[0.1.x] added : samples

git-svn-id: https://pykd.svn.codeplex.com/svn@75401 9b283d60-5439-405e-af05-b73fd8c4d996

samples/km/drvobj.py

@@ -0,0 +1,79 @@
+from pykd import *
+import sys
+
+
+def loadSymbols():
+   global nt
+   nt = loadModule( "nt" )
+
+
+def getObjectInDir( dirObj, objName ):
+
+    if objName.find( "\\" ) != -1:
+        ( dirSubName, objSubName ) =  objName.split("\\", 1)
+    else:
+        dirSubName = objName
+ 
+    for i in range( 0, 37 ):
+
+       if dirObj.HashBuckets[i] != 0:
+          dirEntry = typedVar( "nt!_OBJECT_DIRECTORY_ENTRY", dirObj.HashBuckets[i] )
+
+          while dirEntry != 0:
+
+              objHeader = containingRecord( dirEntry.Object, "nt!_OBJECT_HEADER", "Body" )
+
+              objName = typedVar( "nt!_OBJECT_HEADER_NAME_INFO",  objHeader.getAddress() - objHeader.NameInfoOffset )
+              name = loadUnicodeString( objName.Name.getAddress() )
+
+              if name.lower() == dirSubName.lower():
+
+                if objHeader.Type == ptrPtr( nt.ObpDirectoryObjectType ):
+                    return getObjectInDir( typedVar( "nt!_OBJECT_DIRECTORY", dirEntry.Object), objSubName )
+                else:
+                    return  dirEntry.Object
+
+              if dirEntry.ChainLink != 0:
+                  dirEntry = typedVar( "nt!_OBJECT_DIRECTORY_ENTRY", dirEntry.ChainLink )
+              else:
+                  dirEntry = 0    
+
+
+def getObjectByName( objName ):
+
+    if len(objName)==0: 
+        return
+
+    if objName[0] != '\\':
+        return
+
+    rootDir = typedVar( "nt!_OBJECT_DIRECTORY", ptrPtr( nt.ObpRootDirectoryObject ) )
+   
+    return getObjectInDir( rootDir, objName[1:] )
+
+
+
+def printDrvMajorTable( drvName ):
+
+    objName = "\\Driver\\" + drvName
+    drvObjPtr = getObjectByName( objName )
+    
+    if drvObjPtr == None:
+        dprintln( "object not found" )
+        return
+ 
+    drvObj = typedVar( "nt!_DRIVER_OBJECT", drvObjPtr )
+     
+    for i in range( len(drvObj.MajorFunction) ):
+        dprintln( "MajorFunction[%d] = %s" % ( i, findSymbol( drvObj.MajorFunction[i] ) ) )
+
+
+
+if __name__ == "__main__":
+
+   if not isWindbgExt():
+      loadDump( sys.argv[1] )
+
+   loadSymbols();
+
+   printDrvMajorTable( "afd" )

samples/km/proclist.py

@@ -0,0 +1,32 @@
+
+import sys
+from pykd import *
+
+
+def processInfo():
+
+    nt = module( "nt" )
+
+    processList = typedVarList( nt.PsActiveProcessHead, "nt!_EPROCESS", "ActiveProcessLinks"  )
+
+    for process in processList:
+        print "".join( [chr(i) for i in process.ImageFileName if i != 0] )
+
+
+def main():
+
+    if not isWindbgExt():
+        if not loadDump( sys.argv[1] ):
+             dprintln( sys.argv[1] + " - load failed" )
+             return
+
+    if not isKernelDebugging():
+        dprintln( "not a kernel debugging" )
+        return   
+                 
+    processInfo()
+
+if __name__ == "__main__":
+    main()
+
+

samples/km/ssdt.py

@@ -0,0 +1,65 @@
+from pykd import *
+import sys
+
+def checkSSDT():
+
+   nt = loadModule( "nt" )
+
+   if is64bitSystem():   
+
+        def getServiceAddrWlh(Start, Offset):
+            return Start + (Offset / 16)
+
+        def getServiceAddr2k3(Start, Offset):
+            return Start + (Offset & ~0xf)
+
+        if (ptrWord(nt.NtBuildNumber) == 3790):
+            getServiceAddr = getServiceAddr2k3
+        else:
+            getServiceAddr = getServiceAddrWlh
+
+        serviceTableHeader = loadQWords( nt.KeServiceDescriptorTable, 4 )       
+        serviceTableStart = serviceTableHeader[0]
+        serviceCount = serviceTableHeader[2]
+
+        dprintln( "ServiceTable  start: %(1)x  count: %(2)x" % { "1" : serviceTableStart, "2" : serviceCount } )
+
+        serviceTable = loadSignDWords( serviceTableStart, serviceCount ) 
+
+        for i in range( 0, serviceCount ):
+            routineAddress = getServiceAddr(serviceTableStart, serviceTable[i]);
+            dprintln( "[%u] " % i + findSymbol( routineAddress ) )
+
+   else:
+
+       serviceTableHeader = loadDWords( nt.KeServiceDescriptorTable, 4 )
+       serviceTableStart = serviceTableHeader[0]
+       serviceCount = serviceTableHeader[2]
+
+       dprintln( "ServiceTable  start: %(1)x  count: %(2)x" % { "1" : serviceTableStart, "2" : serviceCount } )
+
+       serviceTable = loadPtrs( serviceTableStart, serviceCount ) 
+
+       for i in range( 0, serviceCount ):
+          dprintln( "[%u] " % i + findSymbol( serviceTable[i] ) )       
+
+        
+
+if __name__ == "__main__":
+
+
+    while True:
+
+        if not isWindbgExt():
+            if not loadDump( sys.argv[1] ):
+                dprintln( sys.argv[1] + " - load failed" )
+                break
+
+        if not isKernelDebugging():
+            dprintln( "not a kernel debugging" )
+            break 
+                 
+        checkSSDT()
+        break      
+
+	

samples/samples.py

@@ -0,0 +1,11 @@
+from pykd import dprintln
+
+dprintln( "<b>Kernel mode</b>", True )
+dprintln( "<link cmd=\"!py proclist\">Get process list</link>", True )
+dprintln( "<link cmd=\"!py ssdt\">Get kernel service list (SDT)</link>", True )
+dprintln( "<link cmd=\"!py drvobj\">Get driver object</link>", True )
+dprintln("")
+
+dprintln( "<b>User mode</b>", True )
+dprintln("")
+