From f626309edbddfe5b99a368668bad63f0f556e799 Mon Sep 17 00:00:00 2001
From: "SND\\EreTIk_cp" <SND\EreTIk_cp@9b283d60-5439-405e-af05-b73fd8c4d996>
Date: Tue, 10 Apr 2012 09:22:13 +0000
Subject: [PATCH] [0.1.x] snippet: print print ssdt content

git-svn-id: https://pykd.svn.codeplex.com/svn@75415 9b283d60-5439-405e-af05-b73fd8c4d996
---
 snippets/ssdt.py | 73 ++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 73 insertions(+)
 create mode 100644 snippets/ssdt.py

diff --git a/snippets/ssdt.py b/snippets/ssdt.py
new file mode 100644
index 0000000..e38e568
--- /dev/null
+++ b/snippets/ssdt.py
@@ -0,0 +1,73 @@
+from pykd import *
+import sys
+
+
+nt = loadModule( "nt" )
+
+def getServiceAddrWlh(Start, Offset):
+    return Start + (Offset / 16)
+
+def getServiceAddr2k3(Start, Offset):
+    return Start + (Offset & ~0xf)
+
+if ptrWord( nt.offset("NtBuildNumber")) == 3790:
+    getServiceAddr = getServiceAddr2k3
+else:
+    getServiceAddr = getServiceAddrWlh
+
+def getSymbolString(addr):
+  try:
+    return findSymbol(addr)
+  except BaseException:
+    pass
+  return " !!! 0x%x" % addr
+
+def checkSSDT():
+
+    if is64bitSystem():
+
+       serviceTableHeader = loadQWords( nt.offset("KeServiceDescriptorTable"), 4 )
+       serviceTableStart = serviceTableHeader[0]
+       serviceCount = serviceTableHeader[2]
+
+       dprintln( "ServiceTable  start: %(1)x  count: %(2)x" % { "1" : serviceTableStart, "2" : serviceCount } )
+
+       serviceTable = loadSignDWords( serviceTableStart, serviceCount ) 
+
+       for i in range( 0, serviceCount ):
+
+         routineAddress = getServiceAddr(serviceTableStart, serviceTable[i]);
+         dprintln( "[%u] " % i + getSymbolString( routineAddress ) )
+
+
+    else:
+
+       serviceTableHeader = loadDWords( nt.offset("KeServiceDescriptorTable"), 4 )
+       serviceTableStart = serviceTableHeader[0]
+       serviceCount = serviceTableHeader[2]
+
+       dprintln( "ServiceTable  start: %(1)x  count: %(2)x" % { "1" : serviceTableStart, "2" : serviceCount } )
+
+       serviceTable = loadPtrs( serviceTableStart, serviceCount ) 
+
+       for i in range( 0, serviceCount ):
+          dprintln( "[%u] " % i + getSymbolString( serviceTable[i] ) )
+
+if __name__ == "__main__":
+
+
+    while True:
+
+        if not isWindbgExt():
+            if not loadDump( sys.argv[1] ):
+                dprintln( sys.argv[1] + " - load failed" )
+                break
+
+        if not isKernelDebugging():
+            dprintln( "not a kernel debugging" )
+            break 
+                 
+        checkSSDT()
+        break      
+
+	
\ No newline at end of file