ptrace

ptrace

关注
发信
关注(28)粉丝(399)

python - Python-Ptrace-PtraceProcess.cont()之后会发生什么?

我正在用python-ptrace看游戏。我不想与服务器断开连接,因此在附加到进程后,我立即调用cont()使其继续运行。

在这种状态下,我仍然可以读取内存,但是无法对其进行写入。

无论如何,有没有可以重新进入进程然后能够读取内存的信息?我尝试过重新添加该过程,调用detach()然后重新添加。唯一有效的方法是完全关闭Python,然后重新打开它并重新打开该过程。

交互示例:

>>> from ptrace.debugger import PtraceDebugger
>>> dbg = PtraceDebugger()
>>> proc = dbg.addProcess(35765, False)
>>> proc.writeBytes(0x185e8c08, '\x00\x40\x1c\x46')
>>> proc.cont()
>>> proc.writeBytes(0x185e8c08, '\x00\x40\x1c\x46')
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/local/lib/python2.7/dist-packages/ptrace/debugger/process.py", line 630, in writeBytes
    self.writeWord(address, bytes2word(word))
  File "/usr/local/lib/python2.7/dist-packages/ptrace/debugger/process.py", line 700, in writeWord
    ptrace_poketext(self.pid, address, word)
  File "/usr/local/lib/python2.7/dist-packages/ptrace/binding/func.py", line 184, in ptrace_poketext
    _poke(PTRACE_POKETEXT, pid, address, word)
  File "/usr/local/lib/python2.7/dist-packages/ptrace/binding/func.py", line 172, in _poke
    ptrace(command, pid, address, word)
  File "/usr/local/lib/python2.7/dist-packages/ptrace/binding/func.py", line 148, in ptrace
    raise PtraceError(message, errno=errno, pid=pid)
ptrace.error.PtraceError: ptrace(cmd=4, pid=35765, 408849416, 4142814460058025984) error #3: No such process
>>> proc.detach()
>>> proc = dbg.addProcess(35765, False)
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/local/lib/python2.7/dist-packages/ptrace/debugger/debugger.py", line 75, in addProcess
    process = PtraceProcess(self, pid, is_attached, parent=parent)
  File "/usr/local/lib/python2.7/dist-packages/ptrace/debugger/process.py", line 167, in __init__
    self.attach()
  File "/usr/local/lib/python2.7/dist-packages/ptrace/debugger/process.py", line 184, in attach
    ptrace_attach(self.pid)
  File "/usr/local/lib/python2.7/dist-packages/ptrace/binding/func.py", line 155, in ptrace_attach
    ptrace(PTRACE_ATTACH, pid)
  File "/usr/local/lib/python2.7/dist-packages/ptrace/binding/func.py", line 148, in ptrace
    raise PtraceError(message, errno=errno, pid=pid)
ptrace.error.PtraceError: ptrace(cmd=16, pid=35765, 0, 0) error #1: Operation not permitted
>>> proc = dbg.deleteProcess(proc)
>>> proc = dbg.addProcess(35765, False)
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/local/lib/python2.7/dist-packages/ptrace/debugger/debugger.py", line 75, in addProcess
    process = PtraceProcess(self, pid, is_attached, parent=parent)
  File "/usr/local/lib/python2.7/dist-packages/ptrace/debugger/process.py", line 167, in __init__
    self.attach()
  File "/usr/local/lib/python2.7/dist-packages/ptrace/debugger/process.py", line 184, in attach
    ptrace_attach(self.pid)
  File "/usr/local/lib/python2.7/dist-packages/ptrace/binding/func.py", line 155, in ptrace_attach
    ptrace(PTRACE_ATTACH, pid)
  File "/usr/local/lib/python2.7/dist-packages/ptrace/binding/func.py", line 148, in ptrace
    raise PtraceError(message, errno=errno, pid=pid)
ptrace.error.PtraceError: ptrace(cmd=16, pid=35765, 0, 0) error #1: Operation not permitted


有什么建议如何在它仍然运行时对其进行编辑?

我看不到break()函数可以重新进入进程。

体面的文档字符串在这里:

https://github.com/qikon/python-ptrace/blob/master/ptrace/debugger/debugger.py

https://github.com/qikon/python-ptrace/blob/master/ptrace/debugger/process.py

最佳答案

第一次使用python-ptrace时遇到了同样的问题。我最终弄清楚了,可以成功地修改另一个流程代码。我没有直接使用PtraceDebugger,而是直接访问了ptrace.binding函数。以下是我的代码。

import time
from ptrace.linux_proc import *  # For the searchProcessByName func
from ptrace.binding import *     # For ptrace funcs

def checkVal(value):
    # Check value bounds and such here
    if value is good:
        return True

def main():
    pid = searchProcessByName("nameofprocess") #or pid = 56437
    addr = 0x32323232 # Note: poke/peek_text requires the address to be aligned
    while True:       # This may require some modifications to your new value as well
        newVal = input("What do you want the new value to be?")
        if checkVal(newVal):
            ptrace_attach(pid) # Attach
            time.sleep(.001) # For some reason, I needed this for it to work
            ptrace_peektext(pid,addr) # Read word at addr
            ptrace_poketext(pid,addr,newVal) # Write newVal at addr
            ptrace_detach(pid) # Let the process resume


那是我代码的精简版。我建议也许在ptrace内容周围添加一些try / excepts来帮助您解决某些错误。我希望这有帮助!

关于python - Python-Ptrace-PtraceProcess.cont()之后会发生什么?,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/30262819/

10-12 16:06
Powered by LMLPHP ©2024 ptrace 0.043990