Home       Trees       Indices       Help   
WinAppDbg - Windows application debugging engine
Package winappdbg :: Module breakpoint :: Class Hook
[hide private]
[frames] | no frames]

Class Hook

Used by Debug.hook_function.

This class acts as an action callback for code breakpoints set at the beginning of a function. It automatically retrieves the parameters from the stack, sets a breakpoint at the return address and retrieves the return value from the function call.

Instance Methods [hide private]
 
__init__(self, preCB=None, postCB=None, paramCount=0)
x.__init__(...) initializes x; see x.__class__.__doc__ for signature
 
__call__(self, event)
Handles the breakpoint event on entry of the function.
 
__postCallAction_hwbp(self, event)
Handles hardware breakpoint events on return from the function.
 
__postCallAction_codebp(self, event)
Handles code breakpoint events on return from the function.
 
__postCallAction(self, event)
Calls the "post" callback.
 
__callHandler(self, callback, event, *params)
Calls a "pre" or "post" handler, if set.
 
hook(self, debug, pid, address)
Installs the function hook at a given process and address.
 
unhook(self, debug, pid, address)
Removes the function hook at a given process and address.

Inherited from object: __delattr__, __getattribute__, __hash__, __new__, __reduce__, __reduce_ex__, __repr__, __setattr__, __str__

Properties [hide private]

Inherited from object: __class__

Method Details [hide private]

__init__(self, preCB=None, postCB=None, paramCount=0)
(Constructor)

 

x.__init__(...) initializes x; see x.__class__.__doc__ for signature

Parameters:
  • preCB (function) - (Optional) Callback triggered on function entry.

    The signature for the callback can be something like this:

       def pre_LoadLibraryEx(event, *params):
       ra   = params[0]        # return address
       argv = params[1:]       # function parameters

       # (...)

    But if you passed the right number of arguments, you can also use a signature like this:

       def pre_LoadLibraryEx(event, ra, lpFilename, hFile, dwFlags):
       szFilename = event.get_process().peek_string(lpFilename)

       # (...)

    In the above example, the value for paramCount would be 3.

  • postCB (function) - (Optional) Callback triggered on function exit.

    The signature for the callback would be something like this:

       def post_LoadLibraryEx(event, return_value):

       # (...)
  • paramCount (int) - (Optional) Number of parameters for the preCB callback, not counting the return address. Parameters are read from the stack and assumed to be DWORDs.
Overrides: object.__init__

__call__(self, event)
(Call operator)

 

Handles the breakpoint event on entry of the function.

Parameters:
Raises:
  • WindowsError - An error occured.

__postCallAction_hwbp(self, event)

 

Handles hardware breakpoint events on return from the function.

Parameters:

__postCallAction_codebp(self, event)

 

Handles code breakpoint events on return from the function.

Parameters:

__postCallAction(self, event)

 

Calls the "post" callback.

Parameters:

__callHandler(self, callback, event, *params)

 

Calls a "pre" or "post" handler, if set.

Parameters:
  • callback (function) - Callback function to call.
  • event (ExceptionEvent) - Breakpoint hit event.
  • params (tuple) - Parameters for the callback function.

hook(self, debug, pid, address)

 

Installs the function hook at a given process and address.

Parameters:
  • debug (Debug) - Debug object.
  • pid (int) - Process ID.
  • address (int) - Function address.

See Also: unhook

Warning: Do not call from an function hook callback.

unhook(self, debug, pid, address)

 

Removes the function hook at a given process and address.

Parameters:
  • debug (Debug) - Debug object.
  • pid (int) - Process ID.
  • address (int) - Function address.

See Also: hook

Warning: Do not call from an function hook callback.


   Home       Trees       Indices       Help   
WinAppDbg - Windows application debugging engine
Generated by Epydoc 3.0.1 on Fri May 15 21:56:29 2009 http://epydoc.sourceforge.net