zjgcjy/pykd
1
0
Fork 0
mirror of https://github.com/ivellioscolin/pykd.git synced 2025-04-20 03:23:23 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

[samples] updated: reviewed and refactored all samples

Browse Source 
git-svn-id: https://pykd.svn.codeplex.com/svn@62997 9b283d60-5439-405e-af05-b73fd8c4d996
This commit is contained in:
SND\kernelnet_cp 2011-03-22 16:28:12 +00:00
parent 67901c6c49
commit 0fe3d77428
8 changed files with 104 additions and 88 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
samples/drvobj.py
View File

@ -73,8 +73,8 @@ def printDrvMajorTable( drvName ):
drvObj = typedVar( "nt", "_DRIVER_OBJECT", drvObjPtr ) drvObj = typedVar( "nt", "_DRIVER_OBJECT", drvObjPtr )
for i,k in drvObj.MajorFunction.items(): for i in xrange( 0, len( drvObj.MajorFunction ) ):
dprintln( "MajorFunction[%d] = %s" % ( i, findSymbol( k ) ) ) dprintln( "MajorFunction[%d] = %s" % ( i, findSymbol( drvObj.MajorFunction[i] ) ) )

3
samples/proclist.py
View File

@ -14,9 +14,8 @@ def processInfo():
processList = typedVarList( nt.PsActiveProcessHead, "nt", "_EPROCESS", "ActiveProcessLinks" ) processList = typedVarList( nt.PsActiveProcessHead, "nt", "_EPROCESS", "ActiveProcessLinks" )
for process in processList: for process in processList:
dprintln( "".join( [ chr(i) for i in process.ImageFileName.values() ] ) ) print "".join( [chr(i) for i in process.ImageFileName if i != 0] )
return
if __name__ == "__main__": if __name__ == "__main__":

4
snippets/accessmask.py
View File

@ -89,9 +89,9 @@ def parseMask(mask, maskSets) :
argc = len(sys.argv) argc = len(sys.argv)
if argc == 1 : if argc == 1 :
dprintln("Syntax: [object type] &lt;hex mask&gt;") dprintln("Syntax: [object type] <;hex mask>;")
dprintln("Supported object types: process, thread, file, generic") dprintln("Supported object types: process, thread, file, generic")
exit("") quit( "" )
type = (argc > 2 and sys.argv[1]) or "generic" type = (argc > 2 and sys.argv[1]) or "generic"
if argc > 2 : if argc > 2 :

2
snippets/export.py
View File

@ -51,7 +51,7 @@ if __name__ == "__main__":
print "script is launch out of windbg" print "script is launch out of windbg"
quit( 0 ) quit( 0 )
if len (sys.argv)<=0: if len (sys.argv)<=1:
dprintln( "usage: !py export module_name ( export mask )" ) dprintln( "usage: !py export module_name ( export mask )" )
elif len( sys.argv ) == 2: elif len( sys.argv ) == 2:
export( sys.argv[1] ) export( sys.argv[1] )

2
snippets/iat.py
View File

@ -60,7 +60,7 @@ if __name__ == "__main__":
print "script is launch out of windbg" print "script is launch out of windbg"
quit( 0 ) quit( 0 )
if len (sys.argv)<=0: if len (sys.argv)<=1:
dprintln( "usage: !py import module_name ( symbol name mask )" ) dprintln( "usage: !py import module_name ( symbol name mask )" )
elif len( sys.argv ) == 2: elif len( sys.argv ) == 2:
iat( sys.argv[1] ) iat( sys.argv[1] )

