Process Death (and afterlife)
The default behavior in libdebug is to kill the debugged process when the script exits. This is done to prevent the process from running indefinitely if the debugging script terminates or you forget to kill it manually. When creating a Debugger object, you can set the kill_on_exit
attribute to False
to prevent this behavior:
You can also change this attribute in an existing Debugger object at runtime:
Behavior when attaching to a process
When debugging is initiated by attaching to an existing process, the kill_on_exit
policy is enforced in the same way as when starting a new process.
Killing the Process
You can kill the process any time the process is stopped using the kill()
method:
The method sends a SIGKILL
signal to the process, which terminates it immediately. If the process is already dead, libdebug will throw an exception. When multiple threads are running, the kill()
method will kill all threads under the parent process.
Process Stop
The kill()
method will not stop a running process, unless libdebug is operating in ASAP Mode. Just like other commands, in the default mode, the kill()
method will wait for the process to stop before executing.
Post Mortem Analysis
You can check if the process is dead using the dead
property:
The running
property
The Debugger object also exposes the running
property. This is not the opposite of dead
. The running
property is True
when the process is not stopped and False
otherwise. If execution was stopped by a stopping event, the running
property will be equal to False
. However, in this case the process can still be alive.
Cause of Death
Has your process passed away unexpectedly? We are sorry to hear that. If your process is indeed defunct, you can access the exit code and signal using exit_code
and exit_signal
. When there is no valid exit code or signal, these properties will return None
.