4

我目前正在学习调试器以及它们如何停止进程。

这是我的代码:

    from ctypes import *
    WORD = c_ushort
    DWORD = c_ulong
    LPBYTE = POINTER(c_ubyte)
    LPTSTR = POINTER(c_char)
    HANDLE = c_void_p
    DEBUG_PROCESS = 0x00000001
    CREATE_NEW_CONSOLE = 0x00000010
    class STARTUPINFO(Structure):
        _fields_ = [
        ("cb", DWORD),
        ("lpReserved", LPTSTR),
        ("lpDesktop", LPTSTR),
        ("lpTitle", LPTSTR),
        ("dwX", DWORD),
        ("dwY", DWORD),
        ("dwXSize", DWORD),
        ("dwYSize", DWORD),
        ("dwXCountChars", DWORD),
        ("dwYCountChars", DWORD),
        ("dwFillAttribute",DWORD),
        ("dwFlags", DWORD),
        ("wShowWindow", WORD),
        ("cbReserved2", WORD),
        ("lpReserved2", LPBYTE),
        ("hStdInput", HANDLE),
        ("hStdOutput", HANDLE),
        ("hStdError", HANDLE),
        ]
    class PROCESS_INFORMATION(Structure):
        _fields_ = [
        ("hProcess", HANDLE),
        ("hThread", HANDLE),
        ("dwProcessId", DWORD),
        ("dwThreadId", DWORD),
        ]


    kernel32 = windll.kernel32
    class debugger():
        def __init__(self):
            pass

        def load(path_to_exe):
            creation_flags = DEBUG_PROCESS
            startupinfo = STARTUPINFO()
            processinfo = PROCESS_INFORMATION()
            startupinfo.dwFlags = 0x1
            startupinfo.wShowWindow = 0x0
            startupinfo.cb = sizeof(startupinfo)
            if kernel32.CreateProcessA(path_to_exe,None,None,None,None,creation_flags,None,None,byref(startupinfo),byref(processinfo)):
                print("[*] Process launched")
                print("[*] PID: %d" % (PROCESS_INFORMATION.dwProcessId))
            else:
                print("[*] Error: 0x%08x." % (kernel32.GetLastError()))

    debugger.load("C:\\WINDOWS\\system32\\calc.exe")

每当我运行它时,它都会出错。:( 我发现它出现该错误的原因是因为 kernel32.CreateProcessA 返回错误。我现在实际上正在跟随 Gray hat python,并且在阅读时我正在将此代码转换为 python 3它。

我的问题是, kernel32.CreateProcessA 在做什么,为什么它返回 false,我怎样才能防止它返回 false?

任何帮助将非常感激!

4

6 回答 6

5

您的代码中有几个错误:

第一个错误是类定义错误的load方法。debugger在您的情况下,最有可能的是静态方法:

# . . .

# This decorator required to make method static
@staticmethod
def load(path_to_exe):
    creation_flags = DEBUG_PROCESS
    startupinfo = STARTUPINFO()
    processinfo = PROCESS_INFORMATION()
    startupinfo.dwFlags = 0x1

# . . .

第二个错误是在print创建进程时:

if kernel32.CreateProcessA(path_to_exe,None,None,None,None,
                           creation_flags,None,None,
                           byref(startupinfo),byref(processinfo)):
    print("[*] Process launched")

    # ERROR AT THE LINE BELOW
    # Your variant: print("[*] PID: %d" % (PROCESS_INFORMATION.dwProcessId))
    # But it should be the structure itself not it "type"
    print("[*] PID: %d" % (processinfo.dwProcessId))  
else:
    print("[*] Error: 0x%08x." % (kernel32.GetLastError()))

就我而言,它可以工作(Windows XP)。如果您的进程没有真正开始并且您收到类似这样的控制台消息:

[*] Error: 0x00000002

然后,如果您使用 Python 3.x,则应该使用 not CreateProcessAbut CreateProcessWfunction,因为 Python 3.x 中的所有字符串都是 unicode(在 WinAPI 中,所有函数都以 'A' 结尾接受 asci-strings,以 'W' 结尾接受 unicode-strings) . 如果您写下您的案例中发生了什么错误或异常,则更准确的答案可能是。

于 2014-05-02T07:48:15.467 回答
3

我在win64上运行像你这样的程序时遇到问题。但是当我将kernel32.CreateProcessA更改为kernel32.CreateProcessW时,程序运行成功。

于 2014-03-01T07:53:10.670 回答
1

您应该调用GetLastError函数来了解错误的真正含义。

ctypes.windll.kernel32.GetLastError

我发现这篇详细的帖子解释了如何调试和修复由 CreateProcessA 引起的错误:Python CreateProcessA 返回 FALSE

于 2014-05-02T07:18:46.903 回答
1

切换你的前两个参数,这样你就有了类似的东西:

kernel32.CreateProcessA(c_char_p(0),c_char_p(path_to_exe),0,0,0,creation_flags,0,0,bytef(startupinfo),byref(processinfo))
于 2013-12-07T23:52:50.013 回答
0

  1. 此行必须是括号: debugger().load("C:\WINDOWS\system32\calc.exe")

  2. 此行必须包含 self: def load(self,path_to_exe)

  3. 如果静态不能包含 self :@staticmethod def load(path_to_exe)

  4. 此行必须是: print("[*] PID: %d" % processinfo.dwProcessId)
于 2016-10-18T19:01:54.893 回答
0

  1. According to a quick sum-up of differences between Python 2xx vs 3xx : Python 2 has separated ASCII str() types and unicode()type. Python 3 has only Unicode (utf-8) string type.

  2. According to WinAPI docs, CreateProcess() has an unicode version which is defined as CreateProcessW() with the same params.

So if you use Python 2xx, using CreateProcessA() . In case of python 3xx, using CreateProcessW().

于 2018-01-23T03:17:18.010 回答