Skip to content

Instantly share code, notes, and snippets.

@OwariDa

OwariDa/asmtrace.py

Created April 11, 2014 19:17
Show Gist options
  • Save OwariDa/10493775 to your computer and use it in GitHub Desktop.
Save OwariDa/10493775 to your computer and use it in GitHub Desktop.
Download ZIP
asmtrace.py
Raw
asmtrace.py
#!/usr/bin/python
#
# Small and simple assembly level tracer (tested on IA-32/AMD64 Linux)
#
# Dependencies:
# pip install python-ptrace distorm3
#
# Copyright (C) Joel Eriksson <je@clevcode.org> 2014
from ptrace.debugger.debugger import PtraceDebugger
from ptrace.debugger.child import createChild
from ptrace.debugger import ProcessSignal
from ptrace.debugger import ProcessExit
import signal
import sys
err = sys.stderr.write
out = sys.stdout.write
if len(sys.argv) < 2:
err("Usage: %s PROG [ARGS...]\n" % sys.argv[0])
sys.exit(0)
dbg = PtraceDebugger()
pid = createChild(sys.argv[1:], False, None)
prg = dbg.addProcess(pid, True)
isDead = False
while not isDead:
eip = prg.getInstrPointer()
ins = prg.disassembleOne(eip)
ops = ins.text.lower().split()
out("%x %-30s %-6s %s\n" % (ins.address, ins.hexa, ops[0], ' '.join(ops[1:])))
prg.singleStep()
evt = prg.waitEvent()
if not isinstance(evt, ProcessSignal) or evt.signum & ~128 != signal.SIGTRAP:
err("Event: %s\n" % evt)
if isinstance(evt, ProcessExit):
isDead = True
dbg.quit()
sys.exit(0)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment