[0.1.x] updated : snippets

git-svn-id: https://pykd.svn.codeplex.com/svn@76567 9b283d60-5439-405e-af05-b73fd8c4d996

snippets/nbl.py

@@ -487,6 +487,7 @@ def usage():
 def main():
 
     if len(sys.argv) < 2:
+        usage()   
         return
    
     if not isKernelDebugging():

snippets/reload.py

@@ -1,29 +0,0 @@
-#
-#
-#
-
-import sys
-from pykd import *
-
-def symreload():
-
-    reloadModule( "/f" )
-
-    PsLoadedModuleList = getOffset( "nt", "PsLoadedModuleList" )
-
-    loadedModulesInfo = typedVarList( PsLoadedModuleList, "nt", "_LDR_DATA_TABLE_ENTRY", "InLoadOrderLinks" )
-
-    for module in loadedModulesInfo:
- 
-        if "" == getPdbFile( module.DllBase ):
-            baseName = loadUnicodeString( module.BaseDllName.getAddress() )
-            if baseName=="ntoskrnl.exe": baseName = "nt"
-            reloadModule(  " /u " + str(baseName)  )
-   
-if __name__ == "__main__":
-
-    if not isSessionStart():
-        dprintln( "script is launch out of windbg" )
-        quit( 0 )
-
-    symreload()

snippets/stlp.py

@@ -1,87 +0,0 @@
-"""Dump STLPort containers"""
-
-import sys
-from pykd import *
-
-def ptr_t():
-	return is64bitSystem() and ulonglong_t  or ulong_t
-
-StlpNodeBase = typeInfo()
-StlpNodeBase.append(ptr_t(), "color")
-StlpNodeBase.append(ptr_t(), "parent")
-StlpNodeBase.append(ptr_t(), "left")
-StlpNodeBase.append(ptr_t(), "right")
-
-StlpMap = typeInfo()
-StlpMap.append(StlpNodeBase, "header")
-StlpMap.append(ptr_t(), "node_count")
-
-def stlpMapIncrement(addr):
-    node = StlpNodeBase.load(addr)
-
-    if (node.right != 0):
-        node = StlpNodeBase.load(node.right)
-        while (node.left != 0):
-            node = StlpNodeBase.load(node.left)
-    else:
-        ynode = StlpNodeBase.load(node.parent)
-        while (node.getAddress() == ynode.right):
-            node = ynode
-            ynode = StlpNodeBase.load(ynode.parent)
-        # check special case: This is necessary if _M_node is the
-        # _M_head and the tree contains only a single node __y. In
-        # that case parent, left and right all point to __y!
-        if (node.right != ynode.getAddress()):
-          node = ynode
-
-    return node.getAddress()
-
-
-def dumpStlportMap(addr):
-    """Returns the list of addresses of pair<key, value>"""
-    addrList = list()
-    #dprintln("Map address: 0x%x" % addr)
-    map = StlpMap.load(addr)
-    #dprintln("Map node count: %u" % map.node_count)
-
-    count = 0
-    begin = map.header.left
-    end = addr
-    it = begin
-    while (it and it != end):
-        addrList.append(it + map.header.sizeof())
-        it = stlpMapIncrement(it)
-        count += 1
-
-    if (count != map.node_count):
-        dprintln("Error: map was dumped incorrectly.")
-
-    return addrList
-
-
-def printUsage():
-    dprintln("Usage:")
-    dprintln("!py stlp map <map_address|variable_name> [\"accurate map pair type\"]")
-    dprintln("Use dt command to retrive accurate map pair type:")
-    dprintln("dt -r ModuleName!stlp_std::pair*")
-    dprintln("Find required type in the list and copy paste it as script parameter. Don't forget about quotes.")
-
-if __name__ == "__main__":
-    mapAddr = 0
-
-    argc = len(sys.argv)
-    if (argc < 3 or sys.argv[1] != "map"):
-        printUsage()
-        quit(0)
-    else:
-        mapAddr = int(expr(sys.argv[2]))
-    
-    addrList = dumpStlportMap(mapAddr)
-    for addr in addrList:
-        if (argc == 3):
-            dprintln("0x%x" % addr)
-        else:
-            s = "dt -r " + sys.argv[3] + " 0x%x" % addr
-            #println(s)
-            dprintln("------------------------------------------------")
-            dprintln(dbgCommand(s))

