From 74d6b77576211ac6c6f7a054732b8ec4d7c23f12 Mon Sep 17 00:00:00 2001 From: "SND\\kernelnet_cp" Date: Tue, 18 Dec 2012 07:36:32 +0000 Subject: [PATCH] [0.2.x] added : routines findMemoryRegion, getVaProtect git-svn-id: https://pykd.svn.codeplex.com/svn@81875 9b283d60-5439-405e-af05-b73fd8c4d996 --- pykd/dbgmem.cpp | 770 +------------------------------------------- pykd/dbgmem.h | 141 +------- pykd/pykdver.h | 2 +- pykd/pymod.cpp | 5 + pykd/win/memory.cpp | 46 +++ 5 files changed, 65 insertions(+), 899 deletions(-) diff --git a/pykd/dbgmem.cpp b/pykd/dbgmem.cpp index 22f13c9..a367572 100644 --- a/pykd/dbgmem.cpp +++ b/pykd/dbgmem.cpp @@ -1,7 +1,6 @@ #include "stdafx.h" #include "dbgengine.h" - namespace pykd { ///////////////////////////////////////////////////////////////////////////////////// @@ -346,765 +345,14 @@ std::string loadAnsiStr( ULONG64 offset ) ///////////////////////////////////////////////////////////////////////////////////// +python::tuple findMemoryRegionPy( ULONG64 beginOffset ) +{ + ULONG64 startOffset, length; + findMemoryRegion( beginOffset, &startOffset, &length ); + return python::make_tuple( startOffset, length ); +} + +///////////////////////////////////////////////////////////////////////////////////// + }; // end pykd namespace - - - - - - - - - - - - - - - - - -//#include "dbgclient.h" -//#include "dbgexcept.h" -// -//namespace pykd { -// -/////////////////////////////////////////////////////////////////////////////////////// -// -//template -//struct PyListType -//{ -// typedef T ElementType; -//}; -// -//template<> -//struct PyListType -//{ -// typedef int ElementType; -//}; -// -//template -//python::list -//DebugClient::loadArray( ULONG64 offset, ULONG count, bool phyAddr ) -//{ -// std::vector buffer(count); -// -// if (count) -// readMemory( m_dataSpaces, offset, &buffer[0], count*sizeof(T), phyAddr ); -// -// python::list lst; -// -// for( ULONG i = 0; i < count; ++i ) -// lst.append( static_cast::ElementType> (buffer[i]) ); -// -// return lst; -//} -// -/////////////////////////////////////////////////////////////////////////////////////// -// -//ULONG64 -//addr64( IDebugControl4* dbgControl, ULONG64 addr) -//{ -// HRESULT hres; -// -// ULONG processorMode; -// hres = dbgControl->GetActualProcessorType( &processorMode ); -// if ( FAILED( hres ) ) -// throw DbgException( "IDebugControl::GetEffectiveProcessorType failed" ); -// -// switch( processorMode ) -// { -// case IMAGE_FILE_MACHINE_I386: -// if ( *( (ULONG*)&addr + 1 ) == 0 ) -// return (ULONG64)(LONG)addr; -// -// case IMAGE_FILE_MACHINE_AMD64: -// break; -// -// default: -// throw DbgException( "Unknown processor type" ); -// break; -// } -// -// return addr; -//} -// -// -//ULONG64 -//DebugClient::addr64( ULONG64 addr ) -//{ -// return pykd::addr64( m_control, addr ); -//} -// -//ULONG64 -//addr64( ULONG64 addr) -//{ -// return g_dbgClient->addr64( addr ); -//} -// -/////////////////////////////////////////////////////////////////////////////////////// -// -//bool DebugClient::isVaValid( ULONG64 addr ) -//{ -// HRESULT hres; -// ULONG offsetInfo; -// -// hres = -// m_dataSpaces->GetOffsetInformation( -// DEBUG_DATA_SPACE_VIRTUAL, -// DEBUG_OFFSINFO_VIRTUAL_SOURCE, -// addr, -// &offsetInfo, -// sizeof( offsetInfo ), -// NULL ); -// -// if ( FAILED( hres ) ) -// throw DbgException( "IDebugDataSpace4::GetOffsetInformation