zjgcjy/pykd
1
0
Fork 0
mirror of https://github.com/ivellioscolin/pykd.git synced 2025-04-20 19:53:22 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

[+] addSynSymbol function adds a synthetic symbol to a module by virtual address

Browse Source 
[+] dbgModuleClass::addSynSymbol method adds a synthetic symbol by offset related to module base
[+] samples/synimp.py: add synthetic symbols for module by imports

git-svn-id: https://pykd.svn.codeplex.com/svn@61768 9b283d60-5439-405e-af05-b73fd8c4d996
This commit is contained in:
SND\EreTIk_cp 2011-02-21 09:49:47 +00:00
parent dfbbc434d3
commit d3a22fc0a8
5 changed files with 117 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pykd/dbgext.cpp
View File

@ -151,6 +151,7 @@ BOOST_PYTHON_MODULE( pykd )
boost::python::def( "setCurrentProcess", &setCurrentProcess ); boost::python::def( "setCurrentProcess", &setCurrentProcess );
boost::python::def( "getProcessorMode", &getProcessorMode ); boost::python::def( "getProcessorMode", &getProcessorMode );
boost::python::def( "setProcessorMode", &setProcessorMode ); boost::python::def( "setProcessorMode", &setProcessorMode );
boost::python::def( "addSynSymbol", &addSyntheticSymbol );
boost::python::class_<typeClass, boost::shared_ptr<typeClass> >( "typeClass" ) boost::python::class_<typeClass, boost::shared_ptr<typeClass> >( "typeClass" )
.def("sizeof", &typeClass::size ) .def("sizeof", &typeClass::size )
.def("offset", &typeClass::getOffset ) .def("offset", &typeClass::getOffset )
@ -164,6 +165,7 @@ BOOST_PYTHON_MODULE( pykd )
.def("contain", &dbgModuleClass::contain ) .def("contain", &dbgModuleClass::contain )
.def("image", &dbgModuleClass::getImageSymbolName ) .def("image", &dbgModuleClass::getImageSymbolName )
.def("pdb", &dbgModuleClass::getPdbName ) .def("pdb", &dbgModuleClass::getPdbName )
.def("addSynSymbol", &dbgModuleClass::addSyntheticSymbol )
.def("__getattr__", &dbgModuleClass::getOffset ); .def("__getattr__", &dbgModuleClass::getOffset );
boost::python::class_<dbgExtensionClass>( boost::python::class_<dbgExtensionClass>(
"ext", "ext",

38
pykd/dbgmodule.cpp
View File

@ -229,6 +229,17 @@ dbgModuleClass::getOffset( const std::string &symName )
///////////////////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////////////////////////
void dbgModuleClass::addSyntheticSymbol(
ULONG64 offset,
ULONG size,
const std::string &symName
)
{
::addSyntheticSymbol(m_base + offset, size, symName);
}
/////////////////////////////////////////////////////////////////////////////////
void void
dbgModuleClass::getImagePath() dbgModuleClass::getImagePath()
{ {
@ -307,3 +318,30 @@ dbgModuleClass::getImagePath()
} }
///////////////////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////////////////////////
void
addSyntheticSymbol( ULONG64 addr, ULONG size, const std::string &symName )
{
try
{
HRESULT hres =
dbgExt->symbols3->AddSyntheticSymbol(
addr,
size,
symName.c_str(),
DEBUG_ADDSYNTHSYM_DEFAULT,
NULL);
if ( FAILED( hres ) )
throw DbgException( "IDebugSymbol3::AddSyntheticSymbol failed" );
}
catch( std::exception &e )
{
dbgExt->control->Output( DEBUG_OUTPUT_ERROR, "pykd error: %s\n", e.what() );
}
catch(...)
{
dbgExt->control->Output( DEBUG_OUTPUT_ERROR, "pykd unexpected error\n" );
}
}
/////////////////////////////////////////////////////////////////////////////////

5
pykd/dbgmodule.h
View File

@ -58,6 +58,8 @@ public:
return std::wstring( m_debugInfo.LoadedPdbName ); return std::wstring( m_debugInfo.LoadedPdbName );
} }
void
addSyntheticSymbol( ULONG64 offset, ULONG size, const std::string &symName );
private: private:
@ -87,4 +89,7 @@ loadModule( const std::string &moduleName );
boost::python::object boost::python::object
findModule( ULONG64 addr ); findModule( ULONG64 addr );
void
addSyntheticSymbol( ULONG64 addr, ULONG size, const std::string &symName );
///////////////////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////////////////////////

54
samples/synimp.py Normal file
View File

@ -0,0 +1,54 @@
#
# Add synthetic symbols for module by imports
#
from pykd import *
import sys
def addSymSymbolsByImports(dbgModule):
if isKernelDebugging():
systemModule = loadModule( "nt" )
else:
systemModule = loadModule( "ntdll" )
if is64bitSystem():
ntHeader = typedVar( systemModule.name(), "_IMAGE_NT_HEADERS64", dbgModule.begin() + ptrDWord( dbgModule.begin() + 0x3c ) )
if ntHeader.OptionalHeader.Magic == 0x10b:
systemModule = loadModule( "ntdll32" )
ntHeader = typedVar( systemModule.name(), "_IMAGE_NT_HEADERS", dbgModule.begin() + ptrDWord( dbgModule.begin() + 0x3c ) )
pSize = 4
else:
pSize = 8
else:
ntHeader = typedVar( systemModule.name(), "_IMAGE_NT_HEADERS", dbgModule.begin() + ptrDWord( dbgModule.begin() + 0x3c ) )
pSize = 4
if ntHeader.OptionalHeader.DataDirectory[12].Size == 0:
return
iatAddr = dbgModule.begin() + ntHeader.OptionalHeader.DataDirectory[12].VirtualAddress;
for i in range( 0, ntHeader.OptionalHeader.DataDirectory[12].Size / pSize ):
pIatEtry = iatAddr + i*pSize;
if ( pSize == 4 ):
iatEntry = ptrDWord( pIatEtry )
else:
iatEntry = ptrQWord( pIatEtry )
if iatEntry != 0:
symbolName = findSymbol( iatEntry )
addSynSymbol(pIatEtry, pSize, "_imp_" + symbolName)
if __name__ == "__main__":
if not isSessionStart():
print "Script is launch out of WinDBG"
quit(0)
argc = len(sys.argv)
if (2 == argc):
addSymSymbolsByImports(findModule(expr(sys.argv[1])))
else:
dprintln("Invalid command line")
dprintln("Usage: " + sys.argv[0] + " module_address")