我目前正在学习调试器以及它们如何停止进程。
这是我的代码:
from ctypes import *
WORD = c_ushort
DWORD = c_ulong
LPBYTE = POINTER(c_ubyte)
LPTSTR = POINTER(c_char)
HANDLE = c_void_p
DEBUG_PROCESS = 0x00000001
CREATE_NEW_CONSOLE = 0x00000010
class STARTUPINFO(Structure):
_fields_ = [
("cb", DWORD),
("lpReserved", LPTSTR),
("lpDesktop", LPTSTR),
("lpTitle", LPTSTR),
("dwX", DWORD),
("dwY", DWORD),
("dwXSize", DWORD),
("dwYSize", DWORD),
("dwXCountChars", DWORD),
("dwYCountChars", DWORD),
("dwFillAttribute",DWORD),
("dwFlags", DWORD),
("wShowWindow", WORD),
("cbReserved2", WORD),
("lpReserved2", LPBYTE),
("hStdInput", HANDLE),
("hStdOutput", HANDLE),
("hStdError", HANDLE),
]
class PROCESS_INFORMATION(Structure):
_fields_ = [
("hProcess", HANDLE),
("hThread", HANDLE),
("dwProcessId", DWORD),
("dwThreadId", DWORD),
]
kernel32 = windll.kernel32
class debugger():
def __init__(self):
pass
def load(path_to_exe):
creation_flags = DEBUG_PROCESS
startupinfo = STARTUPINFO()
processinfo = PROCESS_INFORMATION()
startupinfo.dwFlags = 0x1
startupinfo.wShowWindow = 0x0
startupinfo.cb = sizeof(startupinfo)
if kernel32.CreateProcessA(path_to_exe,None,None,None,None,creation_flags,None,None,byref(startupinfo),byref(processinfo)):
print("[*] Process launched")
print("[*] PID: %d" % (PROCESS_INFORMATION.dwProcessId))
else:
print("[*] Error: 0x%08x." % (kernel32.GetLastError()))
debugger.load("C:\\WINDOWS\\system32\\calc.exe")
每当我运行它时,都会出错。:(我发现导致该错误的原因是kernel32.CreateProcessA返回false。我现在实际上正沿着灰色帽子python进行操作,在阅读时我正在将此代码转换为python 3它。
我的问题是,kernel32.CreateProcessA在做什么,为什么它返回false,如何防止它返回false?
任何帮助将非常感激!
解决方案
您的代码中有几个错误:
第一个错误是类定义错误的load方法debugger。在您的情况下,最有可能应为staticmethod:
# . . .
# This decorator required to make method static
@staticmethod
def load(path_to_exe):
creation_flags = DEBUG_PROCESS
startupinfo = STARTUPINFO()
processinfo = PROCESS_INFORMATION()
startupinfo.dwFlags = 0x1
# . . .
第二个错误是print如果创建了进程:
if kernel32.CreateProcessA(path_to_exe,None,None,None,None,
creation_flags,None,None,
byref(startupinfo),byref(processinfo)):
print("[*] Process launched")
# ERROR AT THE LINE BELOW
# Your variant: print("[*] PID: %d" % (PROCESS_INFORMATION.dwProcessId))
# But it should be the structure itself not it "type"
print("[*] PID: %d" % (processinfo.dwProcessId))
else:
print("[*] Error: 0x%08x." % (kernel32.GetLastError()))
就我而言,它是可行的(Windows XP)。如果您的进程尚未真正启动,并且您收到控制台消息,则如下所示:
[*] Error: 0x00000002
然后,如果你使用Python 3.x中,你不应该使用CreateProcessA,但CreateProcessW功能,因为在Python 3.x的所有字符串以Unicode(在WinAPI的所有功能与“A”接受ASCI串两端,用“W”接受Unicode的字符串结束) 。如果您写出案例中发生了什么错误或异常,则可能是更准确的答案。
所属网站分类: 技术文章 > python文章
作者:黑洞官方问答小能手
链接: http://www.pythonheidong.com/blog/article/194173/
来源:python黑洞网 www.pythonheidong.com
任何形式的转载都请注明出处,如有侵权 一经发现 必将追究其法律责任
来源:CSDN
作者:data-life
链接:https://blog.csdn.net/ainivip/article/details/103995397