[0.1.x] added : findSymbol routine

git-svn-id: https://pykd.svn.codeplex.com/svn@71878 9b283d60-5439-405e-af05-b73fd8c4d996
2025-04-21 12:53:23 +08:00 · 2011-11-29 16:05:46 +00:00 · 2011-11-29 16:05:46 +00:00 · 95e15d1d53
commit 95e15d1d53
parent 43639b5476
4 changed files with 42 additions and 9 deletions
--- a/pykd/dbgclient.cpp
+++ b/pykd/dbgclient.cpp
@ -232,6 +232,31 @@ void attachKernel( const std::wstring  &param ) {

 ///////////////////////////////////////////////////////////////////////////////////

+std::string DebugClient::findSymbol( ULONG64 offset ) 
+{
+    HRESULT     hres;
+
+    offset = addr64( offset );
+
+    char        symbolName[0x100];
+    ULONG64     displace = 0;
+    hres = m_symbols->GetNameByOffset( offset, symbolName, sizeof(symbolName), NULL, &displace );
+    if ( FAILED( hres ) )
+        throw DbgException( "IDebugSymbol::GetNameByOffset  failed" );
+
+    std::stringstream      ss;
+    displace == 0 ?  ss << symbolName : ss << symbolName << '+' << std::hex << displace;
+
+    return ss.str();
+}
+
+std::string findSymbol( ULONG64 offset ) 
+{
+    return g_dbgClient->findSymbol( offset );
+}
+
+///////////////////////////////////////////////////////////////////////////////////
+
 void DebugClient::setExecutionStatus( ULONG status )
 {
    HRESULT     hres;
--- a/pykd/dbgclient.h
+++ b/pykd/dbgclient.h
@ -79,6 +79,8 @@ public:

    ULONG64 evaluate( const std::wstring  &expression );

+    std::string findSymbol( ULONG64 offset );
+
    python::tuple getDebuggeeType();

    ULONG getExecutionStatus();
@ -211,6 +213,8 @@ void attachProcess( ULONG  processId );

 void attachKernel( const std::wstring  &param );

+std::string findSymbol( ULONG64 offset );
+
 python::tuple getDebuggeeType();

 ULONG getExecutionStatus();
--- a/pykd/dbgext.cpp
+++ b/pykd/dbgext.cpp
@ -149,6 +149,8 @@ BOOST_PYTHON_MODULE( pykd )
            "Attach debugger to a target's kernel" )
        .def( "expr", &DebugClient::evaluate,
            "Evaluate windbg expression" )
+        .def( "findSymbol", &DebugClient::findSymbol,
+            "Find symbol by the target virtual memory offset" )
        .def( "getDebuggeeType", &DebugClient::getDebuggeeType,
            "Return type of the debuggee" )
        .def( "getExecutionStatus", &DebugClient::getExecutionStatus,
@ -236,18 +238,20 @@ BOOST_PYTHON_MODULE( pykd )
        "Break into debugger" );
    python::def( "compareMemory", &compareMemory, compareMemory_( python::args( "offset1", "offset2", "length", "phyAddr" ),
        "Compare two memory buffers by virtual or physical addresses" ) );
-    python::def( "createDbgClient", (DebugClientPtr(*)())&pykd::DebugClient::createDbgClient, 
+    python::def( "createDbgClient", (DebugClientPtr(*)())&DebugClient::createDbgClient, 
        "create a new instance of the dbgClient class" );
-    python::def( "loadDump", &pykd::loadDump,
+    python::def( "loadDump", &loadDump,
        "Load crash dump (only for console)");
-    python::def( "startProcess", &pykd::startProcess,
+    python::def( "startProcess", &startProcess,
        "Start process for debugging (only for console)"); 
-    python::def( "attachProcess", &pykd::attachProcess,
+    python::def( "attachProcess", &attachProcess,
        "Attach debugger to a exsisting process" );
-    python::def( "attachKernel", &pykd::attachKernel,
+    python::def( "attachKernel", &attachKernel,
        "Attach debugger to a kernel target" );
-    python::def( "expr", &pykd::evaluate,
+    python::def( "expr", &evaluate,
        "Evaluate windbg expression" );
+    python::def( "findSymbol", &findSymbol,
+        "Find symbol by the target virtual memory offset" );
    python::def( "getDebuggeeType", &getDebuggeeType,
        "Return type of the debuggee" );
    python::def( "debuggerPath", &getDebuggerImage,
--- a/snippets/iat.py
+++ b/snippets/iat.py
@ -19,15 +19,15 @@ def iat( moduleName, mask = "*" ):
    

    if is64bitSystem():
-        ntHeader = typedVar( systemModule.name(), "_IMAGE_NT_HEADERS64", module.begin() + ptrDWord( module.begin() + 0x3c ) )
+        ntHeader = systemModule.typedVar( "_IMAGE_NT_HEADERS64", module.begin() + ptrDWord( module.begin() + 0x3c ) )
        if ntHeader.OptionalHeader.Magic == 0x10b:
            systemModule = loadModule( "ntdll32" ) 
-            ntHeader = typedVar( systemModule.name(), "_IMAGE_NT_HEADERS", module.begin() + ptrDWord( module.begin() + 0x3c ) )
+            ntHeader = systemModule.typedVar( "_IMAGE_NT_HEADERS", module.begin() + ptrDWord( module.begin() + 0x3c ) )
            pSize = 4
        else:
            pSize = 8     
    else:
-        ntHeader = typedVar( systemModule.name(), "_IMAGE_NT_HEADERS", module.begin() + ptrDWord( module.begin() + 0x3c ) )
+        ntHeader = systemModule.typedVar(  "_IMAGE_NT_HEADERS", module.begin() + ptrDWord( module.begin() + 0x3c ) )
        pSize = 4