python-ptrace 0.6.2

python binding of ptrace

python-ptrace is a Python binding of ptrace library.

The binding works on:

• Linux version 2.6.20 on i386, x86_64, PPC (may works on Linux 2.4.x and 2.6.x)

• Linux version 2.4 on PPC

• FreeBSD version 7.0RC1 on i386 (may works on FreeBSD 5.x/6.x)

• OpenBSD version 4.2 on i386

Features:

• High level Python object API : !PtraceDebugger and !PtraceProcess

• Able to control multiple processes: catch fork events on Linux

• Read/write bytes to arbitrary address: take care of memory alignment and split bytes to cpu word

• Execution step by step using ptrace_singlestep() or hardware interruption 3

• Can use distorm (http://www.ragestorm.net/distorm/) disassembler

• Dump registers, memory mappings, stack, etc.

• Syscall tracer and parser (strace command)

Website: http://bitbucket.org/haypo/python-ptrace/wiki/Home

Installation

Read INSTALL documentation file.

Documentation

Browse doc/ and examples/ directories.

Changelog

python-ptrace 0.6.2 (2009-11-09)

• Fix 64 bits sub registers (set mask for eax, ebx, ecx, edx)

python-ptrace 0.6.1 (2009-11-07)

• Create follow, showfollow, resetfollow, xray commands in gdb.py. Patch written by Dimitris Glynos

• Project website moved to http://bitbucket.org/haypo/python-ptrace/

• Replace types (u)intXX_t by c_(u)intXX

• Create MemoryMapping.search() method and MemoryMapping now keeps a weak reference to the process

python-ptrace 0.6 (2009-02-13)

User visible changes:

• python-ptrace now depends on Python 2.5

• Invalid memory access: add fault address in the name

• Update Python 3.0 conversion patch

• Create -i (–show-ip) option to strace.py: show instruction pointer

• Add a new example (itrace.py) written by Mark Seaborn and based on strace.py

API changes:

• PtraceSyscall: store the instruction pointer at syscall enter (if the option instr_pointer=True, disabled by default)

• Remove PROC_DIRNAME and procFilename() from ptrace.linux_proc

Bugfixes:

• Fix locateProgram() for relative path

• Fix interpretation of memory fault on MOSVW instruction (source is ESI and destination is EDI, and not the inverse!)

python-ptrace 0.5 (2008-09-13)

Visible changes:

• Write an example (the most simple debugger) and begin to document the code

• gdb.py: create “dbginfo” command

• Parse socket syscalls on FreeBSD

• On invalid memory access (SIGSEGV), eval the dereference expression to get the fault address on OS without siginfo (eg. FreeBSD)

• Fixes to get minimal Windows support: fix imports, fix locateProgram()

Other changes:

• Break the API: - Rename PtraceDebugger.traceSysgood() to PtraceDebugger.enableSysgood() - Rename PtraceDebugger.trace_sysgood to PtraceDebugger.use_sysgood - Remove PtraceProcess.readCode()

• Create createChild() function which close all files except stdin, stdout and stderr

• On FreeBSD, on process exit recalls waitpid(pid) to avoid zombi process

python-ptrace 0.4.2 (2008-08-28)

• BUGFIX: Fix typo in gdb.py (commands => command_str), it wasn’t possible to write more than one command…

• BUGIFX: Fix typo in SignalInfo class (remove “self.”). When a process received a signal SIGCHLD (because of a fork), the debugger exited because of this bug.

• BUGFIX: Debugger._wait() return abnormal process exit as a normal event, the event is not raised as an exception

• PtraceSignal: don’t clear preformatted arguments (eg. arguments of execve)

python-ptrace 0.4.1 (2008-08-23)

• The project has a new dedicated website: http://python-ptrace.hachoir.org/

• Create cptrace: optional Python binding of ptrace written in C (faster than ptrace, the Python binding written in Python with ctypes)

• Add name attribute to SignalInfo classes

• Fixes to help Python 3.0 compatibility: don’t use sys.exc_clear() (was useless) in writeBacktrace()

• ProcessState: create utime, stime, starttime attributes

python-ptrace 0.4.0 (2008-08-19)

Visible changes:

• Rename the project to “python-ptrace” (old name was “Ptrace)

• strace.py: create –ignore-regex option

• PtraceSignal: support SIGBUS, display the related registers and the instruction

• Support execve() syscall tracing

Developer changes:

• New API is incompatible with 0.3.2

• PtraceProcess.waitProcessEvent() accepts optional blocking=False argument

• PtraceProcess.getreg()/setreg() are able to read/write i386 and x86-64 “sub-registers” like al or bx

• Remove iterProc() function, replaced by openProc() with explicit call to .close() to make sure that files are closed

• Create searchProcessesByName()

• Replace CPU_PPC constant by CPU_POWERPC and create CPU_PPC32 and CPU_PPC64

• Create MemoryMapping object, used by readMappings() and findStack() methods of PtraceProcess

• Always define all PtraceProcess methods but raise an error if the function is not implemented