debuggee python

 1 #encoding:utf-8
 2 
 3 from ctypes import *
 4 from sys import version as py_ver
 5 
 6 # In python 2.7.6, LPBYTE is not defined in ctypes.wintypes
 7 if py_ver.startswith(‘2‘):
 8     LPBYTE = POINTER(c_byte)
 9     
10 # 为ctypes创建匿名
11 WORD = c_ushort
12 DWORD = c_ulong
13 LPBYTE = POINTER(c_ubyte)
14 LPTSTR = POINTER(c_byte)
15 HANDLE = c_void_p
16 
17 # 常量定义
18 DEBUG_PROCESS = 0x00000001
19 CREATE_NEW_CONSOLE = 0x00000010
20 DBG_EXCEPTION_NOT_HANDLED = 0x80010001
21 
22 # 定义行数CreateProcessA()所需要的结构体
23 class STARTUPINFO(Structure):
24     _fields_ = [
25         ("cb",  DWORD),
26         ("lpReserved",  LPTSTR),
27         ("lpDesktop",   LPTSTR),
28         ("lpTitle",     LPTSTR),
29         ("dwX",         DWORD),
30         ("dwY",         DWORD),
31         ("dwXSize",     DWORD),
32         ("dwYSize",     DWORD),
33         ("dwXCountChars", DWORD),
34         ("dwYCountChars", DWORD),
35         ("dwFillAttribute", DWORD),
36         ("dwFlags",     DWORD),
37         ("wShowWindow", WORD),
38         ("cbReserved2", WORD),
39         ("lpReserved2", LPBYTE),
40         ("hStdInput",   HANDLE),
41         ("hStdOutput",  HANDLE),
42         ("hStdError",   HANDLE),
43     ]
44     
45 class PROCESS_INFORMATION(Structure):
46     _fields_ = [
47         ("hProcess",    HANDLE),
48         ("hThread",     HANDLE),
49         ("dwProcessId", DWORD),
50         ("dwThreadId",  DWORD),
51     ]

#encoding:utf-8

from ctypes import *
from my_debugger_defines import *

kernel32 = windll.kernel32

class debugger():
    def __init__(self):
        pass
    
    def load(self, path_to_exe):
        
        # 参数dwCreationFlags中标志位控制着进程的创建方式
        # 若需要创建的进程独占一个新的控制台窗口，而不是与父进程公用同-
        # - 一个控制台可以加上标志位 CREATE_NEW_CONSOLE
        creation_flags = DEBUG_PROCESS
        
        #实例化之前的结构体
        startupinfo = STARTUPINFO()
        process_information = PROCESS_INFORMATION()
        
        # 在以下两位成员变量的共同作用下，新建的进程将单独的窗体中被显示
        # 可以通过结构体 STARTUPINFO 中各个成员变量的值来控制debugee的进程行为
        startupinfo.dwFlags = 0x1
        startupinfo.wShowWindow = 0x0
        
        # 设置结构体 STARTUPINFO的值
        # cb的值，表示结构体本身的大小
        startupinfo.cb = sizeof(startupinfo)
        #print(startupinfo.cb)
        ## On 64-bit windows, sizeof(STARTUPINFO) == 104.
        ## On 32-bit windows, sizeof(STARTUPINFO) == 68.
        #print(STARTUPINFO.cb.offset)
        #print(STARTUPINFO.lpReserved.offset)
        #print(STARTUPINFO.lpDesktop.offset)
        #print(STARTUPINFO.lpTitle.offset)
        #print(STARTUPINFO.dwX.offset)
        #print(STARTUPINFO.dwY.offset)
        #print(STARTUPINFO.dwXSize.offset)
        #print(STARTUPINFO.dwYSize.offset)
        #print(STARTUPINFO.dwXCountChars.offset)
        #print(STARTUPINFO.dwYCountChars.offset)
        #print(STARTUPINFO.dwFillAttribute.offset)
        #print(STARTUPINFO.dwFlags.offset)
        #print(STARTUPINFO.wShowWindow.offset)
        #print(STARTUPINFO.cbReserved2.offset)
        #print(STARTUPINFO.lpReserved2.offset)
        #print(STARTUPINFO.hStdInput.offset)
        #print(STARTUPINFO.hStdOutput.offset)
        #print(STARTUPINFO.hStdError.offset)
        if kernel32.CreateProcessW(c_wchar_p(path_to_exe),
                                   c_wchar_p(0),
                                   0,
                                   0,
                                   0,
                                   creation_flags,
                                   0,
                                   0,
                                   byref(startupinfo),
                                   byref(process_information)):
            print ("[*] we have successfully launched the process!")
            print ("[PID] :%d " %process_information.dwProcessId)
        
        else:
            print("[*] Error:0x%08x. " %kernel32.GetLastError())
        

#!encoding:utf-8

import my_debugger

debugger = my_debugger.debugger()
debugger.load("C:\\Windows\\system32\\calc.exe")