diff --git a/samples/drvobj.py b/samples/drvobj.py index c56f96a..7d108fd 100644 --- a/samples/drvobj.py +++ b/samples/drvobj.py @@ -44,6 +44,8 @@ def getObjectInDir( dirObj, objName ): else: dirEntry = 0 + return None + diff --git a/samples/proclist.py b/samples/proclist.py index 1accfa4..191f7fe 100644 --- a/samples/proclist.py +++ b/samples/proclist.py @@ -10,24 +10,24 @@ def processInfo(): processList = typedVarList( nt.PsActiveProcessHead, "nt", "_EPROCESS", "ActiveProcessLinks" ) for process in processList: - print "".join( [chr(i) for i in process.ImageFileName if i != 0] ) + print "".join( [chr(i) for i in process.ImageFileName if i != 0] ) +def main(): -if __name__ == "__main__": + if not isWindbgExt(): + if not loadDump( sys.argv[1] ): + dprintln( sys.argv[1] + " - load failed" ) + return - - while True: - - if not isWindbgExt(): - if not loadDump( sys.argv[1] ): - dprintln( sys.argv[1] + " - load failed" ) - break - - if not isKernelDebugging(): - dprintln( "not a kernel debugging" ) - break + if not isKernelDebugging(): + dprintln( "not a kernel debugging" ) + return - processInfo() - break + processInfo() + + +if __name__ == "__main__": + main() + diff --git a/snippets/iat.py b/snippets/iat.py index a6d9896..f134c26 100644 --- a/snippets/iat.py +++ b/snippets/iat.py @@ -46,7 +46,7 @@ def iat( moduleName, mask = "*" ): else: iatEntry = ptrQWord( iatAddr + i*pSize ) - if iatEntry != 0: + if iatEntry != None and iatEntry != 0: symbolName = findSymbol( iatEntry ) if fnmatch.fnmatch( symbolName, mask ): dprintln( symbolName ) diff --git a/snippets/ntobj.py b/snippets/ntobj.py index b360252..3e29179 100644 --- a/snippets/ntobj.py +++ b/snippets/ntobj.py @@ -73,7 +73,6 @@ def getObjectNameInfoFromInfoMask(p): # Select platform-specific function for getting name of object getObjectNameInfo = None try: - getTypeClass("nt", "_OBJECT_HEADER").NameInfoOffset getObjectNameInfo = getObjectNameInfoFromHeader except AttributeError: getObjectNameInfo = getObjectNameInfoFromInfoMask