Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Changing the EAX register with Python

107 views
Skip to first unread message

dutche

unread,
Nov 18, 2010, 3:20:44 PM11/18/10
to
Hi folks, I have a unusual question here.

How can I change the value of EAX register under python under Linux??
As paimei does under Windows.

My project is to have a python program that loads a C program and sets
a breakpoint at some address, and then with this breakpoint I change
the EAX register and then continue the program execution.

With Windows and paimei I did that, but under Linux I don't know yet.

Any ideas?

Thank you

Stefan Sonnenberg-Carstens

unread,
Nov 18, 2010, 5:24:10 PM11/18/10
to pytho...@python.org
You asked for it:

from ctypes import *
import time
import os
cdll.LoadLibrary('libc.so.6')
libc = CDLL('libc.so.6')

PTRACE_TRACEME = 0
PTRACE_GETREGS = 12
PTRACE_SETREGS = 13
PTRACE_SYSCALL = 24

SYS_WRITE = 4
SYS_IOCTL = 54

class user_regs_struct(Structure):
_fields_ = [
('ebx',c_ulong),
('ecx',c_ulong),
('edx',c_ulong),
('esi',c_ulong),
('edi',c_ulong),
('ebp',c_ulong),
('eax',c_ulong),
('xds',c_ulong),
('xes',c_ulong),
('xfs',c_ulong),
('xgs',c_ulong),
('orig_eax',c_ulong),
('eip',c_ulong),
('xcs',c_ulong),
('eflags',c_ulong),
('esp',c_ulong),
('xss',c_ulong),
]

child = os.fork()
if child == 0:
libc.ptrace(PTRACE_TRACEME,0,None,None)
os.execl('/bin/ls','ls')
else:
while True:
pid,status = os.wait()
if status != 0:
reg = pointer(user_regs_struct())
libc.ptrace(PTRACE_GETREGS,pid,None,reg)
if reg.contents.orig_eax == SYS_IOCTL:
print 'IOCTL ebx,ecx = 0x%0x,0x%0x' %
(reg.contents.ebx,reg.contents.ecx)
# replace IOCTL with SYS_WRITE
reg.contents.orig_eax = SYS_WRITE
libc.ptrace(PTRACE_SETREGS,pid,None,reg)
libc.ptrace(PTRACE_SYSCALL,pid,None,None)
else:
os._exit(0)


debug.py
stefan_sonnenberg.vcf

Tim Roberts

unread,
Nov 19, 2010, 2:17:00 AM11/19/10
to

You will need to find a Linux application equivalent to PaiMei. Your
question is not "how can I change EAX", your question is "where can I find
a Linux debugger that can be controlled from Python?"

I don't know the answer to that. gdb is quite powerful, and you can
certainly control it by connecting to its stdin and stdout connections.
--
Tim Roberts, ti...@probo.com
Providenza & Boekelheide, Inc.

Stefan Sonnenberg-Carstens

unread,
Nov 19, 2010, 3:28:48 AM11/19/10
to Tim Roberts, pytho...@python.org
Hi,
just read my mail :-)
You can just build an debugger in python yourself.
The script I posted should give you an idea.

> --
> http://mail.python.org/mailman/listinfo/python-list
>
>


--
MfG,

Stefan Sonnenberg-Carstens

IT Architect

David Cournapeau

unread,
Nov 19, 2010, 7:43:44 AM11/19/10
to Tim Roberts, pytho...@python.org
On Fri, Nov 19, 2010 at 4:17 PM, Tim Roberts <ti...@probo.com> wrote:
> dutche <dut...@gmail.com> wrote:
>>
>>Hi folks, I have a unusual question here.
>>
>>How can I change the value of EAX register under python under Linux??
>>As paimei does under Windows.
>>
>>My project is to have a python program that loads a C program and sets
>>a breakpoint at some address, and then with this breakpoint I change
>>the EAX register and then continue the program execution.
>>
>>With Windows and paimei I did that, but under Linux I don't know yet.
>
> You will need to find a Linux application equivalent to PaiMei.  Your
> question is not "how can I change EAX", your question is "where can I find
> a Linux debugger that can be controlled from Python?"

Well, gdb may just be the tool you are looking for: since version 7.0
at least, you can script gdb using python,

http://sourceware.org/gdb/wiki/PythonGdb

cheers,

David

dutche

unread,
Nov 19, 2010, 8:08:37 AM11/19/10
to
Well, I think using ptrace is really the best way, at least what I
have found on Google told me that.

Stefan, your answer will fit perfectlly for me, it was what I'm
searching.

Thank you

On Nov 19, 10:43 am, David Cournapeau <courn...@gmail.com> wrote:

Robert Kern

unread,
Nov 19, 2010, 10:42:50 AM11/19/10
to pytho...@python.org
On 11/19/10 7:08 AM, dutche wrote:
> Well, I think using ptrace is really the best way, at least what I
> have found on Google told me that.

You may also want to look into pinktrace for another wrapper around ptrace. I
haven't used it myself, but it's worth looking into.

http://dev.exherbo.org/~alip/pinktrace/

--
Robert Kern

"I have come to believe that the whole world is an enigma, a harmless enigma
that is made terrible by our own mad attempt to interpret it as though it had
an underlying truth."
-- Umberto Eco

Grant Edwards

unread,
Nov 19, 2010, 11:32:21 AM11/19/10
to
On 2010-11-19, Tim Roberts <ti...@probo.com> wrote:
> dutche <dut...@gmail.com> wrote:

>> My project is to have a python program that loads a C program and
>> sets a breakpoint at some address, and then with this breakpoint I
>> change the EAX register and then continue the program execution.

> You will need to find a Linux application equivalent to PaiMei. Your


> question is not "how can I change EAX", your question is "where can I
> find a Linux debugger that can be controlled from Python?"
>
> I don't know the answer to that. gdb is quite powerful, and you can
> certainly control it by connecting to its stdin and stdout
> connections.

If you're going to do that, you want to run gdb in "machine interface"
mode, which makes it a lot easier to talk to programatically. I've
not done it in Python, but it's easy enough in C, so in Python it
ought to be trivial:

http://sourceware.org/gdb/current/onlinedocs/gdb/GDB_002fMI.html#GDB_002fMI

If you don't want to write code to talk the gdb/mi "command language",
then another option is to use a library like libmigdb:

http://sourceforge.net/projects/libmigdb/

You can probably call the library functions using cytpes:

http://docs.python.org/library/ctypes.html

--
Grant Edwards grant.b.edwards Yow! Psychoanalysis??
at I thought this was a nude
gmail.com rap session!!!

0 new messages