Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Example 14 in the tutorial no longer works #21

Open
stevielavern opened this issue Apr 19, 2017 · 5 comments
Open

Example 14 in the tutorial no longer works #21

stevielavern opened this issue Apr 19, 2017 · 5 comments
Labels
bug

Comments

@stevielavern
Copy link

Hi,

"Example #14: watching a buffer" from http://winappdbg.readthedocs.io/en/latest/Debugging.html doesn't work as expected. Entry/Leave callbacks are correctly called when "ReadFile" is called, however, the read buffer is not watched (the access callback is never called).

I modified the script to print the return value of watch_buffer. It always returns None:

C:\winappdbg> python 14_watch_buffer.py notepad.exe

[... open a file in notepad...]

ReadFile:
        Handle a14
        Expected bytes: 1024

ReadFile:
        Status: SUCCESS
        Read bytes: 1024
        watch_buffer returned 'None'

My setup:

C:\winappdbg> ver
Microsoft Windows [Version 10.0.14393]

C:\winappdbg> python
Python 2.7.13 (v2.7.13:a06454b1afa1, Dec 17 2016, 20:53:40) [MSC v.1500 64 bit (AMD64)] on win32

C:\winappdbg> pip show winappdbg
Name: winappdbg
Version: 1.6
Summary: Windows application debugging engine
Home-page: http://winappdbg.readthedocs.io/en/latest/
Author: Mario Vilas
Author-email: mvilas@gmail.com
License: UNKNOWN
Location: c:\python27\lib\site-packages
Requires:
@stevielavern
Copy link
Author

Hi, any info about this? Thanks for your help

@MarioVilas
Copy link
Owner

Hi,

The watch_buffer method does not have a return value - it will always return None, that's normal.

As for the reason why the access callback is never called, I'll try reproducing the problem on my side and get back to you.

Thanks for the very detailed bug report! I appreciate that :)

@MarioVilas
Copy link
Owner

PS: sorry for the late reply, I seem to be always busy lately :(

@stevielavern
Copy link
Author

Thanks for your answer,

The watch_buffer method does not have a return value - it will always return None, that's normal.

Ok, but this page says it should return a "Buffer Watch Identifier" : http://winappdbg.sourceforge.net/doc/v1.5/reference/winappdbg.breakpoint._BreakpointContainer-class.html#watch_buffer

@MarioVilas
Copy link
Owner

Oops, that should not be there. The buffer watch identifier thing was meant to be internally used only. I'll fix the docs...

It was never actually returned by that method, as you can see in the sources: http://winappdbg.sourceforge.net/doc/v1.5/reference/winappdbg.breakpoint-pysrc.html#_BreakpointContainer.watch_buffer

@MarioVilas MarioVilas changed the title watch_buffer returns None Example 14 in the tutorial no longer works Apr 24, 2018
@MarioVilas MarioVilas added the bug label Apr 24, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@MarioVilas @stevielavern