vtrace

Package vtrace

Vtrace Debugger Framework Vtrace is a *mostly* native python debugging framework which can be used to quickly write programatic debuggers and research tools. I'm not known for writting great docs... but the code should be pretty straight forward... This has been in use for many years privately, but is nowhere *near* free of bugs... idiosyncracies abound. ==== Werd ===================================================== Blah blah blah... many more docs to come. Brought to you by kenshoto. e-mail invisigoth. Greetz: h1kari - eeeeeooorrrmmm CHKCHKCHKCHKCHKCHKCHK Ghetto - wizoo... to the tizoot. atlas - *whew* finally... no more teasing... beatle/dnm - come out and play yo! The Kenshoto Gophers. Blackhats Everywhere.

Submodules

[hide private]

vtrace.archs: Architecture Support Modules
- vtrace.archs.amd64: Amd64 Support Module
- vtrace.archs.arm: ARM Support Module
- vtrace.archs.i386: x86 Support Module
- vtrace.archs.ppc: PPC Support Module (not done)
vtrace.audit: Test for platform functionality (for internal use).
vtrace.breakpoints: Breakpoint Objects
vtrace.envitools: Some tools that require the envi framework to be installed
vtrace.notifiers: Vtrace notitifers base classes and examples
vtrace.platforms: Platform Support Modules
- vtrace.platforms.android
- vtrace.platforms.base: Tracer Platform Base
- vtrace.platforms.darwin: Darwin Platform Module
- vtrace.platforms.freebsd: FreeBSD support...
- vtrace.platforms.gdbstub: GDB support
- vtrace.platforms.linux: Linux Platform Module
- vtrace.platforms.posix: Posix Signaling Module
- vtrace.platforms.solaris: Solaris Platform Module (Incomplete)
- vtrace.platforms.vmware: Underlying platform implementation for kernel debugging with vmware gdbserver.
- vtrace.platforms.win32: Win32 Platform Module
vtrace.qt: QtGui objects which assist in GUIs which use vtrace parts.
vtrace.rmi: Cobra integration for remote debugging
vtrace.snapshot: All the code related to vtrace process snapshots and TraceSnapshot classes.
vtrace.tools: Extra tools (mostly for windows)
- vtrace.tools.iathook: Code for hooking import address tables by making them invalid pointers and catching the exceptions...
- vtrace.tools.win32alloc: A module with some cute toys for monitoring allocations.
- vtrace.tools.win32aslr: Utilities for windows tracer objects.
- vtrace.tools.win32heap: Windows heap allocation helper module
- vtrace.tools.win32stealth: Try to prevent an executable from knowing it's being debugged.
vtrace.util: Extra utilities for vtrace
vtrace.watchpoints: Watchpoint Objects

Classes

[hide private]

PlatformException
A universal way to represent a failure in the platform layer for this tracer.

AccessViolation
An exception which is raised on bad-touch to memory

Trace
The main tracer object.

TraceGroup
Encapsulate several traces, run them, and continue to handle their event notifications.

VtraceExpressionLocals
A class which serves as the namespace dictionary during the evaluation of an expression on a tracer.

Functions

[hide private]

getTrace(plat=None, **kwargs)
Return a tracer object appropriate for this platform.

source code

interact(pid=0, server=None, trace=None)
Just a cute and dirty way to get a tracer attached to a pid and get a python interpreter instance out of it.

source code

Variables

[hide private]

remote = None
hash(x)

cobra_daemon = None
hash(x)

port = 22102

verbose = False

NOTIFY_ALL = 0

NOTIFY_SIGNAL = 1

NOTIFY_BREAK = 2

NOTIFY_STEP = 3

NOTIFY_SYSCALL = 4

NOTIFY_CONTINUE = 5

NOTIFY_EXIT = 6

NOTIFY_ATTACH = 7

NOTIFY_DETACH = 8

NOTIFY_LOAD_LIBRARY = 9

NOTIFY_UNLOAD_LIBRARY = 10

NOTIFY_CREATE_THREAD = 11

NOTIFY_EXIT_THREAD = 12

NOTIFY_DEBUG_PRINT = 13

NOTIFY_MAX = 20

FD_UNKNOWN = 0

FD_FILE = 1

FD_SOCKET = 2

FD_PIPE = 3

FD_LOCK = 4

FD_EVENT = 5

FD_THREAD = 6

FD_REGKEY = 7

SYM_MISC = -1

SYM_GLOBAL = 0

SYM_LOCAL = 1

SYM_FUNCTION = 2

SYM_SECTION = 3

SYM_META = 4

VSYM_NAME = 0

VSYM_ADDR = 1

VSYM_SIZE = 2

VSYM_TYPE = 3

VSYM_FILE = 4

__package__ = 'vtrace'

callback_daemon = None
hash(x)

Function Details

[hide private]

getTrace(plat=None, **kwargs)

source code


Return a tracer object appropriate for this platform.
This is the function you will use to get a tracer object
with the appropriate ancestry for your host.
ex. mytrace = vtrace.getTrace()


NOTE: Use the release() method on the tracer once debugging
      is complete.  This releases the tracer thread and allows
      garbage collection to function correctly.

Some specialized tracers may be constructed by specifying the "plat"
name from one of the following list.  Additionally, each "specialized"
tracer may require additional kwargs (which are listed).

android - Debug android apps through adb (adb must be in your path)
    avd=<name> (None will let adb decide)

vmware32  - Debug a 32bit VMWare target.
    host=<host> - Where is the gdb server listening? (default 127.0.0.1)
    port=<port> - What port (default: 8832)
    os=<osname> - On of "Windows", "Linux" (that's all we support now...)

vmware64  - Debug a 64bit VMWare target.
    host=<host> - Where is the gdb server listening? (default 127.0.0.1)
    port=<port> - What port (default: 8864)
    os=<osname> - On of "Windows", "Linux" (that's all we support now...)

Examples:
    t = vtrace.getTrace() # A tracer for *this* os

    t = vtrace.getTrace(plat='android') # The default ADB device

    t = vtrace.getTrace(plat='vmware32', host='localhost', port=31337)