snippets/wfp.py

@@ -6,19 +6,7 @@ from pykd import *
 
 fwpsLayer = typeInfo( "FWPS_BUILTIN_LAYERS_" ).asMap()
 fwpsDataType = typeInfo( "FWP_DATA_TYPE_" ).asMap()
-
-layerRe = re.compile( 'LAYER' )
-discardRe = re.compile( 'DISCARD' )
-
-fwpsFields = {}
-
-for layerId, v in fwpsLayer.items():
-    if discardRe.search( v ):
-        continue
-    try:  
-        fwpsFields[ layerId ] = typeInfo( layerRe.sub( 'FIELDS', v, 1 ) + '_' ).asMap()
-    except:
-        pass
+fwpDirection = typeInfo( "FWP_DIRECTION_" ).asMap()
 
 def printBlob( blob ):
     bb = loadBytes( blob.data, blob.size )
@@ -48,6 +36,9 @@ def printFwpsValue( value ):
     }.get( fwpsDataType[ value.type ], lambda : "---" )()
 
 def wfpFixedValues( addr ):
+  
+    dprintln( "FWPS_INCOMING_VALUES0:" )
+
     inFixedValue = typedVar( "FWPS_INCOMING_VALUES0_", addr )
 
     dprintln( " Layer: " + fwpsLayer[ inFixedValue.layerId ] )
@@ -55,14 +46,103 @@ def wfpFixedValues( addr ):
 
     values = [ x.value for x in typedVarArray( int(inFixedValue.incomingValue), "FWPS_INCOMING_VALUE0_", inFixedValue.valueCount ) ]
 
+    layerName = fwpsLayer[ inFixedValue.layerId ]
+
+    discardRe = re.compile( '_DISCARD' )
+    layerName = discardRe.sub( '', layerName, 1 )
+
+    layerRe = re.compile( 'LAYER' )
+    fwpsFields = typeInfo( layerRe.sub( 'FIELDS', layerName, 1 ) + '_' ).asMap()
+
     for i in range( 0, len(values) ): 
-        dprintln( "    " + fwpsFields[ inFixedValue.layerId ][ i ] )
+        dprintln( "    " + fwpsFields[ i ] )
         dprintln( "      Type: " + fwpsDataType[ values[i].type ] )
         dprintln( "      Value: " +  printFwpsValue( values[i] )  )
 
