[+] added: windbg snippet displaying GDT

git-svn-id: https://pykd.svn.codeplex.com/svn@56828 9b283d60-5439-405e-af05-b73fd8c4d996

snippets/gdt.py

@@ -0,0 +1,67 @@
+#
+#
+#
+
+import sys
+from pykd import *
+
+
+def printGdtEntry( addr ):
+
+    dprintln( "GDT Entry: %x" % addr )
+
+    attr = ptrByte( addr + 5 ) + ( ( ptrByte( addr + 6 ) & 0xF0 ) << 4 )
+
+    limit = ptrWord( addr ) + ( ( ptrByte( addr + 6  ) & 0xF ) << 16 )
+   
+    base = ptrWord( addr + 2 ) + ( ptrByte( addr + 4) << 16 ) + ( ptrByte( addr + 7 ) << 24 )
+
+
+    if attr & 0x10:
+        pass
+    else:
+        if is64bitSystem():
+            base = ( ptrDWord( addr + 8 ) << 32 ) + base   
+
+    if attr & 0x800:
+        limit = limit << 12 
+
+
+    dprint( "attr: %x ( " % attr  + "".join( [ ( attr & ( 1 << ( 12 - i ) ) ) and "1" or "0" for i in range(0,12) ] ) + " )" )
+    dprint( "  base: %x" % base )        
+    dprintln( "  limit: %x" % limit )
+    
+
+def printGdtHelp():
+ 
+    dprintln( "Usage:" )
+    dprintln( "!py gdt help - Print out this message" )
+    dprintln( "!py gdt x - Print out gdt entry. The gdt entry's base is got from gdtr" )
+    dprintln( "!py gdt x y - Print out gdt entry. The gdt entry's base is x, y - offset" )
+
+
+if __name__ == "__main__":
+
+   if not isSessionStart():
+       print "script is launch out of windbg"
+       quit( 0 )
+
+   if sys.argv[0] == "help":
+       printGdtHelp()
+
+   elif len( sys.argv )==1:
+       gdtr = reg("gdtr")
+        
+       if sys.argv[0] == "":
+           for s in ( "cs", "es", "ds", "ss", "gs", "fs", "tr" ):
+               dprintln( s + " (%x):" % reg(s) )
+               printGdtEntry( gdtr + ( reg( s ) & 0xFFF8 ) )
+               dprintln("")              
+       else:
+           printGdtEntry( gdtr + (  int( sys.argv[0], 16 ) & 0xFFF8 ) )
+
+   elif len( sys.argv )==2:
+       printGdtEntry( int( sys.argv[0], 16 ) + ( int( sys.argv[1], 16 ) & 0xFFF8 ) )
+
+   else:
+       printGdtHelp()