zjgcjy/pykd
1
0
Fork 0
mirror of https://github.com/ivellioscolin/pykd.git synced 2025-04-20 11:34:53 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

[0.1.x] added : loadCStr routine

Browse Source 
[0.1.x] added : loadWStr routine


git-svn-id: https://pykd.svn.codeplex.com/svn@71881 9b283d60-5439-405e-af05-b73fd8c4d996
This commit is contained in:
SND\kernelnet_cp 2011-11-29 16:28:23 +00:00 committed by Mikhail I. Izmestev
parent 95e15d1d53
commit 283f911a73
7 changed files with 88 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pykd/dbgclient.h
View File

@ -128,6 +128,10 @@ public:
std::wstring loadWChars( ULONG64 offset, ULONG count, bool phyAddr = FALSE ); std::wstring loadWChars( ULONG64 offset, ULONG count, bool phyAddr = FALSE );
std::string loadCStr( ULONG64 offset );
std::wstring loadWStr( ULONG64 offset );
ULONG ptrSize(); ULONG ptrSize();
ULONG64 ptrByte( ULONG64 offset ); ULONG64 ptrByte( ULONG64 offset );

8
pykd/dbgext.cpp
View File

@ -183,6 +183,10 @@ BOOST_PYTHON_MODULE( pykd )
"Load string from target memory" ) ) "Load string from target memory" ) )
.def( "loadWChars", &DebugClient::loadWChars, DebugClient_loadWChars( python::args( "offset", "count", "phyAddr" ), .def( "loadWChars", &DebugClient::loadWChars, DebugClient_loadWChars( python::args( "offset", "count", "phyAddr" ),
"Load string from target memory" ) ) "Load string from target memory" ) )
.def( "loadCStr", &DebugClient::loadCStr,
"Load string from the target buffer containing 0-terminated ansi-string" )
.def( "loadWStr", &DebugClient::loadWStr,
"Load string from the target buffer containing 0-terminated unicode-string" )
.def( "ptrByte", &DebugClient::ptrByte, .def( "ptrByte", &DebugClient::ptrByte,
"Read an unsigned 1-byte integer from the target memory" ) "Read an unsigned 1-byte integer from the target memory" )
.def( "ptrWord", &DebugClient::ptrWord, .def( "ptrWord", &DebugClient::ptrWord,
@ -288,6 +292,10 @@ BOOST_PYTHON_MODULE( pykd )
"Load string from target memory" ) ); "Load string from target memory" ) );
python::def( "loadWChars", &loadWChars, loadWChars_( python::args( "address", "count", "phyAddr" ), python::def( "loadWChars", &loadWChars, loadWChars_( python::args( "address", "count", "phyAddr" ),
"Load string from target memory" ) ); "Load string from target memory" ) );
python::def( "loadCStr", &loadCStr,
"Load string from the target buffer containing 0-terminated ansi-string" );
python::def( "loadWStr", &loadWStr,
"Load string from the target buffer containing 0-terminated unicode-string" );
python::def( "ptrByte", &ptrByte, python::def( "ptrByte", &ptrByte,
"Read an unsigned 1-byte integer from the target memory" ); "Read an unsigned 1-byte integer from the target memory" );
python::def( "ptrWord", &ptrWord, python::def( "ptrWord", &ptrWord,

