mirror of
https://github.com/ivellioscolin/pykd.git
synced 2025-04-21 04:13:22 +08:00
[+] addSynSymbol function adds a synthetic symbol to a module by virtual address
[+] dbgModuleClass::addSynSymbol method adds a synthetic symbol by offset related to module base [+] samples/synimp.py: add synthetic symbols for module by imports git-svn-id: https://pykd.svn.codeplex.com/svn@61768 9b283d60-5439-405e-af05-b73fd8c4d996
This commit is contained in:
SND\EreTIk_cp
parent
dfbbc434d3
commit
d3a22fc0a8
@ -151,6 +151,7 @@ BOOST_PYTHON_MODULE( pykd )
|
|||||||
boost::python::def( "setCurrentProcess", &setCurrentProcess );
|
boost::python::def( "setCurrentProcess", &setCurrentProcess );
|
||||||
boost::python::def( "getProcessorMode", &getProcessorMode );
|
boost::python::def( "getProcessorMode", &getProcessorMode );
|
||||||
boost::python::def( "setProcessorMode", &setProcessorMode );
|
boost::python::def( "setProcessorMode", &setProcessorMode );
|
||||||
|
boost::python::def( "addSynSymbol", &addSyntheticSymbol );
|
||||||
boost::python::class_<typeClass, boost::shared_ptr<typeClass> >( "typeClass" )
|
boost::python::class_<typeClass, boost::shared_ptr<typeClass> >( "typeClass" )
|
||||||
.def("sizeof", &typeClass::size )
|
.def("sizeof", &typeClass::size )
|
||||||
.def("offset", &typeClass::getOffset )
|
.def("offset", &typeClass::getOffset )
|
||||||
@ -164,6 +165,7 @@ BOOST_PYTHON_MODULE( pykd )
|
|||||||
.def("contain", &dbgModuleClass::contain )
|
.def("contain", &dbgModuleClass::contain )
|
||||||
.def("image", &dbgModuleClass::getImageSymbolName )
|
.def("image", &dbgModuleClass::getImageSymbolName )
|
||||||
.def("pdb", &dbgModuleClass::getPdbName )
|
.def("pdb", &dbgModuleClass::getPdbName )
|
||||||
|
.def("addSynSymbol", &dbgModuleClass::addSyntheticSymbol )
|
||||||
.def("__getattr__", &dbgModuleClass::getOffset );
|
.def("__getattr__", &dbgModuleClass::getOffset );
|
||||||
boost::python::class_<dbgExtensionClass>(
|
boost::python::class_<dbgExtensionClass>(
|
||||||
"ext",
|
"ext",
|
||||||
|
|||||||
@ -14,8 +14,8 @@ struct DbgExt {
|
|||||||
IDebugRegisters *registers;
|
IDebugRegisters *registers;
|
||||||
|
|
||||||
IDebugSymbols *symbols;
|
IDebugSymbols *symbols;
|
||||||
IDebugSymbols2 *symbols2;
|
IDebugSymbols2 *symbols2;
|
||||||
IDebugSymbols3 *symbols3;
|
IDebugSymbols3 *symbols3;
|
||||||
|
|
||||||
IDebugDataSpaces *dataSpaces;
|
IDebugDataSpaces *dataSpaces;
|
||||||
IDebugDataSpaces4 *dataSpaces4;
|
IDebugDataSpaces4 *dataSpaces4;
|
||||||
|
|||||||
@ -224,7 +224,18 @@ dbgModuleClass::getOffset( const std::string &symName )
|
|||||||
return offset->second;
|
return offset->second;
|
||||||
}
|
}
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
/////////////////////////////////////////////////////////////////////////////////
|
||||||
|
|
||||||
|
void dbgModuleClass::addSyntheticSymbol(
|
||||||
|
ULONG64 offset,
|
||||||
|
ULONG size,
|
||||||
|
const std::string &symName
|
||||||
|
)
|
||||||
|
{
|
||||||
|
::addSyntheticSymbol(m_base + offset, size, symName);
|
||||||
}
|
}
|
||||||
|
|
||||||
