2012-12-07 16:30:13 +08:00
|
|
|
|
|
|
|
|
from pykd import *
|
|
|
|
|
from optparse import OptionParser
|
|
|
|
|
from fnmatch import fnmatch
|
2012-12-10 17:00:29 +08:00
|
|
|
import traceback
|
|
|
|
|
import sys
|
2012-12-07 16:30:13 +08:00
|
|
|
|
|
|
|
|
nt = None
|
|
|
|
|
|
|
|
|
|
class PrintOptions:
|
|
|
|
|
def __init__(self):
|
|
|
|
|
self.ignoreNotActiveThread = True
|
|
|
|
|
self.ignoreNotActiveProcess = True
|
2012-12-10 17:00:29 +08:00
|
|
|
self.showWow64stack = True
|
2012-12-07 16:30:13 +08:00
|
|
|
|
2012-12-10 17:00:29 +08:00
|
|
|
def applayThreadFilter(thread,moduleFilter,funcFilter,printopt):
|
|
|
|
|
|
|
|
|
|
if not moduleFilter and not funcFilter:
|
|
|
|
|
return True
|
2012-12-07 16:30:13 +08:00
|
|
|
|
|
|
|
|
try:
|
|
|
|
|
setImplicitThread(thread)
|
2012-12-10 17:00:29 +08:00
|
|
|
|
2012-12-07 16:30:13 +08:00
|
|
|
stk = getStack()
|
|
|
|
|
|
|
|
|
|
for frame in stk:
|
|
|
|
|
m = module( frame.instructionOffset )
|
2012-12-10 17:00:29 +08:00
|
|
|
if moduleFilter and moduleFilter( m, m.name() ):
|
|
|
|
|
return True
|
|
|
|
|
sym = m.findSymbol( frame.instructionOffset, showDisplacement = False )
|
|
|
|
|
if funcFilter and funcFilter( sym ):
|
|
|
|
|
return True
|
2012-12-07 16:30:13 +08:00
|
|
|
|
|
|
|
|
except BaseException:
|
2012-12-10 17:00:29 +08:00
|
|
|
pass
|
2012-12-07 16:30:13 +08:00
|
|
|
|
2012-12-10 17:00:29 +08:00
|
|
|
return False
|
2012-12-07 16:30:13 +08:00
|
|
|
|
|
|
|
|
|
|
|
|
|
def printThread(process,thread,printopt):
|
|
|
|
|
|
|
|
|
|
try:
|
|
|
|
|
setImplicitThread(thread)
|
|
|
|
|
|
|
|
|
|
stk = getStack()
|
|
|
|
|
|
|
|
|
|
dprintln( "Thread %x, Process: %s" % ( thread, loadCStr( process.ImageFileName ) ) )
|
|
|
|
|
for frame in stk:
|
|
|
|
|
dprintln( findSymbol( frame.instructionOffset ) )
|
|
|
|
|
|
|
|
|
|
dprintln("")
|
|
|
|
|
|
|
|
|
|
except BaseException:
|
|
|
|
|
if not printopt.ignoreNotActiveThread:
|
|
|
|
|
dprintln( "Thread %x, Process: %s" % ( thread, loadCStr( process.ImageFileName ) ) )
|
|
|
|
|
dprintln( "Failed to switch into thread context\n")
|
|
|
|
|
dprintln("")
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2012-12-10 17:00:29 +08:00
|
|
|
def printProcess(process,processFilter,moduleFilter,funcFilter,printopt):
|
2012-12-07 16:30:13 +08:00
|
|
|
|
|
|
|
|
processName = loadCStr( process.ImageFileName )
|
|
|
|
|
|
2012-12-10 17:00:29 +08:00
|
|
|
if processFilter and not processFilter(process, process.UniqueProcessId, processName ):
|
2012-12-07 16:30:13 +08:00
|
|
|
return
|
|
|
|
|
|
|
|
|
|
try:
|
|
|
|
|
setCurrentProcess(process)
|
|
|
|
|
|
|
|
|
|
dbgCommand( ".reload /user" )
|
|
|
|
|
|
|
|
|
|
threadLst = nt.typedVarList(process.ThreadListHead, "_ETHREAD", "ThreadListEntry")
|
|
|
|
|
filteredThreadLst = []
|
|
|
|
|
for thread in threadLst:
