zjgcjy/pykd
1
0
Fork 0
mirror of https://github.com/ivellioscolin/pykd.git synced 2025-04-19 19:13:22 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

[0.3.x] updated : snippet stkwalk.py

Browse Source 
git-svn-id: https://pykd.svn.codeplex.com/svn@88448 9b283d60-5439-405e-af05-b73fd8c4d996
This commit is contained in:
SND\kernelnet_cp 2014-05-29 07:38:09 +00:00 committed by Mikhail I. Izmestev
parent d427d8192a
commit bd6ce0adaa
1 changed files with 59 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

104
snippets/stkwalk.py
View File

@ -93,14 +93,17 @@ def printProcess(process,processFilter,threadFilter,moduleFilter,funcFilter,prin
if processFilter and not processFilter(process, process.UniqueProcessId, processName ): if processFilter and not processFilter(process, process.UniqueProcessId, processName ):
return return
dprintln( "" )
dprintln( "Process %x" % process ) dprintln( "Process %x" % process )
dprintln( "Name: %s Pid: %#x" % ( processName, process.UniqueProcessId ) ) dprintln( "Name: %s Pid: %#x" % ( processName, process.UniqueProcessId ) )
dprintln( "" ) dprintln( "" )
wow64reloaded = False
try: try:
dbgCommand(".process /p /r %x" % process ) dbgCommand(".process /p /r %x" % process )
dbgCommand( ".reload /user" ) dbgCommand( ".reload /user" )
threadLst = typedVarList(process.ThreadListHead, ETHREAD, "ThreadListEntry.Flink") threadLst = typedVarList(process.ThreadListHead, ETHREAD, "ThreadListEntry.Flink")
@ -111,69 +114,80 @@ def printProcess(process,processFilter,threadFilter,moduleFilter,funcFilter,prin
if threadFilter and not threadFilter( thread.Tcb, thread.Cid.UniqueThread ): if threadFilter and not threadFilter( thread.Tcb, thread.Cid.UniqueThread ):
continue continue
setCurrentThread( thread ) try:
stkNative = getStack() setCurrentThread( thread )
stkWow64 = []
if printopt.showWow64stack == True: stkNative = getStack()
try: stkWow64 = []
switchCPUMode();
if printopt.showWow64stack == True:
try: try:
stkWow64 = getStack()
except MemoryException: switchCPUMode();
try:
if not wow64reloaded:
dbgCommand( ".reload /user" )
wow64reloaded = True
stkWow64 = getStack()
except MemoryException:
pass
switchCPUMode();
except DbgException:
pass pass
switchCPUMode();
except DbgException:
pass
stk = [] stk = []
for frame in stkNative: for frame in stkNative:
mod = getModule(frame.instructionOffset) mod = getModule(frame.instructionOffset)
if mod and printopt.combineWow64 and stkWow64: if mod and printopt.combineWow64 and stkWow64:
if mod.name() == "wow64cpu": if mod.name() == "wow64cpu":
break break
frame.cpuType = str(getCPUMode()) frame.cpuType = str(getCPUMode())
stk.append(frame) stk.append(frame)
for frame in stkWow64: for frame in stkWow64:
frame.cpuType = "WOW64" frame.cpuType = "WOW64"
stk.append(frame) stk.append(frame)
if printopt.showUnique: if printopt.showUnique:
stackHash= getStackHash(stk) stackHash= getStackHash(stk)
if stackHash in stackHashes: if stackHash in stackHashes:
continue continue
stackHashes.add( stackHash ) stackHashes.add( stackHash )
if moduleFilter: if moduleFilter:
if not [ m for m in getStackModules(stk) if moduleFilter( m, m.name() ) ]: if not [ m for m in getStackModules(stk) if moduleFilter( m, m.name() ) ]:
continue continue
if funcFilter: if funcFilter:
match = False match = False
for sym in getStackSymbols(stk): for sym in getStackSymbols(stk):
if funcFilter(sym) or ( len( sym.split('!', 1) ) == 2 and funcFilter( sym.split('!', 1)[1] ) ): if funcFilter(sym) or ( len( sym.split('!', 1) ) == 2 and funcFilter( sym.split('!', 1)[1] ) ):
match = True match = True
break break
if not match: if not match:
continue continue
printThread( thread, process ) printThread( thread, process )
for frame in stk:
printFrame(frame, printopt)
except DbgException:
printThread( thread, process )
dprintln( "Failed to get stack")
for frame in stk:
printFrame(frame, printopt)
except DbgException: except DbgException: