2010-07-27 18:24:50 +08:00
|
|
|
from pykd import *
|
|
|
|
|
import sys
|
|
|
|
|
|
|
|
|
|
|
2011-02-15 21:17:30 +08:00
|
|
|
def getServiceAddrWlh(Start, Offset):
|
|
|
|
|
return Start + (Offset / 16)
|
|
|
|
|
|
|
|
|
|
def getServiceAddr2k3(Start, Offset):
|
2011-02-18 04:07:12 +08:00
|
|
|
return Start + (Offset & ~0xf)
|
2011-02-15 21:17:30 +08:00
|
|
|
|
|
|
|
|
if (ptrWord(getOffset("nt", "NtBuildNumber")) == 3790):
|
|
|
|
|
getServiceAddr = getServiceAddr2k3
|
|
|
|
|
else:
|
|
|
|
|
getServiceAddr = getServiceAddrWlh
|
|
|
|
|
|
|
|
|
|
|
2010-07-27 18:24:50 +08:00
|
|
|
def checkSSDT():
|
|
|
|
|
|
|
|
|
|
nt = loadModule( "nt" )
|
2011-01-17 15:31:35 +08:00
|
|
|
|
2010-07-27 18:24:50 +08:00
|
|
|
|
2010-07-27 19:36:17 +08:00
|
|
|
if is64bitSystem():
|
2010-07-27 18:24:50 +08:00
|
|
|
|
2010-07-27 19:36:17 +08:00
|
|
|
serviceTableHeader = loadQWords( nt.KeServiceDescriptorTable, 4 )
|
|
|
|
|
serviceTableStart = serviceTableHeader[0]
|
|
|
|
|
serviceCount = serviceTableHeader[2]
|
2010-07-27 18:24:50 +08:00
|
|
|
|
2010-07-27 19:36:17 +08:00
|
|
|
dprintln( "ServiceTable start: %(1)x count: %(2)x" % { "1" : serviceTableStart, "2" : serviceCount } )
|
2010-07-27 18:24:50 +08:00
|
|
|
|
2010-07-27 19:36:17 +08:00
|
|
|
serviceTable = loadSignDWords( serviceTableStart, serviceCount )
|
2010-07-27 18:24:50 +08:00
|
|
|
|
2010-07-27 19:36:17 +08:00
|
|
|
for i in range( 0, serviceCount ):
|
2010-07-27 18:24:50 +08:00
|
|
|
|
2011-02-15 21:17:30 +08:00
|
|
|
routineAddress = getServiceAddr(serviceTableStart, serviceTable[i]);
|
2011-02-18 04:07:12 +08:00
|
|
|
dprintln( "[%u] " % i + findSymbol( routineAddress ) )
|
2010-07-27 19:36:17 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
else:
|
|
|
|
|
|
|
|
|
|
serviceTableHeader = loadDWords( nt.KeServiceDescriptorTable, 4 )
|
|
|
|
|
serviceTableStart = serviceTableHeader[0]
|
|
|
|
|
serviceCount = serviceTableHeader[2]
|
|
|
|
|
|
|
|
|
|
dprintln( "ServiceTable start: %(1)x count: %(2)x" % { "1" : serviceTableStart, "2" : serviceCount } )
|
|
|
|
|
|
|
|
|
|
serviceTable = loadPtrs( serviceTableStart, serviceCount )
|
|
|
|
|
|
|
|
|
|
for i in range( 0, serviceCount ):
|
2011-02-18 04:07:12 +08:00
|
|
|
dprintln( "[%u] " % i + findSymbol( serviceTable[i] ) )
|
2010-07-27 19:36:17 +08:00
|
|
|
|
|
|
|
|
|
2010-07-27 18:24:50 +08:00
|
|
|
|
|
|
|
|
if __name__ == "__main__":
|
|
|
|
|
|
|
|
|
|
|
2011-04-15 00:01:29 +08:00
|
|
|
while True:
|
|
|
|
|
|
|
|
|
|
if not isWindbgExt():
|
|
|
|
|
if not loadDump( sys.argv[1] ):
|
|
|
|
|
dprintln( sys.argv[1] + " - load failed" )
|
|
|
|
|
break
|
|
|
|
|
|
|
|
|
|
if not isKernelDebugging():
|
|
|
|
|
dprintln( "not a kernel debugging" )
|
|
|
|
|
break
|
|
|
|
|
|
|
|
|
|
checkSSDT()
|
|
|
|
|
break
|
|
|
|
|
|
2010-07-27 18:24:50 +08:00
|
|
|
|
