2010-07-30 01:49:35 +08:00
|
|
|
|
|
|
|
|
import sys
|
|
|
|
|
from pykd import *
|
|
|
|
|
|
|
|
|
|
|
2010-10-25 15:54:10 +08:00
|
|
|
def processInfo():
|
2010-07-30 01:49:35 +08:00
|
|
|
|
2011-04-15 00:01:29 +08:00
|
|
|
nt = loadModule( "nt" )
|
|
|
|
|
|
2010-07-30 01:49:35 +08:00
|
|
|
processList = typedVarList( nt.PsActiveProcessHead, "nt", "_EPROCESS", "ActiveProcessLinks" )
|
|
|
|
|
|
|
|
|
|
for process in processList:
|
2011-03-23 00:28:12 +08:00
|
|
|
print "".join( [chr(i) for i in process.ImageFileName if i != 0] )
|
2010-07-30 01:49:35 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if __name__ == "__main__":
|
|
|
|
|
|
|
|
|
|
|
2011-04-15 00:01:29 +08:00
|
|
|
while True:
|
|
|
|
|
|
|
|
|
|
if not isWindbgExt():
|
|
|
|
|
if not loadDump( sys.argv[1] ):
|
|
|
|
|
dprintln( sys.argv[1] + " - load failed" )
|
|
|
|
|
break
|
|
|
|
|
|
|
|
|
|
if not isKernelDebugging():
|
|
|
|
|
dprintln( "not a kernel debugging" )
|
|
|
|
|
break
|
|
|
|
|
|
|
|
|
|
processInfo()
|
|
|
|
|
break
|
2010-07-30 01:49:35 +08:00
|
|
|
|
