zjgcjy/pykd
1
0
Fork 0
mirror of https://github.com/ivellioscolin/pykd.git synced 2025-04-20 03:23:23 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

[0.1.x] added : findSymbol routine

Browse Source 
git-svn-id: https://pykd.svn.codeplex.com/svn@71878 9b283d60-5439-405e-af05-b73fd8c4d996
This commit is contained in:
SND\kernelnet_cp 2011-11-29 16:05:46 +00:00 committed by Mikhail I. Izmestev
parent 43639b5476
commit 95e15d1d53
4 changed files with 42 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
pykd/dbgclient.cpp
View File

@ -232,6 +232,31 @@ void attachKernel( const std::wstring &param ) {
/////////////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////////////
std::string DebugClient::findSymbol( ULONG64 offset )
{
HRESULT hres;
offset = addr64( offset );
char symbolName[0x100];
ULONG64 displace = 0;
hres = m_symbols->GetNameByOffset( offset, symbolName, sizeof(symbolName), NULL, &displace );
if ( FAILED( hres ) )
throw DbgException( "IDebugSymbol::GetNameByOffset failed" );
std::stringstream ss;
displace == 0 ? ss << symbolName : ss << symbolName << '+' << std::hex << displace;
return ss.str();
}
std::string findSymbol( ULONG64 offset )
{
return g_dbgClient->findSymbol( offset );
}
///////////////////////////////////////////////////////////////////////////////////
void DebugClient::setExecutionStatus( ULONG status ) void DebugClient::setExecutionStatus( ULONG status )
{ {
HRESULT hres; HRESULT hres;

4
pykd/dbgclient.h
View File

@ -79,6 +79,8 @@ public:
ULONG64 evaluate( const std::wstring &expression ); ULONG64 evaluate( const std::wstring &expression );
std::string findSymbol( ULONG64 offset );
python::tuple getDebuggeeType(); python::tuple getDebuggeeType();
ULONG getExecutionStatus(); ULONG getExecutionStatus();
@ -211,6 +213,8 @@ void attachProcess( ULONG processId );
void attachKernel( const std::wstring &param ); void attachKernel( const std::wstring &param );
std::string findSymbol( ULONG64 offset );
python::tuple getDebuggeeType(); python::tuple getDebuggeeType();
ULONG getExecutionStatus(); ULONG getExecutionStatus();

16
pykd/dbgext.cpp
View File

@ -149,6 +149,8 @@ BOOST_PYTHON_MODULE( pykd )
"Attach debugger to a target's kernel" ) "Attach debugger to a target's kernel" )
.def( "expr", &DebugClient::evaluate, .def( "expr", &DebugClient::evaluate,
"Evaluate windbg expression" ) "Evaluate windbg expression" )
.def( "findSymbol", &DebugClient::findSymbol,
"Find symbol by the target virtual memory offset" )
.def( "getDebuggeeType", &DebugClient::getDebuggeeType, .def( "getDebuggeeType", &DebugClient::getDebuggeeType,
"Return type of the debuggee" ) "Return type of the debuggee" )
.def( "getExecutionStatus", &DebugClient::getExecutionStatus, .def( "getExecutionStatus", &DebugClient::getExecutionStatus,
@ -236,18 +238,20 @@ BOOST_PYTHON_MODULE( pykd )
"Break into debugger" ); "Break into debugger" );
python::def( "compareMemory", &compareMemory, compareMemory_( python::args( "offset1", "offset2", "length", "phyAddr" ), python::def( "compareMemory", &compareMemory, compareMemory_( python::args( "offset1", "offset2", "length", "phyAddr" ),
"Compare two memory buffers by virtual or physical addresses" ) ); "Compare two memory buffers by virtual or physical addresses" ) );
python::def( "createDbgClient", (DebugClientPtr(*)())&pykd::DebugClient::createDbgClient, python::def( "createDbgClient", (DebugClientPtr(*)())&DebugClient::createDbgClient,
"create a new instance of the dbgClient class" ); "create a new instance of the dbgClient class" );
python::def( "loadDump", &pykd::loadDump, python::def( "loadDump", &loadDump,
"Load crash dump (only for console)"); "Load crash dump (only for console)");
python::def( "startProcess", &pykd::startProcess, python::def( "startProcess", &startProcess,
"Start process for debugging (only for console)"); "Start process for debugging (only for console)");
python::def( "attachProcess", &pykd::attachProcess, python::def( "attachProcess", &attachProcess,
"Attach debugger to a exsisting process" ); "Attach debugger to a exsisting process" );
python::def( "attachKernel", &pykd::attachKernel, python::def( "attachKernel", &attachKernel,
"Attach debugger to a kernel target" ); "Attach debugger to a kernel target" );
python::def( "expr", &pykd::evaluate, python::def( "expr", &evaluate,
"Evaluate windbg expression" ); "Evaluate windbg expression" );
python::def( "findSymbol", &findSymbol,
"Find symbol by the target virtual memory offset" );
python::def( "getDebuggeeType", &getDebuggeeType, python::def( "getDebuggeeType", &getDebuggeeType,
"Return type of the debuggee" ); "Return type of the debuggee" );
python::def( "debuggerPath", &getDebuggerImage, python::def( "debuggerPath", &getDebuggerImage,

6
snippets/iat.py
View File

@ -19,15 +19,15 @@ def iat( moduleName, mask = "*" ):
if is64bitSystem(): if is64bitSystem():
ntHeader = typedVar( systemModule.name(), "_IMAGE_NT_HEADERS64", module.begin() + ptrDWord( module.begin() + 0x3c ) ) ntHeader = systemModule.typedVar( "_IMAGE_NT_HEADERS64", module.begin() + ptrDWord( module.begin() + 0x3c ) )
if ntHeader.OptionalHeader.Magic == 0x10b: if ntHeader.OptionalHeader.Magic == 0x10b:
systemModule = loadModule( "ntdll32" ) systemModule = loadModule( "ntdll32" )
ntHeader = typedVar( systemModule.name(), "_IMAGE_NT_HEADERS", module.begin() + ptrDWord( module.begin() + 0x3c ) ) ntHeader = systemModule.typedVar( "_IMAGE_NT_HEADERS", module.begin() + ptrDWord( module.begin() + 0x3c ) )
pSize = 4 pSize = 4
else: else:
pSize = 8 pSize = 8
else: else:
ntHeader = typedVar( systemModule.name(), "_IMAGE_NT_HEADERS", module.begin() + ptrDWord( module.begin() + 0x3c ) ) ntHeader = systemModule.typedVar( "_IMAGE_NT_HEADERS", module.begin() + ptrDWord( module.begin() + 0x3c ) )
pSize = 4 pSize = 4