failed" ); -// -// return offsetInfo != DEBUG_VSOURCE_INVALID; -//} -// -//bool isVaValid( ULONG64 addr ) -//{ -// return g_dbgClient->isVaValid( addr ); -//} -// -/////////////////////////////////////////////////////////////////////////////////////// -// -//HRESULT readVirtual( -// IDebugDataSpaces4 *dbgDataSpace, -// ULONG64 address, -// PVOID buffer, -// ULONG length, -// PULONG readed -//) -//{ -// HRESULT hres; -// -// CComQIPtr dbgControl(dbgDataSpace); -// -// address = addr64( dbgControl, address); -// -// { -// // workitem/10473 workaround -// ULONG64 nextAddress; -// hres = -// dbgDataSpace->GetNextDifferentlyValidOffsetVirtual( -// address, -// &nextAddress); -// DBG_UNREFERENCED_LOCAL_VARIABLE(nextAddress); -// } -// -// hres = dbgDataSpace->ReadVirtual( address, buffer, length, readed ); -// -// return hres; -//} -// -/////////////////////////////////////////////////////////////////////////////////////// -// -//void -//readMemory( IDebugDataSpaces4* dbgDataSpace, ULONG64 address, PVOID buffer, ULONG length, bool phyAddr = FALSE ) -//{ -// HRESULT hres; -// -// if ( phyAddr == false ) -// { -// hres = readVirtual( dbgDataSpace, address, buffer, length, NULL ); -// } -// else -// { -// hres = dbgDataSpace->ReadPhysical( address, buffer, length, NULL ); -// } -// -// if ( FAILED( hres ) ) -// throw MemoryException( address, phyAddr ); -//} -// -/////////////////////////////////////////////////////////////////////////////////////// -// -//void -//readMemoryPtr( IDebugDataSpaces4* dbgDataSpace, ULONG64 address, PULONG64 ptrValue ) -//{ -// HRESULT hres; -// -// CComQIPtr dbgControl(dbgDataSpace); -// -// hres = dbgDataSpace->ReadPointersVirtual( 1, addr64( dbgControl, address), ptrValue ); -// -// if ( FAILED( hres ) ) -// throw MemoryException( address, false ); -//} -// -/////////////////////////////////////////////////////////////////////////////////////// -// -//bool compareMemoryRange( IDebugDataSpaces4* dbgDataSpace, ULONG64 addr1, ULONG64 addr2, ULONG length, bool phyAddr ) -//{ -// bool result = false; -// -// CComQIPtr dbgControl(dbgDataSpace); -// -// addr1 = addr64( addr1 ); -// addr2 = addr64( addr2 ); -// -// std::vector m1(length); -// std::vector m2(length); -// -// readMemory( dbgDataSpace, addr64( dbgControl, addr1), &m1[0], length, phyAddr ); -// readMemory( dbgDataSpace, addr64( dbgControl, addr2), &m2[0], length, phyAddr ); -// -// return std::equal( m1.begin(), m1.end(), m2.begin() ); -//} -// -/////////////////////////////////////////////////////////////////////////////////////// -// -//std::string DebugClient::loadChars( ULONG64 address, ULONG number, bool phyAddr ) -//{ -// std::vector buffer(number); -// -// ULONG bufferSize = (ULONG)( sizeof(std::vector::value_type)*buffer.size() ); -// -// if (number) -// readMemory( m_dataSpaces, address, &buffer[0], bufferSize, phyAddr ); -// -// return std::string( buffer.begin(), buffer.end() ); -//} -// -//std::string loadChars( ULONG64 address, ULONG number, bool phyAddr ) -//{ -// return g_dbgClient->loadChars( address, number, phyAddr ); -//} -// -/////////////////////////////////////////////////////////////////////////////////////// -// -//std::wstring DebugClient::loadWChars( ULONG64 address, ULONG number, bool phyAddr ) -//{ -// std::vector buffer(number); -// -// ULONG bufferSize = (ULONG)( sizeof(std::vector::value_type)*buffer.size() ); -// -// if (number) -// readMemory( m_dataSpaces, address, &buffer[0], bufferSize, phyAddr ); -// -// return std::wstring( buffer.begin(), buffer.end() ); -//} -// -//std::wstring loadWChars( ULONG64 address, ULONG number, bool phyAddr ) -//{ -// return g_dbgClient->loadWChars( address, number, phyAddr ); -//} -// -/////////////////////////////////////////////////////////////////////////////////////// -// -//std::string DebugClient::loadCStr( ULONG64 address ) -//{ -// const size_t maxLength = 0x10000; -// -// address = addr64( address ); -// -// ULONG strLength = 0; -// -// HRESULT hres = -// m_dataSpaces->ReadMultiByteStringVirtual( -// address, -// maxLength, -// NULL, -// 0, -// &strLength ); -// -// if ( FAILED( hres ) ) -// throw MemoryException( address ); -// -// std::vector buffer(strLength); -// -// hres = -// m_dataSpaces->ReadMultiByteStringVirtual( -// address, -// strLength, -// &buffer[0], -// strLength, -// NULL ); -// -// if ( FAILED( hres ) ) -// throw MemoryException( address ); -// -// return std::string( &buffer[0] ); -//} -// -//std::string loadCStr( ULONG64 offset ) -//{ -// return g_dbgClient->loadCStr( offset ); -//} -// -/////////////////////////////////////////////////////////////////////////////////////// -// -//std::wstring DebugClient::loadWStr( ULONG64 address ) -//{ -// const size_t maxLength = 0x10000; -// -// address = addr64( address ); -// -// ULONG strLength = 0; -// -// HRESULT hres = -// m_dataSpaces->ReadUnicodeStringVirtualWide( -// address, -// maxLength, -// NULL, -// 0, -// &strLength ); -// -// std::vector buffer(strLength); -// -// hres = -// m_dataSpaces->ReadUnicodeStringVirtualWide( -// address, -// strLength, -// &buffer[0], -// strLength, -// NULL ); -// -// if ( FAILED( hres ) ) -// throw MemoryException( address ); -// -// return std::wstring( &buffer[0] ); -//} -// -//std::wstring loadWStr( ULONG64 offset ) -//{ -// return g_dbgClient->loadWStr( offset ); -//} -// -/////////////////////////////////////////////////////////////////////////////////////// -// -//python::list DebugClient::loadBytes( ULONG64 offset, ULONG count, bool phyAddr ) -//{ -// return loadArray( offset, count, phyAddr ); -//} -// -//python::list loadBytes( ULONG64 offset, ULONG count, bool phyAddr ) -//{ -// return g_dbgClient->loadBytes( offset, count, phyAddr ); -//} -// -/////////////////////////////////////////////////////////////////////////////////////// -// -//python::list DebugClient::loadWords( ULONG64 offset, ULONG count, bool phyAddr ) -//{ -// return loadArray( offset, count, phyAddr ); -//} -// -//python::list loadWords( ULONG64 offset, ULONG count, bool phyAddr ) -//{ -// return g_dbgClient->loadWords( offset, count, phyAddr ); -//} -// -/////////////////////////////////////////////////////////////////////////////////////// -// -//python::list DebugClient::loadDWords( ULONG64 offset, ULONG count, bool phyAddr ) -//{ -// return loadArray( offset, count, phyAddr ); -//} -// -//python::list loadDWords( ULONG64 offset, ULONG count, bool phyAddr ) -//{ -// return g_dbgClient->loadDWords( offset, count, phyAddr ); -//} -// -/////////////////////////////////////////////////////////////////////////////////////// -// -//python::list DebugClient::loadQWords( ULONG64 offset, ULONG count, bool phyAddr ) -//{ -// return loadArray( offset, count, phyAddr ); -//} -// -//python::list loadQWords( ULONG64 offset, ULONG count, bool phyAddr ) -//{ -// return g_dbgClient->loadQWords( offset, count, phyAddr ); -//} -// -/////////////////////////////////////////////////////////////////////////////////////// -// -//python::list DebugClient::loadSignBytes( ULONG64 offset, ULONG count, bool phyAddr ) -//{ -// return loadArray( offset, count, phyAddr ); -//} -// -//python::list loadSignBytes( ULONG64 offset, ULONG count, bool phyAddr ) -//{ -// return g_dbgClient->loadSignBytes( offset, count, phyAddr ); -//} -// -/////////////////////////////////////////////////////////////////////////////////////// -// -//python::list DebugClient::loadSignWords( ULONG64 offset, ULONG count, bool phyAddr ) -//{ -// return loadArray( offset, count, phyAddr ); -//} -// -//python::list loadSignWords( ULONG64 offset, ULONG count, bool phyAddr ) -//{ -// return g_dbgClient->loadSignWords( offset, count, phyAddr ); -//} -// -/////////////////////////////////////////////////////////////////////////////////////// -// -//python::list DebugClient::loadSignDWords( ULONG64 offset, ULONG count, bool phyAddr ) -//{ -// return loadArray( offset, count, phyAddr ); -//} -// -//python::list loadSignDWords( ULONG64 offset, ULONG count, bool phyAddr ) -//{ -// return g_dbgClient->loadSignDWords( offset, count, phyAddr ); -//} -// -/////////////////////////////////////////////////////////////////////////////////////// -// -//python::list DebugClient::loadSignQWords( ULONG64 offset, ULONG count, bool phyAddr ) -//{ -// return loadArray<__int64>( offset, count, phyAddr ); -//} -// -//python::list loadSignQWords( ULONG64 offset, ULONG count, bool phyAddr ) -//{ -// return g_dbgClient->loadSignQWords( offset, count, phyAddr ); -//} -// -/////////////////////////////////////////////////////////////////////////////////////// -// -//ULONG64 DebugClient::ptrByte( ULONG64 offset ) -//{ -// unsigned char val = 0; -// -// readMemory( m_dataSpaces, offset, &val, sizeof(val), false ); -// -// return val; -//} -// -//ULONG64 ptrByte( ULONG64 offset ) -//{ -// return g_dbgClient->ptrByte( offset ); -//} -// -/////////////////////////////////////////////////////////////////////////////////////// -// -//ULONG64 DebugClient::ptrWord( ULONG64 offset ) -//{ -// unsigned short val = 0; -// -// readMemory( m_dataSpaces, offset, &val, sizeof(val), false ); -// -// return val; -//} -// -//ULONG64 ptrWord( ULONG64 offset ) -//{ -// return g_dbgClient->ptrWord( offset ); -//} -// -/////////////////////////////////////////////////////////////////////////////////////// -// -//ULONG64 ptrDWord( ULONG64 offset, IDebugDataSpaces4* dbgDataSpace ) -//{ -// unsigned long val = 0; -// -// readMemory( dbgDataSpace, offset, &val, sizeof(val), false ); -// -// return val; -//} -// -//ULONG64 DebugClient::ptrDWord( ULONG64 offset ) -//{ -// return pykd::ptrDWord( offset, m_dataSpaces ); -//} -// -//ULONG64 ptrDWord( ULONG64 offset ) -//{ -// return g_dbgClient->ptrDWord( offset ); -//} -// -/////////////////////////////////////////////////////////////////////////////////////// -// -//ULONG64 ptrQWord( ULONG64 offset, IDebugDataSpaces4* dbgDataSpace ) -//{ -// unsigned __int64 val = 0; -// -// readMemory( dbgDataSpace, offset, &val, sizeof(val), false ); -// -// return val; -//} -// -//ULONG64 DebugClient::ptrQWord( ULONG64 offset ) -//{ -// return pykd::ptrQWord( offset, m_dataSpaces ); -//} -// -//ULONG64 ptrQWord( ULONG64 offset ) -//{ -// return g_dbgClient->ptrQWord( offset ); -//} -// -/////////////////////////////////////////////////////////////////////////////////////// -// -//ULONG64 ptrMWord( ULONG64 offset, IDebugDataSpaces4* dbgDataSpace ) -//{ -// return ptrSize() == 8 ? ptrQWord( offset, dbgDataSpace ) : ptrDWord(offset, dbgDataSpace); -//} -// -//ULONG64 DebugClient::ptrMWord( ULONG64 offset ) -//{ -// return ptrSize() == 8 ? ptrQWord( offset ) : ptrDWord(offset); -//} -// -//ULONG64 ptrMWord( ULONG64 offset ) -//{ -// return g_dbgClient->ptrMWord( offset ); -//} -// -/////////////////////////////////////////////////////////////////////////////////////// -// -//ULONG64 ptrPtr( ULONG64 offset, IDebugDataSpaces4* dbgDataSpace ) -//{ -// return ptrMWord( offset, dbgDataSpace ); -//} -// -//ULONG64 DebugClient::ptrPtr( ULONG64 offset ) -//{ -// return addr64( pykd::ptrPtr( offset, m_dataSpaces ) ); -//} -// -//ULONG64 ptrPtr( ULONG64 offset ) -//{ -// return g_dbgClient->ptrPtr( offset ); -//} -// -/////////////////////////////////////////////////////////////////////////////////////// -// -//LONG64 DebugClient::ptrSignByte( ULONG64 offset ) -//{ -// char val = 0; -// -// readMemory( m_dataSpaces, offset, &val, sizeof(val), false ); -// -// return val; -//} -// -//LONG64 ptrSignByte( ULONG64 offset ) -//{ -// return g_dbgClient->ptrSignByte( offset ); -//} -// -/////////////////////////////////////////////////////////////////////////////////////// -// -//LONG64 DebugClient::ptrSignWord( ULONG64 offset ) -//{ -// short val = 0; -// -// readMemory( m_dataSpaces, offset, &val, sizeof(val), false ); -// -// return val; -//} -// -//LONG64 ptrSignWord( ULONG64 offset ) -//{ -// return g_dbgClient->ptrSignWord( offset ); -//} -// -/////////////////////////////////////////////////////////////////////////////////////// -// -//LONG64 DebugClient::ptrSignDWord( ULONG64 offset ) -//{ -// long val = 0; -// -// readMemory( m_dataSpaces, offset, &val, sizeof(val), false ); -// -// return val; -//} -// -//LONG64 ptrSignDWord( ULONG64 offset ) -//{ -// return g_dbgClient->ptrSignDWord( offset ); -//} -// -/////////////////////////////////////////////////////////////////////////////////////// -// -//LONG64 DebugClient::ptrSignQWord( ULONG64 offset ) -//{ -// __int64 val = 0; -// -// readMemory( m_dataSpaces, offset, &val, sizeof(val), false ); -// -// return val; -//} -// -//LONG64 ptrSignQWord( ULONG64 offset ) -//{ -// return g_dbgClient->ptrSignQWord( offset ); -//} -// -/////////////////////////////////////////////////////////////////////////////////////// -// -//LONG64 DebugClient::ptrSignMWord( ULONG64 offset ) -//{ -// return ptrSize() == 8 ? ptrSignQWord( offset ) : ptrSignDWord(offset); -//} -// -//LONG64 ptrSignMWord( ULONG64 offset ) -//{ -// return g_dbgClient->ptrSignMWord( offset ); -//} -// -/////////////////////////////////////////////////////////////////////////////////////// -// -//bool DebugClient::compareMemory( ULONG64 addr1, ULONG64 addr2, ULONG length, bool phyAddr ) -//{ -// return compareMemoryRange( m_dataSpaces, addr1, addr2, length, phyAddr ); -//} -// -//bool compareMemory( ULONG64 addr1, ULONG64 addr2, ULONG length, bool phyAddr ) -//{ -// return g_dbgClient->compareMemory( addr1, addr2, length, phyAddr ); -//} -// -/////////////////////////////////////////////////////////////////////////////////////// -// -//std::wstring DebugClient::loadUnicodeStr( ULONG64 address ) -//{ -// USHORT length; -// USHORT maximumLength; -// ULONG64 buffer = 0; -// -// readMemory( m_dataSpaces, address, &length, sizeof( length ) ); -// -// if ( length == 0 ) -// return L""; -// -// address += sizeof( length ); -// -// readMemory( m_dataSpaces, address, &maximumLength, sizeof( maximumLength ) ); -// -// address += sizeof( maximumLength ); -// -// if ( is64bitSystem() ) -// { -// address += address % 8 ? ( 8 - address % 8 ) : 0 ; // выравнивание на 8 байт -// -// buffer = ptrPtr( address ); -// -// address += 8; -// } -// else -// { -// address += address % 4 ? ( 4 - address % 4 ) : 0 ; // выравнивание на 8 байт -// -// buffer = addr64( ptrPtr( address ) ); -// -// address += 4; -// } -// -// std::vector str(length / 2); -// -// readMemory( m_dataSpaces, buffer, &str[0], length ); -// -// return std::wstring (&str[0], length/2); -//} -// -//std::wstring loadUnicodeStr( ULONG64 address ) -//{ -// return g_dbgClient->loadUnicodeStr( address ); -//} -// -/////////////////////////////////////////////////////////////////////////////////////// -// -//std::string DebugClient::loadAnsiStr( ULONG64 address ) -//{ -// USHORT length; -// USHORT maximumLength; -// ULONG64 buffer = 0; -// -// readMemory( m_dataSpaces, address, &length, sizeof( length ) ); -// -// if ( length == 0 ) -// return ""; -// -// address += sizeof( length ); -// -// readMemory( m_dataSpaces, address, &maximumLength, sizeof( maximumLength ) ); -// -// address += sizeof( maximumLength ); -// -// if ( is64bitSystem() ) -// { -// address += address % 8 ? ( 8 - address % 8 ) : 0 ; // выравнивание на 8 байт -// -// buffer = ptrPtr( address ); -// -// address += 8; -// } -// else -// { -// address += address % 4 ? ( 4 - address % 4 ) : 0 ; // выравнивание на 8 байт -// -// buffer = addr64( ptrPtr( address ) ); -// -// address += 4; -// } -// -// std::vector str(length); -// -// readMemory( m_dataSpaces, buffer, &str[0], length ); -// -// return std::string (&str[0], length); -//} -// -// -//std::string loadAnsiStr( ULONG64 address ) -//{ -// return g_dbgClient->loadAnsiStr( address ); -//} -// -/////////////////////////////////////////////////////////////////////////////////////// -// -//python::list DebugClient::loadPtrList( ULONG64 address ) -//{ -// address = addr64( address ); -// -// ULONG64 entryAddress = 0; -// -// python::list lst; -// -// for( entryAddress = ptrPtr( address ); entryAddress != address && entryAddress != 0; entryAddress = ptrPtr( entryAddress ) ) -// lst.append( entryAddress ); -// -// return lst; -//} -// -//python::list loadPtrList( ULONG64 address ) -//{ -// return g_dbgClient->loadPtrList( address ); -//} -// -/////////////////////////////////////////////////////////////////////////////////////// -// -//python::list DebugClient::loadPtrArray( ULONG64 address, ULONG number ) -//{ -// address = addr64( address ); -// -// python::list lst; -// -// for ( ULONG i = 0; i < number; ++i ) -// lst.append( ptrPtr( address + i*ptrSize() ) ); -// -// return lst; -//} -// -//python::list loadPtrArray( ULONG64 address, ULONG number ) -//{ -// return g_dbgClient->loadPtrArray( address, number ); -//} -// -/////////////////////////////////////////////////////////////////////////////////////// -// -//}; // end of pykd - diff --git a/pykd/dbgmem.h b/pykd/dbgmem.h index b5c37e0..fd4ebfd 100644 --- a/pykd/dbgmem.h +++ b/pykd/dbgmem.h @@ -11,6 +11,10 @@ bool readMemoryUnsafe( ULONG64 offset, PVOID buffer, ULONG length, bool phyAddr bool readMemoryUnsafeNoSafe( ULONG64 offset, PVOID buffer, ULONG length, bool phyAddr = FALSE, ULONG *readed = NULL ); bool isVaValid( ULONG64 addr ); bool compareMemory( ULONG64 addr1, ULONG64 addr2, ULONG length, bool phyAddr = FALSE ); +ULONG getVaProtect( ULONG64 offset ); + +void findMemoryRegion( ULONG64 beginOffset, ULONG64 *startOffset, ULONG64* length ); +python::tuple findMemoryRegionPy( ULONG64 beginOffset ); ULONG64 ptrByte( ULONG64 offset ); ULONG64 ptrWord( ULONG64 offset ); @@ -49,140 +53,3 @@ std::wstring loadUnicodeStr( ULONG64 offset ); }; // end pykd namespace - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -//namespace pykd { -// -///////////////////////////////////////////////////////////////////////////////////// -// -//ULONG64 -//addr64( ULONG64 addr ); -// -//bool -//isVaValid( ULONG64 addr ); -// -///////////////////////////////////////////////////////////////////////////////////// -// -//HRESULT readVirtual( -// IDebugDataSpaces4 *dbgDataSpace, -// ULONG64 address, -// PVOID buffer, -// ULONG length, -// PULONG readed -//); -// -///////////////////////////////////////////////////////////////////////////////////// -// -//void -//readMemory( IDebugDataSpaces4* dbgDataSpace, ULONG64 address, PVOID buffer, ULONG length, bool phyAddr = FALSE ); -// -//void -//readMemoryPtr( IDebugDataSpaces4* dbgDataSpace, ULONG64 address, PULONG64 ptrValue ); -// -//void -//writeMemory( IDebugDataSpaces4* dbgDataSpace, ULONG64 address, PVOID buffer, ULONG length, bool phyAddr = FALSE ); -// -//bool -//compareMemoryRange( IDebugDataSpaces4* dbgDataSpace, ULONG64 addr1, ULONG64 addr2, ULONG length, bool phyAddr = FALSE ); -// -///////////////////////////////////////////////////////////////////////////////////// -// -//std::string loadChars( ULONG64 address, ULONG number, bool phyAddr = FALSE ); -// -//std::wstring loadWChars( ULONG64 address, ULONG number, bool phyAddr = FALSE ); -// -//std::string loadCStr( ULONG64 offset ); -// -//std::wstring loadWStr( ULONG64 offset ); -// -//python::list loadBytes( ULONG64 offset, ULONG count, bool phyAddr = FALSE ); -// -//python::list loadWords( ULONG64 offset, ULONG count, bool phyAddr = FALSE ); -// -//python::list loadDWords( ULONG64 offset, ULONG count, bool phyAddr = FALSE ); -// -//python::list loadQWords( ULONG64 offset, ULONG count, bool phyAddr = FALSE ); -// -//python::list loadSignBytes( ULONG64 offset, ULONG count, bool phyAddr = FALSE ); -// -//python::list loadSignWords( ULONG64 offset, ULONG count, bool phyAddr = FALSE ); -// -//python::list loadSignDWords( ULONG64 offset, ULONG count, bool phyAddr = FALSE ); -// -//python::list loadSignQWords( ULONG64 offset, ULONG count, bool phyAddr = FALSE ); -// -//ULONG64 ptrByte( ULONG64 offset ); -// -//ULONG64 ptrWord( ULONG64 offset ); -// -//ULONG64 ptrDWord( ULONG64 offset ); -// -//ULONG64 ptrDWord( ULONG64 offset, IDebugDataSpaces4* dbgDataSpace ); -// -//ULONG64 ptrQWord( ULONG64 offset ); -// -//ULONG64 ptrQWord( ULONG64 offset, IDebugDataSpaces4* dbgDataSpace ); -// -//ULONG64 ptrMWord( ULONG64 offset ); -// -//ULONG64 ptrMWord( ULONG64 