Created
February 25, 2014 17:29
-
-
Save RobinDavid/9213673 to your computer and use it in GitHub Desktop.
Pydbg: sample hook printf function of a process
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
from pydbg import * | |
from defines import * | |
import struct | |
import random | |
def printf_randomizer(dbg): | |
# Read in the value of the counter at ESP + 0x8 as a DWORD | |
parameter_addr = dbg.context.Esp + 0x8 | |
counter = dbg.read_process_memory(parameter_addr,4) #will be trigger when counter=4 | |
# When we use read_process_memory, it returns a packed binary | |
# string. We must first unpack it before we can use it further. | |
counter = struct.unpack("L",counter)[0] | |
print "Counter: %d" % int(counter) | |
#Generate a random number and pack it into binary format | |
#so that it is written correctly back into the process | |
random_counter = random.randint(1,100) | |
random_counter = struct.pack("L",random_counter)[0] | |
# Write the new packed registry value to the process and resume it | |
dbg.write_process_memory(parameter_addr,random_counter) | |
return DBG_CONTINUE #Define how to resume the process (here normally) | |
dbg = pydbg() #Instantiate the pydbg class | |
pid = raw_input("Enter the printf_loop.py PID: ") | |
dbg.attach(int(pid)) #Attach the debugger to the process | |
printf_address = dbg.func_resolve("msvcrt","printf") #"Hook" the printf function in the attached process | |
dbg.bp_set(printf_address,description="printf_address",handler=printf_randomizer) #Define a breakpoint which call back the function define above | |
dbg.run()#Run the debugger |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment