mirror of
https://github.com/ivellioscolin/pykd.git
synced 2025-04-21 04:13:22 +08:00
[+] added: proclist.py sample
git-svn-id: https://pykd.svn.codeplex.com/svn@53271 9b283d60-5439-405e-af05-b73fd8c4d996
This commit is contained in:
SND\kernelnet_cp
parent
4f95f0e722
commit
7c64eff59e
32
samples/proclist.py
Normal file
32
samples/proclist.py
Normal file
@ -0,0 +1,32 @@
|
||||
|
||||
import sys
|
||||
from pykd import *
|
||||
|
||||
|
||||
def loadSymbols():
|
||||
|
||||
global nt
|
||||
nt = loadModule( "nt" )
|
||||
nt.PsActiveProcessHead = getOffset( "nt", "PsActiveProcessHead" )
|
||||
|
||||
|
||||
def printStacks():
|
||||
|
||||
processList = typedVarList( nt.PsActiveProcessHead, "nt", "_EPROCESS", "ActiveProcessLinks" )
|
||||
|
||||
for process in processList:
|
||||
dprintln( "".join( [ chr(i) for k, i in process.ImageFileName.items() ] ) )
|
||||
|
||||
return
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
|
||||
if not isSessionStart():
|
||||
createSession()
|
||||
loadDump( sys.argv[1] )
|
||||
dprintln( sys.argv[1] + " - loaded OK" )
|
||||
|
||||
loadSymbols()
|
||||
|
||||
printStacks()
|
||||
Loading…
Reference in New Issue
Block a user