diff --git a/lib/pykdlib/modules.py b/lib/pykdlib/modules.py index ac359ad..3ba2a6c 100644 --- a/lib/pykdlib/modules.py +++ b/lib/pykdlib/modules.py @@ -7,19 +7,37 @@ import pykd moduleList = [] -def kernelReloadModules(): +def reloadModules(): - global nt global moduleList - nt = pykd.loadModule("nt") + + for m in moduleList: globals()[ m.name().lower() ] = None - modules = pykd.typedVarList( nt.PsLoadedModuleList, "nt", "_LDR_DATA_TABLE_ENTRY", "InLoadOrderLinks" ) + + if pykd.isKernelDebugging(): + + global nt + + nt = pykd.loadModule("nt") + + modules = pykd.typedVarList( nt.PsLoadedModuleList, "nt", "_LDR_DATA_TABLE_ENTRY", "InLoadOrderLinks" ) + + moduleList.append( nt ) + + else: + + ntdll = pykd.loadModule("ntdll") + + peb = pykd.typedVar( "ntdll", "_PEB", pykd.getCurrentProcess() ) + + ldr = pykd.typedVar( "ntdll", "_PEB_LDR_DATA", peb.Ldr ) + + modules = pykd.typedVarList( ldr.InLoadOrderModuleList.getAddress(), "ntdll", "_LDR_DATA_TABLE_ENTRY", "InLoadOrderLinks" ) + moduleList = [] - moduleList.append( nt ) - for m in modules: baseName = str( pykd.loadUnicodeString( m.BaseDllName.getAddress() ) ) @@ -28,29 +46,20 @@ def kernelReloadModules(): continue module = pykd.findModule( m.DllBase ) - + globals()[ module.name().lower() ] = module moduleList.append( module ) -def userReloadModules(): - - pass - - def printModuleList(): pykd.dprintln( "\n".join( [ str(m) for m in moduleList ] ) ) +reloadModules() -if pykd.isKernelDebugging(): - kernelReloadModules() - -else: - - userReloadModules() + diff --git a/lib/pykdlib/regs.py b/lib/pykdlib/regs.py new file mode 100644 index 0000000..a5a58c7 --- /dev/null +++ b/lib/pykdlib/regs.py @@ -0,0 +1,42 @@ + +# +# CPU registers +# + +import pykd + +CPU = pykd.getProcessorMode() +x86Regs = [ "eax", "ebx", "ecx", "edx", "esi", "edi", "eip", "ebp", "esp" ] +amd64Regs = [ "rax", "rbx", "rcx", "rdx", "r8", "r9", "r10", "r11", "r12", "r13", "r14", "r15", "rsi", "rdi", "rip", "rbp", "rsp" ] + + +def reloadRegs(): + + """ reload register's values""" + + if CPU == "X86": + + for regName in x86Regs: + globals()[regName] = pykd.reg(regName) + + elif CPU == "X64": + + for regName in amd64Regs: + globals()[regName] = pykd.reg(regName) + + +def printRegs(): + + """ print CPU registers values""" + + if CPU == "X86": + for regName in x86Regs: + pykd.dprintln( "%s = %#x( %d )" % ( regName, globals()[regName], globals()[regName] ) ) + + elif CPU == "X64": + for regName in amd64Regs: + pykd.dprintln( "%s = %#x( %d )" % ( regName, globals()[regName], globals()[regName] ) ) + + + +reloadRegs()