58
pykd/dbgmem.cpp
View File

@ -158,6 +158,64 @@ std::wstring loadWChars( ULONG64 address, ULONG number, bool phyAddr )
///////////////////////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////////////////////////////
std::string DebugClient::loadCStr( ULONG64 address )
{
const size_t maxLength = 0x1000;
address = addr64( address );
std::vector<char> buffer(maxLength);
HRESULT hres =
m_dataSpaces->ReadMultiByteStringVirtual(
address,
maxLength,
&buffer[0],
maxLength,
NULL );
if ( FAILED( hres ) )
throw MemoryException( address );
return std::string( &buffer[0] );
}
std::string loadCStr( ULONG64 offset )
{
return g_dbgClient->loadCStr( offset );
}
/////////////////////////////////////////////////////////////////////////////////////
std::wstring DebugClient::loadWStr( ULONG64 address )
{
const size_t maxLength = 0x2000;
address = addr64( address );
std::vector<char> buffer(maxLength);
HRESULT hres =
m_dataSpaces->ReadMultiByteStringVirtual(
address,
maxLength,
&buffer[0],
maxLength,
NULL );
if ( FAILED( hres ) )
throw MemoryException( address );
return std::wstring( (wchar_t*)&buffer[0] );
}
std::wstring loadWStr( ULONG64 offset )
{
return g_dbgClient->loadWStr( offset );
}
/////////////////////////////////////////////////////////////////////////////////////
python::list DebugClient::loadBytes( ULONG64 offset, ULONG count, bool phyAddr ) python::list DebugClient::loadBytes( ULONG64 offset, ULONG count, bool phyAddr )
{ {
return loadArray<unsigned char>( offset, count, phyAddr ); return loadArray<unsigned char>( offset, count, phyAddr );

4
pykd/dbgmem.h
View File

@ -24,6 +24,10 @@ std::string loadChars( ULONG64 address, ULONG number, bool phyAddr = FALSE );
std::wstring loadWChars( ULONG64 address, ULONG number, bool phyAddr = FALSE ); std::wstring loadWChars( ULONG64 address, ULONG number, bool phyAddr = FALSE );
std::string loadCStr( ULONG64 offset );
std::wstring loadWStr( ULONG64 offset );
python::list loadBytes( ULONG64 offset, ULONG count, bool phyAddr = FALSE ); python::list loadBytes( ULONG64 offset, ULONG count, bool phyAddr = FALSE );
python::list loadWords( ULONG64 offset, ULONG count, bool phyAddr = FALSE ); python::list loadWords( ULONG64 offset, ULONG count, bool phyAddr = FALSE );

4
pykd/dbgobj.h
View File

@ -32,7 +32,7 @@ protected:
if ( FAILED( hres ) ) if ( FAILED( hres ) )
throw DbgException("QueryInterface IDebugAdvanced2 failed"); throw DbgException("QueryInterface IDebugAdvanced2 failed");
hres = client->QueryInterface( __uuidof(IDebugDataSpaces), (void**)&m_dataSpaces ); hres = client->QueryInterface( __uuidof(IDebugDataSpaces4), (void**)&m_dataSpaces );
if ( FAILED( hres ) ) if ( FAILED( hres ) )
throw DbgException("QueryInterface IDebugDataSpaces failed"); throw DbgException("QueryInterface IDebugDataSpaces failed");
@ -48,7 +48,7 @@ protected:
CComPtr<IDebugControl4> m_control; CComPtr<IDebugControl4> m_control;
CComPtr<IDebugSymbols3> m_symbols; CComPtr<IDebugSymbols3> m_symbols;
CComPtr<IDebugAdvanced2> m_advanced; CComPtr<IDebugAdvanced2> m_advanced;
CComPtr<IDebugDataSpaces> m_dataSpaces; CComPtr<IDebugDataSpaces4> m_dataSpaces;
CComPtr<IDebugRegisters2> m_registers; CComPtr<IDebugRegisters2> m_registers;
}; };

16
snippets/export.py
View File

@ -9,8 +9,8 @@ from pykd import *
def export( moduleName, mask = "*" ): def export( moduleName, mask = "*" ):
module = loadModule( moduleName ) modObj = loadModule( moduleName )
dprintln( "Module: " + moduleName + " base: %x" % module.begin() + " end: %x" % module.end() ) dprintln( "Module: " + moduleName + " base: %x" % modObj.begin() + " end: %x" % modObj.end() )
if isKernelDebugging(): if isKernelDebugging():
systemModule = loadModule( "nt" ) systemModule = loadModule( "nt" )
@ -19,12 +19,12 @@ def export( moduleName, mask = "*" ):
if is64bitSystem(): if is64bitSystem():
ntHeader = typedVar( systemModule.name(), "_IMAGE_NT_HEADERS64", module.begin() + ptrDWord( module.begin() + 0x3c ) ) ntHeader = systemModule.typedVar( "_IMAGE_NT_HEADERS64", modObj.begin() + ptrDWord( modObj.begin() + 0x3c ) )
if ntHeader.OptionalHeader.Magic == 0x10b: if ntHeader.OptionalHeader.Magic == 0x10b:
systemModule = loadModule( "ntdll32" ) systemModule = loadModule( "ntdll32" )
ntHeader = typedVar( systemModule.name(), "_IMAGE_NT_HEADERS", module.begin() + ptrDWord( module.begin() + 0x3c ) ) ntHeader = systemModule.typedVar( "_IMAGE_NT_HEADERS", modObj.begin() + ptrDWord( modObj.begin() + 0x3c ) )
else: else:
ntHeader = typedVar( systemModule.name(), "_IMAGE_NT_HEADERS", module.begin() + ptrDWord( module.begin() + 0x3c ) ) ntHeader = systemModule.typedVar("_IMAGE_NT_HEADERS", modObj.begin() + ptrDWord( modObj.begin() + 0x3c ) )
dprintln( "Export RVA: %x Size: %x" % ( ntHeader.OptionalHeader.DataDirectory[0].VirtualAddress, ntHeader.OptionalHeader.DataDirectory[0].Size ) ) dprintln( "Export RVA: %x Size: %x" % ( ntHeader.OptionalHeader.DataDirectory[0].VirtualAddress, ntHeader.OptionalHeader.DataDirectory[0].Size ) )
@ -33,14 +33,14 @@ def export( moduleName, mask = "*" ):
if ntHeader.OptionalHeader.DataDirectory[0].Size == 0: if ntHeader.OptionalHeader.DataDirectory[0].Size == 0:
return return
exportDirAddr = module.begin() + ntHeader.OptionalHeader.DataDirectory[0].VirtualAddress; exportDirAddr = modObj.begin() + ntHeader.OptionalHeader.DataDirectory[0].VirtualAddress;
namesCount = ptrDWord( exportDirAddr + 0x18 ) namesCount = ptrDWord( exportDirAddr + 0x18 )
namesRva = module.begin() + ptrDWord( exportDirAddr + 0x20 ) namesRva = modObj.begin() + ptrDWord( exportDirAddr + 0x20 )
for i in range( 0, namesCount ): for i in range( 0, namesCount ):
exportName = loadCStr( module.begin() + ptrDWord( namesRva + 4 * i ) ) exportName = loadCStr( modObj.begin() + ptrDWord( namesRva + 4 * i ) )
if fnmatch.fnmatch( exportName, mask ): if fnmatch.fnmatch( exportName, mask ):
dprintln( exportName ) dprintln( exportName )

4
test/scripts/memtest.py
View File

@ -77,3 +77,7 @@ class MemoryTest( unittest.TestCase ):
def testCompare( self ): def testCompare( self ):
self.assertTrue( pykd.compareMemory( target.module.helloStr, pykd.ptrPtr(target.module.strArray), 5 ) ) self.assertTrue( pykd.compareMemory( target.module.helloStr, pykd.ptrPtr(target.module.strArray), 5 ) )
self.assertFalse( pykd.compareMemory( target.module.helloStr, target.module.helloWStr, 5 ) ) self.assertFalse( pykd.compareMemory( target.module.helloStr, target.module.helloWStr, 5 ) )
def testCStr( self ):
self.assertEqual( 'Hello', pykd.loadCStr( target.module.helloStr ) )
self.assertEqual( u'Hello', pykd.loadWStr( target.module.helloWStr ) )