|
2012-12-10 17:00:29 +08:00
|
|
|
if applayThreadFilter( thread, moduleFilter, funcFilter, printopt ):
|
2012-12-07 16:30:13 +08:00
|
|
|
filteredThreadLst.append( thread )
|
|
|
|
|
|
|
|
|
|
if filteredThreadLst == []:
|
|
|
|
|
return
|
|
|
|
|
|
|
|
|
|
dprintln( "Process %x" % process )
|
|
|
|
|
dprintln( "Name: %s" % processName )
|
|
|
|
|
dprintln( "" )
|
|
|
|
|
|
|
|
|
|
for thread in filteredThreadLst:
|
|
|
|
|
printThread(process,thread, printopt)
|
|
|
|
|
|
|
|
|
|
except BaseException:
|
|
|
|
|
if not printopt.ignoreNotActiveProcess:
|
|
|
|
|
dprintln( "Process %x" % process )
|
|
|
|
|
dprintln( "Name: %s" % processName )
|
|
|
|
|
dprintln( "Failed to switch into process context\n")
|
|
|
|
|
dprintln( "" )
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def main():
|
|
|
|
|
dprintln("Stack walker. ver 1.0")
|
|
|
|
|
|
|
|
|
|
if not isKernelDebugging():
|
|
|
|
|
dprintln("This script is only for kernel debugging")
|
|
|
|
|
return
|
|
|
|
|
|
|
|
|
|
global nt
|
|
|
|
|
nt = module("nt")
|
|
|
|
|
|
|
|
|
|
parser = OptionParser()
|
|
|
|
|
parser.add_option("-p", "--process", dest="processfilter",
|
|
|
|
|
help="process filter: boolean expression with python syntax" )
|
|
|
|
|
parser.add_option("-m", "--module", dest="modulefilter",
|
|
|
|
|
help="module filter: boolean expression with python syntax" )
|
2012-12-10 17:00:29 +08:00
|
|
|
parser.add_option("-f", "--function", dest="funcfilter",
|
|
|
|
|
help="function filter: boolean expression with python syntax" )
|
|
|
|
|
|
2012-12-07 16:30:13 +08:00
|
|
|
|
|
|
|
|
(options, args) = parser.parse_args()
|
|
|
|
|
|
2012-12-10 17:00:29 +08:00
|
|
|
processFilter = None
|
|
|
|
|
moduleFilter = None
|
|
|
|
|
funcFilter = None
|
|
|
|
|
|
2012-12-07 16:30:13 +08:00
|
|
|
if options.processfilter:
|
|
|
|
|
processFilter = lambda process, pid, name: eval( options.processfilter )
|
|
|
|
|
|
|
|
|
|
if options.modulefilter:
|
|
|
|
|
moduleFilter = lambda module, name: eval(options.modulefilter)
|
|
|
|
|
|
2012-12-10 17:00:29 +08:00
|
|
|
if options.funcfilter:
|
|
|
|
|
funcFilter = lambda name: eval( options.funcfilter)
|
|
|
|
|
|
2012-12-07 16:30:13 +08:00
|
|
|
printopt = PrintOptions()
|
|
|
|
|
|
|
|
|
|
currentProcess = getCurrentProcess()
|
|
|
|
|
currentThread = getImplicitThread()
|
|
|
|
|
|
|
|
|
|
processLst = nt.typedVarList( nt.PsActiveProcessHead, "_EPROCESS", "ActiveProcessLinks")
|
|
|
|
|
for process in processLst:
|
2012-12-10 17:00:29 +08:00
|
|
|
printProcess( process, processFilter, moduleFilter, funcFilter, printopt )
|
2012-12-07 16:30:13 +08:00
|
|
|
|
|
|
|
|
setCurrentProcess(currentProcess)
|
|
|
|
|
setImplicitThread(currentThread)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
if __name__ == "__main__":
|
|
|
|
|
main()
|