92
snippets/ndis.py Normal file
View File

@ -0,0 +1,92 @@
#
#
#
import sys
from pykd import *
def printBreakLine():
dprintln( "\n=====================================================================================\n" )
def printNdisObj():
ndis=loadModule("ndis")
ndisMajorVersion = ptrByte( ndis.NdisGetVersion + 1 )
ndisMinorVersion = ptrByte( ndis.NdisGetVersion + 3 )
mpList = typedVarList( ndis.ndisMiniportList, "ndis", "_NDIS_MINIPORT_BLOCK", "NextGlobalMiniport" )
printBreakLine()
for m in mpList:
dprintln( "<u>Adapter:</u>", True )
dprintln( "%s\t<link cmd=\"dt ndis!_NDIS_MINIPORT_BLOCK %x\">NDIS_MINIPORT_BLOCK( %x )</link>" % ( loadUnicodeString(m.pAdapterInstanceName), m.getAddress(), m.getAddress() ), True )
if ndisMajorVersion >= 6:
lwf = m.LowestFilter
if lwf != 0:
dprintln( "\n<u>Light-Weight Filters:</u>", True )
while lwf != 0:
filt = typedVar( "ndis", "_NDIS_FILTER_BLOCK", lwf )
dprintln( "%s\t<link cmd=\"dt ndis!_NDIS_FILTER_BLOCK %x\">NDIS_FILTER_BLOCK( %x )</link>" % ( loadUnicodeString(filt.FilterFriendlyName), filt.getAddress(), filt.getAddress() ), True )
lwf = filt.HigherFilter
opn = m.OpenQueue
if opn != 0:
dprintln( "\n<u>Bound protocols:</u>", True )
while opn != 0:
openBlock = typedVar( "ndis", "_NDIS_OPEN_BLOCK", opn )
proto = typedVar( "ndis", "_NDIS_PROTOCOL_BLOCK", openBlock.ProtocolHandle )
dprint( "%s \t<link cmd=\"dt ndis!_NDIS_OPEN_BLOCK %x\">NDIS_OPEN_BLOCK( %x )</link>" % ( loadUnicodeString( proto.Name.getAddress() ), openBlock.getAddress(), openBlock.getAddress() ), True )
dprintln( "\t<link cmd=\"dt ndis!_NDIS_PROTOCOL_BLOCK %x\">NDIS_PROTOCOL_BLOCK( %x )</link>" % ( proto.getAddress(), proto.getAddress() ), True )
opn = openBlock.MiniportNextOpen
else:
opn = m.OpenQueue
if opn != 0:
dprintln( "\n<u>Bound protocols:</u>", True )
while opn != 0:
openBlock = typedVar( "ndis", "_NDIS_OPEN_BLOCK", opn )
proto = typedVar( "ndis", "_NDIS_PROTOCOL_BLOCK", openBlock.ProtocolHandle )
dprint( "%s \t<link cmd=\"dt ndis!_NDIS_OPEN_BLOCK %x\">NDIS_OPEN_BLOCK( %x )</link>" % ( loadUnicodeString( proto.ProtocolCharacteristics.Name.getAddress() ), openBlock.getAddress(), openBlock.getAddress() ), True )
dprintln( "\t<link cmd=\"dt ndis!_NDIS_PROTOCOL_BLOCK %x\">NDIS_PROTOCOL_BLOCK( %x )</link>" % ( proto.getAddress(), proto.getAddress() ), True )
opn = openBlock.MiniportNextOpen
printBreakLine()
if __name__ == "__main__":
printNdisObj()

78
snippets/ndis6.py
View File

@ -1,78 +0,0 @@
#
#
#
import sys
from pykd import *
def printBreakLine():
dprintln( "\n=====================================================================================\n" )
def printNdisObj():
ndis=loadModule("ndis")
nextMP = ptrPtr( ndis.ndisMiniportList )
mpList = []
while nextMP != 0:
mp = typedVar( "ndis", "_NDIS_MINIPORT_BLOCK", nextMP )
mpList.append( mp )
nextMP = mp.NextGlobalMiniport
printBreakLine()
for m in mpList:
dprintln( "<u>Adapter:</u>", True )
dprintln( "%s\t<link cmd=\"dt ndis!_NDIS_MINIPORT_BLOCK %x\">NDIS_MINIPORT_BLOCK( %x )</link>" % ( loadUnicodeString(m.pAdapterInstanceName), m.getAddress(), m.getAddress() ), True )
lwf = m.LowestFilter
if lwf != 0:
dprintln( "\n<u>Light-Weight Filters:</u>", True )
while lwf != 0:
filt = typedVar( "ndis", "_NDIS_FILTER_BLOCK", lwf )
dprintln( "%s\t<link cmd=\"dt ndis!_NDIS_FILTER_BLOCK %x\">NDIS_FILTER_BLOCK( %x )</link>" % ( loadUnicodeString(filt.FilterFriendlyName), filt.getAddress(), filt.getAddress() ), True )
lwf = filt.HigherFilter
opn = m.OpenQueue
if opn != 0:
dprintln( "\n<u>Bound protocols:</u>", True )
while opn != 0:
openBlock = typedVar( "ndis", "_NDIS_OPEN_BLOCK", opn )
proto = typedVar( "ndis", "_NDIS_PROTOCOL_BLOCK", openBlock.ProtocolHandle )
dprint( "%s \t<link cmd=\"dt ndis!_NDIS_OPEN_BLOCK %x\">NDIS_OPEN_BLOCK( %x )</link>" % ( loadUnicodeString( proto.Name.getAddress() ), openBlock.getAddress(), openBlock.getAddress() ), True )
dprintln( "\t<link cmd=\"dt ndis!_NDIS_PROTOCOL_BLOCK %x\">NDIS_PROTOCOL_BLOCK( %x )</link>" % ( proto.getAddress(), proto.getAddress() ), True )
opn = openBlock.MiniportNextOpen
printBreakLine()
if __name__ == "__main__":
printNdisObj()

7
snippets/vmcs.py
View File

@ -185,10 +185,13 @@ def vmcsPrint( addr ):
if __name__ == "__main__": if __name__ == "__main__":
if not isSessionStart(): if not isSessionStart():
print "script is launch out of windbg" dprintln( "script is launch out of windbg" )
quit( 0 ) quit( 0 )
vmcsPrint( int( sys.argv[1], 16 ) ) if len( sys.argv ) <= 1:
dprintln( "usage: !py vmcs <addr>" )
else:
vmcsPrint( int( sys.argv[1], 16 ) )