From 7220df31bf44c49ab489476db41f9a873318c8ab Mon Sep 17 00:00:00 2001 From: "SND\\EreTIk_cp" Date: Fri, 24 Dec 2010 11:38:48 +0000 Subject: [PATCH] [~] functional printobjtable.py expanded and moved to ntobj.py [~] modules ntobj.py and phidecheck.py moved into snippets git-svn-id: https://pykd.svn.codeplex.com/svn@59149 9b283d60-5439-405e-af05-b73fd8c4d996 --- samples/printobjtable.py | 23 ------------ {samples => snippets}/ntobj.py | 57 ++++++++++++++++++++++++++++- {samples => snippets}/phidecheck.py | 0 3 files changed, 56 insertions(+), 24 deletions(-) delete mode 100644 samples/printobjtable.py rename {samples => snippets}/ntobj.py (69%) rename {samples => snippets}/phidecheck.py (100%) diff --git a/samples/printobjtable.py b/samples/printobjtable.py deleted file mode 100644 index b84403e..0000000 --- a/samples/printobjtable.py +++ /dev/null @@ -1,23 +0,0 @@ -# -# Print content of object table (handle table) -# - -from pykd import * -import ntobj -import sys - - -if __name__ == "__main__": - - if not isSessionStart(): - print "Script is launch out of WinDBG" - quit(0) - - if (2 != len(sys.argv)): - dprintln("Invalid command line") - dprintln("Usage: " + sys.argv[0] + " ") - else: - lstObejcts = ntobj.getListByHandleTable(int(sys.argv[1], 16)) - dprintln("%u objects:" % len(lstObejcts)) - for obj in lstObejcts: - dprintln("obj: %X" % obj + ", type:%X" % ntobj.getType(obj)) diff --git a/samples/ntobj.py b/snippets/ntobj.py similarity index 69% rename from samples/ntobj.py rename to snippets/ntobj.py index a917525..6785b74 100644 --- a/samples/ntobj.py +++ b/snippets/ntobj.py @@ -4,7 +4,7 @@ # To use: # # ntobj.getType(p) -# query object header by object pointer +# query object type by object pointer # # ntobj.getListByHandleTable(pHandleTable, pType=0, bContainHeaders=True) # build object list from handle table @@ -133,3 +133,58 @@ def getListByHandleTable(pHandleTable, pType=0, bContainHeaders=True): dprintln("ERROR: Unknown handle table level: %u" % nTableLevel) return list() + +import sys + +if __name__ == "__main__": + # + # Print content of object table (handle table) + # + # Usage: + # + # !py ntobj [ObjectTableAddr] [ContainHeaders=, by default is True] + # + # Examples: + # + # !py ntobj.py + # Print object table of current process + # + # !py ntobj.py aabbccee + # Print object table by address 0xaabbccee. F.e. address object table + # contained in field ObjectTable structure nt!_EPROCESS + # + # !py ntobj.py eeccbbaa False + # When 0xeeccbbaa is poi(nt!PspCidTable) + # Print all thread and process + # + + def printObjectTable(pObejctTable, bHeaders): + """ + Print content of object table + """ + lstObejcts = getListByHandleTable(pObejctTable, bContainHeaders=bHeaders) + dprintln("%u objects:" % len(lstObejcts)) + for obj in lstObejcts: + dprintln("obj: 0x%X" % obj + " type: 0x%X" % getType(obj)) + + + if not isSessionStart(): + print "Script is launch out of WinDBG" + quit(0) + + argc = len(sys.argv) + if (1 == argc): + process = typedVar("nt", "_EPROCESS", getCurrentProcess()) + printObjectTable(process.ObjectTable, True) + elif (2 == argc): + printObjectTable(int(sys.argv[1], 16), True) + elif (3 == argc): + bHeaders = True + if (sys.argv[2].lower() == "true"): + printObjectTable(int(sys.argv[1], 16), True) + elif (sys.argv[2].lower() == "false"): + printObjectTable(int(sys.argv[1], 16), False) + else: + dprintln("Invalid command line, usage: " + sys.argv[0] + " [ObjectTableAddr] [ContainHeaders=True|False, by default is True]") + else: + dprintln("Invalid command line, usage: " + sys.argv[0] + " [ObjectTableAddr] [ContainHeaders=, by default is True]") diff --git a/samples/phidecheck.py b/snippets/phidecheck.py similarity index 100% rename from samples/phidecheck.py rename to snippets/phidecheck.py