haxsys.net

Peach being the monolith that it is, breaks most python debugging tools. As such it makes debugging pit files extremely difficult. I came across the RC of the IPython interactive shell and found that it can actually handle breaking in the middle of cracking input in peach!

Download and install IPython 0.10.1.rc1.

Create a code-behind file for peach with this simple function:

import inspect,IPython
def db():
    uframe = inspect.currentframe().f_back
    return eval('IPython.Shell.IPShellEmbed([])()', dict(globals().items() + uframe.f_globals.items()),uframe.f_locals)

Now anywhere you have an evaluated field you can execute a db() call and break into a python shell with the full context so you have access to the cracker and the DataEmelent! A great feature of IPython is that is also has tab autocompletion and element inspection.

And here is some example usage:

<Import import="*" from="peach_debug"/>
...
<DataModel name="SampleModel">
     <Number name="foo">
        <!-- always break -->
        <Relation type="when" when="db() or True" />
     </Number>

     <Blob name="bar">
       <!-- always break but maintain a conditional so parsing continues -->
        <Relation type="when" when="( db() and False) or int(self.find('foo').getInternalValue()) & 0x1 == 0x1" />
     </Blob>

     <Blob name="bas">
       <!-- break only on specific conditional -->
        <Relation type="when" when="( int(self.find('foo').getInternalValue()) == 0x03 and db()) or True" />
     </Blob>

</DataModel>

Once you are in the IPython shell try the following:

self?
self??
self.getInternalValue()
self.parent?
self.find('foo')
self.find('foo').getInternalValue()

To break out of the shell and resume execution of peach press Ctrl+Z.