zjgcjy/pykd
1
0
Fork 0
mirror of https://github.com/ivellioscolin/pykd.git synced 2025-04-22 05:13:22 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

[0.1.x] ~refactoring (use one module object)

Browse Source 
git-svn-id: https://pykd.svn.codeplex.com/svn@76559 9b283d60-5439-405e-af05-b73fd8c4d996
This commit is contained in:
SND\EreTIk_cp 2012-05-23 09:28:50 +00:00 committed by Mikhail I. Izmestev
parent c36cf59e41
commit 7e5d195ec9
1 changed files with 14 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
snippets/ntobj.py
View File

@ -26,14 +26,14 @@ Work with NT Object tree manager
from pykd import * from pykd import *
nt = loadModule("nt")
def getTypeWin7(p): def getTypeWin7(p):
""" """
Get object header by object pointer Get object header by object pointer
Implementation for Win7+ Implementation for Win7+
""" """
objHeader = containingRecord(p, "nt", "_OBJECT_HEADER", "Body") objHeader = nt.containingRecord(p, "_OBJECT_HEADER", "Body")
tableTypeIndex = getOffset("nt", "ObTypeIndexTable") tableTypeIndex = getOffset("nt", "ObTypeIndexTable")
return ptrPtr(tableTypeIndex + (ptrSize() * objHeader.TypeIndex)) return ptrPtr(tableTypeIndex + (ptrSize() * objHeader.TypeIndex))
@ -42,7 +42,7 @@ def getTypeLegacy(p):
Get object header by object pointer Get object header by object pointer
Implementation for before Win7 Implementation for before Win7
""" """
objHeader = containingRecord(p, "nt", "_OBJECT_HEADER", "Body") objHeader = nt.containingRecord(p, "_OBJECT_HEADER", "Body")
return objHeader.Type return objHeader.Type
# Select platform-specific function for getting object header # Select platform-specific function for getting object header
@ -59,28 +59,28 @@ def getObjectNameInfoFromHeader(p):
""" """
Get object name information from field NameInfoOffset of object header Get object name information from field NameInfoOffset of object header
""" """
objHeader = containingRecord(p, "nt", "_OBJECT_HEADER", "Body") objHeader = nt.containingRecord(p, "_OBJECT_HEADER", "Body")
if (0 == objHeader.NameInfoOffset): if (0 == objHeader.NameInfoOffset):
return None return None
return typedVar("nt!_OBJECT_HEADER_NAME_INFO", objHeader.getAddress() - objHeader.NameInfoOffset) return nt.typedVar("_OBJECT_HEADER_NAME_INFO", objHeader.getAddress() - objHeader.NameInfoOffset)
def getObjectNameInfoFromInfoMask(p): def getObjectNameInfoFromInfoMask(p):
""" """
Get object name information from field NameInfoOffset of object header Get object name information from field NameInfoOffset of object header
""" """
objHeader = containingRecord(p, "nt", "_OBJECT_HEADER", "Body") objHeader = nt.containingRecord(p, "_OBJECT_HEADER", "Body")
if (0 == (objHeader.InfoMask & 2)): if (0 == (objHeader.InfoMask & 2)):
return None return None
offsetNameInfo = ptrByte( getOffset("nt", "ObpInfoMaskToOffset") + (objHeader.InfoMask & 3) ) offsetNameInfo = ptrByte( getOffset("nt", "ObpInfoMaskToOffset") + (objHeader.InfoMask & 3) )
if (0 == offsetNameInfo): if (0 == offsetNameInfo):
return None return None
return typedVar("nt!_OBJECT_HEADER_NAME_INFO", objHeader.getAddress() - offsetNameInfo) return nt.typedVar("_OBJECT_HEADER_NAME_INFO", objHeader.getAddress() - offsetNameInfo)
