zjgcjy/pykd
1
0
Fork 0
mirror of https://github.com/ivellioscolin/pykd.git synced 2025-04-20 03:23:23 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

[+] routines for loading array ( loadBytes, loadWords ... ) added

Browse Source 
[+] sample added

git-svn-id: https://pykd.svn.codeplex.com/svn@53051 9b283d60-5439-405e-af05-b73fd8c4d996
This commit is contained in:
SND\kernelnet_cp 2010-07-27 10:24:50 +00:00
parent e396c27fa9
commit a95075cb6f
5 changed files with 65 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pykd/dbgext.cpp
View File

@ -44,6 +44,10 @@ BOOST_PYTHON_MODULE( pykd )
boost::python::def( "getOffset", &findAddressForSymbol );
boost::python::def( "findModule", &findModule );
boost::python::def( "addr64", &addr64 );
boost::python::def( "loadBytes", &loadArray<unsigned char> );
boost::python::def( "loadWords", &loadArray<unsigned short> );
boost::python::def( "loadDWords", &loadArray<unsigned long> );
boost::python::def( "loadQWords", &loadArray<__int64> );
boost::python::def( "compareMemory", &compareMemory );
boost::python::class_<typedVarClass>( "typedVarClass" )
.def("getAddress", &typedVarClass::getAddress );

1
pykd/dbgmem.cpp
View File

@ -88,4 +88,3 @@ compareMemory( ULONG64 addr1, ULONG64 addr2, ULONG length )
}
///////////////////////////////////////////////////////////////////////////////////

27
pykd/dbgmem.h
View File

@ -1,10 +1,37 @@
#pragma once
#include <boost/python.hpp>
#include <boost/python/object.hpp>
/////////////////////////////////////////////////////////////////////////////////
bool
loadMemory( ULONG64 address, PVOID dest, ULONG length );
template<typename T>
boost::python::object
loadArray( ULONG64 address, ULONG number )
{
T *buffer = new T[ number ];
if ( loadMemory( address, buffer, number*sizeof(T) ) )
{
boost::python::dict arr;
for ( ULONG i = 0; i < number; ++i )
arr[i] = buffer[i];
delete[] buffer;
return arr;
}
delete[] buffer;
return boost::python::object();
}
bool
compareMemory( ULONG64 addr1, ULONG64 addr2, ULONG length );

2
pykd/pykd.vcproj
View File

@ -149,7 +149,7 @@
/>
<Tool
Name="VCLinkerTool"
AdditionalDependencies="dbgeng.lib engextcpp.lib"
AdditionalDependencies="dbgeng.lib"
OutputFile="$(OutDir)\$(ProjectName).pyd"
LinkIncremental="2"
AdditionalLibraryDirectories="&quot;$(DBG_SDK_ROOT)\lib\amd64&quot;;&quot;$(PYTHON_ROOT)\x64\libs&quot;;&quot;$(BOOST_ROOT)\stage64\lib&quot;"

32
samples/ssdt.py Normal file
View File

@ -0,0 +1,32 @@
from pykd import *
import sys
def checkSSDT():
nt = loadModule( "nt" )
nt.KeServiceDescriptorTable = getOffset( "nt", "KeServiceDescriptorTable" )
serviceTableHeader = loadDWords( nt.KeServiceDescriptorTable, 4 )
serviceTableStart = serviceTableHeader[0]
serviceCount = serviceTableHeader[2]
dprintln( "ServiceTable start: %(1)x count: %(2)x" % { "1" : serviceTableStart, "2" : serviceCount } )
serviceTable = loadDWords( serviceTableStart, serviceCount )
for i in range( 0, serviceCount ):
dprintln( findSymbol( serviceTable[i] ) )
if __name__ == "__main__":
if not isSessionStart():
createSession()
loadDump( sys.argv[1] )
checkSSDT()