git-svn-id: https://pykd.svn.codeplex.com/svn@57436 9b283d60-5439-405e-af05-b73fd8c4d996

2025-04-20 03:23:23 +08:00 · 2010-11-12 16:10:46 +00:00 · 2010-11-12 16:10:46 +00:00 · 54d2081257
commit 54d2081257
parent 39a14ab66b
4 changed files with 26 additions and 11 deletions
--- a/7
+++ b/7
@ -1,3 +1,10 @@
+version 0.0.10 12/11/2010
+[!] updated: loadUnicodeStr routine returns unicode string ( instead of ansi string )
+[!] bug fixed: issue #7623 ( memory routines failed to work at wow64 application )
+[+] added: windbg snippet displaying list of export for module
+[+] added: loadCStr, loadWStr routine added ( loading c-style string )
+[!] typedVar routine fixed: loading array of complex type 
+
 version 0.0.9 03/11/2010
 [+] added: windbg snippet displaying GDT entries
 [+] added: windbg snippet displaying VMCS structure ( Intel-VT virtualization context )
--- a/pykd/pykd.rc
+++ b/pykd/pykd.rc
@ -53,8 +53,8 @@ END
 //

 VS_VERSION_INFO VERSIONINFO
- FILEVERSION 0,0,9,0
- PRODUCTVERSION 0,0,9,0
+ FILEVERSION 0,0,10,0
+ PRODUCTVERSION 0,0,10,0
 FILEFLAGSMASK 0x17L
 #ifdef _DEBUG
 FILEFLAGS 0x1L
@ -70,11 +70,11 @@ BEGIN
        BLOCK "041904b0"
        BEGIN
            VALUE "FileDescription", "pykd - python extension for windbg"
-            VALUE "FileVersion", "0, 0, 9, 0"
+            VALUE "FileVersion", "0, 0, 10, 0"
            VALUE "InternalName", "pykd"
            VALUE "OriginalFilename", "pykd.dll"
            VALUE "ProductName", "pykd  - python extension for windbg"
-            VALUE "ProductVersion", "0, 0, 9, 0"
+            VALUE "ProductVersion", "0, 0, 10, 0"
        END
    END
    BLOCK "VarFileInfo"
--- a/snippets/export.py
+++ b/snippets/export.py
@ -12,13 +12,21 @@ def export( moduleName, mask = "*" ):
    module = loadModule( moduleName )
    dprintln( "Module: " + moduleName + " base: %x" % module.begin() + " end: %x" % module.end() )

-    dosHeader = typedVar( "nt", "_IMAGE_DOS_HEADER", module.begin() )
+
+    systemModule = loadModule( "nt" )
+
+    if systemModule==None:
+        systemModule = loadModule( "ntdll" ) 	
+
+
+#    dosHeader = typedVar( systemModule.name(), "_IMAGE_DOS_HEADER", module.begin() )
+

    if is64bitSystem():
-        ntHeader = typedVar( "nt", "_IMAGE_NT_HEADERS64", module.begin() + dosHeader.e_lfanew )
+        ntHeader = typedVar( systemModule.name(), "_IMAGE_NT_HEADERS64", module.begin() + ptrDWord( module.begin() + 0x3c ) )
    else:
-        ntHeader = typedVar( "nt", "_IMAGE_NT_HEADERS", module.begin() + dosHeader.e_lfanew )
-    
+        ntHeader = typedVar( systemModule.name(), "_IMAGE_NT_HEADERS", module.begin() + ptrDWord( module.begin() + 0x3c ) )
+

    dprintln( "Export RVA: %x  Size: %x" % ( ntHeader.OptionalHeader.DataDirectory[0].VirtualAddress, ntHeader.OptionalHeader.DataDirectory[0].Size  ) )
    dprintln( "========================" )
--- a/snippets/gdt.py
+++ b/snippets/gdt.py
@ -9,9 +9,9 @@ from pykd import *
 def printGdtEntry( addr ):

    dprintln( "GDT Entry: %x" % addr )
-
+ 
    attr = ptrByte( addr + 5 ) + ( ( ptrByte( addr + 6 ) & 0xF0 ) << 4 )
-
+  
    limit = ptrWord( addr ) + ( ( ptrByte( addr + 6  ) & 0xF ) << 16 )
   
    base = ptrWord( addr + 2 ) + ( ptrByte( addr + 4) << 16 ) + ( ptrByte( addr + 7 ) << 24 )
@ -58,7 +58,7 @@ if __name__ == "__main__":
               printGdtEntry( gdtr + ( reg( s ) & 0xFFF8 ) )
               dprintln("")              
       else:
-           printGdtEntry( gdtr + (  int( sys.argv[0], 16 ) & 0xFFF8 ) )
+           printGdtEntry( gdtr + ( int( sys.argv[0], 16 ) & 0xFFF8 ) )

   elif len( sys.argv )==2:
       printGdtEntry( int( sys.argv[0], 16 ) + ( int( sys.argv[1], 16 ) & 0xFFF8 ) )