zjgcjy/pykd
1
0
Fork 0
mirror of https://github.com/ivellioscolin/pykd.git synced 2025-04-20 03:23:23 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

[samples] updated: refactored samples

Browse Source 
git-svn-id: https://pykd.svn.codeplex.com/svn@63978 9b283d60-5439-405e-af05-b73fd8c4d996
This commit is contained in:
SND\kernelnet_cp 2011-04-14 16:01:29 +00:00
parent e6af39ec59
commit de82f9d737
20 changed files with 117 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
samples/break.py Normal file
View File

@ -0,0 +1,42 @@
#
#
#
from pykd import *
def bpCallback():
if is64bitSystem():
objAttr = typedVar( "ntdll", "_OBJECT_ATTRIBUTES", reg("r8") )
else:
objAttr = typedVar( "ntdll", "_OBJECT_ATTRIBUTES", ptrPtr(reg("esp") + 0xC) )
name = loadUnicodeString( objAttr.ObjectName )
dprintln( "NtCreateFile: " + name )
return DEBUG_STATUS_NO_CHANGE
if not isWindbgExt():
startProcess("notepad.exe")
if not isDumpAnalyzing() and not isKernelDebugging():
nt = loadModule("ntdll")
b1 = bp( nt.NtCreateFile, bpCallback )
while go(): pass
dprintln( "exit process" )
else:
dprintln( "The debugger must be connected to live usermode process" )

12
samples/drvobj.py
View File

@ -80,14 +80,14 @@ def printDrvMajorTable( drvName ):
if __name__ == "__main__": if __name__ == "__main__":
if not isSessionStart(): if not isWindbgExt():
createSession()
loadDump( sys.argv[1] ) loadDump( sys.argv[1] )
loadSymbols(); if isKernelDebugging():
loadSymbols();
printDrvMajorTable( "afd" )
printDrvMajorTable( "afd" ) else:
dprintln( "not a kernel debugging" )

11
samples/idt.py
View File

@ -52,11 +52,14 @@ def checkInterrupt():
if __name__ == "__main__": if __name__ == "__main__":
if not isSessionStart(): if not isWindbgExt():
createSession() loadDump( sys.argv[1] )
loadDump( sys.argv[1] )
if isKernelDebugging():
checkInterrupt()
else:
dprintln( "not a kernel debugging" )
checkInterrupt()

27
samples/proclist.py
View File

@ -3,14 +3,10 @@ import sys
from pykd import * from pykd import *
def loadSymbols():
global nt
nt = loadModule( "nt" )
def processInfo(): def processInfo():
nt = loadModule( "nt" )
processList = typedVarList( nt.PsActiveProcessHead, "nt", "_EPROCESS", "ActiveProcessLinks" ) processList = typedVarList( nt.PsActiveProcessHead, "nt", "_EPROCESS", "ActiveProcessLinks" )
for process in processList: for process in processList:
@ -20,11 +16,18 @@ def processInfo():
if __name__ == "__main__": if __name__ == "__main__":
if not isSessionStart():
createSession()
loadDump( sys.argv[1] )
dprintln( sys.argv[1] + " - loaded OK" )
loadSymbols() while True:
if not isWindbgExt():
if not loadDump( sys.argv[1] ):
dprintln( sys.argv[1] + " - load failed" )
break
if not isKernelDebugging():
dprintln( "not a kernel debugging" )
break
processInfo()
break
processInfo()

18
samples/ssdt.py
View File

@ -52,9 +52,19 @@ def checkSSDT():
if __name__ == "__main__": if __name__ == "__main__":
if not isSessionStart():
createSession()
loadDump( sys.argv[1] )
checkSSDT() while True:
if not isWindbgExt():
if not loadDump( sys.argv[1] ):
dprintln( sys.argv[1] + " - load failed" )
break
if not isKernelDebugging():
dprintln( "not a kernel debugging" )
break
checkSSDT()
break

14
samples/stacks.py
View File

@ -56,10 +56,14 @@ def printStack():
if __name__ == "__main__": if __name__ == "__main__":
if not isSessionStart(): while True:
createSession()
loadDump( sys.argv[1] ) if not isWindbgExt():
dprintln( sys.argv[1] + " - loaded OK" ) if not loadDump( sys.argv[1] ):
dprintln( sys.argv[1] + " - load failed" )
break
printStack()
break
printStack()

2
snippets/accessmask.py
View File

@ -91,7 +91,7 @@ argc = len(sys.argv)
if argc == 1 : if argc == 1 :
dprintln("Syntax: [object type] <;hex mask>;") dprintln("Syntax: [object type] <;hex mask>;")
dprintln("Supported object types: process, thread, file, generic") dprintln("Supported object types: process, thread, file, generic")
quit( "" ) quit( 0 )
type = (argc > 2 and sys.argv[1]) or "generic" type = (argc > 2 and sys.argv[1]) or "generic"
if argc > 2 : if argc > 2 :

