zjgcjy/pykd
1
0
Fork 0
mirror of https://github.com/ivellioscolin/pykd.git synced 2025-04-20 03:23:23 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

[~] functional printobjtable.py expanded and moved to ntobj.py

Browse Source 
[~] modules ntobj.py and phidecheck.py moved into snippets

git-svn-id: https://pykd.svn.codeplex.com/svn@59149 9b283d60-5439-405e-af05-b73fd8c4d996
This commit is contained in:
SND\EreTIk_cp 2010-12-24 11:38:48 +00:00
parent d766568252
commit 7220df31bf
3 changed files with 56 additions and 24 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
samples/printobjtable.py
View File

@ -1,23 +0,0 @@
#
# Print content of object table (handle table)
#
from pykd import *
import ntobj
import sys
if __name__ == "__main__":
if not isSessionStart():
print "Script is launch out of WinDBG"
quit(0)
if (2 != len(sys.argv)):
dprintln("Invalid command line")
dprintln("Usage: " + sys.argv[0] + " <ObjectTableAddr>")
else:
lstObejcts = ntobj.getListByHandleTable(int(sys.argv[1], 16))
dprintln("%u objects:" % len(lstObejcts))
for obj in lstObejcts:
dprintln("obj: %X" % obj + ", type:%X" % ntobj.getType(obj))

57
samples/ntobj.py → snippets/ntobj.py
View File

@ -4,7 +4,7 @@
# To use: # To use:
# #
# ntobj.getType(p) # ntobj.getType(p)
# query object header by object pointer # query object type by object pointer
# #
# ntobj.getListByHandleTable(pHandleTable, pType=0, bContainHeaders=True) # ntobj.getListByHandleTable(pHandleTable, pType=0, bContainHeaders=True)
# build object list from handle table # build object list from handle table
@ -133,3 +133,58 @@ def getListByHandleTable(pHandleTable, pType=0, bContainHeaders=True):
dprintln("ERROR: Unknown handle table level: %u" % nTableLevel) dprintln("ERROR: Unknown handle table level: %u" % nTableLevel)
return list() return list()
import sys
if __name__ == "__main__":
#
# Print content of object table (handle table)
#
# Usage:
#
# !py ntobj [ObjectTableAddr] [ContainHeaders=<True|False>, by default is True]
#
# Examples:
#
# !py ntobj.py
# Print object table of current process
#
# !py ntobj.py aabbccee
# Print object table by address 0xaabbccee. F.e. address object table
# contained in field ObjectTable structure nt!_EPROCESS
#
# !py ntobj.py eeccbbaa False
# When 0xeeccbbaa is poi(nt!PspCidTable)
# Print all thread and process
#
def printObjectTable(pObejctTable, bHeaders):
"""
Print content of object table
"""
lstObejcts = getListByHandleTable(pObejctTable, bContainHeaders=bHeaders)
dprintln("%u objects:" % len(lstObejcts))
for obj in lstObejcts:
dprintln("obj: 0x%X" % obj + " type: 0x%X" % getType(obj))
if not isSessionStart():
print "Script is launch out of WinDBG"
quit(0)
argc = len(sys.argv)
if (1 == argc):
process = typedVar("nt", "_EPROCESS", getCurrentProcess())
printObjectTable(process.ObjectTable, True)
elif (2 == argc):
printObjectTable(int(sys.argv[1], 16), True)
elif (3 == argc):
bHeaders = True
if (sys.argv[2].lower() == "true"):
printObjectTable(int(sys.argv[1], 16), True)
elif (sys.argv[2].lower() == "false"):
printObjectTable(int(sys.argv[1], 16), False)
else:
dprintln("Invalid command line, usage: " + sys.argv[0] + " [ObjectTableAddr] [ContainHeaders=True|False, by default is True]")
else:
dprintln("Invalid command line, usage: " + sys.argv[0] + " [ObjectTableAddr] [ContainHeaders=<True|False>, by default is True]")

0
samples/phidecheck.py → snippets/phidecheck.py
View File