mirror of
https://github.com/ivellioscolin/pykd.git
synced 2025-04-20 03:23:23 +08:00
[+] routines for loading array with sign extending( loadSignBytes, loadSignWords ... ) added
git-svn-id: https://pykd.svn.codeplex.com/svn@53055 9b283d60-5439-405e-af05-b73fd8c4d996
This commit is contained in:
SND\kernelnet_cp
parent
a95075cb6f
commit
4547274ef0
@ -47,7 +47,12 @@ BOOST_PYTHON_MODULE( pykd )
|
|||||||
boost::python::def( "loadBytes", &loadArray<unsigned char> );
|
boost::python::def( "loadBytes", &loadArray<unsigned char> );
|
||||||
boost::python::def( "loadWords", &loadArray<unsigned short> );
|
boost::python::def( "loadWords", &loadArray<unsigned short> );
|
||||||
boost::python::def( "loadDWords", &loadArray<unsigned long> );
|
boost::python::def( "loadDWords", &loadArray<unsigned long> );
|
||||||
boost::python::def( "loadQWords", &loadArray<__int64> );
|
boost::python::def( "loadQWords", &loadArray<unsigned __int64> );
|
||||||
|
boost::python::def( "loadSignBytes", &loadArray<char> );
|
||||||
|
boost::python::def( "loadSignWords", &loadArray<short> );
|
||||||
|
boost::python::def( "loadSignDWords", &loadArray<long> );
|
||||||
|
boost::python::def( "loadSignQWords", &loadArray<__int64> );
|
||||||
|
boost::python::def( "loadPtrs", &loadPtrArray );
|
||||||
boost::python::def( "compareMemory", &compareMemory );
|
boost::python::def( "compareMemory", &compareMemory );
|
||||||
boost::python::class_<typedVarClass>( "typedVarClass" )
|
boost::python::class_<typedVarClass>( "typedVarClass" )
|
||||||
.def("getAddress", &typedVarClass::getAddress );
|
.def("getAddress", &typedVarClass::getAddress );
|
||||||
|
|||||||
@ -3,6 +3,7 @@
|
|||||||
#include "dbgext.h"
|
#include "dbgext.h"
|
||||||
#include "dbgexcept.h"
|
#include "dbgexcept.h"
|
||||||
#include "dbgmem.h"
|
#include "dbgmem.h"
|
||||||
|
#include "dbgsystem.h"
|
||||||
|
|
||||||
using namespace std;
|
using namespace std;
|
||||||
|
|
||||||
@ -87,4 +88,51 @@ compareMemory( ULONG64 addr1, ULONG64 addr2, ULONG length )
|
|||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
///////////////////////////////////////////////////////////////////////////////////
|
||||||
|
|
||||||
|
boost::python::object
|
||||||
|
loadPtrArray( ULONG64 address, ULONG number )
|
||||||
|
{
|
||||||
|
if ( is64bitSystem() )
|
||||||
|
{
|
||||||
|
ULONG64 *buffer = new ULONG64[ number ];
|
||||||
|
|
||||||
|
if ( loadMemory( address, buffer, number*sizeof(ULONG64) ) )
|
||||||
|
{
|
||||||
|
boost::python::dict arr;
|
||||||
|
|
||||||
|
for ( ULONG i = 0; i < number; ++i )
|
||||||
|
arr[i] = buffer[i];
|
||||||
|
|
||||||
|
delete[] buffer;
|
||||||
|
|
||||||
|
return arr;
|
||||||
|
}
|
||||||
|
|
||||||
|
delete[] buffer;
|
||||||
|
|
||||||
|
return boost::python::object();
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
ULONG *buffer = new ULONG[ number ];
|
||||||
|
|
||||||
|
if ( loadMemory( address, buffer, number*sizeof(ULONG) ) )
|
||||||
|
{
|
||||||
|
boost::python::dict arr;
|
||||||
|
|
||||||
|
for ( ULONG i = 0; i < number; ++i )
|
||||||
|
arr[i] = addr64( buffer[i] );
|
||||||
|
|
||||||
|
delete[] buffer;
|
||||||
|
|
||||||
|
return arr;
|
||||||
|
}
|
||||||
|
|
||||||
|
delete[] buffer;
|
||||||
|
|
||||||
|
return boost::python::object();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
///////////////////////////////////////////////////////////////////////////////////
|
///////////////////////////////////////////////////////////////////////////////////
|
||||||
@ -32,6 +32,9 @@ loadArray( ULONG64 address, ULONG number )
|
|||||||
return boost::python::object();
|
return boost::python::object();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
boost::python::object
|
||||||
|
loadPtrArray( ULONG64 address, ULONG number );
|
||||||
|
|
||||||
bool
|
bool
|
||||||
compareMemory( ULONG64 addr1, ULONG64 addr2, ULONG length );
|
compareMemory( ULONG64 addr1, ULONG64 addr2, ULONG length );
|
||||||
|
|
||||||
|
|||||||
@ -7,20 +7,36 @@ def checkSSDT():
|
|||||||
nt = loadModule( "nt" )
|
nt = loadModule( "nt" )
|
||||||
nt.KeServiceDescriptorTable = getOffset( "nt", "KeServiceDescriptorTable" )
|
nt.KeServiceDescriptorTable = getOffset( "nt", "KeServiceDescriptorTable" )
|
||||||
|
|
||||||
serviceTableHeader = loadDWords( nt.KeServiceDescriptorTable, 4 )
|
if is64bitSystem():
|
||||||
serviceTableStart = serviceTableHeader[0]
|
|
||||||
serviceCount = serviceTableHeader[2]
|
serviceTableHeader = loadQWords( nt.KeServiceDescriptorTable, 4 )
|
||||||
|
serviceTableStart = serviceTableHeader[0]
|
||||||
|
serviceCount = serviceTableHeader[2]
|
||||||
|
|
||||||
|
dprintln( "ServiceTable start: %(1)x count: %(2)x" % { "1" : serviceTableStart, "2" : serviceCount } )
|
||||||
|
|
||||||
|
serviceTable = loadSignDWords( serviceTableStart, serviceCount )
|
||||||
|
|
||||||
|
for i in range( 0, serviceCount ):
|
||||||
|
|
||||||
|
routineAddress = serviceTableStart + ( serviceTable[i] / 16 );
|
||||||
|
dprintln( findSymbol( routineAddress ) )
|
||||||
|
|
||||||
|
|
||||||
dprintln( "ServiceTable start: %(1)x count: %(2)x" % { "1" : serviceTableStart, "2" : serviceCount } )
|
else:
|
||||||
|
|
||||||
|
serviceTableHeader = loadDWords( nt.KeServiceDescriptorTable, 4 )
|
||||||
|
serviceTableStart = serviceTableHeader[0]
|
||||||
|
serviceCount = serviceTableHeader[2]
|
||||||
|
|
||||||
serviceTable = loadDWords( serviceTableStart, serviceCount )
|
dprintln( "ServiceTable start: %(1)x count: %(2)x" % { "1" : serviceTableStart, "2" : serviceCount } )
|
||||||
|
|
||||||
|
serviceTable = loadPtrs( serviceTableStart, serviceCount )
|
||||||
for i in range( 0, serviceCount ):
|
|
||||||
dprintln( findSymbol( serviceTable[i] ) )
|
for i in range( 0, serviceCount ):
|
||||||
|
dprintln( findSymbol( serviceTable[i] ) )
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
if __name__ == "__main__":
|
if __name__ == "__main__":
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user