/////////////////////////////////////////////////////////////////////////////////
|
/////////////////////////////////////////////////////////////////////////////////
|
||||||
@ -306,4 +317,31 @@ dbgModuleClass::getImagePath()
|
|||||||
delete[] pathBuffer;
|
delete[] pathBuffer;
|
||||||
}
|
}
|
||||||
|
|
||||||
/////////////////////////////////////////////////////////////////////////////////
|
/////////////////////////////////////////////////////////////////////////////////
|
||||||
|
|
||||||
|
void
|
||||||
|
addSyntheticSymbol( ULONG64 addr, ULONG size, const std::string &symName )
|
||||||
|
{
|
||||||
|
try
|
||||||
|
{
|
||||||
|
HRESULT hres =
|
||||||
|
dbgExt->symbols3->AddSyntheticSymbol(
|
||||||
|
addr,
|
||||||
|
size,
|
||||||
|
symName.c_str(),
|
||||||
|
DEBUG_ADDSYNTHSYM_DEFAULT,
|
||||||
|
NULL);
|
||||||
|
if ( FAILED( hres ) )
|
||||||
|
throw DbgException( "IDebugSymbol3::AddSyntheticSymbol failed" );
|
||||||
|
}
|
||||||
|
catch( std::exception &e )
|
||||||
|
{
|
||||||
|
dbgExt->control->Output( DEBUG_OUTPUT_ERROR, "pykd error: %s\n", e.what() );
|
||||||
|
}
|
||||||
|
catch(...)
|
||||||
|
{
|
||||||
|
dbgExt->control->Output( DEBUG_OUTPUT_ERROR, "pykd unexpected error\n" );
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/////////////////////////////////////////////////////////////////////////////////
|
||||||
|
|||||||
@ -15,20 +15,20 @@ public:
|
|||||||
dbgModuleClass() :
|
dbgModuleClass() :
|
||||||
m_base( 0 ),
|
m_base( 0 ),
|
||||||
m_end( 0 )
|
m_end( 0 )
|
||||||
{}
|
{}
|
||||||
|
|
||||||
dbgModuleClass( const std::string &name, ULONG64 base, ULONG size );
|
dbgModuleClass( const std::string &name, ULONG64 base, ULONG size );
|
||||||
|
|
||||||
ULONG64
|
ULONG64
|
||||||
getBegin() const {
|
getBegin() const {
|
||||||
return m_base;
|
return m_base;
|
||||||
}
|
}
|
||||||
|
|
||||||
ULONG64
|
ULONG64
|
||||||
getEnd() const {
|
getEnd() const {
|
||||||
return m_end;
|
return m_end;
|
||||||
}
|
}
|
||||||
|
|
||||||
bool
|
bool
|
||||||
contain( ULONG64 addr ) const {
|
contain( ULONG64 addr ) const {
|
||||||
if ( *( (ULONG*)&addr + 1 ) == 0 )
|
if ( *( (ULONG*)&addr + 1 ) == 0 )
|
||||||
@ -36,34 +36,36 @@ public:
|
|||||||
|
|
||||||
return m_base <= addr && addr <= m_end;
|
return m_base <= addr && addr <= m_end;
|
||||||
}
|
}
|
||||||
|
|
||||||
std::string
|
std::string
|
||||||
getName() const {
|
getName() const {
|
||||||
return m_name;
|
return m_name;
|
||||||
}
|
}
|
||||||
|
|
||||||
void
|
void
|
||||||
reloadSymbols();
|
reloadSymbols();
|
||||||
|
|
||||||
ULONG64
|
ULONG64
|
||||||
getOffset( const std::string &symName );
|
getOffset( const std::string &symName );
|
||||||
|
|
||||||
std::wstring
|
std::wstring
|
||||||
getImageSymbolName() const {
|
getImageSymbolName() const {
|
||||||
return m_imageFullName;
|
return m_imageFullName;
|
||||||
}
|
}
|
||||||
|
|
||||||
std::wstring
|
std::wstring
|
||||||
getPdbName() const {
|
getPdbName() const {
|
||||||
return std::wstring( m_debugInfo.LoadedPdbName );
|
