python-ptrace is a debugger using ptrace (Linux, BSD and Darwin system call to trace processes) written in Python.
python-ptrace is an opensource project written in Python under GNU GPLv2 license.
- High level Python object API : PtraceDebugger and PtraceProcess
- Able to control multiple processes: catch fork events on Linux
- Read/write bytes to arbitrary address: take care of memory alignment and split bytes to cpu word
- Execution step by step using ptrace_singlestep() or hardware interruption 3
- Can use distorm disassembler
- Dump registers, memory mappings, stack, etc.
- :ref:`Syscall tracer and parser <syscall>` (strace.py command)
- Supported operating systems: Linux, FreeBSD, OpenBSD
- Supported architectures: x86, x86_64 (Linux), PPC (Linux), ARM (Linux EAPI)
- Symbols: it's not possible to break on a function or read a variable value
- No C language support: debugger shows assembler code, not your C (C++ or other language) code!
- No thread support
Table of Contents
Project using python-ptrace
- Sandboxing: Plash
- vtrace: Python library (Windows and Linux) supporting threads
- subterfuge by Mike Coleman: Python library (Linux): contains Python binding of ptrace written in C for Python 2.1/2.2. It doesn't work with Python 2.5 (old project, not maintained since 2002)
- strace program (Linux, BSD)
- ltrace program (Linux)
- truss program (Solaris and BSD)
- pytstop by Philippe Biondi: debugger similar to gdb but in very alpha stage (e.g. no disassembler), using ptrace Python binding written in C (from subterfuge)
- strace.py by Philippe Biondi
- Fenris: suite of tools suitable for code analysis, debugging, protocol analysis, reverse engineering, forensics, diagnostics, security audits, vulnerability research
- PyDBG: Windows debugger written in pure Python