Debugging, Forensics

Debug processes using ptrace and python

python-ptrace is a debugger using ptrace (Linux, BSD and Darwin system call to trace processes) written in Python.

Features
* High level Python object API : PtraceDebugger and PtraceProcess
* Able to control multiple processes: catch fork events on Linux
* Read/write bytes to arbitrary address: take care of memory alignment and split bytes to cpu word
* Execution step by step using ptrace_singlestep() or hardware interruption 3
* Can use distorm disassembler
* Dump registers, memory mappings, stack, etc.
* Syscall tracer and parser (strace.py command)

Source code
Download from bitbucket.

Download/Releases
Download from bitbucket.

Installation
https://python-ptrace.readthedocs.io/en/latest/install.html

Example
Short example attaching a running process. It gets the instruction pointer, executes a single step, and gets the new instruction pointer:
https://python-ptrace.readthedocs.io/en/latest/usage.html#hello-world