git-svn-id: https://pykd.svn.codeplex.com/svn@50346 9b283d60-5439-405e-af05-b73fd8c4d996

2025-04-21 12:53:23 +08:00 · 2010-07-06 14:53:05 +00:00 · 2010-07-06 14:53:05 +00:00 · a7765dfb9e
commit a7765dfb9e
parent 8599bca853
3 changed files with 0 additions and 78 deletions
--- a/kdar/cmd.py
+++ b/kdar/cmd.py
@ -1,5 +0,0 @@
-from pykd import *
-
-s = dbgCommand( "dt nt!_DRIVER_OBJECT" )
-
-dprintln( s )
--- a/kdar/drvobj.py
+++ b/kdar/drvobj.py
@ -1,11 +0,0 @@
-from pykd import *
-
-
-drvObj = typedVar( "nt", "_DRIVER_OBJECT", addr64( 0x82000c08 ) )
-
-dprintln( "DriverName.Length = %(1)d" % { "1" : drvObj.DriverName.Length } )
-
-for i,f in drvObj.MajorFunction.iteritems():
-
-	dprintln( "MajorFunction[%(1)d] = " % { "1" : i } + findSymbol( addr64( f ) ) )
-
--- a/kdar/idt.py
+++ b/kdar/idt.py
@ -1,62 +0,0 @@
-from pykd import *
-
-
-if not is64bitSystem():
-
-    dprintln( "check interrupt handlers...\n" )	
-
-    idtr = reg( "idtr" )
-
-    nt = loadModule( "nt" )
-    nt.KiInterruptDispatch = getOffset( "nt", "KiInterruptDispatch" )          
-    nt.KiChainedDispatch = getOffset( "nt", "KiChainedDispatch" )
-    nt.KiInterruptTemplate = getOffset( "nt", "KiInterruptTemplate" )             
-
-    hal = loadModule( "hal" )
-
-
-    ErrorCount = 0
-
-    for i in range(0,255):
-
-      idtEntry = typedVar( "nt", "_KIDTENTRY", idtr + i*8 )
-
-      if idtEntry.Selector == 8:
-
-          InterruptHandler = ( idtEntry.ExtendedOffset * 0x10000 ) + idtEntry.Offset
-
-          if InterruptHandler != 0 and not nt.contain( InterruptHandler ) and not hal.contain( InterruptHandler ):
-
-               kinterrupt = containingRecord( InterruptHandler, "nt", "_KINTERRUPT", "DispatchCode" )
-             
-               dprintln ( "KINTERRUPT: %(1)x" % { "1" : kinterrupt.getAddress() } )
-
-               if addr64( kinterrupt.DispatchAddress ) != nt.KiInterruptDispatch and addr64(  kinterrupt.DispatchAddress ) != nt.KiChainedDispatch:
-                     dprintln ( "Threat!!! KINTERRUPT::DispatchAddress PATCHED" )
-                     ErrorCount += 1
-
-               if findModule( kinterrupt.ServiceRoutine ) == None:
-                     dprintln ( "Threat!!! KINTERRUPT::ServiceRoutine (%(1)x) out of  any module" % { "1" : kinterrupt.ServiceRoutine } ) 
-                     ErrorCount += 1
-
-               if not compareMemory( nt.KiInterruptTemplate, InterruptHandler, 98 ):
-                     dprintln ( "Threat!!! KINTERRUPT::DispatchCode area PATCHED" )
-                     ErrorCount += 1
-
-
-               dprintln ( "" )
-
-       
-    dprintln( "check end: %(1)d threats" % { "1" : ErrorCount } )
-
-
-else:
-
-   dprintln( "x64 is not supported" )
-
-
-
-
-
-
-