From ed85fb9787dd951d48ae2a55c3d57d4af62380df Mon Sep 17 00:00:00 2001 From: "SND\\kernelnet_cp" Date: Mon, 22 Nov 2010 15:10:25 +0000 Subject: [PATCH] [+] added: isKernelDebugging routine git-svn-id: https://pykd.svn.codeplex.com/svn@57937 9b283d60-5439-405e-af05-b73fd8c4d996 --- pykd/dbgext.cpp | 1 + pykd/dbgsystem.cpp | 32 ++++++++++++++++++++++++++++++++ pykd/dbgsystem.h | 3 +++ snippets/iat.py | 7 +++---- 4 files changed, 39 insertions(+), 4 deletions(-) diff --git a/pykd/dbgext.cpp b/pykd/dbgext.cpp index 77cb8fc..2a1bdd5 100644 --- a/pykd/dbgext.cpp +++ b/pykd/dbgext.cpp @@ -93,6 +93,7 @@ BOOST_PYTHON_MODULE( pykd ) boost::python::def( "loadDump", &dbgLoadDump ); boost::python::def( "dbgCommand", &dbgCommand ); boost::python::def( "is64bitSystem", is64bitSystem ); + boost::python::def( "isKernelDebugging", &isKernelDebugging ); boost::python::def( "ptrSize", ptrSize ); boost::python::def( "reg", &loadRegister ); boost::python::def( "typedVar", &loadTypedVar ); diff --git a/pykd/dbgsystem.cpp b/pykd/dbgsystem.cpp index c8b9f0f..2a66ef6 100644 --- a/pykd/dbgsystem.cpp +++ b/pykd/dbgsystem.cpp @@ -148,3 +148,35 @@ reloadSymbols( const char * moduleName ) /////////////////////////////////////////////////////////////////////////////////// +bool +isKernelDebugging() +{ + HRESULT hres; + bool result = false; + + try { + + ULONG debugClass, debugQualifier; + + hres = dbgExt->control->GetDebuggeeType( &debugClass, &debugQualifier ); + + if ( FAILED( hres ) ) + throw DbgException( "IDebugControl::GetDebuggeeType failed" ); + + result = debugClass == DEBUG_CLASS_KERNEL; + + } + catch( std::exception &e ) + { + dbgExt->control->Output( DEBUG_OUTPUT_ERROR, "pykd error: %s\n", e.what() ); + } + catch(...) + { + dbgExt->control->Output( DEBUG_OUTPUT_ERROR, "pykd unexpected error\n" ); + } + + return result; +} + +/////////////////////////////////////////////////////////////////////////////////// + diff --git a/pykd/dbgsystem.h b/pykd/dbgsystem.h index 6b1cb26..2f0f742 100644 --- a/pykd/dbgsystem.h +++ b/pykd/dbgsystem.h @@ -22,4 +22,7 @@ getImageFile( ULONG64 moduleBase ); void reloadSymbols( const char * moduleName ); +bool +isKernelDebugging(); + ///////////////////////////////////////////////////////////////////////////////// \ No newline at end of file diff --git a/snippets/iat.py b/snippets/iat.py index 2de17f3..f81b66e 100644 --- a/snippets/iat.py +++ b/snippets/iat.py @@ -12,10 +12,9 @@ def iat( moduleName, mask = "*" ): module = loadModule( moduleName ) dprintln( "Module: " + moduleName + " base: %x" % module.begin() + " end: %x" % module.end() ) - - systemModule = loadModule( "nt" ) - - if systemModule==None: + if isKernelDebugging(): + systemModule = loadModule( "nt" ) + else: systemModule = loadModule( "ntdll" )