zjgcjy/pykd
1
0
Fork 0
mirror of https://github.com/ivellioscolin/pykd.git synced 2025-04-20 03:23:23 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

[~] sintax fix for ntobj

Browse Source 
[+] script for print ALPC conection port


git-svn-id: https://pykd.svn.codeplex.com/svn@63852 9b283d60-5439-405e-af05-b73fd8c4d996
This commit is contained in:
SND\EreTIk_cp 2011-04-11 17:55:56 +00:00
parent 8662ab0aaf
commit e714394782
2 changed files with 57 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
snippets/alpc_conn.py Normal file
View File

@ -0,0 +1,53 @@
"""
Print connection port for ALPC-port
"""
import sys
from pykd import *
import ntobj
def printConnPort(portAddr):
"""
Print connection port by port address
"""
port = typedVar("nt", "_ALPC_PORT", portAddr)
if (port != None):
portCommInfo = typedVar("nt", "_ALPC_COMMUNICATION_INFO", port.CommunicationInfo)
dprintln( dbgCommand("!object %x" % portCommInfo.ConnectionPort) )
else:
dprintln("Error: query port object by address failed")
def main():
"""
Print connection port for ALPC-port
Usage: alpc_server <PORT_OBJ_ADDR>
PORT_OBJ_ADDR - address of ALPC-port. If not specified:
print all ALPC-ports for current process
"""
argc_ = len(sys.argv)
if (1 == argc_):
portTypeAddr = getOffset("nt", "AlpcPortObjectType")
if (0 != portTypeAddr):
objTable = typedVar("nt", "_EPROCESS", getCurrentProcess()).ObjectTable
lstAlpcPorts = ntobj.getListByHandleTable(objTable, ptrPtr(portTypeAddr))
for port in lstAlpcPorts:
dprintln("Port object %x" % port + ", conection port:")
printConnPort(port)
else:
dprintln("Error: symbol nt!AlpcPortObjectType not found")
elif (2 == argc_):
printConnPort(expr(sys.argv[1]))
else:
dprintln(main.__doc__)
if __name__ == "__main__":
if not isSessionStart():
dprintln("Script is launch out of windbg")
quit(0)
if (False == isKernelDebugging()):
dprintln("This script only for kernel debugging")
quit(0)
main()

8
snippets/ntobj.py
View File

@ -158,13 +158,13 @@ if __name__ == "__main__":
# Print all thread and process # Print all thread and process
# #
def printObjectTable(pObejctTable, bHeaders): def printObjectTable(pObjectTable, bHeaders):
""" """
Print content of object table Print content of object table
""" """
lstObejcts = getListByHandleTable(pObejctTable, bContainHeaders=bHeaders) lstObjects = getListByHandleTable(pObjectTable, bContainHeaders=bHeaders)
dprintln("%u objects:" % len(lstObejcts)) dprintln("%u objects:" % len(lstObjects))
for obj in lstObejcts: for obj in lstObjects:
dprintln("obj: 0x%X" % obj + " type: 0x%X" % getType(obj)) dprintln("obj: 0x%X" % obj + " type: 0x%X" % getType(obj))