[~] sintax fix for ntobj

[+] script for print ALPC conection port git-svn-id: https://pykd.svn.codeplex.com/svn@63852 9b283d60-5439-405e-af05-b73fd8c4d996
2025-04-20 19:53:22 +08:00 · 2011-04-11 17:55:56 +00:00 · 2011-04-11 17:55:56 +00:00 · e714394782
commit e714394782
parent 8662ab0aaf
2 changed files with 57 additions and 4 deletions
--- a/snippets/alpc_conn.py
+++ b/snippets/alpc_conn.py
@ -0,0 +1,53 @@
+"""
+Print connection port for ALPC-port
+"""
+
+import sys
+from pykd import *
+import ntobj
+
+def printConnPort(portAddr):
+  """
+  Print connection port by port address
+  """
+  port = typedVar("nt", "_ALPC_PORT", portAddr)
+  if (port != None):
+    portCommInfo = typedVar("nt", "_ALPC_COMMUNICATION_INFO", port.CommunicationInfo)
+    dprintln( dbgCommand("!object %x" % portCommInfo.ConnectionPort) )
+  else:
+    dprintln("Error: query port object by address failed")
+
+def main():
+  """
+  Print connection port for ALPC-port
+  Usage: alpc_server <PORT_OBJ_ADDR>
+    PORT_OBJ_ADDR - address of ALPC-port. If not specified: 
+                    print all ALPC-ports for current process
+  """
+  argc_ = len(sys.argv)
+  if (1 == argc_):
+    portTypeAddr = getOffset("nt", "AlpcPortObjectType")
+    if (0 != portTypeAddr):
+      objTable = typedVar("nt", "_EPROCESS", getCurrentProcess()).ObjectTable
+      lstAlpcPorts = ntobj.getListByHandleTable(objTable, ptrPtr(portTypeAddr))
+      for port in lstAlpcPorts:
+        dprintln("Port object %x" % port + ", conection port:")
+        printConnPort(port)
+    else:
+      dprintln("Error: symbol nt!AlpcPortObjectType not found")
+  elif (2 == argc_):
+    printConnPort(expr(sys.argv[1]))
+  else:
+    dprintln(main.__doc__)
+
+if __name__ == "__main__":
+  if not isSessionStart():
+    dprintln("Script is launch out of windbg")
+    quit(0)
+
+  if (False == isKernelDebugging()):
+    dprintln("This script only for kernel debugging")
+    quit(0)
+
+  main()
+  
--- a/snippets/ntobj.py
+++ b/snippets/ntobj.py
@ -158,13 +158,13 @@ if __name__ == "__main__":
  # Print all thread and process
  # 

-  def printObjectTable(pObejctTable, bHeaders):
+  def printObjectTable(pObjectTable, bHeaders):
    """
    Print content of object table
    """
-    lstObejcts = getListByHandleTable(pObejctTable, bContainHeaders=bHeaders)
-    dprintln("%u objects:" % len(lstObejcts))
-    for obj in lstObejcts:
+    lstObjects = getListByHandleTable(pObjectTable, bContainHeaders=bHeaders)
+    dprintln("%u objects:" % len(lstObjects))
+    for obj in lstObjects:
      dprintln("obj: 0x%X" % obj + " type: 0x%X" % getType(obj))