Debugging, Forensics

Debug processes using ptrace and python

python-ptrace is a debugger using ptrace (Linux, BSD and Darwin system call to trace processes) written in Python.

* High level Python object API : PtraceDebugger and PtraceProcess
* Able to control multiple processes: catch fork events on Linux
* Read/write bytes to arbitrary address: take care of memory alignment and split bytes to cpu word
* Execution step by step using ptrace_singlestep() or hardware interruption 3
* Can use distorm disassembler
* Dump registers, memory mappings, stack, etc.
* Syscall tracer and parser ( command)

Source code
Download from bitbucket.

Download from bitbucket.


Short example attaching a running process. It gets the instruction pointer, executes a single step, and gets the new instruction pointer: