zjgcjy/pykd
1
0
Fork 0
mirror of https://github.com/ivellioscolin/pykd.git synced 2025-04-21 04:13:22 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

[0.2.x] + module flags: "unloaded" and "user-mode"

Browse Source 
git-svn-id: https://pykd.svn.codeplex.com/svn@83271 9b283d60-5439-405e-af05-b73fd8c4d996
This commit is contained in:
SND\EreTIk_cp 2013-04-09 07:45:00 +00:00 committed by Mikhail I. Izmestev
parent 31d0a615f9
commit 73f824a79e
6 changed files with 84 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pykd/dbgengine.h
View File

@ -48,6 +48,8 @@ ULONG getModuleSize( ULONG64 baseOffset );
std::string getModuleSymbolFileName( ULONG64 baseOffset ); std::string getModuleSymbolFileName( ULONG64 baseOffset );
ULONG getModuleTimeStamp( ULONG64 baseOffset ); ULONG getModuleTimeStamp( ULONG64 baseOffset );
ULONG getModuleCheckSum( ULONG64 baseOffset ); ULONG getModuleCheckSum( ULONG64 baseOffset );
bool isModuleUnloaded( ULONG64 baseOffset );
bool isModuleUserMode( ULONG64 baseOffset );
std::string getModuleVersionInfo( ULONG64 baseOffset, const std::string &value ); std::string getModuleVersionInfo( ULONG64 baseOffset, const std::string &value );
void getModuleFileVersion( ULONG64 baseOffset, USHORT &majorHigh, USHORT &majorLow, USHORT &minorHigh, USHORT &minorLow ); void getModuleFileVersion( ULONG64 baseOffset, USHORT &majorHigh, USHORT &majorLow, USHORT &minorHigh, USHORT &minorLow );

17
pykd/module.cpp
View File

@ -27,10 +27,7 @@ Module::Module(const std::string &moduleName )
{ {
m_base = findModuleBase( moduleName ); m_base = findModuleBase( moduleName );
m_name = moduleName; m_name = moduleName;
m_imageName = getModuleImageName( m_base ); completeConstruct();
m_timeDataStamp = getModuleTimeStamp( m_base );
m_checkSum = getModuleCheckSum( m_base );
m_size = getModuleSize( m_base );
} }
///////////////////////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////////////////////////////
@ -39,10 +36,19 @@ Module::Module(ULONG64 offset )
{ {
m_base = findModuleBase( addr64(offset) ); m_base = findModuleBase( addr64(offset) );
m_name = getModuleName( m_base ); m_name = getModuleName( m_base );
completeConstruct();
}
/////////////////////////////////////////////////////////////////////////////////////
void Module::completeConstruct()
{
m_imageName = getModuleImageName( m_base ); m_imageName = getModuleImageName( m_base );
m_timeDataStamp = getModuleTimeStamp( m_base ); m_timeDataStamp = getModuleTimeStamp( m_base );
m_checkSum = getModuleCheckSum( m_base ); m_checkSum = getModuleCheckSum( m_base );
m_size = getModuleSize( m_base ); m_size = getModuleSize( m_base );
m_unloaded = isModuleUnloaded( m_base );
m_userMode = isModuleUserMode( m_base );
} }
///////////////////////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////////////////////////////
@ -176,7 +182,8 @@ std::string Module::print()
prepareSymbolFile(); prepareSymbolFile();
sstr << "Module: " << m_name << std::endl; sstr << "Module: " << m_name << std::endl;
sstr << "Start: " << std::hex << m_base << " End: " << getEnd() << " Size: " << m_size << std::endl; sstr << "Start: " << std::hex << m_base << " End: " << getEnd() << " Size: " << m_size;
sstr << (m_unloaded ? ", UNLOADED!" : "") << std::endl;
sstr << "Image: " << m_imageName << std::endl; sstr << "Image: " << m_imageName << std::endl;
if ( m_symSession ) if ( m_symSession )
sstr << "Symbols: " << m_symSession->getSymbolFileName() << std::endl; sstr << "Symbols: " << m_symSession->getSymbolFileName() << std::endl;