+def printDiscardReason( discardReason ):
+    return ""
+
+def printBlobAsStr( blob ):
+    return loadWChars( blob.data, blob.size )
+
+def printFwpsMetaValue( valueIndex, inMetaValues ):
+
+   return {
+        0x00000001 : lambda x: printDiscardReason( x.discardMetadata ),
+        0x00000002 : lambda x: "%#x" % inMetaValues.flowHandle,
+        0x00000004 : lambda x: "%#x" % inMetaValues.ipHeaderSize,
+        0x00000008 : lambda x: printBlobAsStr( x.processPath.deref() ),
+        0x00000010 : lambda x: "%#lx" % inMetaValues.token,
+        0x00000020 : lambda x: "%#lx" % inMetaValues.processId,
+        0x00000040 : lambda x: "%#x" % inMetaValues.flags,
+        0x00000080 : lambda x: "%#lx" % inMetaValues.reserved,
+        0x00000100 : lambda x: "%#x" % inMetaValues.sourceInterfaceIndex,
+        0x00000200 : lambda x: "%#x" % inMetaValues.destinationInterfaceIndex,
+        0x00000400 : lambda x: "%#x" % inMetaValues.transportHeaderSize,
+        0x00000800 : lambda x: "%#x" % inMetaValues.compartmentId,
+        0x00001000 : lambda x: "id: %x  offset: %x  length: %x" % ( x.fragmentMetadata.fragmentIdentification, x.fragmentMetadata.fragmentOffset, x.fragmentMetadata.fragmentLength ),
+        0x00002000 : lambda x: "%#x" % x.pathMtu,
+        0x00004000 : lambda x: "%#lx" % x.completionHandle,
+        0x00008000 : lambda x: "%#lx" % x.transportEndpointHandle,
+        0x00010000 : lambda x: "Data: %#lx, Length: %#x" % ( x.controlData, x.controlDataLength ),
+        0x00020000 : lambda x: "Zone: %d Level: %d" % ( x.remoteScopeId.Zone, x.remoteScopeId.Level ),
+        0x00040000 : lambda x: fwpDirection[ x.packetDirection ],
+    }.get( valueIndex, lambda x: "" )( inMetaValues )
+
+
+def wfpMetaValues( addr ):
+
+    dprintln( "FWPS_INCOMING_METADATA_VALUES0:" )
+
+    fwpsMetadataFields = {
+        0x00000001 : "FWPS_METADATA_FIELD_DISCARD_REASON",
+        0x00000002 : "FWPS_METADATA_FIELD_FLOW_HANDLE",
+        0x00000004 : "FWPS_METADATA_FIELD_IP_HEADER_SIZE",
+        0x00000008 : "FWPS_METADATA_FIELD_PROCESS_PATH",
+        0x00000010 : "FWPS_METADATA_FIELD_TOKEN",
+        0x00000020 : "FWPS_METADATA_FIELD_PROCESS_ID",
+        0x00000040 : "FWPS_METADATA_FIELD_SYSTEM_FLAGS",
+        0x00000080 : "FWPS_METADATA_FIELD_RESERVED",
+        0x00000100 : "FWPS_METADATA_FIELD_SOURCE_INTERFACE_INDEX",
+        0x00000200 : "FWPS_METADATA_FIELD_DESTINATION_INTERFACE_INDEX",
+        0x00000400 : "FWPS_METADATA_FIELD_TRANSPORT_HEADER_SIZE",
+        0x00000800 : "FWPS_METADATA_FIELD_COMPARTMENT_ID",
+        0x00001000 : "FWPS_METADATA_FIELD_FRAGMENT_DATA",
+        0x00002000 : "FWPS_METADATA_FIELD_PATH_MTU",
+        0x00004000 : "FWPS_METADATA_FIELD_COMPLETION_HANDLE",
+        0x00008000 : "FWPS_METADATA_FIELD_TRANSPORT_ENDPOINT_HANDLE",
+        0x00010000 : "FWPS_METADATA_FIELD_TRANSPORT_CONTROL_DATA",
+        0x00020000 : "FWPS_METADATA_FIELD_REMOTE_SCOPE_ID",
+        0x00040000 : "FWPS_METADATA_FIELD_PACKET_DIRECTION",
+        0x00080000 : "FWPS_METADATA_FIELD_PACKET_SYSTEM_CRITICAL",
+        0x00100000 : "FWPS_METADATA_FIELD_FORWARD_LAYER_OUTBOUND_PASS_THRU",
+        0x00200000 : "FWPS_METADATA_FIELD_FORWARD_LAYER_INBOUND_PASS_THRU",
+        0x00400000 : "FWPS_METADATA_FIELD_ALE_CLASSIFY_REQUIRED",
+        0x00800000 : "FWPS_METADATA_FIELD_TRANSPORT_HEADER_INCLUDE_HEADER",
+        0x01000000 : "FWPS_METADATA_FIELD_DESTINATION_PREFIX",
+        0x02000000 : "FWPS_METADATA_FIELD_ETHER_FRAME_LENGTH",
+        0x04000000 : "FWPS_METADATA_FIELD_PARENT_ENDPOINT_HANDLE",
+        0x08000000 : "FWPS_METADATA_FIELD_ICMP_ID_AND_SEQUENCE",
+        0x10000000 : "FWPS_METADATA_FIELD_LOCAL_REDIRECT_TARGET_PID",
+        0x20000000 : "FWPS_METADATA_FIELD_ORIGINAL_DESTINATION",
+        0x40000000 : "FWPS_METADATA_FIELD_REDIRECT_RECORD_HANDLE",
+        0x80000000 : "FWPS_METADATA_FIELD_SUB_PROCESS_TAG"
+    }
+
+    inMetaValues = typedVar( "FWPS_INCOMING_METADATA_VALUES0_", addr )
+
+    for i in ( 1 << i for i in range( 0, 32) ):
+        if inMetaValues.currentMetadataValues & i:
+            dprint( "    " )
+            dprint( fwpsMetadataFields.get( i, "Unknown filed %#010x" % i ) + ": " )
+            dprint( printFwpsMetaValue( i, inMetaValues ) )
+            dprintln("")
+  
+
 def usage():
     dprintln( "Usage:" )
-
+    dprintln( "!py wfp /fixed addr")
+    dprintln( "!py wfp /meta addr" )
 
 def main():