Home       Trees       Indices       Help   
WinAppDbg - Windows application debugging engine
Package winappdbg :: Module breakpoint :: Class Hook
[hide private]
[frames] | no frames]

Class Hook

source code

Used by Debug.hook_function.

This class acts as an action callback for code breakpoints set at the beginning of a function. It automatically retrieves the parameters from the stack, sets a breakpoint at the return address and retrieves the return value from the function call.

Instance Methods [hide private]
 
__init__(self, preCB=None, postCB=None, paramCount=0)
x.__init__(...) initializes x; see x.__class__.__doc__ for signature		 source code
 
__call__(self, event)
Handles the breakpoint event on entry of the function.		 source code
 
__postCallAction_hwbp(self, event)
Handles hardware breakpoint events on return from the function.		 source code
 
__postCallAction_codebp(self, event)
Handles code breakpoint events on return from the function.		 source code
 
__postCallAction(self, event)
Calls the "post" callback.		 source code
 
__callHandler(self, callback, event, *params)
Calls a "pre" or "post" handler, if set.		 source code
 
__push_params(self, tid, params)
Remembers the arguments tuple for the last call to the hooked function from this thread.		 source code
 
__pop_params(self, tid)
Forgets the arguments tuple for the last call to the hooked function from this thread.		 source code
tuple( arg, arg, arg... )
get_params(self, tid)
Returns the parameters found in the stack when the hooked function was last called by this thread.		 source code
list of tuple( arg, arg, arg... )
get_params_stack(self, tid)
Returns the parameters found in the stack each time the hooked function was called by this thread and haven't returned yet.		 source code
 
hook(self, debug, pid, address)
Installs the function hook at a given process and address.		 source code
 
unhook(self, debug, pid, address)
Removes the function hook at a given process and address.		 source code

Inherited from object: __delattr__, __format__, __getattribute__, __hash__, __new__, __reduce__, __reduce_ex__, __repr__, __setattr__, __sizeof__, __str__, __subclasshook__

Class Variables [hide private]
bool useHardwareBreakpoints = False
True to try to use hardware breakpoints, False otherwise.
Properties [hide private]

Inherited from object: __class__

Method Details [hide private]

__init__(self, preCB=None, postCB=None, paramCount=0)
(Constructor)

source code 

x.__init__(...) initializes x; see x.__class__.__doc__ for signature

Parameters:
  • preCB (function) - (Optional) Callback triggered on function entry.

    The signature for the callback can be something like this:

       def pre_LoadLibraryEx(event, *params):
       ra   = params[0]        # return address
       argv = params[1:]       # function parameters

       # (...)

    But if you passed the right number of arguments, you can also use a signature like this:

       def pre_LoadLibraryEx(event, ra, lpFilename, hFile, dwFlags):
       szFilename = event.get_process().peek_string(lpFilename)

       # (...)

    In the above example, the value for paramCount would be 3.

    Note that the second example assumes all parameters are DWORDs. This may not always be so, especially in 64 bits Windows.

  • postCB (function) - (Optional) Callback triggered on function exit.

    The signature for the callback would be something like this:

       def post_LoadLibraryEx(event, return_value):

       # (...)
  • paramCount (int) - (Optional) Number of parameters for the preCB callback, not counting the return address. Parameters are read from the stack and assumed to be DWORDs.
Overrides: object.__init__

__call__(self, event)
(Call operator)

source code 

Handles the breakpoint event on entry of the function.

Parameters:
Raises:
  • WindowsError - An error occured.

__postCallAction_hwbp(self, event)

source code 

Handles hardware breakpoint events on return from the function.

Parameters:

__postCallAction_codebp(self, event)

source code 

Handles code breakpoint events on return from the function.

Parameters:

__postCallAction(self, event)

source code 

Calls the "post" callback.

Parameters:

__callHandler(self, callback, event, *params)

source code 

Calls a "pre" or "post" handler, if set.

Parameters:
  • callback (function) - Callback function to call.
  • event (ExceptionEvent) - Breakpoint hit event.
  • params (tuple) - Parameters for the callback function.

__push_params(self, tid, params)

source code 

Remembers the arguments tuple for the last call to the hooked function from this thread.

Parameters:
  • tid (int) - Thread global ID.
  • params (tuple( arg, arg, arg... )) - Tuple of arguments.

__pop_params(self, tid)

source code 

Forgets the arguments tuple for the last call to the hooked function from this thread.

Parameters:
  • tid (int) - Thread global ID.

get_params(self, tid)

source code 

Returns the parameters found in the stack when the hooked function was last called by this thread.

Parameters:
  • tid (int) - Thread global ID.
Returns: tuple( arg, arg, arg... )
Tuple of arguments.

get_params_stack(self, tid)

source code 

Returns the parameters found in the stack each time the hooked function was called by this thread and haven't returned yet.

Parameters:
  • tid (int) - Thread global ID.
Returns: list of tuple( arg, arg, arg... )
List of argument tuples.

hook(self, debug, pid, address)

source code 

Installs the function hook at a given process and address.

Parameters:
  • debug (Debug) - Debug object.
  • pid (int) - Process ID.
  • address (int) - Function address.

See Also: unhook

Warning: Do not call from an function hook callback.

unhook(self, debug, pid, address)

source code 

Removes the function hook at a given process and address.

Parameters:
  • debug (Debug) - Debug object.
  • pid (int) - Process ID.
  • address (int) - Function address.

See Also: hook

Warning: Do not call from an function hook callback.


   Home       Trees       Indices       Help   
WinAppDbg - Windows application debugging engine
Generated by Epydoc 3.0.1 on Fri Feb 12 19:46:16 2010 http://epydoc.sourceforge.net