11
pykd/module.h
View File

@ -80,6 +80,14 @@ public:
return m_timeDataStamp; return m_timeDataStamp;
} }
bool isUnloaded() const {
return m_unloaded;
}
bool isUserMode() const {
return m_userMode;
}
TypeInfoPtr getTypeByName( const std::string &typeName ) { TypeInfoPtr getTypeByName( const std::string &typeName ) {
return TypeInfo::getTypeInfo( boost::static_pointer_cast<Symbol>( getSymScope() ), typeName); return TypeInfo::getTypeInfo( boost::static_pointer_cast<Symbol>( getSymScope() ), typeName);
} }
@ -119,6 +127,7 @@ public:
python::tuple getVersion(); python::tuple getVersion();
private: private:
void completeConstruct(); // call from ctor
ULONG64 prepareVa(ULONG64 addr); ULONG64 prepareVa(ULONG64 addr);
@ -140,6 +149,8 @@ private:
ULONG m_size; ULONG m_size;
ULONG m_timeDataStamp; ULONG m_timeDataStamp;
ULONG m_checkSum; ULONG m_checkSum;
bool m_unloaded;
bool m_userMode;
SymbolSessionPtr m_symSession; SymbolSessionPtr m_symSession;
}; };

8
pykd/python/pymod.cpp
View File

@ -403,10 +403,14 @@ BOOST_PYTHON_MODULE( pykd )
"Return list of tuple ( symbolname, offset )" ) ) "Return list of tuple ( symbolname, offset )" ) )
.def("enumTypes", &Module::enumTypes, Module_enumTypes( python::args("mask"), .def("enumTypes", &Module::enumTypes, Module_enumTypes( python::args("mask"),
"Return list of type's names" )) "Return list of type's names" ))
.def("checksum",&Module::getCheckSum, .def("checksum", &Module::getCheckSum,
"Return a image file checksum: IMAGE_OPTIONAL_HEADER.CheckSum" ) "Return a image file checksum: IMAGE_OPTIONAL_HEADER.CheckSum" )
.def("timestamp",&Module::getTimeDataStamp, .def("timestamp", &Module::getTimeDataStamp,
"Return a low 32 bits of the time stamp of the image: IMAGE_FILE_HEADER.TimeDateStamp" ) "Return a low 32 bits of the time stamp of the image: IMAGE_FILE_HEADER.TimeDateStamp" )
.def("unloaded", &Module::isUnloaded,
"Returns a flag that the module was unloaded")
.def("um", &Module::isUserMode,
"Returns a flag that the module is a user-mode module")
.def("queryVersion", &Module::queryVersion, .def("queryVersion", &Module::queryVersion,
"Return string from the module's version resources" ) "Return string from the module's version resources" )
.def("getVersion", &Module::getVersion, .def("getVersion", &Module::getVersion,

