debugee:
from ctypes import *
import time
msvcrt = cdll.msvcrt
counter = 0
while 1:
msvcrt.printf("Loop iteration %d!\n",counter)
time.sleep(2)
counter += 1
使用pydbg来扩展处理过程
在msvcrt.printf处下断处理
#coding=utf-8
from pydbg import *
from pydbg.defines import *
import struct,random
def printf_randomizer(dbg):
parameter_addr=dbg.context.Esp+0x8
counter=dbg.read_process_memory(parameter_addr,4)
counter=struct.unpack("L",counter)[0]
print "counter: %d",int(counter)
random_counter=random.randint(1,900)
random_counter=struct.pack("L",random_counter)[0]
dbg.write_process_memory(parameter_addr,random_counter)
return DBG_CONTINUE
dbg=pydbg()
pid=raw_input('>')
dbg.attach(int(pid))
printf_address=dbg.func_resolve("msvcrt","printf")
dbg.bp_set(printf_address,description="printf_address",handler=printf_randomizer)
dbg.run()
结果如下:
C:\Users\test\Desktop\pythonblack\4>python printf_loop.py
Loop iteration 0!
Loop iteration 1!
Loop iteration 2!
Loop iteration 3!
Loop iteration 4!
Loop iteration 5!
Loop iteration 6!
Loop iteration 7!
Loop iteration 8!
Loop iteration 21!
Loop iteration 36!
Loop iteration 103!
Loop iteration 86!
Loop iteration 185!
Loop iteration 116!
Loop iteration 46!
Loop iteration 153!
Loop iteration 122!
Loop iteration 238!
C:\Users\test\Desktop\pythonblack\4>python printf_random.py
>4472
counter: %d 9
counter: %d 10
counter: %d 11
counter: %d 12
counter: %d 13
counter: %d 14
counter: %d 15
counter: %d 16
counter: %d 17
counter: %d 18
counter: %d 19
counter: %d 20
counter: %d 21
counter: %d 22
counter: %d 23