2010-07-30 01:49:35 +08:00
|
|
|
|
|
|
|
|
import sys
|
|
|
|
|
from pykd import *
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def loadSymbols():
|
|
|
|
|
|
|
|
|
|
global nt
|
|
|
|
|
nt = loadModule( "nt" )
|
|
|
|
|
|
|
|
|
|
|
2010-10-25 15:54:10 +08:00
|
|
|
def processInfo():
|
2010-07-30 01:49:35 +08:00
|
|
|
|
|
|
|
|
processList = typedVarList( nt.PsActiveProcessHead, "nt", "_EPROCESS", "ActiveProcessLinks" )
|
|
|
|
|
|
|
|
|
|
for process in processList:
|
2010-10-25 15:54:10 +08:00
|
|
|
dprintln( "".join( [ chr(i) for i in process.ImageFileName.values() ] ) )
|
2010-07-30 01:49:35 +08:00
|
|
|
|
|
|
|
|
return
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if __name__ == "__main__":
|
|
|
|
|
|
|
|
|
|
if not isSessionStart():
|
|
|
|
|
createSession()
|
|
|
|
|
loadDump( sys.argv[1] )
|
|
|
|
|
dprintln( sys.argv[1] + " - loaded OK" )
|
|
|
|
|
|
|
|
|
|
loadSymbols()
|
|
|
|
|
|
2010-10-25 15:54:10 +08:00
|
|
|
processInfo()
|