56
pykd/win/dbgmod.cpp
View File

@ -24,7 +24,7 @@ ULONG64 findModuleBase( const std::string &moduleName )
hres = g_dbgEng->symbols->GetModuleByModuleName( moduleName.c_str(), 0, NULL, &base ); hres = g_dbgEng->symbols->GetModuleByModuleName( moduleName.c_str(), 0, NULL, &base );
if ( FAILED( hres ) ) if ( FAILED( hres ) )
throw DbgException( "IDebugSymbol::GetModuleByModuleName failed" ); throw DbgException( "IDebugSymbol::GetModuleByModuleName", hres );
return base; return base;
} }
@ -41,7 +41,7 @@ ULONG64 findModuleBase( ULONG64 offset )
hres = g_dbgEng->symbols->GetModuleByOffset( offset, 0, &moduleIndex, &base ); hres = g_dbgEng->symbols->GetModuleByOffset( offset, 0, &moduleIndex, &base );
if ( FAILED( hres ) ) if ( FAILED( hres ) )
throw DbgException( "IDebugSymbol::GetModuleByOffset failed" ); throw DbgException( "IDebugSymbol::GetModuleByOffset", hres );
return base; return base;
} }
@ -85,7 +85,7 @@ std::string getModuleNameImpl( ULONG64 baseOffset )
NULL ); NULL );
if ( FAILED( hres ) ) if ( FAILED( hres ) )
throw DbgException( "IDebugSymbol::GetModuleNameString failed" ); throw DbgException( "IDebugSymbol::GetModuleNameString", hres );
return std::string( moduleName ); return std::string( moduleName );
} }
@ -117,7 +117,7 @@ std::string getModuleImageName( ULONG64 baseOffset )
NULL ); NULL );
if ( FAILED( hres ) ) if ( FAILED( hres ) )
throw DbgException( "IDebugSymbol::GetModuleNameString failed" ); throw DbgException( "IDebugSymbol::GetModuleNameString", hres );
return std::string( imageName ); return std::string( imageName );
} }
@ -133,7 +133,7 @@ ULONG getModuleSizeImpl( ULONG64 baseOffset )
hres = g_dbgEng->symbols->GetModuleParameters( 1, &baseOffset, 0, &moduleParam ); hres = g_dbgEng->symbols->GetModuleParameters( 1, &baseOffset, 0, &moduleParam );
if ( FAILED( hres ) ) if ( FAILED( hres ) )
throw DbgException( "IDebugSymbol::GetModuleParameters failed" ); throw DbgException( "IDebugSymbol::GetModuleParameters", hres );
return moduleParam.Size; return moduleParam.Size;
} }
@ -168,7 +168,7 @@ std::string getModuleSymbolFileName( ULONG64 baseOffset )
NULL ); NULL );
if ( FAILED( hres ) ) if ( FAILED( hres ) )
throw DbgException( "IDebugAdvanced2::GetSymbolInformation failed" ); throw DbgException( "IDebugAdvanced2::GetSymbolInformation", hres );
if (!*moduleInfo.LoadedPdbName) if (!*moduleInfo.LoadedPdbName)
{ {
@ -177,7 +177,7 @@ std::string getModuleSymbolFileName( ULONG64 baseOffset )
hres = g_dbgEng->symbols->ReloadWide( sstr.str().c_str() ); hres = g_dbgEng->symbols->ReloadWide( sstr.str().c_str() );
if ( FAILED( hres ) ) if ( FAILED( hres ) )
throw DbgException("IDebugSymbols::Reload failed" ); throw DbgException("IDebugSymbols::Reload", hres );
hres = g_dbgEng->advanced->GetSymbolInformation( hres = g_dbgEng->advanced->GetSymbolInformation(
DEBUG_SYMINFO_IMAGEHLP_MODULEW64, DEBUG_SYMINFO_IMAGEHLP_MODULEW64,
@ -191,7 +191,7 @@ std::string getModuleSymbolFileName( ULONG64 baseOffset )
NULL ); NULL );
if ( FAILED( hres ) ) if ( FAILED( hres ) )
throw DbgException( "IDebugAdvanced2::GetSymbolInformation failed" ); throw DbgException( "IDebugAdvanced2::GetSymbolInformation", hres );
} }
char pdbName[ 256 ]; char pdbName[ 256 ];
@ -211,7 +211,7 @@ ULONG getModuleTimeStampImpl( ULONG64 baseOffset )
hres = g_dbgEng->symbols->GetModuleParameters( 1, &baseOffset, 0, &moduleParam ); hres = g_dbgEng->symbols->GetModuleParameters( 1, &baseOffset, 0, &moduleParam );
if ( FAILED( hres ) ) if ( FAILED( hres ) )
throw DbgException( "IDebugSymbol::GetModuleParameters failed" ); throw DbgException( "IDebugSymbol::GetModuleParameters", hres );
return moduleParam.TimeDateStamp; return moduleParam.TimeDateStamp;
} }
