zjgcjy/pykd
1
0
Fork 0
mirror of https://github.com/ivellioscolin/pykd.git synced 2025-04-20 03:23:23 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

[+] added: windbg snippet displaying list of export for module

Browse Source 
git-svn-id: https://pykd.svn.codeplex.com/svn@57286 9b283d60-5439-405e-af05-b73fd8c4d996
This commit is contained in:
SND\kernelnet_cp 2010-11-09 09:51:19 +00:00
parent 69e93336d9
commit 5101d95766
1 changed files with 55 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

55
snippets/export.py Normal file
View File

@ -0,0 +1,55 @@
#
#
#
import sys
import fnmatch
from pykd import *
def export( moduleName, mask = "*" ):
module = loadModule( moduleName )
dprintln( "Module: " + moduleName + " base: %x" % module.begin() + " end: %x" % module.end() )
dosHeader = typedVar( "nt", "_IMAGE_DOS_HEADER", module.begin() )
if is64bitSystem():
ntHeader = typedVar( "nt", "_IMAGE_NT_HEADERS64", module.begin() + dosHeader.e_lfanew )
else:
ntHeader = typedVar( "nt", "_IMAGE_NT_HEADERS", module.begin() + dosHeader.e_lfanew )
dprintln( "Export RVA: %x Size: %x" % ( ntHeader.OptionalHeader.DataDirectory[0].VirtualAddress, ntHeader.OptionalHeader.DataDirectory[0].Size ) )
dprintln( "========================" )
exportDirAddr = module.begin() + ntHeader.OptionalHeader.DataDirectory[0].VirtualAddress;
namesCount = ptrDWord( exportDirAddr + 0x18 )
namesRva = module.begin() + ptrDWord( exportDirAddr + 0x20 )
for i in range( 0, namesCount ):
exportName = loadCStr( module.begin() + ptrDWord( namesRva + 4 * i ) )
if fnmatch.fnmatch( exportName, mask ):
dprintln( exportName )
if __name__ == "__main__":
if not isSessionStart():
print "script is launch out of windbg"
quit( 0 )
if len( sys.argv ) == 1:
if sys.argv[0]=="":
dprintln( "module name not found" )
else:
export( sys.argv[0] )
else:
export( sys.argv[0], sys.argv[1] )