zjgcjy/pykd
1
0
Fork 0
mirror of https://github.com/ivellioscolin/pykd.git synced 2025-04-22 05:13:22 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

[0.2.x] added : stkwalk.py snippet

Browse Source 
git-svn-id: https://pykd.svn.codeplex.com/svn@81690 9b283d60-5439-405e-af05-b73fd8c4d996
This commit is contained in:
SND\kernelnet_cp 2012-12-07 08:30:13 +00:00 committed by Mikhail I. Izmestev
parent e6dfa51810
commit e4752037ff
1 changed files with 133 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

133
snippets/stkwalk.py Normal file
View File

@ -0,0 +1,133 @@
from pykd import *
from optparse import OptionParser
from fnmatch import fnmatch
nt = None
class PrintOptions:
def __init__(self):
self.ignoreNotActiveThread = True
self.ignoreNotActiveProcess = True
def applayThreadFilter( thread,moduleFilter):
try:
setImplicitThread(thread)
stk = getStack()
moduleLst = set()
for frame in stk:
m = module( frame.instructionOffset )
if moduleFilter( m, m.name() ):
moduleLst.add(m)
if len(moduleLst)==0:
return False
except BaseException:
return False
return True
def printThread(process,thread,printopt):
try:
setImplicitThread(thread)
stk = getStack()
dprintln( "Thread %x, Process: %s" % ( thread, loadCStr( process.ImageFileName ) ) )
for frame in stk:
dprintln( findSymbol( frame.instructionOffset ) )
dprintln("")
except BaseException:
if not printopt.ignoreNotActiveThread:
dprintln( "Thread %x, Process: %s" % ( thread, loadCStr( process.ImageFileName ) ) )
dprintln( "Failed to switch into thread context\n")
dprintln("")
def printProcess(process,processFilter,moduleFilter,printopt):
processName = loadCStr( process.ImageFileName )
if not processFilter(process, process.UniqueProcessId, processName ):
return
try:
setCurrentProcess(process)
dbgCommand( ".reload /user" )
threadLst = nt.typedVarList(process.ThreadListHead, "_ETHREAD", "ThreadListEntry")
filteredThreadLst = []
for thread in threadLst:
if applayThreadFilter( thread, moduleFilter ):
filteredThreadLst.append( thread )
if filteredThreadLst == []:
return
dprintln( "Process %x" % process )
dprintln( "Name: %s" % processName )
dprintln( "" )
for thread in filteredThreadLst:
printThread(process,thread, printopt)
except BaseException:
if not printopt.ignoreNotActiveProcess:
dprintln( "Process %x" % process )
dprintln( "Name: %s" % processName )
dprintln( "Failed to switch into process context\n")
dprintln( "" )
def main():
dprintln("Stack walker. ver 1.0")
if not isKernelDebugging():
dprintln("This script is only for kernel debugging")
return
global nt
nt = module("nt")
parser = OptionParser()
parser.add_option("-p", "--process", dest="processfilter",
help="process filter: boolean expression with python syntax" )
parser.add_option("-m", "--module", dest="modulefilter",
help="module filter: boolean expression with python syntax" )
(options, args) = parser.parse_args()
processFilter = lambda process, pid, name: True
moduleFilter = lambda module, name: True
if options.processfilter:
processFilter = lambda process, pid, name: eval( options.processfilter )
if options.modulefilter:
moduleFilter = lambda module, name: eval(options.modulefilter)
printopt = PrintOptions()
currentProcess = getCurrentProcess()
currentThread = getImplicitThread()
processLst = nt.typedVarList( nt.PsActiveProcessHead, "_EPROCESS", "ActiveProcessLinks")
for process in processLst:
printProcess( process, processFilter, moduleFilter, printopt )
setCurrentProcess(currentProcess)
setImplicitThread(currentThread)
if __name__ == "__main__":
main()