Re: Changing the EAX register with Python

Thu, 18 Nov 2010 14:27:22 -0800 

Am 18.11.2010 21:20, schrieb dutche:

Hi folks, I have a unusual question here.

How can I change the value of EAX register under python under Linux??
As paimei does under Windows.

My project is to have a python program that loads a C program and sets
a breakpoint at some address, and then with this breakpoint I change
the EAX register and then continue the program execution.

With Windows and paimei I did that, but under Linux I don't know yet.

Any ideas?

Thank you

You asked for it:

from ctypes import *
import time
import os
cdll.LoadLibrary('libc.so.6')
libc = CDLL('libc.so.6')

PTRACE_TRACEME = 0
PTRACE_GETREGS = 12
PTRACE_SETREGS = 13
PTRACE_SYSCALL = 24

SYS_WRITE =  4
SYS_IOCTL = 54

class user_regs_struct(Structure):
    _fields_ = [
        ('ebx',c_ulong),
        ('ecx',c_ulong),
        ('edx',c_ulong),
        ('esi',c_ulong),
        ('edi',c_ulong),
        ('ebp',c_ulong),
        ('eax',c_ulong),
        ('xds',c_ulong),
        ('xes',c_ulong),
        ('xfs',c_ulong),
        ('xgs',c_ulong),
        ('orig_eax',c_ulong),
        ('eip',c_ulong),
        ('xcs',c_ulong),
        ('eflags',c_ulong),
        ('esp',c_ulong),
        ('xss',c_ulong),
        ]

child = os.fork()
if child == 0:
    libc.ptrace(PTRACE_TRACEME,0,None,None)
    os.execl('/bin/ls','ls')
else:
    while True:
        pid,status = os.wait()
        if status != 0:
            reg = pointer(user_regs_struct())
            libc.ptrace(PTRACE_GETREGS,pid,None,reg)
            if reg.contents.orig_eax == SYS_IOCTL:
print 'IOCTL ebx,ecx = 0x%0x,0x%0x' % (reg.contents.ebx,reg.contents.ecx) 
                # replace IOCTL with SYS_WRITE
                reg.contents.orig_eax = SYS_WRITE
                libc.ptrace(PTRACE_SETREGS,pid,None,reg)
            libc.ptrace(PTRACE_SYSCALL,pid,None,None)
        else:
            os._exit(0)



from ctypes import *
import time
import os
cdll.LoadLibrary('libc.so.6')
libc = CDLL('libc.so.6')

PTRACE_TRACEME = 0
PTRACE_GETREGS = 12
PTRACE_SETREGS = 13
PTRACE_SYSCALL = 24

SYS_WRITE =  4
SYS_IOCTL = 54

class user_regs_struct(Structure):
    _fields_ = [
        ('ebx',c_ulong),
        ('ecx',c_ulong),
        ('edx',c_ulong),
        ('esi',c_ulong),
        ('edi',c_ulong),
        ('ebp',c_ulong),
        ('eax',c_ulong),
        ('xds',c_ulong),
        ('xes',c_ulong),
        ('xfs',c_ulong),
        ('xgs',c_ulong),
        ('orig_eax',c_ulong),
        ('eip',c_ulong),
        ('xcs',c_ulong),
        ('eflags',c_ulong),
        ('esp',c_ulong),
        ('xss',c_ulong),
        ]

child = os.fork()
if child == 0:
    libc.ptrace(PTRACE_TRACEME,0,None,None)
    os.execl('/bin/ls','ls')
else:
    while True:
        pid,status = os.wait()
        if status != 0:
            reg = pointer(user_regs_struct())
            libc.ptrace(PTRACE_GETREGS,pid,None,reg)
            if reg.contents.orig_eax == SYS_IOCTL:
                print 'IOCTL ebx,ecx = 0x%0x,0x%0x' % 
(reg.contents.ebx,reg.contents.ecx)
                # replace IOCTL with SYS_WRITE
                reg.contents.orig_eax = SYS_WRITE 
                libc.ptrace(PTRACE_SETREGS,pid,None,reg)
            libc.ptrace(PTRACE_SYSCALL,pid,None,None)
        else:
            os._exit(0)

<<attachment: stefan_sonnenberg.vcf>>

-- 
http://mail.python.org/mailman/listinfo/python-list

Reply via email to