pykd/samples/break.py

#
#
#

from pykd import *


def bpCallback():

    if is64bitSystem():
        objAttr = typedVar( "ntdll", "_OBJECT_ATTRIBUTES", reg("r8") ) 
    else:
        objAttr = typedVar( "ntdll", "_OBJECT_ATTRIBUTES", ptrPtr(reg("esp") + 0xC) )  

    name = loadUnicodeString( objAttr.ObjectName )

    dprintln( "NtCreateFile: " + name )

    return DEBUG_STATUS_NO_CHANGE


if not isWindbgExt():
    startProcess("notepad.exe")


if not isDumpAnalyzing() and not isKernelDebugging():
    	
    nt = loadModule("ntdll")

    b1 = bp( nt.NtCreateFile, bpCallback )

    while go(): pass

    dprintln( "exit process" )

else:

    dprintln( "The debugger must be connected to live usermode process" )
$SND\kernelnet_cp$ [samples] updated: refactored samples git-svn-id: https://pykd.svn.codeplex.com/svn@63978 9b283d60-5439-405e-af05-b73fd8c4d996 2011-04-15 00:01:29 +08:00			`#`
			`#`
			`#`

			`from pykd import *`


			`def bpCallback():`

			`if is64bitSystem():`
			`objAttr = typedVar( "ntdll", "_OBJECT_ATTRIBUTES", reg("r8") )`
			`else:`
			`objAttr = typedVar( "ntdll", "_OBJECT_ATTRIBUTES", ptrPtr(reg("esp") + 0xC) )`

			`name = loadUnicodeString( objAttr.ObjectName )`

			`dprintln( "NtCreateFile: " + name )`

			`return DEBUG_STATUS_NO_CHANGE`




			`if not isWindbgExt():`
			`startProcess("notepad.exe")`


			`if not isDumpAnalyzing() and not isKernelDebugging():`

			`nt = loadModule("ntdll")`

			`b1 = bp( nt.NtCreateFile, bpCallback )`

			`while go(): pass`

			`dprintln( "exit process" )`

			`else:`

			`dprintln( "The debugger must be connected to live usermode process" )`