offset, IDebugDataSpaces4* dbgDataSpace ); -// -//LONG64 ptrSignByte( ULONG64 offset ); -// -//LONG64 ptrSignWord( ULONG64 offset ); -// -//LONG64 ptrSignDWord( ULONG64 offset ); -// -//LONG64 ptrSignQWord( ULONG64 offset ); -// -//LONG64 ptrSignMWord( ULONG64 offset ); -// -//ULONG64 ptrPtr( ULONG64 offset ); -// -//ULONG64 ptrPtr( ULONG64 offset, IDebugDataSpaces4* dbgDataSpace ); -// -//bool -//compareMemory( ULONG64 addr1, ULONG64 addr2, ULONG length, bool phyAddr = FALSE ); -// -//std::wstring loadUnicodeStr( ULONG64 address ); -// -//std::string loadAnsiStr( ULONG64 address ); -// -//python::list loadPtrList( ULONG64 address ); -// -//python::list loadPtrArray( ULONG64 address, ULONG number ); -// -///////////////////////////////////////////////////////////////////////////////////// -// -//}; - diff --git a/pykd/pykdver.h b/pykd/pykdver.h index 53d5ef2..55eb816 100644 --- a/pykd/pykdver.h +++ b/pykd/pykdver.h @@ -2,7 +2,7 @@ #define PYKD_VERSION_MAJOR 0 #define PYKD_VERSION_MINOR 2 #define PYKD_VERSION_SUBVERSION 0 -#define PYKD_VERSION_BUILDNO 7 +#define PYKD_VERSION_BUILDNO 8 #define __VER_STR2__(x) #x diff --git a/pykd/pymod.cpp b/pykd/pymod.cpp index bb75f70..23260fb 100644 --- a/pykd/pymod.cpp +++ b/pykd/pymod.cpp @@ -147,6 +147,11 @@ BOOST_PYTHON_MODULE( pykd ) python::def( "compareMemory", &compareMemory, compareMemory_( python::args( "offset1", "offset2", "length", "phyAddr" ), "Compare two memory buffers by virtual or physical addresses" ) ); + python::def( "findMemoryRegion", &findMemoryRegionPy, + "Return address of begining valid memory region nearest to offset" ); + python::def( "getVaProtect", &getVaProtect, + "Return memory attributes" ); + python::def( "ptrByte", &ptrByte, "Read an unsigned 1-byte integer from the target memory" ); python::def( "ptrWord", &ptrWord, diff --git a/pykd/win/memory.cpp b/pykd/win/memory.cpp index aa9e4ab..0e8a17d 100644 --- a/pykd/win/memory.cpp +++ b/pykd/win/memory.cpp @@ -203,4 +203,50 @@ std::wstring loadWStr( ULONG64 offset ) /////////////////////////////////////////////////////////////////////////////////// +void findMemoryRegion( ULONG64 beginOffset, ULONG64 *startOffset, ULONG64* length ) +{ + PyThread_StateRestore pyThreadRestore( g_dbgEng->pystate ); + + beginOffset = addr64NoSafe(beginOffset); + + HRESULT hres = g_dbgEng->dataspace->GetNextDifferentlyValidOffsetVirtual( beginOffset, startOffset ); + + if ( FAILED(hres) ) + throw DbgException( "IDebugDataSpaces4::GetNextDifferentlyValidOffsetVirtual failed" ); + + *startOffset = addr64NoSafe(*startOffset); + + MEMORY_BASIC_INFORMATION64 meminfo = {}; + + hres = g_dbgEng->dataspace->QueryVirtual( *startOffset, &meminfo ); + + if ( FAILED(hres) ) + throw MemoryException( *startOffset ); + + *length = meminfo.RegionSize; +} + +/////////////////////////////////////////////////////////////////////////////////// + +ULONG getVaProtect( ULONG64 offset ) +{ + PyThread_StateRestore pyThreadRestore( g_dbgEng->pystate ); + + offset = addr64NoSafe(offset); + + MEMORY_BASIC_INFORMATION64 meminfo = {}; + + HRESULT hres = + g_dbgEng->dataspace->QueryVirtual( offset,&meminfo ); + + if ( FAILED(hres) ) + throw MemoryException( offset ); + + return meminfo.Protect; +} + +/////////////////////////////////////////////////////////////////////////////////// + + + }; //namespace pykd \ No newline at end of file