zjgcjy/pykd
1
0
Fork 0
mirror of https://github.com/ivellioscolin/pykd.git synced 2025-04-21 04:13:22 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

[+] added: isKernelDebugging routine

Browse Source 
git-svn-id: https://pykd.svn.codeplex.com/svn@57937 9b283d60-5439-405e-af05-b73fd8c4d996
This commit is contained in:
SND\kernelnet_cp 2010-11-22 15:10:25 +00:00
parent 533bb27764
commit ed85fb9787
4 changed files with 39 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
pykd/dbgext.cpp
View File

@ -93,6 +93,7 @@ BOOST_PYTHON_MODULE( pykd )
boost::python::def( "loadDump", &dbgLoadDump ); boost::python::def( "loadDump", &dbgLoadDump );
boost::python::def( "dbgCommand", &dbgCommand ); boost::python::def( "dbgCommand", &dbgCommand );
boost::python::def( "is64bitSystem", is64bitSystem ); boost::python::def( "is64bitSystem", is64bitSystem );
boost::python::def( "isKernelDebugging", &isKernelDebugging );
boost::python::def( "ptrSize", ptrSize ); boost::python::def( "ptrSize", ptrSize );
boost::python::def( "reg", &loadRegister ); boost::python::def( "reg", &loadRegister );
boost::python::def( "typedVar", &loadTypedVar ); boost::python::def( "typedVar", &loadTypedVar );

32
pykd/dbgsystem.cpp
View File

@ -148,3 +148,35 @@ reloadSymbols( const char * moduleName )
/////////////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////////////
bool
isKernelDebugging()
{
HRESULT hres;
bool result = false;
try {
ULONG debugClass, debugQualifier;
hres = dbgExt->control->GetDebuggeeType( &debugClass, &debugQualifier );
if ( FAILED( hres ) )
throw DbgException( "IDebugControl::GetDebuggeeType failed" );
result = debugClass == DEBUG_CLASS_KERNEL;
}
catch( std::exception &e )
{
dbgExt->control->Output( DEBUG_OUTPUT_ERROR, "pykd error: %s\n", e.what() );
}
catch(...)
{
dbgExt->control->Output( DEBUG_OUTPUT_ERROR, "pykd unexpected error\n" );
}
return result;
}
///////////////////////////////////////////////////////////////////////////////////

3
pykd/dbgsystem.h
View File

@ -22,4 +22,7 @@ getImageFile( ULONG64 moduleBase );
void void
reloadSymbols( const char * moduleName ); reloadSymbols( const char * moduleName );
bool
isKernelDebugging();
///////////////////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////////////////////////

7
snippets/iat.py
View File

@ -12,10 +12,9 @@ def iat( moduleName, mask = "*" ):
module = loadModule( moduleName ) module = loadModule( moduleName )
dprintln( "Module: " + moduleName + " base: %x" % module.begin() + " end: %x" % module.end() ) dprintln( "Module: " + moduleName + " base: %x" % module.begin() + " end: %x" % module.end() )
if isKernelDebugging():
systemModule = loadModule( "nt" ) systemModule = loadModule( "nt" )
else:
if systemModule==None:
systemModule = loadModule( "ntdll" ) systemModule = loadModule( "ntdll" )