lundi 23 février 2015

GetProcAddress return value

I am learning how to create a simple debugger in python, using ctypes on Windows 7. My problem is that the code given below seems to be returning an invalid address(this is my guess as to the problem), but I can't figure out why. I thought perhaps it is because the handle being returned is either no longer valid by the time my code uses it, or maybe I am being returned a handle that has nothing to do with my script due my simply providing "msvcrt.dll" as the module. I've done a lot of tinkering around, but haven't found a solution as yet.



def func_resolve(self, dll, function):
    handle = kernel32.GetModuleHandleA(dll)
    address = kernel32.GetProcAddress(handle, function)

    kernel32.CloseHandle(handle)

    return address


The above code is called from this short test script:



import my_debugger

debugger = my_debugger.debugger()

pid = raw_input("Input PID of process to attach to: ")
debugger.attach(int(pid))

printf_address = debugger.func_resolve("msvcrt.dll", "printf")
print "[*] Address of printf: 0x%08x" % printf_address
debugger.bp_set(printf_address)

debugger.run()
debugger.detach()


This is the script whose process I am attaching to:



from ctypes import *
import time

msvcrt = cdll.msvcrt
counter = 0

while True:
    msvcrt.printf("Loop iteration %d /n", counter)
    time.sleep(2)
    counter += 1


So I run the above script, find the PID in task manager, then run my test script and give it the PID. I get the following output each time. The user-defined breakpoint at printf is never reached, and it's address is always given as 0x00000000, which doesn't seem right.



Input PID of process to attach to: 8124
Process PID: 8124
[*] Address of printf: 0x00000000       
[*] Setting breakpoint at 0x00000000    
[*] Waiting for debug events...
[*] Event Code: 3       Thread ID: 7664
[*] Event Code: 6       Thread ID: 7664
[*] Event Code: 6       Thread ID: 7664
[*] Event Code: 6       Thread ID: 7664
[*] Event Code: 6       Thread ID: 7664
[*] Event Code: 6       Thread ID: 7664
[*] Event Code: 6       Thread ID: 7664
[*] Event Code: 6       Thread ID: 7664
[*] Event Code: 6       Thread ID: 7664
[*] Event Code: 6       Thread ID: 7664
[*] Event Code: 6       Thread ID: 7664
[*] Event Code: 6       Thread ID: 7664
[*] Event Code: 6       Thread ID: 7664
[*] Event Code: 6       Thread ID: 7664
[*] Event Code: 6       Thread ID: 7664
[*] Event Code: 6       Thread ID: 7664
[*] Event Code: 6       Thread ID: 7664
[*] Event Code: 6       Thread ID: 7664
[*] Event Code: 6       Thread ID: 7664
[*] Event Code: 6       Thread ID: 7664
[*] Event Code: 6       Thread ID: 7664
[*] Event Code: 2       Thread ID: 7124
[*] Event Code: 1       Thread ID: 7124
[*] Exception address: 0x76e00590
[*] Hit the first breakpoint
[*] Event Code: 4       Thread ID: 7124


Can anyone see what I am doing wrong? I can provide all the code if need be..


Publié par à
Libellés :

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)