The great Book “Gray Hat Python – Python Programming for Hackers and Reverse Engineers” by Justin Seitz includes some great sample code to build your own debugger using only Python, ctypes and the win32 api. The exmple source code is freely available on the book website at nostarch press: http://nostarch.com/ghpython.htm
Unfortunatly the Windows Debugging Tools, namly the API functions don’t work for 64 bit versions of Windows. So be prepared if the DebugActiveProcess call does return Null.
To check if the failed function call is caused by API problems insert the following just behind the “else” which indicates the failed attachment to the debug process:
print "[*] Unable to attach to the process. %s" % FormatError(kernel32.GetLastError())
The resulting error has the error code 50 (ERROR_NOT_SUPPORTED). The text of the message varies depending your OS language. In german it would be “Die Anforderung wird nicht unterstützt.”, in english “The request is not supported.”.
A solutions to get the examples running would be to use the Windows XP Mode bundled with Win 7 or any other virtual 32 bit machine.
Filed under: Python
Word Gems 
thanks for this. been trying to figure this out for the past hour.
thanks again, I knew it had to be something related to this
[…] using the DebugActiveProcess call in the Microsoft Windows kernel32.dll shared library. Other folks seem to have had the same problem. Fortunately, after some brief reading of the Microsoft MSDN […]
select a 32 bit process to attach to and it works 😉