Python-Ptrace - What happens after PtraceProcess.cont()?

Question

I'm looking at a game with python-ptrace. I do not want to disconnect from the server so after attaching to the process, I immediately call cont() to allow it to keep running.

In this state I can still read memory, but I can not write to it.

Is there anyway to break back into the process and then be able to read memory? I have tried re-adding the process, calling detach() and then re-adding. The only thing that has worked is completely closing out Python and reopening it and reopening the process.

Example interaction:

>>> from ptrace.debugger import PtraceDebugger
>>> dbg = PtraceDebugger()
>>> proc = dbg.addProcess(35765, False)
>>> proc.writeBytes(0x185e8c08, '\x00\x40\x1c\x46')
>>> proc.cont()
>>> proc.writeBytes(0x185e8c08, '\x00\x40\x1c\x46')
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/local/lib/python2.7/dist-packages/ptrace/debugger/process.py", line 630, in writeBytes
    self.writeWord(address, bytes2word(word))
  File "/usr/local/lib/python2.7/dist-packages/ptrace/debugger/process.py", line 700, in writeWord
    ptrace_poketext(self.pid, address, word)
  File "/usr/local/lib/python2.7/dist-packages/ptrace/binding/func.py", line 184, in ptrace_poketext
    _poke(PTRACE_POKETEXT, pid, address, word)
  File "/usr/local/lib/python2.7/dist-packages/ptrace/binding/func.py", line 172, in _poke
    ptrace(command, pid, address, word)
  File "/usr/local/lib/python2.7/dist-packages/ptrace/binding/func.py", line 148, in ptrace
    raise PtraceError(message, errno=errno, pid=pid)
ptrace.error.PtraceError: ptrace(cmd=4, pid=35765, 408849416, 4142814460058025984) error #3: No such process
>>> proc.detach()
>>> proc = dbg.addProcess(35765, False) 
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/local/lib/python2.7/dist-packages/ptrace/debugger/debugger.py", line 75, in addProcess
    process = PtraceProcess(self, pid, is_attached, parent=parent)
  File "/usr/local/lib/python2.7/dist-packages/ptrace/debugger/process.py", line 167, in __init__
    self.attach()
  File "/usr/local/lib/python2.7/dist-packages/ptrace/debugger/process.py", line 184, in attach
    ptrace_attach(self.pid)
  File "/usr/local/lib/python2.7/dist-packages/ptrace/binding/func.py", line 155, in ptrace_attach
    ptrace(PTRACE_ATTACH, pid)
  File "/usr/local/lib/python2.7/dist-packages/ptrace/binding/func.py", line 148, in ptrace
    raise PtraceError(message, errno=errno, pid=pid)
ptrace.error.PtraceError: ptrace(cmd=16, pid=35765, 0, 0) error #1: Operation not permitted
>>> proc = dbg.deleteProcess(proc) 
>>> proc = dbg.addProcess(35765, False) 
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/local/lib/python2.7/dist-packages/ptrace/debugger/debugger.py", line 75, in addProcess
    process = PtraceProcess(self, pid, is_attached, parent=parent)
  File "/usr/local/lib/python2.7/dist-packages/ptrace/debugger/process.py", line 167, in __init__
    self.attach()
  File "/usr/local/lib/python2.7/dist-packages/ptrace/debugger/process.py", line 184, in attach
    ptrace_attach(self.pid)
  File "/usr/local/lib/python2.7/dist-packages/ptrace/binding/func.py", line 155, in ptrace_attach
    ptrace(PTRACE_ATTACH, pid)
  File "/usr/local/lib/python2.7/dist-packages/ptrace/binding/func.py", line 148, in ptrace
    raise PtraceError(message, errno=errno, pid=pid)
ptrace.error.PtraceError: ptrace(cmd=16, pid=35765, 0, 0) error #1: Operation not permitted

Any suggestions how to edit this while it is still running?

I don't see a break() function to break back into the process.

Decent doc strings here:

https://github.com/qikon/python-ptrace/blob/master/ptrace/debugger/debugger.py

https://github.com/qikon/python-ptrace/blob/master/ptrace/debugger/process.py

Answer 1

I ran into the same problems when first using python-ptrace. I eventually figured it out and could successfully modify another processes code. Instead of using the PtraceDebugger directly, I directly accessed the ptrace.binding functions. The following is my code.

import time
from ptrace.linux_proc import *  # For the searchProcessByName func
from ptrace.binding import *     # For ptrace funcs

def checkVal(value):
    # Check value bounds and such here
    if value is good:
        return True

def main():
    pid = searchProcessByName("nameofprocess") #or pid = 56437
    addr = 0x32323232 # Note: poke/peek_text requires the address to be aligned
    while True:       # This may require some modifications to your new value as well
        newVal = input("What do you want the new value to be?")
        if checkVal(newVal):
            ptrace_attach(pid) # Attach
            time.sleep(.001) # For some reason, I needed this for it to work
            ptrace_peektext(pid,addr) # Read word at addr
            ptrace_poketext(pid,addr,newVal) # Write newVal at addr
            ptrace_detach(pid) # Let the process resume

That is an extremely stripped down version of my code. I would recommend maybe adding some try/excepts around the ptrace stuff to help if something does go wrong. I hope this helps!