zjgcjy/pykd
1
0
Fork 0
mirror of https://github.com/ivellioscolin/pykd.git synced 2025-04-19 19:13:22 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

[0.2.x] updated: stkwalk.py

Browse Source 
git-svn-id: https://pykd.svn.codeplex.com/svn@82049 9b283d60-5439-405e-af05-b73fd8c4d996
This commit is contained in:
SND\kernelnet_cp 2012-12-27 06:58:47 +00:00 committed by Mikhail I. Izmestev
parent 36c9f6d031
commit 7d91a79afa
1 changed files with 31 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
snippets/stkwalk.py
View File

@ -12,13 +12,19 @@ class PrintOptions:
self.ignoreNotActiveThread = True self.ignoreNotActiveThread = True
self.ignoreNotActiveProcess = True self.ignoreNotActiveProcess = True
self.showWow64stack = True self.showWow64stack = True
self.showIP = True
self.showSP = True
def applayThreadFilter(thread,moduleFilter,funcFilter,printopt): def applayThreadFilter(thread,threadFilter,moduleFilter,funcFilter,printopt):
if not moduleFilter and not funcFilter: if not moduleFilter and not funcFilter and not threadFilter:
return True return True
if threadFilter and threadFilter( thread.Tcb, thread.Cid.UniqueThread ):
return True
try: try:
setImplicitThread(thread) setImplicitThread(thread)
stk = getStack() stk = getStack()
@ -32,11 +38,18 @@ def applayThreadFilter(thread,moduleFilter,funcFilter,printopt):
return True return True
except BaseException: except BaseException:
print "applayThreadFilter except"
pass pass
return False return False
def printFrame(frame, printopt):
if printopt.showIP:
dprint( "%016x\t" % frame.instructionOffset )
if printopt.showSP:
dprint( "%016x\t" % frame.stackOffset )
dprintln( findSymbol( frame.instructionOffset ) )
def printThread(process,thread,printopt): def printThread(process,thread,printopt):
@ -47,7 +60,7 @@ def printThread(process,thread,printopt):
dprintln( "Thread %x, Process: %s (%x)" % ( thread, loadCStr( process.ImageFileName ), process ) ) dprintln( "Thread %x, Process: %s (%x)" % ( thread, loadCStr( process.ImageFileName ), process ) )
for frame in stk: for frame in stk:
dprintln( findSymbol( frame.instructionOffset ) ) printFrame(frame, printopt)
if is64bitSystem(): if is64bitSystem():
processorMode = getProcessorMode() processorMode = getProcessorMode()
@ -57,7 +70,7 @@ def printThread(process,thread,printopt):
stk = getStackWow64() stk = getStackWow64()
dprintln("\nWOW64 stack") dprintln("\nWOW64 stack")
for frame in stk: for frame in stk:
dprintln( findSymbol( frame.instructionOffset ) ) printFrame(frame, printopt)
except BaseException: except BaseException:
pass pass
setProcessorMode(processorMode) setProcessorMode(processorMode)
@ -73,7 +86,7 @@ def printThread(process,thread,printopt):
def printProcess(process,processFilter,moduleFilter,funcFilter,printopt): def printProcess(process,processFilter,threadFilter,moduleFilter,funcFilter,printopt):
processName = loadCStr( process.ImageFileName ) processName = loadCStr( process.ImageFileName )
@ -83,13 +96,15 @@ def printProcess(process,processFilter,moduleFilter,funcFilter,printopt):
try: try:
#setCurrentProcess(process) #setCurrentProcess(process)
dbgCommand(".process /p %x" % process ) dbgCommand(".process /p %x" % process )
dbgCommand( ".reload /user" ) dbgCommand( ".reload /user" )
reloadWow64 = False
threadLst = nt.typedVarList(process.ThreadListHead, "_ETHREAD", "ThreadListEntry") threadLst = nt.typedVarList(process.ThreadListHead, "_ETHREAD", "ThreadListEntry")
filteredThreadLst = [] filteredThreadLst = []
for thread in threadLst: for thread in threadLst:
if applayThreadFilter( thread, moduleFilter, funcFilter, printopt ): if applayThreadFilter( thread, threadFilter, moduleFilter, funcFilter, printopt ):
filteredThreadLst.append( thread ) filteredThreadLst.append( thread )
if filteredThreadLst == []: if filteredThreadLst == []:
@ -127,6 +142,8 @@ def main():
help="module filter: boolean expression with python syntax" ) help="module filter: boolean expression with python syntax" )
parser.add_option("-f", "--function", dest="funcfilter", parser.add_option("-f", "--function", dest="funcfilter",
help="function filter: boolean expression with python syntax" ) help="function filter: boolean expression with python syntax" )
parser.add_option("-t", "--thread", dest="threadfilter",
help="thread filter: boolean expresion with python syntax" )
(options, args) = parser.parse_args() (options, args) = parser.parse_args()
@ -134,6 +151,7 @@ def main():
processFilter = None processFilter = None
moduleFilter = None moduleFilter = None
funcFilter = None funcFilter = None
threadFilter = None
if options.processfilter: if options.processfilter:
processFilter = lambda process, pid, name: eval( options.processfilter ) processFilter = lambda process, pid, name: eval( options.processfilter )
@ -144,6 +162,9 @@ def main():
if options.funcfilter: if options.funcfilter:
funcFilter = lambda name: eval( options.funcfilter) funcFilter = lambda name: eval( options.funcfilter)
if options.threadfilter:
threadFilter = lambda thread, tid: eval( options.threadfilter)
printopt = PrintOptions() printopt = PrintOptions()
currentProcess = getCurrentProcess() currentProcess = getCurrentProcess()
@ -151,7 +172,7 @@ def main():
processLst = nt.typedVarList( nt.PsActiveProcessHead, "_EPROCESS", "ActiveProcessLinks") processLst = nt.typedVarList( nt.PsActiveProcessHead, "_EPROCESS", "ActiveProcessLinks")
for process in processLst: for process in processLst:
printProcess( process, processFilter, moduleFilter, funcFilter, printopt ) printProcess( process, processFilter, threadFilter, moduleFilter, funcFilter, printopt )
setCurrentProcess(currentProcess) setCurrentProcess(currentProcess)
setImplicitThread(currentThread) setImplicitThread(currentThread)