Injects code into a running Python process.
Download the latest stable release from PyPi: http://pypi.python.org/pypi/pyrasite
Grab the latest source by running:
git clone git://git.fedorahosted.org/git/pyrasite
You can also fork pyrasite on GitHub: http://github.com/lmacken/pyrasite
from pyrasite.inject import CodeInjector ci = CodeInjector(p.pid) ci.inject('payloads/helloworld.py')
This lets you easily introspect or alter any objects in your running process.
$ python >>> x = 'foo'
$ pyrasite <PID> payloads/reverse_python_shell.py $ nc -l localhost 9001 Python 2.7.1 (r271:86832, Apr 12 2011, 16:15:16) [GCC 4.6.0 20110331 (Red Hat 4.6.0-2)] Type 'quit' to exit. >>> print x foo >>> globals()['x'] = 'bar'
This payload uses meliae to dump all of the objects in your process to an objects.json file (currently dumped in the working directory of your process).
$ pyrasite <PID> payloads/dump_memory.py
Pyrasite also provides a tool to view the values of largest objects in your process.
$ pyrasite-memory-viewer <PID> objects.json
$ pyrasite <PID> payloads/reverse_shell.py $ nc -l localhost 9001 Linux tomservo 22.214.171.124-0.fc15.x86_64 #1 SMP Tue Aug 16 04:10:59 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux Type 'quit' to exit. % ls
Pyrasite comes with a payload that generates an image of your processes call graph using pycallgraph.
$ pyrasite <PID> payloads/start_callgraph.py $ pyrasite <PID> payloads/stop_callgraph.py
payloads/dump_modules.py payloads/dump_stacks.py payloads/force_garbage_collection.py
If you don't want to override Apple's default gdb, install the latest version of gdb with a prefix (e.g. gnu)
$ ./configure --program-prefix=gnu $ pyrasite <PID> payloads/reverse_python_shell.py --prefix="gnu"
Since version 10.10, Ubuntu ships with a controversial patch that restricts the scope of ptrace, which can be disabled by running:
echo 0 > /proc/sys/kernel/yama/ptrace_scope
Luke Macken <email@example.com>
David Malcolm <firstname.lastname@example.org>