Error on Attaching to the process while debugging

[MalC0de]

Hello there, I'm writting a debugger,
the problem is there no good interpretation ...

here's the codes:

my_debugger.py :

#!/usr/bin/env python
from ctypes import *
from my_debugger_defines import *
kernel32 = windll.kernel32
class debugger():
def __init__(self):
self.h_process = None
self.pid = None
self.debugger_active = False
pass
def load(self,path_to_exe):
creation_flags = DEBUG_PROCESS
startupinfo = STARTUPINFO()
process_information = PROCESSINFORMATION()
startupinfo.dwFlags = 0x1
startupinfo.wShowWindow = 0x0
startupinfo.cb = sizeof(startupinfo)
if kernel32.CreateProcessA(path_to_exe,
None,
None,
None,
None,
creation_flags,
None,
None,
byref(startupinfo),
byref(process_information)):
print "[*]we have sucessfully launched the process"
print "[*]PID %d" % process_information.dwProcessId
self.h_process = self.open_process
(process_information.dwProcessId)
else:
print"[*]Error 0x%08x." % kernel32.GetLastError()

def Open_process(self,pid):
h_process = kernel32.OpenProcess(PROCESS_ALL_ACCESS,pid,False)
return h_process
def attach(self,pid):
self.h_process = self.open_process(pid)
# We attempt to attach to the process
# if this fails we exit the call
if kernel32.DebugActiveProcess(pid):
self.debugger_active = True
self.pid = int(pid)

else:
print "[*] Unable to attach to the process."

def run(self):
while self.debugger_active == True:
self.get_debug_event()
def get_debug_event(self):
debug_event = DEBUG_EVENT()
continue_status = DBG_CONTINUE
if kernel32.WaitForDebugEvent(byref(debug_event),INFINITE):
raw_input("Press a key to continue ...")
self.debugger_active = False
kernel32.ContinueDebugEvent
(debug_event.dwProdcessid,debug_event.dwThreadId,continue_status)
def detach(self):
if kernel32.DeugActiveProcessStop(self.pid):
print "[*]Finished debugging. exiting ..."
return True
else:
print "there was an error"
return false

it's already have a method named : Attach ...

ok, the next source ,
my_test.py which lead python to launching the calc.exe for testing
purpose .

my_test.py :

#!/usr/bin/python
import my_debugger
debugger = my_debugger.debugger()
pid = raw_input("Enter the PID of the process to attach to :")
debugger.attach(int(pid))
debugger.detach()

and finally the essential definitions into my_debugger_defines.py

#!/usr/bin/env python
from ctypes import *
WORD = c_ushort
DWORD = c_ulong
LPBYTE = POINTER(c_ubyte)
LPTSTR = POINTER(c_char)
HANDLE = c_void_p
DEBUG_PROCESS = 0x00000001
CREATE_NEW_CONSOLE = 0x00000010
class STARTUPINFO(Structure):
_fielnds_ = [
("cb", DWORD),
("lpReserved", LPTSTR),
("lpDesktop", LPTSTR),
("lpTitle", LPTSTR),
("dwX", DWORD),
("dwY", DWORD),
("dwXSize", DWORD),
("dwYSize", DWORD),
("dwXCountChars", DWORD),
("dwFillAttribute", DWORD),
("dwFlags", DWORD),
("wShowWindow", WORD),
("cbReserved2", WORD),
("lpReserved2", LPBYTE),
("hStdInput", HANDLE),
("hStdOutput", HANDLE),
("hStdError", HANDLE),
]
class PROCESSINFORMATION(Structure):
_fields_ = [
("hProcess", HANDLE),
("hThread", HANDLE),
("dwProcessId", DWORD),
("dwThreadId", DWORD),
]

when you type : python my_test.py it must run without any problem, but
seems errors occures while interpretation :

Enter the PID of the process to attach to :212
Traceback (most recent call last):
File "C:\python25\2\my_Test.py", line 5, in <module>
debugger.attach(int(pid))
AttributeError: debugger instance has no attribute 'attach'

it's nasty shit !
the my_debugger is already has a definition for attach() ,

please help me up,

thanks ...

 

[Dave Angel]

Hello there, I'm writting a debugger,
the problem is there no good interpretation ...

here's the codes:

my_debugger.py :

#!/usr/bin/env python
from ctypes import *
from my_debugger_defines import *
kernel32 = windll.kernel32
class debugger():
def __init__(self):
self.h_process = None
self.pid = None
self.debugger_active = False
pass
def load(self,path_to_exe):
creation_flags = DEBUG_PROCESS
startupinfo = STARTUPINFO()
process_information = PROCESSINFORMATION()
startupinfo.dwFlags = 0x1
startupinfo.wShowWindow = 0x0
startupinfo.cb = sizeof(startupinfo)
if kernel32.CreateProcessA(path_to_exe,
None,
None,
None,
None,
creation_flags,
None,
None,
byref(startupinfo),
byref(process_information)):
print "[*]we have sucessfully launched the process"
print "[*]PID %d" % process_information.dwProcessId
self.h_process = self.open_process
(process_information.dwProcessId)
else:
print"[*]Error 0x%08x." % kernel32.GetLastError()

def Open_process(self,pid):
h_process = kernel32.OpenProcess(PROCESS_ALL_ACCESS,pid,False)
return h_process
def attach(self,pid):
self.h_process = self.open_process(pid)
# We attempt to attach to the process
# if this fails we exit the call
if kernel32.DebugActiveProcess(pid):
self.debugger_active = True
self.pid = int(pid)

else:
print "[*] Unable to attach to the process."

def run(self):
while self.debugger_active == True:
self.get_debug_event()
def get_debug_event(self):
debug_event = DEBUG_EVENT()
continue_status = DBG_CONTINUE
if kernel32.WaitForDebugEvent(byref(debug_event),INFINITE):
raw_input("Press a key to continue ...")
self.debugger_active = False
kernel32.ContinueDebugEvent
(debug_event.dwProdcessid,debug_event.dwThreadId,continue_status)
def detach(self):
if kernel32.DeugActiveProcessStop(self.pid):
print "[*]Finished debugging. exiting ..."
return True
else:
print "there was an error"
return false

it's already have a method named : Attach ...
<snip>

Indentation is critical. You have defined functions ( Open_process()
attach(), run(), etc. ) that have formal parameters named self, but are
indented outside of the class definition. Indentation trumps, so these
are not attributes of the class. They're functions, not methods.

It looks like you have other indentation problems, but I'll let you run
with this much.

Incidentally, following naming conventions could also help here.
debugger is a class, but it's not capitalized. Open_process() is
intended to be a method, but it is capitalized. And your comments refer
to attach() as Attach... Another convention you're breaking is using
"from ctypes import * " That's a dangerous way to do imports, as it
mixes those names with the ones in this module. I prefer a simple
import, and use the module name as a prefix when you reference those
symbols. If there are a few symbols you do want to have directly
included, then import them one at a time, without the * notation. (just
my opinion)

DaveA