mirror of
https://github.com/ivellioscolin/pykd.git
synced 2025-04-21 04:13:22 +08:00
[+] added : getCurrentPorcess, setCurrentProcess routines
git-svn-id: https://pykd.svn.codeplex.com/svn@58080 9b283d60-5439-405e-af05-b73fd8c4d996
This commit is contained in:
SND\kernelnet_cp
parent
a5fd4481fe
commit
470e376d73
@ -135,6 +135,8 @@ BOOST_PYTHON_MODULE( pykd )
|
|||||||
boost::python::def( "getImplicitThread", &getImplicitThread );
|
boost::python::def( "getImplicitThread", &getImplicitThread );
|
||||||
boost::python::def( "setImplicitThread", &setImplicitThread );
|
boost::python::def( "setImplicitThread", &setImplicitThread );
|
||||||
boost::python::def( "getThreadList", &getThreadList );
|
boost::python::def( "getThreadList", &getThreadList );
|
||||||
|
boost::python::def( "getCurrentProcess", &getCurrentProcess );
|
||||||
|
boost::python::def( "setCurrentProcess", &setCurrentProcess );
|
||||||
boost::python::def( "getProcessorMode", &getProcessorMode );
|
boost::python::def( "getProcessorMode", &getProcessorMode );
|
||||||
boost::python::def( "setProcessorMode", &setProcessorMode );
|
boost::python::def( "setProcessorMode", &setProcessorMode );
|
||||||
boost::python::class_<typedVarClass>( "typedVarClass" )
|
boost::python::class_<typedVarClass>( "typedVarClass" )
|
||||||
|
|||||||
@ -252,3 +252,55 @@ setProcessorMode(
|
|||||||
}
|
}
|
||||||
|
|
||||||
/////////////////////////////////////////////////////////////////////////////////
|
/////////////////////////////////////////////////////////////////////////////////
|
||||||
|
|
||||||
|
ULONG64
|
||||||
|
getCurrentProcess()
|
||||||
|
{
|
||||||
|
HRESULT hres;
|
||||||
|
|
||||||
|
try {
|
||||||
|
|
||||||
|
ULONG64 processAddr = 0;
|
||||||
|
hres = dbgExt->system2->GetImplicitProcessDataOffset( &processAddr );
|
||||||
|
if ( FAILED( hres ) )
|
||||||
|
throw DbgException( "IDebugSystemObjects2::GetImplicitProcessDataOffset failed" );
|
||||||
|
|
||||||
|
return processAddr;
|
||||||
|
}
|
||||||
|
catch( std::exception &e )
|
||||||
|
{
|
||||||
|
dbgExt->control->Output( DEBUG_OUTPUT_ERROR, "pykd error: %s\n", e.what() );
|
||||||
|
}
|
||||||
|
catch(...)
|
||||||
|
{
|
||||||
|
dbgExt->control->Output( DEBUG_OUTPUT_ERROR, "pykd unexpected error\n" );
|
||||||
|
}
|
||||||
|
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
/////////////////////////////////////////////////////////////////////////////////
|
||||||
|
|
||||||
|
VOID
|
||||||
|
setCurrentProcess(
|
||||||
|
ULONG64 processAddr )
|
||||||
|
{
|
||||||
|
HRESULT hres;
|
||||||
|
|
||||||
|
try {
|
||||||
|
|
||||||
|
hres = dbgExt->system2->SetImplicitProcessDataOffset( processAddr );
|
||||||
|
if ( FAILED( hres ) )
|
||||||
|
throw DbgException( "IDebugSystemObjects2::SetImplicitProcessDataOffset failed" );
|
||||||
|
}
|
||||||
|
catch( std::exception &e )
|
||||||
|
{
|
||||||
|
dbgExt->control->Output( DEBUG_OUTPUT_ERROR, "pykd error: %s\n", e.what() );
|
||||||
|
}
|
||||||
|
catch(...)
