pykd/samples/ssdt.py

from pykd import *
import sys


def checkSSDT():

   nt = loadModule( "nt" )
   nt.KeServiceDescriptorTable = getOffset( "nt", "KeServiceDescriptorTable" )

   serviceTableHeader = loadDWords( nt.KeServiceDescriptorTable, 4 )
   serviceTableStart = serviceTableHeader[0]
   serviceCount = serviceTableHeader[2]


   dprintln( "ServiceTable  start: %(1)x  count: %(2)x" % { "1" : serviceTableStart, "2" : serviceCount } )


   serviceTable = loadDWords( serviceTableStart, serviceCount ) 

 
   for i in range( 0, serviceCount ):
      dprintln( findSymbol( serviceTable[i] ) )       
         

if __name__ == "__main__":

   if not isSessionStart():
      createSession()
      loadDump( sys.argv[1] )

   checkSSDT()
$SND\kernelnet_cp$ [+] routines for loading array ( loadBytes, loadWords ... ) added [+] sample added git-svn-id: https://pykd.svn.codeplex.com/svn@53051 9b283d60-5439-405e-af05-b73fd8c4d996 2010-07-27 18:24:50 +08:00			`from pykd import *`
			`import sys`


			`def checkSSDT():`

			`nt = loadModule( "nt" )`
			`nt.KeServiceDescriptorTable = getOffset( "nt", "KeServiceDescriptorTable" )`

			`serviceTableHeader = loadDWords( nt.KeServiceDescriptorTable, 4 )`
			`serviceTableStart = serviceTableHeader[0]`
			`serviceCount = serviceTableHeader[2]`


			`dprintln( "ServiceTable start: %(1)x count: %(2)x" % { "1" : serviceTableStart, "2" : serviceCount } )`


			`serviceTable = loadDWords( serviceTableStart, serviceCount )`


			`for i in range( 0, serviceCount ):`
			`dprintln( findSymbol( serviceTable[i] ) )`


			`if __name__ == "__main__":`

			`if not isSessionStart():`
			`createSession()`
			`loadDump( sys.argv[1] )`

			`checkSSDT()`