# Select platform-specific function for getting name of object # Select platform-specific function for getting name of object
getObjectNameInfo = None getObjectNameInfo = None
try: try:
typeInfo("nt!_OBJECT_HEADER").NameInfoOffset nt.type("_OBJECT_HEADER").NameInfoOffset
getObjectNameInfo = getObjectNameInfoFromHeader getObjectNameInfo = getObjectNameInfoFromHeader
except TypeException: except TypeException:
getObjectNameInfo = getObjectNameInfoFromInfoMask getObjectNameInfo = getObjectNameInfoFromInfoMask
@ -150,7 +150,7 @@ def getListByHandleTable(tableHandles=None, objTypeAddr=0, containHeaders=True):
if (0 == entryHandle): if (0 == entryHandle):
return 0 return 0
HandleEntry = typedVar("nt!_HANDLE_TABLE_ENTRY", entryHandle) HandleEntry = nt.typedVar("_HANDLE_TABLE_ENTRY", entryHandle)
if (0xFFFFFFFE == HandleEntry.NextFreeTableEntry): if (0xFFFFFFFE == HandleEntry.NextFreeTableEntry):
return 0 return 0
@ -159,7 +159,7 @@ def getListByHandleTable(tableHandles=None, objTypeAddr=0, containHeaders=True):
return 0 return 0
if (containHeader): if (containHeader):
objHeader = typedVar("nt!_OBJECT_HEADER", p) objHeader = nt.typedVar("_OBJECT_HEADER", p)
p = objHeader.Body.getAddress() p = objHeader.Body.getAddress()
return p return p
@ -210,13 +210,13 @@ def getListByHandleTable(tableHandles=None, objTypeAddr=0, containHeaders=True):
return lstObjects return lstObjects
if (None == tableHandles): if (None == tableHandles):
currProcess = typedVar("nt!_EPROCESS", getCurrentProcess()) currProcess = nt.typedVar("_EPROCESS", getCurrentProcess())
if (None == currProcess): if (None == currProcess):
dprintln("Get current process failed") dprintln("Get current process failed")
return return
tableHandles = currProcess.ObjectTable tableHandles = currProcess.ObjectTable
tableHandles = typedVar("nt!_HANDLE_TABLE", tableHandles) tableHandles = nt.typedVar("_HANDLE_TABLE", tableHandles)
nMaxHandleIndex = tableHandles.NextHandleNeedingPool & 0xFFFFFFFF nMaxHandleIndex = tableHandles.NextHandleNeedingPool & 0xFFFFFFFF
nTableLevel = (tableHandles.TableCode & 3) nTableLevel = (tableHandles.TableCode & 3)
pTableContent = tableHandles.TableCode - nTableLevel pTableContent = tableHandles.TableCode - nTableLevel
@ -249,7 +249,7 @@ def getListByDirectoryObject(p, objTypeAddr=0):
for i in range(0, NUMBER_HASH_BUCKETS): for i in range(0, NUMBER_HASH_BUCKETS):
bucket = ptrPtr( p + (i * ptrSize()) ) bucket = ptrPtr( p + (i * ptrSize()) )
while bucket: while bucket:
bucketVar = typedVar("nt!_OBJECT_DIRECTORY_ENTRY", bucket) bucketVar = nt.typedVar("_OBJECT_DIRECTORY_ENTRY", bucket)
if objTypeAddr and (getType(bucketVar.Object) == objTypeAddr): if objTypeAddr and (getType(bucketVar.Object) == objTypeAddr):
result.append(bucketVar.Object) result.append(bucketVar.Object)
elif (not objTypeAddr): elif (not objTypeAddr):
@ -410,7 +410,7 @@ def main():
objectName = buildObjectName(object) objectName = buildObjectName(object)
if len(objectName): if len(objectName):
dprintln( ", name=`" + objectName + "'" ) dprintln( ", name=`" + objectName + "'" )
elif typedVar("nt!_OBJECT_TYPE", getType(object)).TypeInfo.QueryNameProcedure: elif nt.typedVar("_OBJECT_TYPE", getType(object)).TypeInfo.QueryNameProcedure:
dprintln(", <i>custom</i> name", True) dprintln(", <i>custom</i> name", True)
else: else:
dprintln(" , <_unnamed_>") dprintln(" , <_unnamed_>")