return std::wstring( m_debugInfo.LoadedPdbName );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void
|
||||||
|
addSyntheticSymbol( ULONG64 offset, ULONG size, const std::string &symName );
|
||||||
|
|
||||||
private:
|
private:
|
||||||
|
|
||||||
ULONG64 m_base;
|
ULONG64 m_base;
|
||||||
|
|
||||||
ULONG64 m_end;
|
ULONG64 m_end;
|
||||||
|
|
||||||
std::string m_name;
|
std::string m_name;
|
||||||
|
|
||||||
@ -87,4 +89,7 @@ loadModule( const std::string &moduleName );
|
|||||||
boost::python::object
|
boost::python::object
|
||||||
findModule( ULONG64 addr );
|
findModule( ULONG64 addr );
|
||||||
|
|
||||||
|
void
|
||||||
|
addSyntheticSymbol( ULONG64 addr, ULONG size, const std::string &symName );
|
||||||
|
|
||||||
/////////////////////////////////////////////////////////////////////////////////
|
/////////////////////////////////////////////////////////////////////////////////
|
||||||
54
samples/synimp.py
Normal file
54
samples/synimp.py
Normal file
@ -0,0 +1,54 @@
|
|||||||
|
#
|
||||||
|
# Add synthetic symbols for module by imports
|
||||||
|
#
|
||||||
|
|
||||||
|
from pykd import *
|
||||||
|
import sys
|
||||||
|
|
||||||
|
def addSymSymbolsByImports(dbgModule):
|
||||||
|
if isKernelDebugging():
|
||||||
|
systemModule = loadModule( "nt" )
|
||||||
|
else:
|
||||||
|
systemModule = loadModule( "ntdll" )
|
||||||
|
|
||||||
|
if is64bitSystem():
|
||||||
|
ntHeader = typedVar( systemModule.name(), "_IMAGE_NT_HEADERS64", dbgModule.begin() + ptrDWord( dbgModule.begin() + 0x3c ) )
|
||||||
|
if ntHeader.OptionalHeader.Magic == 0x10b:
|
||||||
|
systemModule = loadModule( "ntdll32" )
|
||||||
|
ntHeader = typedVar( systemModule.name(), "_IMAGE_NT_HEADERS", dbgModule.begin() + ptrDWord( dbgModule.begin() + 0x3c ) )
|
||||||
|
pSize = 4
|
||||||
|
else:
|
||||||
|
pSize = 8
|
||||||
|
else:
|
||||||
|
ntHeader = typedVar( systemModule.name(), "_IMAGE_NT_HEADERS", dbgModule.begin() + ptrDWord( dbgModule.begin() + 0x3c ) )
|
||||||
|
pSize = 4
|
||||||
|
|
||||||
|
if ntHeader.OptionalHeader.DataDirectory[12].Size == 0:
|
||||||
|
return
|
||||||
|
|
||||||
|
iatAddr = dbgModule.begin() + ntHeader.OptionalHeader.DataDirectory[12].VirtualAddress;
|
||||||
|
|
||||||
|
for i in range( 0, ntHeader.OptionalHeader.DataDirectory[12].Size / pSize ):
|
||||||
|
pIatEtry = iatAddr + i*pSize;
|
||||||
|
|
||||||
|
if ( pSize == 4 ):
|
||||||
|
iatEntry = ptrDWord( pIatEtry )
|
||||||
|
else:
|
||||||
|
iatEntry = ptrQWord( pIatEtry )
|
||||||
|
|
||||||
|
if iatEntry != 0:
|
||||||
|
symbolName = findSymbol( iatEntry )
|
||||||
|
addSynSymbol(pIatEtry, pSize, "_imp_" + symbolName)
|
||||||
|
|
||||||
|
if __name__ == "__main__":
|
||||||
|
|
||||||
|
if not isSessionStart():
|
||||||
|
print "Script is launch out of WinDBG"
|
||||||
|
quit(0)
|
||||||
|
|
||||||
|
argc = len(sys.argv)
|
||||||
|
if (2 == argc):
|
||||||
|
addSymSymbolsByImports(findModule(expr(sys.argv[1])))
|
||||||
|
else:
|
||||||
|
dprintln("Invalid command line")
|
||||||
|
dprintln("Usage: " + sys.argv[0] + " module_address")
|
||||||
Loading…
Reference in New Issue
Block a user