From de82f9d737ce2fbcdcb3646187f96041dee312e6 Mon Sep 17 00:00:00 2001 From: "SND\\kernelnet_cp" Date: Thu, 14 Apr 2011 16:01:29 +0000 Subject: [PATCH] [samples] updated: refactored samples git-svn-id: https://pykd.svn.codeplex.com/svn@63978 9b283d60-5439-405e-af05-b73fd8c4d996 --- samples/break.py | 42 ++++++++++++++++++++++++++++++++++++++++++ samples/drvobj.py | 12 ++++++------ samples/idt.py | 11 +++++++---- samples/proclist.py | 27 +++++++++++++++------------ samples/ssdt.py | 18 ++++++++++++++---- samples/stacks.py | 14 +++++++++----- snippets/accessmask.py | 2 +- snippets/alpc_conn.py | 2 +- snippets/avl.py | 1 + snippets/cr0.py | 2 +- snippets/cr4.py | 2 +- snippets/export.py | 2 +- snippets/gdt.py | 2 +- snippets/help.py | 2 ++ snippets/iat.py | 2 +- snippets/ndis.py | 10 ++++++++++ snippets/ntobj.py | 2 +- snippets/phidecheck.py | 2 +- snippets/stlp.py | 2 +- snippets/vmcs.py | 2 +- 20 files changed, 117 insertions(+), 42 deletions(-) create mode 100644 samples/break.py diff --git a/samples/break.py b/samples/break.py new file mode 100644 index 0000000..3526ab9 --- /dev/null +++ b/samples/break.py @@ -0,0 +1,42 @@ +# +# +# + +from pykd import * + + +def bpCallback(): + + if is64bitSystem(): + objAttr = typedVar( "ntdll", "_OBJECT_ATTRIBUTES", reg("r8") ) + else: + objAttr = typedVar( "ntdll", "_OBJECT_ATTRIBUTES", ptrPtr(reg("esp") + 0xC) ) + + name = loadUnicodeString( objAttr.ObjectName ) + + dprintln( "NtCreateFile: " + name ) + + return DEBUG_STATUS_NO_CHANGE + + + + +if not isWindbgExt(): + startProcess("notepad.exe") + + +if not isDumpAnalyzing() and not isKernelDebugging(): + + nt = loadModule("ntdll") + + b1 = bp( nt.NtCreateFile, bpCallback ) + + while go(): pass + + dprintln( "exit process" ) + +else: + + dprintln( "The debugger must be connected to live usermode process" ) + + diff --git a/samples/drvobj.py b/samples/drvobj.py index 613cf7b..d205a0d 100644 --- a/samples/drvobj.py +++ b/samples/drvobj.py @@ -80,14 +80,14 @@ def printDrvMajorTable( drvName ): if __name__ == "__main__": - if not isSessionStart(): - createSession() + if not isWindbgExt(): loadDump( sys.argv[1] ) - loadSymbols(); - - - printDrvMajorTable( "afd" ) + if isKernelDebugging(): + loadSymbols(); + printDrvMajorTable( "afd" ) + else: + dprintln( "not a kernel debugging" ) diff --git a/samples/idt.py b/samples/idt.py index c1137fa..1fa6863 100644 --- a/samples/idt.py +++ b/samples/idt.py @@ -52,11 +52,14 @@ def checkInterrupt(): if __name__ == "__main__": - if not isSessionStart(): - createSession() - loadDump( sys.argv[1] ) + if not isWindbgExt(): + loadDump( sys.argv[1] ) + + if isKernelDebugging(): + checkInterrupt() + else: + dprintln( "not a kernel debugging" ) - checkInterrupt() diff --git a/samples/proclist.py b/samples/proclist.py index 153e16d..1accfa4 100644 --- a/samples/proclist.py +++ b/samples/proclist.py @@ -3,14 +3,10 @@ import sys from pykd import * -def loadSymbols(): - - global nt - nt = loadModule( "nt" ) - - def processInfo(): + nt = loadModule( "nt" ) + processList = typedVarList( nt.PsActiveProcessHead, "nt", "_EPROCESS", "ActiveProcessLinks" ) for process in processList: @@ -20,11 +16,18 @@ def processInfo(): if __name__ == "__main__": - if not isSessionStart(): - createSession() - loadDump( sys.argv[1] ) - dprintln( sys.argv[1] + " - loaded OK" ) - loadSymbols() + while True: + + if not isWindbgExt(): + if not loadDump( sys.argv[1] ): + dprintln( sys.argv[1] + " - load failed" ) + break + + if not isKernelDebugging(): + dprintln( "not a kernel debugging" ) + break + + processInfo() + break - processInfo() diff --git a/samples/ssdt.py b/samples/ssdt.py index 813f464..3e876c8 100644 --- a/samples/ssdt.py +++ b/samples/ssdt.py @@ -52,9 +52,19 @@ def checkSSDT(): if __name__ == "__main__": - if not isSessionStart(): - createSession() - loadDump( sys.argv[1] ) - checkSSDT() + while True: + + if not isWindbgExt(): + if not loadDump( sys.argv[1] ): + dprintln( sys.argv[1] + " - load failed" ) + break + + if not isKernelDebugging(): + dprintln( "not a kernel debugging" ) + break + + checkSSDT() + break + \ No newline at end of file diff --git a/samples/stacks.py b/samples/stacks.py index b5fcd79..266d664 100644 --- a/samples/stacks.py +++ b/samples/stacks.py @@ -56,10 +56,14 @@ def printStack(): if __name__ == "__main__": - if not isSessionStart(): - createSession() - loadDump( sys.argv[1] ) - dprintln( sys.argv[1] + " - loaded OK" ) + while True: + + if not isWindbgExt(): + if not loadDump( sys.argv[1] ): + dprintln( sys.argv[1] + " - load failed" ) + break + + printStack() + break - printStack() diff --git a/snippets/accessmask.py b/snippets/accessmask.py index 7545d98..8097b7c 100644 --- a/snippets/accessmask.py +++ b/snippets/accessmask.py @@ -91,7 +91,7 @@ argc = len(sys.argv) if argc == 1 : dprintln("Syntax: [object type] <;hex mask>;") dprintln("Supported object types: process, thread, file, generic") - quit( "" ) + quit( 0 ) type = (argc > 2 and sys.argv[1]) or "generic" if argc > 2 : diff --git a/snippets/alpc_conn.py b/snippets/alpc_conn.py index 6701f10..f486a4c 100644 --- a/snippets/alpc_conn.py +++ b/snippets/alpc_conn.py @@ -41,7 +41,7 @@ def main(): dprintln(main.__doc__) if __name__ == "__main__": - if not isSessionStart(): + if not isWindbgExt(): dprintln("Script is launch out of windbg") quit(0) diff --git a/snippets/avl.py b/snippets/avl.py index fcb4913..333f2b8 100644 --- a/snippets/avl.py +++ b/snippets/avl.py @@ -43,6 +43,7 @@ if __name__ == "__main__": if len( sys.argv ) < 2: printUsage() + quit(0) if len( sys.argv ) == 2: items = getAVLTable( addr64( expr( sys.argv[1] ) ) ) diff --git a/snippets/cr0.py b/snippets/cr0.py index a4540e9..1477ce0 100644 --- a/snippets/cr0.py +++ b/snippets/cr0.py @@ -22,7 +22,7 @@ def cr0( value = 0 ): if __name__ == "__main__": - if not isSessionStart(): + if not isWindbgExt(): print "script is launch out of windbg" quit( 0 ) diff --git a/snippets/cr4.py b/snippets/cr4.py index df49f28..d2f9274 100644 --- a/snippets/cr4.py +++ b/snippets/cr4.py @@ -22,7 +22,7 @@ def cr4( value = 0 ): if __name__ == "__main__": - if not isSessionStart(): + if not isWindbgExt(): print "script is launch out of windbg" quit( 0 ) diff --git a/snippets/export.py b/snippets/export.py index 879a4f1..34320ac 100644 --- a/snippets/export.py +++ b/snippets/export.py @@ -47,7 +47,7 @@ def export( moduleName, mask = "*" ): if __name__ == "__main__": - if not isSessionStart(): + if not isWindbgExt(): print "script is launch out of windbg" quit( 0 ) diff --git a/snippets/gdt.py b/snippets/gdt.py index 08a8bf8..1ca254d 100644 --- a/snippets/gdt.py +++ b/snippets/gdt.py @@ -42,7 +42,7 @@ def printGdtHelp(): if __name__ == "__main__": - if not isSessionStart(): + if not isWindbgExt(): print "script is launch out of windbg" quit( 0 ) diff --git a/snippets/help.py b/snippets/help.py index c843ba1..9df5129 100644 --- a/snippets/help.py +++ b/snippets/help.py @@ -48,6 +48,8 @@ def printDetail( name ): if name in pykd.__dict__: help( "pykd.%s" % name ) + + dprintln( "\n\nView content", True ) diff --git a/snippets/iat.py b/snippets/iat.py index 592f67e..a6d9896 100644 --- a/snippets/iat.py +++ b/snippets/iat.py @@ -56,7 +56,7 @@ def iat( moduleName, mask = "*" ): if __name__ == "__main__": - if not isSessionStart(): + if not isWindbgExt(): print "script is launch out of windbg" quit( 0 ) diff --git a/snippets/ndis.py b/snippets/ndis.py index 6787bbc..c110993 100644 --- a/snippets/ndis.py +++ b/snippets/ndis.py @@ -81,6 +81,16 @@ def printNdisObj(): printBreakLine() if __name__ == "__main__": + + if not isWindbgExt(): + dprintln( "script is launch out of windbg" ) + quit(0) + + if not isKernelDebugging: + dprintln( "script for kernel mode only" ) + quit(0) + + printNdisObj() diff --git a/snippets/ntobj.py b/snippets/ntobj.py index b1b9c76..42aacf8 100644 --- a/snippets/ntobj.py +++ b/snippets/ntobj.py @@ -168,7 +168,7 @@ if __name__ == "__main__": dprintln("obj: 0x%X" % obj + " type: 0x%X" % getType(obj)) - if not isSessionStart(): + if not isWindbgExt(): print "Script is launch out of WinDBG" quit(0) diff --git a/snippets/phidecheck.py b/snippets/phidecheck.py index 49e45cb..e03522e 100644 --- a/snippets/phidecheck.py +++ b/snippets/phidecheck.py @@ -8,7 +8,7 @@ import ntobj if __name__ == "__main__": - if not isSessionStart(): + if not isWindbgExt(): print "Script is launch out of WinDBG" quit(0) diff --git a/snippets/stlp.py b/snippets/stlp.py index 450d5bf..0c255dd 100644 --- a/snippets/stlp.py +++ b/snippets/stlp.py @@ -87,7 +87,7 @@ def printUsage(): if __name__ == "__main__": global runningAsWinDbgExtension - runningAsWinDbgExtension = not isSessionStart() + runningAsWinDbgExtension = isWindbgExt() mapAddr = 0 argc = len(sys.argv) diff --git a/snippets/vmcs.py b/snippets/vmcs.py index 000c957..a9ea54e 100644 --- a/snippets/vmcs.py +++ b/snippets/vmcs.py @@ -184,7 +184,7 @@ def vmcsPrint( addr ): if __name__ == "__main__": - if not isSessionStart(): + if not isWindbgExt(): dprintln( "script is launch out of windbg" ) quit( 0 )