Installation and use pydbg debugger, if you have the will you skip this step, if the debugger is not successfully installed, you can download: PyDBG download and install
Belonging to a sub-module debugger frame under PaiMei: http://www.openrce.org/downloads/details/208/PaiMei
# -*- coding: cp936
import utils,sys
from pydbg import *
from pydbg.defines import *
dbg=pydbg()
isProcess=False
oldWords="报警110"
newWords="火警119"
processName="notepad.exe"
def editWords(dbg,args):
buf=dbg.read_process_memory(args[1],args[2])
if oldWords in buf:
print("原始信息:%s" % buf)
buf=buf.replace(oldWords,newWords)
newBuf=dbg.write_process_memory(args[1],buf)
print("修改之后的信息:%s" % dbg.read_process_memory(args[1],args[2]))
return DBG_CONTINUE
for (pid,name) in dbg.enumerate_processes():
if name.lower()==processName:
isProcess=True
hooks=utils.hook_container()
dbg.attach(pid)
print("进程ID:{0},进程名称:{1}".format(pid,name))
hookAddress=dbg.func_resolve_debuggee("kernel32.dll","WriteFile")
if hookAddress:
hooks.add(dbg,hookAddress,5,editWords,None)
print("设置断点的地址:%s" % hookAddress)
break
else:
print("不能获取钩子地址")
sys.exit(-1)
if isProcess:
print("等待调试器事件的触发")
dbg.run()
else:
print("没有进程:%s" % processName)
sys.exit(-1)
If you are 64-bit operating system, it will complain, as follows:
Traceback (MOST recent Results Last Call):
File "D: \ Python \ 1.py", Line 25, in <Module>
dbg.attach (pid)
File "C: \ Python27 \ lib \ pydbg \ pydbg.py", Line 226, in The attach
self.debug_active_process (pid)
File "C: \ Python27 \ lib \ pydbg \ pydbg.py", Line 839, in debug_active_process
The raise PDX ( "DebugActiveProcess (% d)"% pid, True)
PDX: [50 ] DebugActiveProcess (1264): the request is not supported.
Because I am a Win7 64-bit operating system, so time will resolve the error, then in order to make the debugger can demonstrate success, we fight
to open a 32-bit Notepad, open the C: \ notepad.exe Windows \ SysWOW64 so on it
