From 4547274ef0bbd9c172b56d41e0cc70ed9857d7e9 Mon Sep 17 00:00:00 2001
From: "SND\\kernelnet_cp"
 <SND\kernelnet_cp@9b283d60-5439-405e-af05-b73fd8c4d996>
Date: Tue, 27 Jul 2010 11:36:17 +0000
Subject: [PATCH] [+] routines for loading array with sign extending(
 loadSignBytes, loadSignWords ... ) added

git-svn-id: https://pykd.svn.codeplex.com/svn@53055 9b283d60-5439-405e-af05-b73fd8c4d996
---
 pykd/dbgext.cpp |  7 ++++++-
 pykd/dbgmem.cpp | 48 ++++++++++++++++++++++++++++++++++++++++++++++++
 pykd/dbgmem.h   |  3 +++
 samples/ssdt.py | 34 +++++++++++++++++++++++++---------
 4 files changed, 82 insertions(+), 10 deletions(-)

diff --git a/pykd/dbgext.cpp b/pykd/dbgext.cpp
index feb555c..b3822d0 100644
--- a/pykd/dbgext.cpp
+++ b/pykd/dbgext.cpp
@@ -47,7 +47,12 @@ BOOST_PYTHON_MODULE( pykd )
     boost::python::def( "loadBytes", &loadArray<unsigned char> );
     boost::python::def( "loadWords", &loadArray<unsigned short> );
     boost::python::def( "loadDWords", &loadArray<unsigned long> );
-    boost::python::def( "loadQWords", &loadArray<__int64> );
+    boost::python::def( "loadQWords", &loadArray<unsigned __int64> );
+    boost::python::def( "loadSignBytes", &loadArray<char> );
+    boost::python::def( "loadSignWords", &loadArray<short> );
+    boost::python::def( "loadSignDWords", &loadArray<long> );
+    boost::python::def( "loadSignQWords", &loadArray<__int64> );
+    boost::python::def( "loadPtrs", &loadPtrArray );
     boost::python::def( "compareMemory", &compareMemory );
     boost::python::class_<typedVarClass>( "typedVarClass" )
         .def("getAddress", &typedVarClass::getAddress );
diff --git a/pykd/dbgmem.cpp b/pykd/dbgmem.cpp
index 39ba08b..aa74b02 100644
--- a/pykd/dbgmem.cpp
+++ b/pykd/dbgmem.cpp
@@ -3,6 +3,7 @@
 #include "dbgext.h"
 #include "dbgexcept.h"
 #include "dbgmem.h"
+#include "dbgsystem.h"
 
 using namespace std;
 
@@ -87,4 +88,51 @@ compareMemory( ULONG64 addr1, ULONG64 addr2, ULONG length )
     return result;
 }
 
+///////////////////////////////////////////////////////////////////////////////////
+
+boost::python::object
+loadPtrArray( ULONG64 address, ULONG  number )
+{
+    if ( is64bitSystem() )
+    {
+        ULONG64   *buffer = new ULONG64[ number ];
+        
+        if ( loadMemory( address, buffer, number*sizeof(ULONG64) ) )
+        {
+            boost::python::dict    arr;
+        
+            for ( ULONG  i = 0; i < number; ++i )
+                arr[i] = buffer[i];
+                
+            delete[]  buffer;            
+            
+            return   arr;
+        }
+       
+        delete[]  buffer;
+        
+ 	    return boost::python::object();    
+    }
+    else
+    {
+        ULONG   *buffer = new ULONG[ number ];
+        
+        if ( loadMemory( address, buffer, number*sizeof(ULONG) ) )
+        {
+            boost::python::dict    arr;
+        
+            for ( ULONG  i = 0; i < number; ++i )
+                arr[i] = addr64( buffer[i] );
+                
+            delete[]  buffer;            
+            
+            return   arr;
+        }
+       
+        delete[]  buffer;
+        
+ 	    return boost::python::object();       
+    }
+}
+
 ///////////////////////////////////////////////////////////////////////////////////
\ No newline at end of file
diff --git a/pykd/dbgmem.h b/pykd/dbgmem.h
index 78a30bb..6c42a58 100644
--- a/pykd/dbgmem.h
+++ b/pykd/dbgmem.h
@@ -32,6 +32,9 @@ loadArray( ULONG64 address, ULONG  number )
  	return boost::python::object();
 }
 
+boost::python::object
+loadPtrArray( ULONG64 address, ULONG  number );
+
 bool
 compareMemory( ULONG64 addr1, ULONG64 addr2, ULONG length );
 
diff --git a/samples/ssdt.py b/samples/ssdt.py
index 596d644..e855e77 100644
--- a/samples/ssdt.py
+++ b/samples/ssdt.py
@@ -7,20 +7,36 @@ def checkSSDT():
    nt = loadModule( "nt" )
    nt.KeServiceDescriptorTable = getOffset( "nt", "KeServiceDescriptorTable" )
 
-   serviceTableHeader = loadDWords( nt.KeServiceDescriptorTable, 4 )
-   serviceTableStart = serviceTableHeader[0]
-   serviceCount = serviceTableHeader[2]
+   if is64bitSystem():   
+
+       serviceTableHeader = loadQWords( nt.KeServiceDescriptorTable, 4 )       
+       serviceTableStart = serviceTableHeader[0]
+       serviceCount = serviceTableHeader[2]
+
+       dprintln( "ServiceTable  start: %(1)x  count: %(2)x" % { "1" : serviceTableStart, "2" : serviceCount } )
+
+       serviceTable = loadSignDWords( serviceTableStart, serviceCount ) 
+
+       for i in range( 0, serviceCount ):
+
+         routineAddress = serviceTableStart + ( serviceTable[i] / 16 );
+         dprintln( findSymbol( routineAddress ) )           
 
 
-   dprintln( "ServiceTable  start: %(1)x  count: %(2)x" % { "1" : serviceTableStart, "2" : serviceCount } )
+   else:
 
+       serviceTableHeader = loadDWords( nt.KeServiceDescriptorTable, 4 )
+       serviceTableStart = serviceTableHeader[0]
+       serviceCount = serviceTableHeader[2]
 
-   serviceTable = loadDWords( serviceTableStart, serviceCount ) 
+       dprintln( "ServiceTable  start: %(1)x  count: %(2)x" % { "1" : serviceTableStart, "2" : serviceCount } )
 
- 
-   for i in range( 0, serviceCount ):
-      dprintln( findSymbol( serviceTable[i] ) )       
-         
+       serviceTable = loadPtrs( serviceTableStart, serviceCount ) 
+
+       for i in range( 0, serviceCount ):
+          dprintln( findSymbol( serviceTable[i] ) )       
+
+        
 
 if __name__ == "__main__":