zjgcjy/pykd
1
0
Fork 0
mirror of https://github.com/ivellioscolin/pykd.git synced 2025-04-21 04:13:22 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

[pykdlib] added: module "regs" and base functionallity for it

Browse Source 
git-svn-id: https://pykd.svn.codeplex.com/svn@63269 9b283d60-5439-405e-af05-b73fd8c4d996
This commit is contained in:
SND\kernelnet_cp 2011-03-30 10:57:22 +00:00
parent 8603390ceb
commit 30bbc70403
2 changed files with 69 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
lib/pykdlib/modules.py
View File

@ -7,19 +7,37 @@ import pykd
moduleList = [] moduleList = []
def kernelReloadModules(): def reloadModules():
global nt
global moduleList global moduleList
nt = pykd.loadModule("nt")
for m in moduleList: globals()[ m.name().lower() ] = None
modules = pykd.typedVarList( nt.PsLoadedModuleList, "nt", "_LDR_DATA_TABLE_ENTRY", "InLoadOrderLinks" )
if pykd.isKernelDebugging():
global nt
nt = pykd.loadModule("nt")
modules = pykd.typedVarList( nt.PsLoadedModuleList, "nt", "_LDR_DATA_TABLE_ENTRY", "InLoadOrderLinks" )
moduleList.append( nt )
else:
ntdll = pykd.loadModule("ntdll")
peb = pykd.typedVar( "ntdll", "_PEB", pykd.getCurrentProcess() )
ldr = pykd.typedVar( "ntdll", "_PEB_LDR_DATA", peb.Ldr )
modules = pykd.typedVarList( ldr.InLoadOrderModuleList.getAddress(), "ntdll", "_LDR_DATA_TABLE_ENTRY", "InLoadOrderLinks" )
moduleList = [] moduleList = []
moduleList.append( nt )
for m in modules: for m in modules:
baseName = str( pykd.loadUnicodeString( m.BaseDllName.getAddress() ) ) baseName = str( pykd.loadUnicodeString( m.BaseDllName.getAddress() ) )
@ -28,29 +46,20 @@ def kernelReloadModules():
continue continue
module = pykd.findModule( m.DllBase ) module = pykd.findModule( m.DllBase )
globals()[ module.name().lower() ] = module globals()[ module.name().lower() ] = module
moduleList.append( module ) moduleList.append( module )
def userReloadModules():
pass
def printModuleList(): def printModuleList():
pykd.dprintln( "\n".join( [ str(m) for m in moduleList ] ) ) pykd.dprintln( "\n".join( [ str(m) for m in moduleList ] ) )
reloadModules()
if pykd.isKernelDebugging():
kernelReloadModules()
else:
userReloadModules()

42
lib/pykdlib/regs.py Normal file
View File

@ -0,0 +1,42 @@
#
# CPU registers
#
import pykd
CPU = pykd.getProcessorMode()
x86Regs = [ "eax", "ebx", "ecx", "edx", "esi", "edi", "eip", "ebp", "esp" ]
amd64Regs = [ "rax", "rbx", "rcx", "rdx", "r8", "r9", "r10", "r11", "r12", "r13", "r14", "r15", "rsi", "rdi", "rip", "rbp", "rsp" ]
def reloadRegs():
""" reload register's values"""
if CPU == "X86":
for regName in x86Regs:
globals()[regName] = pykd.reg(regName)
elif CPU == "X64":
for regName in amd64Regs:
globals()[regName] = pykd.reg(regName)
def printRegs():
""" print CPU registers values"""
if CPU == "X86":
for regName in x86Regs:
pykd.dprintln( "%s = %#x( %d )" % ( regName, globals()[regName], globals()[regName] ) )
elif CPU == "X64":
for regName in amd64Regs:
pykd.dprintln( "%s = %#x( %d )" % ( regName, globals()[regName], globals()[regName] ) )
reloadRegs()