zjgcjy/pykd
1
0
Fork 0
mirror of https://github.com/ivellioscolin/pykd.git synced 2025-04-21 04:13:22 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

[0.2.x] fixed : UM samples

Browse Source 
git-svn-id: https://pykd.svn.codeplex.com/svn@81320 9b283d60-5439-405e-af05-b73fd8c4d996
This commit is contained in:
SND\kernelnet_cp 2012-11-22 09:19:16 +00:00 committed by Mikhail I. Izmestev
parent f9276a7dd7
commit bc1f4ce464
1 changed files with 11 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
samples/um/ldr.py
View File

@ -15,16 +15,21 @@ def listModuleFromLdr64():
name = typedVar( "ntdll!_UNICODE_STRING", mod.BaseDllName ) name = typedVar( "ntdll!_UNICODE_STRING", mod.BaseDllName )
dprintln(loadWChars(name.Buffer, name.Length/2)) dprintln(loadWChars(name.Buffer, name.Length/2))
dprintln( "\n<u>32 bit modules:</u>", True) try:
peb32 = typedVar( "ntdll32!_PEB", getCurrentProcess() - pageSize() ) peb32 = typedVar( "ntdll32!_PEB", getCurrentProcess() - pageSize() )
dprintln( "\n<u>32 bit modules:</u>", True)
moduleLst = typedVarList( peb32.Ldr.deref().InLoadOrderModuleList, "ntdll32!_LDR_DATA_TABLE_ENTRY", "InMemoryOrderLinks" ) moduleLst = typedVarList( peb32.Ldr.deref().InLoadOrderModuleList, "ntdll32!_LDR_DATA_TABLE_ENTRY", "InMemoryOrderLinks" )
for mod in moduleLst: for mod in moduleLst:
name = typedVar( "ntdll32!_UNICODE_STRING", mod.BaseDllName ) name = typedVar( "ntdll32!_UNICODE_STRING", mod.BaseDllName )
dprintln(loadWChars(name.Buffer, name.Length/2)) dprintln(loadWChars(name.Buffer, name.Length/2))
except BaseException:
pass
def listModuleFromLdr(): def listModuleFromLdr():
peb = typedVar( "ntdll!PEB", getCurrentProcess() ) peb = typedVar( "ntdll!PEB", getCurrentProcess() )