ducky.debugging module¶
Virtual machine debugging tools - break points, watch points, etc.
Create “point” that’s triggered when a condition is satisfied (e.g. processor executes instruction on specified address, memory at specified address was modified, etc. Then, create “action” (e.g. suspend core), and bind both pieces together - when point gets triggered, execute list of actions.
-
class
ducky.debugging.Action(logger)[source]¶ Bases:
objectBase class of all debugging actions.
Parameters: logger (logging.Logger) – logger instance used for logging. -
act(core, point)[source]¶ This method is called when “action” is executed. Implement it in child classes to give child actions a functionality.
Parameters: - core (ducky.cpu.CPUCore) – CPU core where point was triggered.
- point (ducky.debugging.Point) – point that was triggered.
-
-
class
ducky.debugging.BreakPoint(debugging_set, ip, *args, **kwargs)[source]¶ Bases:
ducky.debugging.Point
-
class
ducky.debugging.DebuggingSet(core)[source]¶ Bases:
object-
_DebuggingSet__check_chain(stage, chain, clean_triggered=False, *args, **kwargs)¶
-
-
class
ducky.debugging.LogMemoryContentAction(logger, address, size)[source]¶ Bases:
ducky.debugging.LogValueActionWhen triggered, logs content of a specified location in memory.
Parameters: - logger (logging.Logger) – logger instance used for logging.
- address (u32_t) – memory location.
- size (int) – size of logged number, in bytes.
-
class
ducky.debugging.LogRegisterContentAction(logger, registers)[source]¶ Bases:
ducky.debugging.LogValueActionWhen triggered, logs content of a specified register.
Parameters: - logger (logging.Logger) – logger instance used for logging.
- registers (list) – list of register names.
-
class
ducky.debugging.LogValueAction(logger, size)[source]¶ Bases:
ducky.debugging.ActionThis is the base class for actions that log a numerical values.
Parameters: - logger (logging.Logger) – logger instance used for logging.
- size (int) – size of logged number, in bytes.
-
get_message(core, point)[source]¶ Return message that, formatted with output of
get_values(), will be shown to user.Parameters: - core (ducky.cpu.CPUCore) – core point was triggered on.
- point (ducky.debugging.Point) – triggered point.
Return type: string
Returns: information message.
-
get_values(core, point)[source]¶ Prepare dictionary with values for message that will be shown to the user.
Parameters: - core (ducky.cpu.CPUCore) – core point was triggered on.
- point (ducky.debugging.Point) – triggered point.
Return type: dict
Returns: dictionary that will be passed to message
format()method.
-
class
ducky.debugging.MemoryWatchPoint(debugging_set, address, read, *args, **kwargs)[source]¶ Bases:
ducky.debugging.Point
-
class
ducky.debugging.Point(debugging_set, active=True, countdown=0)[source]¶ Bases:
objectBase class of all debugging points.
Parameters: - debugging_set (ducky.debugging.DebuggingSet) – debugging set this point belongs to.
- active (bool) – if not
True, point is not active and will not trigger. - countdown (int) – if greater than zero, point has to trigger
countdowntimes before its actions are executed for the first time.
-
is_triggered(core, *args, **kwargs)[source]¶ Test point’s condition.
Parameters: core (ducky.cpu.CPUCore) – core requesting the test. Return type: bool Returns: Trueif condition is satisfied.
-
class
ducky.debugging.SuspendCoreAction(logger)[source]¶ Bases:
ducky.debugging.ActionIf executed, this action will suspend the CPU core that triggered its parent point.
-
ducky.debugging.cmd_bp_active(console, cmd)[source]¶ Toggle “active” flag for a breakpoint: bp-active <id>
-
ducky.debugging.cmd_bp_add_breakpoint(console, cmd)[source]¶ Create new breakpoint: bp-break <#cpuid:#coreid> <address> [active] [countdown]