pykd/samples/break.py

#
#
#

from pykd import *


def bpCallback():

    if is64bitSystem():
        objAttr = typedVar( "ntdll", "_OBJECT_ATTRIBUTES", reg("r8") ) 
    else:
        objAttr = typedVar( "ntdll", "_OBJECT_ATTRIBUTES", ptrPtr(reg("esp") + 0xC) )  

    name = loadUnicodeString( objAttr.ObjectName )

    dprintln( "NtCreateFile: " + name )

    return DEBUG_STATUS_GO_HANDLED


if not isWindbgExt():
    startProcess("notepad.exe")


if not isDumpAnalyzing() and not isKernelDebugging():
    	
    nt = loadModule("ntdll")

    b1 = bp( nt.NtCreateFile, bpCallback )
   
    # wait for user break, exceptions or process exit
    go()

    dprintln( "stopped" )    

else:

    dprintln( "The debugger must be connected to live usermode process" )
$SND\kernelnet_cp$ [samples] updated: refactored samples git-svn-id: https://pykd.svn.codeplex.com/svn@63978 9b283d60-5439-405e-af05-b73fd8c4d996 2011-04-15 00:01:29 +08:00			`#`
			`#`
			`#`

			`from pykd import *`


			`def bpCallback():`

			`if is64bitSystem():`
			`objAttr = typedVar( "ntdll", "_OBJECT_ATTRIBUTES", reg("r8") )`
			`else:`
			`objAttr = typedVar( "ntdll", "_OBJECT_ATTRIBUTES", ptrPtr(reg("esp") + 0xC) )`

			`name = loadUnicodeString( objAttr.ObjectName )`

			`dprintln( "NtCreateFile: " + name )`

$SND\kernelnet_cp$ git-svn-id: https://pykd.svn.codeplex.com/svn@64017 9b283d60-5439-405e-af05-b73fd8c4d996 2011-04-15 14:18:25 +08:00			`return DEBUG_STATUS_GO_HANDLED`
$SND\kernelnet_cp$ [samples] updated: refactored samples git-svn-id: https://pykd.svn.codeplex.com/svn@63978 9b283d60-5439-405e-af05-b73fd8c4d996 2011-04-15 00:01:29 +08:00


			`if not isWindbgExt():`
			`startProcess("notepad.exe")`


$SND\kernelnet_cp$ git-svn-id: https://pykd.svn.codeplex.com/svn@64017 9b283d60-5439-405e-af05-b73fd8c4d996 2011-04-15 14:18:25 +08:00
$SND\kernelnet_cp$ [samples] updated: refactored samples git-svn-id: https://pykd.svn.codeplex.com/svn@63978 9b283d60-5439-405e-af05-b73fd8c4d996 2011-04-15 00:01:29 +08:00			`if not isDumpAnalyzing() and not isKernelDebugging():`

			`nt = loadModule("ntdll")`

			`b1 = bp( nt.NtCreateFile, bpCallback )`
$SND\kernelnet_cp$ git-svn-id: https://pykd.svn.codeplex.com/svn@64017 9b283d60-5439-405e-af05-b73fd8c4d996 2011-04-15 14:18:25 +08:00
			`# wait for user break, exceptions or process exit`
			`go()`
$SND\kernelnet_cp$ [samples] updated: refactored samples git-svn-id: https://pykd.svn.codeplex.com/svn@63978 9b283d60-5439-405e-af05-b73fd8c4d996 2011-04-15 00:01:29 +08:00
$SND\kernelnet_cp$ git-svn-id: https://pykd.svn.codeplex.com/svn@64017 9b283d60-5439-405e-af05-b73fd8c4d996 2011-04-15 14:18:25 +08:00			`dprintln( "stopped" )`
$SND\kernelnet_cp$ [samples] updated: refactored samples git-svn-id: https://pykd.svn.codeplex.com/svn@63978 9b283d60-5439-405e-af05-b73fd8c4d996 2011-04-15 00:01:29 +08:00
			`else:`

			`dprintln( "The debugger must be connected to live usermode process" )`