yet another python module around ptrace()
yet another python module around ptrace()
I wrote this module because I was tired of the module available in
subterfugue : this module is not maintained anymore and it lacks
several features. Why not submit a patch ? Mainly because ptracemodule
is a C wrapper and I don’t want to waste my time resolving unmet build
dependencies or tools, etc.
Furthermore, it’s a simple wrapper Python to C : it’s really not
written with OOP paradigms in mind and there is no abstraction
layer. That was my main problem because I wanted to use the ptrace
interface without using the ptrace() syscall. Sounds silly?
Not really, think about emulating ptrace for hostile binaries/crackmes
for instance! Thus PtraceCore module is not tied to ptrace(): you can
use the utrace*() interface,
Solaris /proc debugging stuff, or even the Microsoft Windows
mechanisms.
The goal of the module is to be fast to deploy, just drop the
ptrace.py into the working directory and just enjoy! No need to
compile anything if you want.
This module uses intensively
the Ctypes module to
use the ptrace() syscall available in the Libc.
This module has only be tested on Linux 2.6. It should be quite easy
to port the interface on other plateforms. You just have to implement
three functions, see the PtraceCoreCtypes class for instance.
There are now a few similar projects which are a lot more complete: