pykd/snippets/alpc_conn.py

"""
Print connection port for ALPC-port
"""

import sys
from pykd import *
import ntobj

def printConnPort(portAddr):
  """
  Print connection port by port address
  """
  port = typedVar("nt", "_ALPC_PORT", portAddr)
  if (port != None):
    portCommInfo = typedVar("nt", "_ALPC_COMMUNICATION_INFO", port.CommunicationInfo)
    dprintln( dbgCommand("!object %x" % portCommInfo.ConnectionPort) )
  else:
    dprintln("Error: query port object by address failed")

def main():
  """
  Print connection port for ALPC-port
  Usage: alpc_server <PORT_OBJ_ADDR>
    PORT_OBJ_ADDR - address of ALPC-port. If not specified: 
                    print all ALPC-ports for current process
  """
  argc_ = len(sys.argv)
  if (1 == argc_):
    portTypeAddr = getOffset("nt", "AlpcPortObjectType")
    if (0 != portTypeAddr):
      objTable = typedVar("nt", "_EPROCESS", getCurrentProcess()).ObjectTable
      lstAlpcPorts = ntobj.getListByHandleTable(objTable, ptrPtr(portTypeAddr))
      for port in lstAlpcPorts:
        dprintln("Port object %x" % port + ", conection port:")
        printConnPort(port)
    else:
      dprintln("Error: symbol nt!AlpcPortObjectType not found")
  elif (2 == argc_):
    printConnPort(expr(sys.argv[1]))
  else:
    dprintln(main.__doc__)

if __name__ == "__main__":
  if not isWindbgExt():
    dprintln("Script is launch out of windbg")
    quit(0)

  if (False == isKernelDebugging()):
    dprintln("This script only for kernel debugging")
    quit(0)

  main()
$SND\EreTIk_cp$ [~] sintax fix for ntobj [+] script for print ALPC conection port git-svn-id: https://pykd.svn.codeplex.com/svn@63852 9b283d60-5439-405e-af05-b73fd8c4d996 2011-04-12 01:55:56 +08:00			`"""`
			`Print connection port for ALPC-port`
			`"""`

			`import sys`
			`from pykd import *`
			`import ntobj`

			`def printConnPort(portAddr):`
			`"""`
			`Print connection port by port address`
			`"""`
			`port = typedVar("nt", "_ALPC_PORT", portAddr)`
			`if (port != None):`
			`portCommInfo = typedVar("nt", "_ALPC_COMMUNICATION_INFO", port.CommunicationInfo)`
			`dprintln( dbgCommand("!object %x" % portCommInfo.ConnectionPort) )`
			`else:`
			`dprintln("Error: query port object by address failed")`

			`def main():`
			`"""`
			`Print connection port for ALPC-port`
			`Usage: alpc_server <PORT_OBJ_ADDR>`
			`PORT_OBJ_ADDR - address of ALPC-port. If not specified:`
			`print all ALPC-ports for current process`
			`"""`
			`argc_ = len(sys.argv)`
			`if (1 == argc_):`
			`portTypeAddr = getOffset("nt", "AlpcPortObjectType")`
			`if (0 != portTypeAddr):`
			`objTable = typedVar("nt", "_EPROCESS", getCurrentProcess()).ObjectTable`
			`lstAlpcPorts = ntobj.getListByHandleTable(objTable, ptrPtr(portTypeAddr))`
			`for port in lstAlpcPorts:`
			`dprintln("Port object %x" % port + ", conection port:")`
			`printConnPort(port)`
			`else:`
			`dprintln("Error: symbol nt!AlpcPortObjectType not found")`
			`elif (2 == argc_):`
			`printConnPort(expr(sys.argv[1]))`
			`else:`
			`dprintln(main.__doc__)`

			`if __name__ == "__main__":`
$SND\kernelnet_cp$ [samples] updated: refactored samples git-svn-id: https://pykd.svn.codeplex.com/svn@63978 9b283d60-5439-405e-af05-b73fd8c4d996 2011-04-15 00:01:29 +08:00			`if not isWindbgExt():`
$SND\EreTIk_cp$ [~] sintax fix for ntobj [+] script for print ALPC conection port git-svn-id: https://pykd.svn.codeplex.com/svn@63852 9b283d60-5439-405e-af05-b73fd8c4d996 2011-04-12 01:55:56 +08:00			`dprintln("Script is launch out of windbg")`
			`quit(0)`

			`if (False == isKernelDebugging()):`
			`dprintln("This script only for kernel debugging")`
			`quit(0)`

			`main()`