kernel32.ContinueDebugEvent(\
debugEvent.dwProccessId,\
debugEvent.dwThreadId,\
continue_status)
def detach(self):
if kernel32.DebugActiveProcessStop(self.pid):
print "[*] Finished debugging. Exitig..."
return True
else:
print "There was an error"
return False
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}