0
再次。我正在繼續我的C和Python的旅程。windll.kernel32.OpenProcess(PROCESS_ALL_ACCESS,PID,False):Process_all_Access未定義
今天,我碰巧正在做一個調試器。 目前,這是我
from ctypes import *
from Debugdeclares import *
kernel32 = windll.kernel32
class debugger():
def __init__(self):
self.h_process = None
self.pid = None
self.debugger_active = False
def load(self, path_to_exe):
creation_flags = DEBUG_PROCESS
startupinfo = STARTUPINFO()
processinfo = PROCESS_INFORMATION()
startupinfo.dwFlags = 0x1
startupinfo.wShowWindow = 0x0
startupinfo.cb = sizeof(startupinfo)
if kernel32.CreateProcessA(path_to_exe,None,None,None,None,creation_flags,None,None,byref(startupinfo),byref(processinfo)):
print("[n] Process launched")
print("[n] Process location: %s" % (path_to_exe))
print("[n] PID: %d" % (processinfo.dwProcessId))
self.h_process = self.open_process(processinfo.dwProcessId)
return processinfo.dwProcessId
else:
print("[n] Error: 0x%08x." % (kernel32.GetLastError()))
def open_process(self, pid):
h_process = kernel32.OpenProcess(PROCESS_ALL_ACCESS,pid,False)
這是錯誤一點是,PROCESS_ALL_ACCESS沒有定義。但是,在ctypes庫中,有一個關鍵字的輸入。我試圖使用字符串,字節字符串,但無濟於事。下面是一些額外的信息about the OpenProcess function和about the Process Security and Access Rights
return h_process
def attach(self, pid):
self.h_process = self.open_process(pid)
if kernel32.DebugActiveProcess(pid) == True:
self.debugger_active = True
self.pid = int(pid)
self.run()
else:
print("[n] Unable to Attach Process")
def run(self):
while self.debugger_active == True:
self.get_debug_event()
def get_debug_event(self):
debug_event = DEBUG_EVENT()
continue_status = DBG_CONTINUE
if kernel32.WaitForDebugEvent(byref(debug_event), INFINITE):
input("[n] Nothing to see yet...")
self.debugger_active = False
kernel32.ContinueDebugEvent(\
debug_event.dwProcessId, \
debug_event.dwThreadId, \
continue_status)
def detach(self):
if kernel32.DebugActiveProcessStop(self.pid):
print("[n] Finished debugging. Exiting...")
return True
else:
print("[n] There was an error")
return False
debugger = debugger()
pid = debugger.load(b"C:\\WINDOWS\\system32\\calc.exe")
debugger.attach(pid)
debugger.detach()
所以真的,我要問:什麼是錯誤修復?
非常感謝! - 諾頓
編輯: 哦,是的! 這裏是我的Debugdeclares腳本:
from ctypes import *
WORD = c_ushort
DWORD = c_ulong
LPBYTE = POINTER(c_ubyte)
LPTSTR = POINTER(c_char)
HANDLE = c_void_p
DEBUG_PROCESS = 0x00000001
CREATE_NEW_CONSOLE = 0x00000010
class STARTUPINFO(Structure):
_fields_ = [
("cb", DWORD),
("lpReserved", LPTSTR),
("lpDesktop", LPTSTR),
("lpTitle", LPTSTR),
("dwX", DWORD),
("dwY", DWORD),
("dwXSize", DWORD),
("dwYSize", DWORD),
("dwXCountChars", DWORD),
("dwYCountChars", DWORD),
("dwFillAttribute",DWORD),
("dwFlags", DWORD),
("wShowWindow", WORD),
("cbReserved2", WORD),
("lpReserved2", LPBYTE),
("hStdInput", HANDLE),
("hStdOutput", HANDLE),
("hStdError", HANDLE),
]
class PROCESS_INFORMATION(Structure):
_fields_ = [
("hProcess", HANDLE),
("hThread", HANDLE),
("dwProcessId", DWORD),
("dwThreadId", DWORD),
]
謝謝!爲我的問題工作。:-) 基本上 - 我使用了一個不同的Access修飾符,它給了我IntPtr,但由於某種原因,沒有足夠的權限來獲取ProcessToken的當前高程。隨着這一變化,我現在正在從我的腳本中獲得適當的高度。 – TaterJuice 2015-09-25 19:12:12