Skip to main content

Inject code into a running Python process

Project description

Pyrasite lets you to inject arbitrary code into an unaltered running Python process.

Requirements

Download

Download the latest stable release from PyPi: http://pypi.python.org/pypi/pyrasite

pip install pyrasite

You can also run the latest pyrasite from source:

git clone git://git.fedorahosted.org/git/pyrasite
cd pyrasite
python -m pyrasite.main

You can also fork pyrasite on GitHub: http://github.com/lmacken/pyrasite

pyrasite-gui

The gui has been moved into it’s own repository: https://github.com/lmacken/pyrasite-gui

http://lewk.org/img/pyrasite/pyrasite-info.png

API

from pyrasite.inject import CodeInjector

ci = CodeInjector(p.pid)
ci.inject('pyrasite/payloads/helloworld.py')

Payloads

Reverse Python Shell

This lets you easily introspect or alter any objects in your running process.

$ python
>>> x = 'foo'
$ pyrasite <PID> pyrasite/payloads/reverse_python_shell.py
$ nc -l 9001
Python 2.7.1 (r271:86832, Apr 12 2011, 16:15:16)
[GCC 4.6.0 20110331 (Red Hat 4.6.0-2)]
Type 'quit' to exit.
>>> print x
foo
>>> globals()['x'] = 'bar'

Viewing the largest objects in your process

This payload uses meliae to dump all of the objects in your process to an objects.json file (currently dumped in the working directory of your process).

We recommend using python-meliae from your OS distribution, if available. If it is not, you will need to first install Cython, and then meliae seperately. If pip/easy_install does not work, you may need to use the tarball from the upstream website.

$ pyrasite <PID> pyrasite/payloads/dump_memory.py

Pyrasite also provides a tool to view the values of largest objects in your process. This requires urwid to be installed.

$ pyrasite-memory-viewer <PID> objects.json
http://lewk.org/img/pyrasite-memory-viewer.png

Reverse Shell

$ pyrasite <PID> pyrasite/payloads/reverse_shell.py
$ nc -l 9001
Linux tomservo 2.6.40.3-0.fc15.x86_64 #1 SMP Tue Aug 16 04:10:59 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux
Type 'quit' to exit.
% ls

Call Graph

Pyrasite comes with a payload that generates an image of your processes call graph using pycallgraph.

$ pyrasite <PID> pyrasite/payloads/start_callgraph.py
$ pyrasite <PID> pyrasite/payloads/stop_callgraph.py

The callgraph is then generated using graphviz and saved to callgraph.png. You can see an example callgraph here.

Dumping modules, thread stacks, and forcing garbage collection

pyrasite/payloads/dump_modules.py
pyrasite/payloads/dump_stacks.py
pyrasite/payloads/force_garbage_collection.py

Additional installation notes

Mac OS X

If you don’t want to override Apple’s default gdb, install the latest version of gdb with a prefix (e.g. gnu)

$ ./configure --program-prefix=gnu
$ pyrasite <PID> pyrasite/payloads/reverse_python_shell.py --prefix="gnu"

Ubuntu

Since version 10.10, Ubuntu ships with a controversial patch that restricts the scope of ptrace, which can be disabled by running:

echo 0 | sudo tee /proc/sys/kernel/yama/ptrace_scope

Arch Linux

You can install pyrasite from the Arch User Repository If you want python debugging symbols, you may have to self compile python2.

IRC

#pyrasite on Freenode.

Authors

Luke Macken <lmacken@redhat.com>

http://api.coderwall.com/lmacken/endorsecount.png

David Malcolm <dmalcolm@redhat.com>

Project details


Release history Release notifications

History Node

2.0

History Node

2.0beta9

History Node

2.0beta8

History Node

2.0beta7

History Node

2.0beta6

This version
History Node

2.0beta5

History Node

2.0beta4

History Node

2.0beta3

History Node

2.0beta2

History Node

2.0beta

History Node

1.1

History Node

1.0

History Node

1.0dev

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Filename, size & hash SHA256 hash help File type Python version Upload date
pyrasite-2.0beta5.tar.gz (31.9 kB) Copy SHA256 hash SHA256 Source None Mar 15, 2012

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging CloudAMQP CloudAMQP RabbitMQ AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN DigiCert DigiCert EV certificate StatusPage StatusPage Status page