Add basic support to debug processes on Windows #2327
Conversation
Currently only `windbg.debug()` and `windbg.attach()` are implemented, which open a WinDbg instance and attach to the process.
|
Can you test and review again please @masthoon? |
|
I added some comments. There is a issue with from pwn import *
process(['cmd.exe'], creationflags=4)
exit(0)One way to fix this issue is to first terminate the process then close the file descriptors in # pwntools\pwnlib\tubes\process.py
def close(self):
if self.proc is None:
return
# First check if we are already dead
self.poll()
# Terminate before closing fd
if not self._stop_noticed:
try:
self.proc.kill()
self.proc.wait()
self._stop_noticed = time.time()
self.info('Stopped process %r (pid %i)' % (self.program, self.pid))
except OSError:
pass
# close file descriptors
for fd in [self.proc.stdin, self.proc.stdout, self.proc.stderr]:
if fd is not None:
try:
fd.close()
except IOError as e:
if e.errno != errno.EPIPE and e.errno != errno.EINVAL:
raiseAlso resuming the process would work. |
Only require PROCESS_QUERY_INFORMATION access and check for errors when opening the process.
|
Maybe we can use psutil.Process.resume() to resume all threads in the process atexit, but that seems finicky. Changing the order of killing and closing file descriptiors doesn't seem to matter. The file descriptors were closed in #576 and the testcase of starting and killing lots of processes still doesn't leave dangling file descriptors around when moving the closing after the killing of the process. So I think we can switch up the order and be fine on Linux too. |
Windows processes would block on fd.close() when the main thread is suspended.
Currently only
windbg.debug()andwindbg.attach()are implemented, which open a WinDbg instance and attach to the process.