From e714394782a96ca6b194ad3ded5b69df0889464f Mon Sep 17 00:00:00 2001
From: "SND\\EreTIk_cp" <SND\EreTIk_cp@9b283d60-5439-405e-af05-b73fd8c4d996>
Date: Mon, 11 Apr 2011 17:55:56 +0000
Subject: [PATCH] [~] sintax fix for ntobj [+] script for print ALPC conection
 port

git-svn-id: https://pykd.svn.codeplex.com/svn@63852 9b283d60-5439-405e-af05-b73fd8c4d996
---
 snippets/alpc_conn.py | 53 +++++++++++++++++++++++++++++++++++++++++++
 snippets/ntobj.py     |  8 +++----
 2 files changed, 57 insertions(+), 4 deletions(-)
 create mode 100644 snippets/alpc_conn.py

diff --git a/snippets/alpc_conn.py b/snippets/alpc_conn.py
new file mode 100644
index 0000000..6701f10
--- /dev/null
+++ b/snippets/alpc_conn.py
@@ -0,0 +1,53 @@
+"""
+Print connection port for ALPC-port
+"""
+
+import sys
+from pykd import *
+import ntobj
+
+def printConnPort(portAddr):
+  """
+  Print connection port by port address
+  """
+  port = typedVar("nt", "_ALPC_PORT", portAddr)
+  if (port != None):
+    portCommInfo = typedVar("nt", "_ALPC_COMMUNICATION_INFO", port.CommunicationInfo)
+    dprintln( dbgCommand("!object %x" % portCommInfo.ConnectionPort) )
+  else:
+    dprintln("Error: query port object by address failed")
+
+def main():
+  """
+  Print connection port for ALPC-port
+  Usage: alpc_server <PORT_OBJ_ADDR>
+    PORT_OBJ_ADDR - address of ALPC-port. If not specified: 
+                    print all ALPC-ports for current process
+  """
+  argc_ = len(sys.argv)
+  if (1 == argc_):
+    portTypeAddr = getOffset("nt", "AlpcPortObjectType")
+    if (0 != portTypeAddr):
+      objTable = typedVar("nt", "_EPROCESS", getCurrentProcess()).ObjectTable
+      lstAlpcPorts = ntobj.getListByHandleTable(objTable, ptrPtr(portTypeAddr))
+      for port in lstAlpcPorts:
+        dprintln("Port object %x" % port + ", conection port:")
+        printConnPort(port)
+    else:
+      dprintln("Error: symbol nt!AlpcPortObjectType not found")
+  elif (2 == argc_):
+    printConnPort(expr(sys.argv[1]))
+  else:
+    dprintln(main.__doc__)
+
+if __name__ == "__main__":
+  if not isSessionStart():
+    dprintln("Script is launch out of windbg")
+    quit(0)
+
+  if (False == isKernelDebugging()):
+    dprintln("This script only for kernel debugging")
+    quit(0)
+
+  main()
+  
diff --git a/snippets/ntobj.py b/snippets/ntobj.py
index 84f12d9..b1b9c76 100644
--- a/snippets/ntobj.py
+++ b/snippets/ntobj.py
@@ -158,13 +158,13 @@ if __name__ == "__main__":
   # Print all thread and process
   # 
 
-  def printObjectTable(pObejctTable, bHeaders):
+  def printObjectTable(pObjectTable, bHeaders):
     """
     Print content of object table
     """
-    lstObejcts = getListByHandleTable(pObejctTable, bContainHeaders=bHeaders)
-    dprintln("%u objects:" % len(lstObejcts))
-    for obj in lstObejcts:
+    lstObjects = getListByHandleTable(pObjectTable, bContainHeaders=bHeaders)
+    dprintln("%u objects:" % len(lstObjects))
+    for obj in lstObjects:
       dprintln("obj: 0x%X" % obj + " type: 0x%X" % getType(obj))