2
snippets/alpc_conn.py
View File

@ -41,7 +41,7 @@ def main():
dprintln(main.__doc__) dprintln(main.__doc__)
if __name__ == "__main__": if __name__ == "__main__":
if not isSessionStart(): if not isWindbgExt():
dprintln("Script is launch out of windbg") dprintln("Script is launch out of windbg")
quit(0) quit(0)

1
snippets/avl.py
View File

@ -43,6 +43,7 @@ if __name__ == "__main__":
if len( sys.argv ) < 2: if len( sys.argv ) < 2:
printUsage() printUsage()
quit(0)
if len( sys.argv ) == 2: if len( sys.argv ) == 2:
items = getAVLTable( addr64( expr( sys.argv[1] ) ) ) items = getAVLTable( addr64( expr( sys.argv[1] ) ) )

2
snippets/cr0.py
View File

@ -22,7 +22,7 @@ def cr0( value = 0 ):
if __name__ == "__main__": if __name__ == "__main__":
if not isSessionStart(): if not isWindbgExt():
print "script is launch out of windbg" print "script is launch out of windbg"
quit( 0 ) quit( 0 )

2
snippets/cr4.py
View File

@ -22,7 +22,7 @@ def cr4( value = 0 ):
if __name__ == "__main__": if __name__ == "__main__":
if not isSessionStart(): if not isWindbgExt():
print "script is launch out of windbg" print "script is launch out of windbg"
quit( 0 ) quit( 0 )

2
snippets/export.py
View File

@ -47,7 +47,7 @@ def export( moduleName, mask = "*" ):
if __name__ == "__main__": if __name__ == "__main__":
if not isSessionStart(): if not isWindbgExt():
print "script is launch out of windbg" print "script is launch out of windbg"
quit( 0 ) quit( 0 )

2
snippets/gdt.py
View File

@ -42,7 +42,7 @@ def printGdtHelp():
if __name__ == "__main__": if __name__ == "__main__":
if not isSessionStart(): if not isWindbgExt():
print "script is launch out of windbg" print "script is launch out of windbg"
quit( 0 ) quit( 0 )

2
snippets/help.py
View File

@ -48,6 +48,8 @@ def printDetail( name ):
if name in pykd.__dict__: if name in pykd.__dict__:
help( "pykd.%s" % name ) help( "pykd.%s" % name )
dprintln( "\n\n<link cmd=\"!py help\">View content</link>", True )

2
snippets/iat.py
View File

@ -56,7 +56,7 @@ def iat( moduleName, mask = "*" ):
if __name__ == "__main__": if __name__ == "__main__":
if not isSessionStart(): if not isWindbgExt():
print "script is launch out of windbg" print "script is launch out of windbg"
quit( 0 ) quit( 0 )

10
snippets/ndis.py
View File

@ -81,6 +81,16 @@ def printNdisObj():
printBreakLine() printBreakLine()
if __name__ == "__main__": if __name__ == "__main__":
if not isWindbgExt():
dprintln( "script is launch out of windbg" )
quit(0)
if not isKernelDebugging:
dprintln( "script for kernel mode only" )
quit(0)
printNdisObj() printNdisObj()

2
snippets/ntobj.py
View File

@ -168,7 +168,7 @@ if __name__ == "__main__":
dprintln("obj: 0x%X" % obj + " type: 0x%X" % getType(obj)) dprintln("obj: 0x%X" % obj + " type: 0x%X" % getType(obj))
if not isSessionStart(): if not isWindbgExt():
print "Script is launch out of WinDBG" print "Script is launch out of WinDBG"
quit(0) quit(0)

2
snippets/phidecheck.py
View File

@ -8,7 +8,7 @@ import ntobj
if __name__ == "__main__": if __name__ == "__main__":
if not isSessionStart(): if not isWindbgExt():
print "Script is launch out of WinDBG" print "Script is launch out of WinDBG"
quit(0) quit(0)

2
snippets/stlp.py
View File

@ -87,7 +87,7 @@ def printUsage():
if __name__ == "__main__": if __name__ == "__main__":
global runningAsWinDbgExtension global runningAsWinDbgExtension
runningAsWinDbgExtension = not isSessionStart() runningAsWinDbgExtension = isWindbgExt()
mapAddr = 0 mapAddr = 0
argc = len(sys.argv) argc = len(sys.argv)

2
snippets/vmcs.py
View File

@ -184,7 +184,7 @@ def vmcsPrint( addr ):
if __name__ == "__main__": if __name__ == "__main__":
if not isSessionStart(): if not isWindbgExt():
dprintln( "script is launch out of windbg" ) dprintln( "script is launch out of windbg" )
quit( 0 ) quit( 0 )