Skip to content

Debug usage

sduverger edited this page Sep 21, 2011 · 1 revision

You can use the client python interface alone or with your favorite debugging tools (IDA, gdb, ...).

As many debugging tools are dedicated to process debugging, you can use the python interface to Ramooflax to inform the hypervisor which process you want to debug.

We provide python scripts whose name starts with test_find_process_and_set_active_cr3 <prog_name>. They are usefull to let the hypervisor helps you find the being debugged process and force Ramooflax to later act only on this process.

Any memory access, breakpoint settings and single stepping actions will only be directed to the specific process.

From this point, using the client python interface or your favorite tool makes no difference. Tools will act as if they were working on a process.

Tell IDA or gdb to attach to Ramooflax (remember remote TCP to devboard). Once attached, the best way to start working on the process is to install a soft/hard breakpoint into the process that is sure to be reached and then resume the VM.

IDA or gdb will give you control upon breakpoint match and you will be able to start working onto the specific process.

Once detached from IDA or gdb, make use of test_cleanup.py script to remove any reference to the process into Ramooflax.

Clone this wiki locally