|
||||||
|
{
|
||||||
|
dbgExt->control->Output( DEBUG_OUTPUT_ERROR, "pykd unexpected error\n" );
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/////////////////////////////////////////////////////////////////////////////////
|
||||||
@ -16,7 +16,6 @@ setImplicitThread(
|
|||||||
ULONG64
|
ULONG64
|
||||||
getImplicitThread();
|
getImplicitThread();
|
||||||
|
|
||||||
|
|
||||||
boost::python::object
|
boost::python::object
|
||||||
getCurrentStack();
|
getCurrentStack();
|
||||||
|
|
||||||
@ -42,4 +41,11 @@ void
|
|||||||
setProcessorMode(
|
setProcessorMode(
|
||||||
const std::string &mode );
|
const std::string &mode );
|
||||||
|
|
||||||
|
ULONG64
|
||||||
|
getCurrentProcess();
|
||||||
|
|
||||||
|
VOID
|
||||||
|
setCurrentProcess(
|
||||||
|
ULONG64 processAddr );
|
||||||
|
|
||||||
/////////////////////////////////////////////////////////////////////////////////
|
/////////////////////////////////////////////////////////////////////////////////
|
||||||
@ -4,20 +4,54 @@ from pykd import *
|
|||||||
|
|
||||||
def printStack():
|
def printStack():
|
||||||
|
|
||||||
threadList = getThreadList()
|
|
||||||
|
|
||||||
oldMode = getProcessorMode()
|
def printThreadStack( threadPtr ):
|
||||||
|
|
||||||
if oldMode == "X64" and loadModule( "wow64" ) != None:
|
|
||||||
setProcessorMode("X86")
|
|
||||||
|
|
||||||
for threadPtr in threadList:
|
|
||||||
setImplicitThread( threadPtr )
|
setImplicitThread( threadPtr )
|
||||||
stackFrames = getCurrentStack()
|
stackFrames = getCurrentStack()
|
||||||
for frame in stackFrames: dprintln( findSymbol( frame.instructionOffset ) + " (%x)" % frame.instructionOffset )
|
for frame in stackFrames: dprintln( findSymbol( frame.instructionOffset ) + " (%x)" % frame.instructionOffset )
|
||||||
dprintln("")
|
dprintln("")
|
||||||
|
|
||||||
setProcessorMode(oldMode)
|
|
||||||
|
|
||||||
|
def printUserStack():
|
||||||
|
|
||||||
|
threadList = getThreadList()
|
||||||
|
|
||||||
|
oldMode = getProcessorMode()
|
||||||
|
|
||||||
|
if oldMode == "X64" and loadModule( "wow64" ) != None:
|
||||||
|
setProcessorMode("X86")
|
||||||
|
|
||||||
|
for threadPtr in threadList:
|
||||||
|
printThreadStack( threadPtr )
|
||||||
|
|
||||||
|
setProcessorMode(oldMode)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
def printKernelStack():
|
||||||
|
|
||||||
|
process = typedVar( "nt", "_EPROCESS", getCurrentProcess() )
|
||||||
|
|
||||||
|
threadList = typedVarList( process.ThreadListHead.getAddress(), "nt", "_ETHREAD", "ThreadListEntry" )
|
||||||
|
|
||||||
|
oldMode = getProcessorMode()
|
||||||
|
|
||||||
|
if is64bitSystem() and process.Wow64Process != 0:
|
||||||
|
setProcessorMode("X86")
|
||||||
|
|
||||||
|
for thread in threadList:
|
||||||
|
printThreadStack( thread.getAddress() )
|
||||||
|
|
||||||
|
setProcessorMode(oldMode)
|
||||||
|
|
||||||
|
|
||||||
|
if isKernelDebugging():
|
||||||
|
printKernelStack()
|
||||||
|
else:
|
||||||
|
printUserStack()
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
if __name__ == "__main__":
|
if __name__ == "__main__":
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user