From 262dff0703fed2430fbc110db7c9210d366a9571 Mon Sep 17 00:00:00 2001 From: "SND\\EreTIk_cp" Date: Tue, 15 Feb 2011 13:17:30 +0000 Subject: [PATCH] [~] fixed for Win2003 x64 (and WinXp x64) git-svn-id: https://pykd.svn.codeplex.com/svn@61497 9b283d60-5439-405e-af05-b73fd8c4d996 --- samples/ssdt.py | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/samples/ssdt.py b/samples/ssdt.py index 60aac28..3f20b81 100644 --- a/samples/ssdt.py +++ b/samples/ssdt.py @@ -2,6 +2,18 @@ from pykd import * import sys +def getServiceAddrWlh(Start, Offset): + return Start + (Offset / 16) + +def getServiceAddr2k3(Start, Offset): + return Start + Offset + +if (ptrWord(getOffset("nt", "NtBuildNumber")) == 3790): + getServiceAddr = getServiceAddr2k3 +else: + getServiceAddr = getServiceAddrWlh + + def checkSSDT(): nt = loadModule( "nt" ) @@ -19,7 +31,7 @@ def checkSSDT(): for i in range( 0, serviceCount ): - routineAddress = serviceTableStart + ( serviceTable[i] / 16 ); + routineAddress = getServiceAddr(serviceTableStart, serviceTable[i]); dprintln( findSymbol( routineAddress ) )