pydebugger

定義結構體

from ctypes import *WORD = c_ushort
DWORD = c_ulong
LPBYTE =  POINTER(c_ubyte)
LPTSTR = POINTER(c_char)
HANDLE = c_void_pDEBUG_PROCESS = 0x00000001
CREATE_NEW_CONSOLE = 0x00000010class STARTUPINFO(Structure):_fields_ = [("cb", DWORD),("lpReserved", LPTSTR),("lpDesktop", LPTSTR),("lpTitle", LPTSTR),("dwX", DWORD),("dwY", DWORD),("dwXSize", DWORD),("dwYSize", DWORD),("dwXCountChars", DWORD),("dwYCountChars", DWORD),("dwFillAttribute", DWORD),("dwFlags", DWORD),("wShowWindow", WORD),('cbReserved2', WORD),('lpReserved2', LPBYTE),('hStdInput', HANDLE),('hStdOutput', HANDLE),('hStdError', HANDLE),]class PROCESS_INFORMATION(Structure):_fields_ = [("hProcess", HANDLE),('hThread', HANDLE),('dwProcessId', DWORD),('dwThreadId', DWORD),]

debugger對象

from ctypes import *
from my_debugger_defines import *kernel32 = windll.kernel32class debugger():def __init__(self):passdef load(self, path_to_exe):creation_flags = DEBUG_PROCESSstartupinfo = STARTUPINFO()process_information = PROCESS_INFORMATION()startupinfo.dwFlags = 0x1startupinfo.wShowWindow = 0x0startupinfo.cb = sizeof(startupinfo)if kernel32.CreateProcessA(path_to_exe,None,None,None,None,creation_flags,None,None,byref(startupinfo),byref(process_information)):print "[*]we have successfully launched the process!"print "[*]PID:%d" % process_information.dwProcessIdelse:print "[*]Error: 0x%08x." % kernel32.GetLastError()

測試代碼

import my_debuggerdebugger = my_debugger.debugger()
debugger.load("C:\Windows\WinSxS\wow64_microsoft-windows-calc_31bf3856ad364e35_10.0.10586.0_none_409843e5f973ed29\calc.exe")

?