zjgcjy/pykd
1
0
Fork 0
mirror of https://github.com/ivellioscolin/pykd.git synced 2025-04-21 04:13:22 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

git-svn-id: https://pykd.svn.codeplex.com/svn@57436 9b283d60-5439-405e-af05-b73fd8c4d996

Browse Source
This commit is contained in:
SND\kernelnet_cp 2010-11-12 16:10:46 +00:00
parent 39a14ab66b
commit 54d2081257
4 changed files with 26 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
changelog
View File

@ -1,3 +1,10 @@
version 0.0.10 12/11/2010
[!] updated: loadUnicodeStr routine returns unicode string ( instead of ansi string )
[!] bug fixed: issue #7623 ( memory routines failed to work at wow64 application )
[+] added: windbg snippet displaying list of export for module
[+] added: loadCStr, loadWStr routine added ( loading c-style string )
[!] typedVar routine fixed: loading array of complex type
version 0.0.9 03/11/2010 version 0.0.9 03/11/2010
[+] added: windbg snippet displaying GDT entries [+] added: windbg snippet displaying GDT entries
[+] added: windbg snippet displaying VMCS structure ( Intel-VT virtualization context ) [+] added: windbg snippet displaying VMCS structure ( Intel-VT virtualization context )

8
pykd/pykd.rc
View File

@ -53,8 +53,8 @@ END
// //
VS_VERSION_INFO VERSIONINFO VS_VERSION_INFO VERSIONINFO
FILEVERSION 0,0,9,0 FILEVERSION 0,0,10,0
PRODUCTVERSION 0,0,9,0 PRODUCTVERSION 0,0,10,0
FILEFLAGSMASK 0x17L FILEFLAGSMASK 0x17L
#ifdef _DEBUG #ifdef _DEBUG
FILEFLAGS 0x1L FILEFLAGS 0x1L
@ -70,11 +70,11 @@ BEGIN
BLOCK "041904b0" BLOCK "041904b0"
BEGIN BEGIN
VALUE "FileDescription", "pykd - python extension for windbg" VALUE "FileDescription", "pykd - python extension for windbg"
VALUE "FileVersion", "0, 0, 9, 0" VALUE "FileVersion", "0, 0, 10, 0"
VALUE "InternalName", "pykd" VALUE "InternalName", "pykd"
VALUE "OriginalFilename", "pykd.dll" VALUE "OriginalFilename", "pykd.dll"
VALUE "ProductName", "pykd - python extension for windbg" VALUE "ProductName", "pykd - python extension for windbg"
VALUE "ProductVersion", "0, 0, 9, 0" VALUE "ProductVersion", "0, 0, 10, 0"
END END
END END
BLOCK "VarFileInfo" BLOCK "VarFileInfo"

14
snippets/export.py
View File

@ -12,12 +12,20 @@ def export( moduleName, mask = "*" ):
module = loadModule( moduleName ) module = loadModule( moduleName )
dprintln( "Module: " + moduleName + " base: %x" % module.begin() + " end: %x" % module.end() ) dprintln( "Module: " + moduleName + " base: %x" % module.begin() + " end: %x" % module.end() )
dosHeader = typedVar( "nt", "_IMAGE_DOS_HEADER", module.begin() )
systemModule = loadModule( "nt" )
if systemModule==None:
systemModule = loadModule( "ntdll" )
# dosHeader = typedVar( systemModule.name(), "_IMAGE_DOS_HEADER", module.begin() )
if is64bitSystem(): if is64bitSystem():
ntHeader = typedVar( "nt", "_IMAGE_NT_HEADERS64", module.begin() + dosHeader.e_lfanew ) ntHeader = typedVar( systemModule.name(), "_IMAGE_NT_HEADERS64", module.begin() + ptrDWord( module.begin() + 0x3c ) )
else: else:
ntHeader = typedVar( "nt", "_IMAGE_NT_HEADERS", module.begin() + dosHeader.e_lfanew ) ntHeader = typedVar( systemModule.name(), "_IMAGE_NT_HEADERS", module.begin() + ptrDWord( module.begin() + 0x3c ) )
dprintln( "Export RVA: %x Size: %x" % ( ntHeader.OptionalHeader.DataDirectory[0].VirtualAddress, ntHeader.OptionalHeader.DataDirectory[0].Size ) ) dprintln( "Export RVA: %x Size: %x" % ( ntHeader.OptionalHeader.DataDirectory[0].VirtualAddress, ntHeader.OptionalHeader.DataDirectory[0].Size ) )