@ -236,7 +236,7 @@ ULONG getModuleCheckSumImpl( ULONG64 baseOffset )
hres = g_dbgEng->symbols->GetModuleParameters( 1, &baseOffset, 0, &moduleParam ); hres = g_dbgEng->symbols->GetModuleParameters( 1, &baseOffset, 0, &moduleParam );
if ( FAILED( hres ) ) if ( FAILED( hres ) )
throw DbgException( "IDebugSymbol::GetModuleParameters failed" ); throw DbgException( "IDebugSymbol::GetModuleParameters", hres );
return moduleParam.Checksum; return moduleParam.Checksum;
} }
@ -252,6 +252,36 @@ ULONG getModuleCheckSum( ULONG64 baseOffset )
/////////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////////
namespace {
ULONG getModuleFlags(ULONG64 baseOffset)
{
HRESULT hres;
DEBUG_MODULE_PARAMETERS moduleParam = { 0 };
hres = g_dbgEng->symbols->GetModuleParameters( 1, &baseOffset, 0, &moduleParam );
if ( FAILED( hres ) )
throw DbgException( "IDebugSymbol::GetModuleParameters", hres );
return moduleParam.Flags;
}
}
bool isModuleUnloaded( ULONG64 baseOffset )
{
PyThread_StateRestore pyThreadRestore( g_dbgEng->pystate );
return !!(getModuleFlags(baseOffset) & DEBUG_MODULE_UNLOADED);
}
bool isModuleUserMode( ULONG64 baseOffset )
{
PyThread_StateRestore pyThreadRestore( g_dbgEng->pystate );
return !!(getModuleFlags(baseOffset) & DEBUG_MODULE_USER_MODE);
}
///////////////////////////////////////////////////////////////////////////////
void getModuleFileVersion( ULONG64 baseOffset, USHORT &majorHigh, USHORT &majorLow, USHORT &minorHigh, USHORT &minorLow ) void getModuleFileVersion( ULONG64 baseOffset, USHORT &majorHigh, USHORT &majorLow, USHORT &minorHigh, USHORT &minorLow )
{ {
PyThread_StateRestore pyThreadRestore( g_dbgEng->pystate ); PyThread_StateRestore pyThreadRestore( g_dbgEng->pystate );
@ -269,7 +299,7 @@ void getModuleFileVersion( ULONG64 baseOffset, USHORT &majorHigh, USHORT &majorL
NULL ); NULL );
if ( FAILED( hres ) ) if ( FAILED( hres ) )
throw DbgException( "IDebugSymbol2::GetModuleVersionInformation failed" ); throw DbgException( "IDebugSymbol2::GetModuleVersionInformation", hres );
majorHigh = HIWORD(fileInfo.dwFileVersionMS); majorHigh = HIWORD(fileInfo.dwFileVersionMS);
majorLow = LOWORD(fileInfo.dwFileVersionMS); majorLow = LOWORD(fileInfo.dwFileVersionMS);
@ -301,7 +331,7 @@ std::string getModuleVersionInfo( ULONG64 baseOffset, const std::string &value )
&codePagesSize ); &codePagesSize );
if ( FAILED( hres ) ) if ( FAILED( hres ) )
throw DbgException( "IDebugSymbol2::GetModuleVersionInformation failed" ); throw DbgException( "IDebugSymbol2::GetModuleVersionInformation", hres );
size_t codePageNum = codePagesSize / sizeof(LANGANDCODEPAGE); size_t codePageNum = codePagesSize / sizeof(LANGANDCODEPAGE);
@ -316,7 +346,7 @@ std::string getModuleVersionInfo( ULONG64 baseOffset, const std::string &value )
NULL ); NULL );
if ( FAILED( hres ) ) if ( FAILED( hres ) )
throw DbgException( "IDebugSymbol2::GetModuleVersionInformation failed" ); throw DbgException( "IDebugSymbol2::GetModuleVersionInformation", hres );
ULONG productNameLength = 0; ULONG productNameLength = 0;

4
test/scripts/moduletest.py
View File

@ -13,6 +13,10 @@ class ModuleTest( unittest.TestCase ):
self.assertEqual( target.module.name(), pykd.module(target.module.begin() ).name() ) self.assertEqual( target.module.name(), pykd.module(target.module.begin() ).name() )
self.assertEqual( target.module.name(), pykd.module(target.module.name() ).name() ) self.assertEqual( target.module.name(), pykd.module(target.module.name() ).name() )
def testMiscellaneous( self ):
self.assertFalse( target.module.unloaded() )
self.assertTrue( target.module.um() )
def testName( self ): def testName( self ):
self.assertEqual( target.moduleName, target.module.name() ) self.assertEqual( target.moduleName, target.module.name() )