Created
December 10, 2019 09:04
-
-
Save tahaconfiant/4f4125a2976ebba4b21c8a2fc7b0c14b to your computer and use it in GitHub Desktop.
fork_callback
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def fork_callback(frame, bp_loc, dict): | |
| global backup_bytes | |
| global patch_address | |
| print ("fork() detected!") | |
| error = lldb.SBError() | |
| backup_bytes = frame.thread.process.ReadUnsignedFromMemory(patch_address, 2, error) | |
| # backup_bytes = 0x7d8b | |
| if error.Success(): | |
| print('backup_bytes : 0x%x' % backup_bytes) | |
| else: | |
| print('error: ', error) | |
| # Write infinite loop (EB FE) | |
| new_value = struct.pack('H', 0xfeeb) | |
| result = frame.thread.process.WriteMemory(patch_address, new_value, error) | |
| if not error.Success() or result != len(new_value): | |
| print('SBProcess.WriteMemory() failed!') | |
| print ('child process fully patched') | |
| # Continue on the parent process | |
| frame.thread.process.Continue() |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment