From 54d208125799df0ef16eb08d067edc96a47ff1bc Mon Sep 17 00:00:00 2001 From: "SND\\kernelnet_cp" Date: Fri, 12 Nov 2010 16:10:46 +0000 Subject: [PATCH] git-svn-id: https://pykd.svn.codeplex.com/svn@57436 9b283d60-5439-405e-af05-b73fd8c4d996 --- changelog | 7 +++++++ pykd/pykd.rc | 8 ++++---- snippets/export.py | 16 ++++++++++++---- snippets/gdt.py | 6 +++--- 4 files changed, 26 insertions(+), 11 deletions(-) diff --git a/changelog b/changelog index 0369638..6eb03f6 100644 --- a/changelog +++ b/changelog @@ -1,3 +1,10 @@ +version 0.0.10 12/11/2010 +[!] updated: loadUnicodeStr routine returns unicode string ( instead of ansi string ) +[!] bug fixed: issue #7623 ( memory routines failed to work at wow64 application ) +[+] added: windbg snippet displaying list of export for module +[+] added: loadCStr, loadWStr routine added ( loading c-style string ) +[!] typedVar routine fixed: loading array of complex type + version 0.0.9 03/11/2010 [+] added: windbg snippet displaying GDT entries [+] added: windbg snippet displaying VMCS structure ( Intel-VT virtualization context ) diff --git a/pykd/pykd.rc b/pykd/pykd.rc index 177f43e..92672f5 100644 --- a/pykd/pykd.rc +++ b/pykd/pykd.rc @@ -53,8 +53,8 @@ END // VS_VERSION_INFO VERSIONINFO - FILEVERSION 0,0,9,0 - PRODUCTVERSION 0,0,9,0 + FILEVERSION 0,0,10,0 + PRODUCTVERSION 0,0,10,0 FILEFLAGSMASK 0x17L #ifdef _DEBUG FILEFLAGS 0x1L @@ -70,11 +70,11 @@ BEGIN BLOCK "041904b0" BEGIN VALUE "FileDescription", "pykd - python extension for windbg" - VALUE "FileVersion", "0, 0, 9, 0" + VALUE "FileVersion", "0, 0, 10, 0" VALUE "InternalName", "pykd" VALUE "OriginalFilename", "pykd.dll" VALUE "ProductName", "pykd - python extension for windbg" - VALUE "ProductVersion", "0, 0, 9, 0" + VALUE "ProductVersion", "0, 0, 10, 0" END END BLOCK "VarFileInfo" diff --git a/snippets/export.py b/snippets/export.py index a48e1df..74f0af6 100644 --- a/snippets/export.py +++ b/snippets/export.py @@ -12,13 +12,21 @@ def export( moduleName, mask = "*" ): module = loadModule( moduleName ) dprintln( "Module: " + moduleName + " base: %x" % module.begin() + " end: %x" % module.end() ) - dosHeader = typedVar( "nt", "_IMAGE_DOS_HEADER", module.begin() ) + + systemModule = loadModule( "nt" ) + + if systemModule==None: + systemModule = loadModule( "ntdll" ) + + +# dosHeader = typedVar( systemModule.name(), "_IMAGE_DOS_HEADER", module.begin() ) + if is64bitSystem(): - ntHeader = typedVar( "nt", "_IMAGE_NT_HEADERS64", module.begin() + dosHeader.e_lfanew ) + ntHeader = typedVar( systemModule.name(), "_IMAGE_NT_HEADERS64", module.begin() + ptrDWord( module.begin() + 0x3c ) ) else: - ntHeader = typedVar( "nt", "_IMAGE_NT_HEADERS", module.begin() + dosHeader.e_lfanew ) - + ntHeader = typedVar( systemModule.name(), "_IMAGE_NT_HEADERS", module.begin() + ptrDWord( module.begin() + 0x3c ) ) + dprintln( "Export RVA: %x Size: %x" % ( ntHeader.OptionalHeader.DataDirectory[0].VirtualAddress, ntHeader.OptionalHeader.DataDirectory[0].Size ) ) dprintln( "========================" ) diff --git a/snippets/gdt.py b/snippets/gdt.py index ec74716..33d2e48 100644 --- a/snippets/gdt.py +++ b/snippets/gdt.py @@ -9,9 +9,9 @@ from pykd import * def printGdtEntry( addr ): dprintln( "GDT Entry: %x" % addr ) - + attr = ptrByte( addr + 5 ) + ( ( ptrByte( addr + 6 ) & 0xF0 ) << 4 ) - + limit = ptrWord( addr ) + ( ( ptrByte( addr + 6 ) & 0xF ) << 16 ) base = ptrWord( addr + 2 ) + ( ptrByte( addr + 4) << 16 ) + ( ptrByte( addr + 7 ) << 24 ) @@ -58,7 +58,7 @@ if __name__ == "__main__": printGdtEntry( gdtr + ( reg( s ) & 0xFFF8 ) ) dprintln("") else: - printGdtEntry( gdtr + ( int( sys.argv[0], 16 ) & 0xFFF8 ) ) + printGdtEntry( gdtr + ( int( sys.argv[0], 16 ) & 0xFFF8 ) ) elif len( sys.argv )==2: printGdtEntry( int( sys.argv[0], 16 ) + ( int( sys.argv[1], 16 ) & 0xFFF8 ) )